Key BSA/AML takeaways from the 2015 FIBA conference April 2015 This year s Florida International Bankers Association (FIBA) conference included a number of sessions that addressed Bank Secrecy Act and anti-money laundering (BSA/AML) concerns. 3 hot BSA/AML topics for bankers and regulators in 2015 FIBA conference sessions identified a number of AML issues of pressing concern among both financial institutions and regulators. Key topics included: Hot topic 1: De-risking Some banks are terminating or restricting business relationships with clients or categories of clients to avoid risk instead of managing it. The terminated businesses often then are unable to find new banks, which is pushing entire business sectors out of banking. Regulators emphasized that the key is not for banks to avoid these sectors wholesale, but rather to perform appropriate due diligence and make informed, risk-based decisions. Managing risk in certain sectors or for certain clients can mean increasing controls, which usually means increased costs. Financial institutions need to conduct careful cost/benefit analyses as they consider new clients and business sectors. Bankers stressed that the decision to close accounts has to remain theirs alone and that they face potential regulatory criticism for having customers in higher-risk industries and additional criticism if they now exit those relationships. Contrast that with the results of Operation Choke Point. The Department of Justice launched Operation Choke Point in 2013, targeting fraud and money laundering, particularly among payment processors, payday lenders and other perceived high-risk industries. As part of this initiative, the FDIC issued guidance about high-risk merchants who gave the impression to many banks that they should not do business with certain targeted industry companies. In some cases, FDIC examiners were requiring banks to close relationships, overriding the banks risk-based approach to doing business with those customers. New guidance was put out restricting FDIC examiners ability to mandate that banks close certain
customer accounts, and the FDIC is currently encouraging banks to take a risk-based approach. Comments from industry panelists and audience members indicated skepticism remains as to whether this guidance will be consistently applied across the various regulatory agencies. During a hot topics panel for regulators, they concurred that decisions should be risk based and made by the banks. Regulators offered the following thoughts on de-risking: Institutions do not have to run from sectors; they just need to understand the risks and their capacity to manage them by performing adequate due diligence. Banks should determine whether their current systems and controls are sufficient to manage the risks or whether they need enhancement. This analysis should drive the decision on whether the risks can be managed in a cost effective manner. As banks take these customers on, they must adjust monitoring thresholds to capture the types of activity that will come from the new high-risk customer and also must provide adequate training so that employees understand how to monitor the new risks effectively. Hot topic 2: Culture of compliance Culture of compliance was another hot topic among both bankers and regulators, who were in broad agreement on its importance to successful BSA/AML compliance and risk management. Regulators and bankers pointed to FinCEN s advisory as a key resource in promoting a culture of compliance. The letter summarizes and consolidates key elements in the FFIEC BSA Examination Manual and previously issued guidance. During the bankers hot topics session, the following attributes were highlighted as essential for a culture of compliance: Tone at the top from the board and management Buy- in from the business lines Sufficient independence for the compliance function Accountability for BSA/AML compliance at all levels management, front-line staff, the board and compliance Compliance incorporated into performance evaluations Regulators offered additional insights during their session, stressing that the advisory outlines how to make BSA/AML a priority, by ensuring that the board of directors understand the risks of noncompliance, and additionally by emphasizing emphasizing the importance of providing sufficient resources and training across the organization. Regulators also emphasized the importance of eliminating information silos so that information gets to where it is needed, partly by ensuring that everyone within the institution understands the importance and value of AML/BSA data. Other tips from regulators include: Consider including a BSA/AML component in your employee evaluations. Examiners are increasingly stressing the importance of a BSA/AML compliance factored into employee performance evaluations and compensation decisions. Avoid having compliance report to your business lines in order to maintain independence and avoid having information compromised. Focus on adherence, not just policies and procedures. While most banks now have relatively sound policies, adherence to them remains an issue. Processes should be in place to ensure compliance on an on-going basis. Don t just have sticks have carrots, too. Programs that reward compliance and ethical behavior can be very effective. Finally, a culture of compliance will not only help to prevent compliance issues, it can also help mitigate the severity of an enforcement action should a violation occur. Hot topic 3: Information sharing The Department of the Treasury s Financial Crimes Enforcement Network (FinCEN) and bankers have concerns with the current use of 314(b) voluntary information sharing among financial institutions. USA Patriot Act section 314(b) allows financial institutions to share information with each other in order to identify and report to the federal government activities that may involve money laundering or terrorist activity. The following are a variety of the reasons outlined by financial institutions to improve upon section 314(b). The inconsistent interpretations among various courts concerning the safe harbor protections for banks are making some banks reluctant to share information. The workload required to respond to section 314(b) requests represents an added cost, particularly for community banks. Community banks, in particular, complain that larger banks fail to respond to requests. Larger banks complain that they often receive requests for basic information that the requesting institution should be obtaining on its own. Banks are unable to share SAR information with foreign affiliates. FinCEN representatives indicated they are working to improve the information sharing program, including strengthening the safe harbor protections. BSA/AML technology industry and regulator perspectives The right IT tools are vital to your BSA/AML compliance effort. But what s working and what isn t? The following tips came from a panel that included industry and regulatory representatives who are focused on the effectiveness of AML tools at institutions across the country. 2
Management buy-in is vital. If your leadership does not understand BSA/AML risks and the vital role that your systems play in controlling them, they are unlikely to support sufficient investment in your BSA/AML compliance effort, including your IT tools. Don t leave AML development only to your IT department. Make sure that compliance is included in system acquisition, design and tuning decisions. Communicate with your examiner. If you are aware of issues in your institution, whether with your systems or elsewhere, be up front. This will create a better relationship and could help avoid or mitigate enforcement actions. Customer risk rating is very important. You can have a great monitoring system, but if you have not rated customers properly, you are likely to miss activity that needs further review. Do not assume your affiliates are low risk. Treat them with the same scrutiny that you would apply to any other correspondent relationship. Ask whether they are nesting relationships, and make sure you know what activities they are actually involved in. Make sure your monitoring software is capturing all appropriate wire transfer information, especially fields in various Society for Worldwide Interbank Financial Telecommunication (SWIFT) forms, such as fields 70 or 72 in a SWIFT MT 103, MT 202 and MT 202 COV. Is this information being reviewed to determine if there are any potential OFAC violations? Is the correct data in the correct fields? Without the right data, you aren t actually monitoring your activities or controlling your risks. Test system thresholds before you implement them. Before you establish or modify your thresholds, test them to make sure they are generating the right results. Don t modify system thresholds to manage backlogs. If your system is generating a high level of alerts, escalate the issue to management and develop a plan to address it. When evaluating thresholds, check how often a rule triggered a SAR. If your rules never trigger SARs, you may not be capturing the right activity. On the other hand, just because you are filing a lot of SARs does not mean your system is capturing adequate data. Don t automatically close alerts. Excessive alerts may mean that your system parameters are not set up properly or that you don t have sufficient staff to address them on a timely basis. Evaluate your analysts by how many SARs or escalated cases they generate, not just by how many alerts they close. Analyzing your SARs allows you to test the effectiveness of your rules and threshold, provides vital information about customer relationships, reveals transaction patterns and much more. But you can t analyze what your analysts don t generate. As part of your BSA/AML compliance efforts, you will have to ask customers and business lines for information. Have a system in place to track those requests, to ensure that you receive responses and to ensure that those responses adequately address the concerns raised. Finally, banks everywhere are scrambling for skilled BSA/ AML talent. Ask your employees to help. Employee referrals can be a great way to find talent. In addition, cross-training, providing additional opportunities to learn new skills or take on responsibility can help retain the existing employees Correspondent banking In an increasingly global economy, correspondent relationships are one way to expand your financial institution s geographic reach. But they come with their own unique set of BSA/ AML concerns. The FIBA conference panel on correspondent banking found that the risk factors involved in correspondent banking haven t changed, but that the risks are more clearly understood, and that many of the risk issues and controls used in foreign correspondent banking relationships are now being used in domestic correspondent relationships as well. Here are some highlights from the panel: When considering foreign correspondent banking relationships, look at the level of risk as a whole. Consider the nature of the relationship between the corespondent bank and its customers. Can you rely on the correspondent bank s policies and procedures or audit information? Or will you have to provide your own due diligence? On the enforcement front, few actions involving correspondent banking relationships were close calls. Common issues that resulted in breakdowns of the U.S. bank s BSA/AML programs included issues resulting from transactions involving new technologies or payment systems, and resource constraints, especially banks that were downsizing their compliance staff during times of heightened risk. A new asset is on the horizon that will help with correspondent banking relationships. SWIFT is setting up a know-your-customer database in which all 7,000 of its users can provide information for free. What do changes to OFAC Cuba sanctions mean for you? On Jan. 15, 2015, the Department of the Treasury s Office of Foreign Assets Control (OFAC) published amended regulations regarding Cuba to implement policy changes announced by the Obama administration on Dec. 17, 2014. Following is an overview of those changes and some issues you may need to consider. Credit cards Credit cards can now be used in Cuba for authorized transactions. The trick is determining which transactions are authorized. OFAC regulations indicate that the government will rely on credit card users to make that determination. What is unclear, however, is what degree of oversight issuing financial institutions are required to provide to help ensure cards are not being used for unauthorized purposes. Currently, MasterCard has removed all blocking of transactions in Cuba. Your institution may, however, wish to continue to block Cuban transactions until the OFAC offers more refined guidance on its expectations for monitoring those transactions. If so, you need to work with your credit card company to ensure it continues to block Cuban transactions. 3
Wire transfers U.S. financial institutions are now authorized to process foreign-to-foreign wire transfers involving Cuban parties if the underlying transaction would have been authorized if conducted by a U.S. person. While these wire transfers will no longer be blocked, you can still choose to reject them. You are still responsible for reporting all rejected transactions to the OFAC. The challenge? There is not yet definite guidance on determining if a transaction would have been authorized if it had been conducted by a U.S. person. Trade finance Prior to the new regulation, all Cuban transactions required cash before shipment. Now they require cash before change of title. This allows the financing of goods while they are being shipped. Accounts for Cuban nationals OFAC now allows financial institutions to open accounts for Cuban nationals who are in the United States on visitor status. You will, however, be required to block the account once the account holder returns to Cuba. So you need to consider how you will monitor the account holder s location. Correspondent accounts U.S. financial institutions are now allowed to open correspondent accounts with Cuban banks to facilitate authorized transactions. Cuban banks, however, are not allowed to open correspondent accounts with U.S. banks. The challenge will be ensuring sufficient oversight to ensure that transactions conducted through such accounts are authorized. Travel provisions The new regulation makes a number of changes regarding travel: Only one general license is required for travel. The per diem has been eliminated. Travelers may take $10,000 in cash to Cuba. Expenses incurred must be related to the trip (e.g., lodging, food, etc.). Travelers may only bring $400 of Cuban goods back to the United States, of which only $100 may be tobacco products. Airlines must maintain records of each traveler s purpose for visiting Cuba. Remittances Families continue to be allowed to make unlimited remittances. The regulation increases the limit for nonfamily remittances from $500 to $2,000 per quarter, provided that: The remittance is not made from a blocked source. The recipient is not a prohibited official of the government of Cuba or the Cuban communist party. The remittance is not made for emigration purposes. The remitter is 18 years of age or older. For purposes of remittances, the regulation defines an authorized transaction as follows: Travel-related expenses Export remittances The regulation now allows the following categories of goods to be exported to Cuba, but only to the private sector: Materials for building Tools for agricultural use Tools for auto mechanics Cuban government import agencies may import eligible goods provided the end user will be in the private sector. For financial institutions, the compliance challenge around remittances is ensuring that they go to private sector parties, which are not owned or controlled by the government. However, OFAC has not defined ownership or control, so due diligence expectations for financial institutions are not yet clear. Cuban currency Cuba currently has three different types of currency: chavito, peso and letter of credit. The Cuba government is working to unify the currencies without shocking the economy. Because the changes to OFAC regulations for Cuba are so new, they provide minimal guidance now, but further guidance is expected. Financial institutions should contact OFAC with questions. More information is also available on the Department of the Treasury site. Financial institutions and credit-card companies may need to enhance CDD in order to monitor compliance of customer accounts. You also may need to be prepared to monitor other issues, such as why a traveler might make numerous trips, bringing $10,000 in cash each time. 4
+1 800 274 3978 www.rsmus.com This document contains general information, may be based on authorities that are subject to change, and is not a substitute for professional advice or services. This document does not constitute audit, tax, consulting, business, financial, investment, legal or other professional advice, and you should consult a qualified professional advisor before taking any action based on the information herein. RSM US LLP, its affiliates and related entities are not responsible for any loss resulting from or relating to reliance on this document by any person. RSM US LLP is a limited liability partnership and the U.S. member firm of RSM International, a global network of independent audit, tax and consulting firms. The member firms of RSM International collaborate to provide services to global clients, but are separate and distinct legal entities that cannot obligate each other. Each member firm is responsible only for its own acts and omissions, and not those of any other party. Visit rsmus.com/aboutus for more information regarding RSM US LLP and RSM International. RSM and the RSM logo are registered trademarks of RSM International Association. The power of being understood is a registered trademark of RSM US LLP. 2015 RSM US LLP. All Rights Reserved. wp_fi_1015_2015_fiba_conference