1. Bank Secrecy Act & Anti-Money Laundering Program
Central Virginia Chapter
Annual Training Session 2011

2. Primary Information Sources
31 CFR Chapter X – BSA’s new home. As of March 1, 2011 the BSA has moved from 31 CFR 103 to its new home in Chapter X.
FFIEC BSA Examiner’s Manual
NCUA ARIES Exam Questionnaire

3. BSA/AML Legislative History
A group of laws designed to assist the government in its efforts to monitor, prevent, and prosecute money laundering and other financial crimes.
1970 – Bank Secrecy Act (aka Currency & Foreign Transactions Act – Established recordkeeping and reporting requirements for individuals and financial institutions.
1986 – Money Laundering Control Act – Imposed criminal liability on individuals and financial institutions that knowingly support or assist in money laundering activities. Required the establishment of programs to monitor and report such activities.
1990 – Financial Crimes Enforcement Network (FinCEN) is created.

4. BSA/AML Legislative History
1992 – Annunzio-Wylie Anti-Money Laundering Act – Strengthened sanctions and Treasury’s enforcement role.
1994 – Money Laundering Suppression Act – Further enhanced Treasury’s enforcement role.
1996 – The development of the Suspicious Activity Report.
2001 – USA PATRIOT Act – Response to the terrorist attacks of 9/11.
Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism

5. BSA/AML Basics A policy approved by Board of Directors
Must be commensurate with an institution’s BSA/AML risk level
Must be reviewed and approved annually
A regular periodic BSA/AML risk assessment (generally performed annually)
Annual independent review of the credit union’s BSA/AML compliance program
Can be conducted by in-house personnel, if independent from BSA/AML processes (e.g. Supervisory Committee)
Can be conducted by outside audit firm or League staff

6. BSA/AML Basics An individual designated as BSA Compliance Officer
Must be provided the tools and training to effectively manage the institution’s BSA/AML program
Must be in a position of authority sufficient to manage the BSA/AML program
Annual training for all staff and volunteers as appropriate for job duties and responsibilities

7. BSA/AML Basics
Internal policies, procedures, and controls to ensure compliance with all aspects of the BSA/AML laws.
Transaction Monitoring & Information Reporting
Currency Transaction Reports
Suspicious Activity Reports
Monetary Instrument Log
PATRIOT ACT Section 314(a)
Member Identification Requirements
PATRIOT ACT Section 326
Customer (Member) Due Diligence
Record Retention Requirements

8. BSA/AML Basics
Enforcement by Financial Crimes Enforcement Network (FinCEN), an agency of the Treasury Department
Regulatory oversight by NCUA and BFI, depending on charter type. Often the NCUA will take the lead on BSA examinations even in state-chartered credit unions for reasons of safety and soundness
Penalties can be civil, criminal, or both and may range from $500 into the millions for specific and systemic BSA violations

9. Recent Enforcement Actions
Pacific National Bank - $355,000,000 in assets, bank owned by the government of Ecuador
Ordered to pay Civil Money Penalty of $7,000,000 for failure to:
Adequately identify, monitor, and report suspicious activity
Conduct sufficient due diligence
Adequately audit high risk areas and transactions

10. Recent Enforcement Actions
Zions First National Bank - $56,000,000,000 in assets
Ordered to pay $8,000,000 penalty for:
Failure to implement effective AML program with regard to foreign accounts
Failure to establish internal policies and controls
Failure to designate individual responsible for day-to-day compliance with BSA/AML rules

11. Recent Enforcement Actions
Pamrapo Savings Bank – $593,000,000 in assets
Forfeited $5,000,000 to US Government and
Ordered to pay penalty of $1,000,000 for:
Failure to maintain and effective BSA/AML program including:
Lack of internal controls
Unqualified BSA personnel
Lack of training
Deficient independent testing

12. BSA/AML Policy & Program
Each credit union is required to have a compliance program that includes:
a system of internal controls to ensure ongoing compliance
testing for compliance by the credit union or outside party
a compliance officer responsible for monitoring day-to-day compliance
training for appropriate employees.
The written BSA compliance policies and procedures should be updated to reflect changes in the credit union’s BSA risk assessment as well as any changes to the regulations.
NCUA ARIES Exam Questionnaire

13. Risk Assessment
The credit union’s risk assessment should consider the following factors during the risk identification process:
Customers
Products
Services
Geographic locations
The risk assessment should be periodically reviewed and updated, particularly when new products, services, members and geographic locations are added.
The risk assessment process should determine the credit union’s inherent risk (quantity of risk), how internal controls mitigate (reduce) risk exposure, and whether the remaining level of risk exposure is appropriate for the credit union. While fully offsetting all BSA/AML risk would be prohibitively expensive for most financial institutions, there should be a reasonable relationship between the level of unmitigated risk and resources devoted to BSA/AML.
NCUA ARIES Exam Questionnaire

14. Currency Transaction Reports
Report all currency transactions over $10,000
Must be filed within 25 days of the transaction
Report must include:
Name
Social Security Number & ID number
Physical address
Occupation
Date of transaction
Type of transaction
Amount of transaction(s) rounded up to nearest dollar

15. CTR Continued Deposits aggregated for any business day
Withdrawals aggregated for any business day
Deposits and withdrawals NOT aggregated
All joint owners of an account into which a deposit is made must appear on the CTR.
True also for businesses. All beneficial owners of the business should appear on the CTR.
A recent conversation with FinCEN revealed that for withdrawals from joint accounts only the member we know will benefit must appear on the CTR.

16. CTR Filing Exemptions Automatically exempt, no paperwork necessary:
Financial institutions operating in the US
Federal or state governments
Entities acting with governmental authority
Filing of Designation of Exempt Person form and annual review required:
Entities traded on major exchanges
Non-listed businesses
Payroll customers

17. Exemption Criteria
Entities listed on major national exchanges must be exempted using a form DOEP. An annual review of eligibility must be conducted and suspicious activity monitoring is still required
Non listed businesses must meet the following:
Conduct at least 5 reportable transactions per year
Maintain an account for two months (less if based on detailed risk analysis
No more than 50% of gross income from prohibited activities
File DOEP
Annual review of eligibility
Ongoing suspicious activity monitoring and reporting

18. Prohibited Activities
Serving as a financial institution or agents of a financial institution
Purchase or sale of motor vehicles, aircraft, or farm equipment
Chartering of ships, buses, or aircraft
Gaming of any kind (except licensed parimutuel betting at race tracks)
Auctioning of goods
Practice of law, accountancy, or medicine
Investment advisory services & banking
Real estate brokerage
Pawn brokerage
Title insurance and real estate closing services
Trade union activities

19. Suspicious Activity Report
Credit unions are required to file Suspicious Activity Reports under the following conditions:
Insider abuse of any amount
Any Federal criminal violations of $5,000 or greater when a suspect can be identified
Any Federal criminal violations of $25,000 when a suspect cannot be identified
Computer Intrusion
Tell the gov’t if someone tries to steal your treats!

20. Suspicious Activity Report
Things are not always what they seem!
Transactions of $5,000 or more involving potential money laundering and/or Bank Secrecy Act violations if:
The credit union knows, suspects, or has reason to suspect that:
The transaction involves funds from illegal activities and is designed to hide or disguise the true nature of the funds
The transaction is designed to avoid BSA reporting
The transaction has no apparent business purpose and cannot be adequately explained by investigation

21. Suspicious Activity Report - Timing
If a suspect is identified – 30 days from the date activity is determined to be suspicious
If no suspect was identified – 60 days from the date activity is determined to be suspicious.
If the activity giving rise to the SAR continues, new SARs must be filed every 90 days
Always keep an eye out for suspicious activity!

22. SAR Examples
A business member who suddenly starts making large cash deposits.
A member who asks about the limit on filing a CTR report and then makes a transaction for an amount just under $10,
A member who frequently exchanges small bills for large bills.
Frequent cash deposits under $10,000 into accounts with low average balances.
ATM cash deposits that are below the specified threshold.
Businesses that do not normally generate cash in normal course of operation, making numerous cash transactions.
An unusual cash deposit for a member given their account history and activity.
The transaction has no business purpose or apparent lawful purpose or is not one that the member would normally be engaged in and the Credit Union knows of no reasonable explanation for the transaction after examining all available facts.
Loan fraud, including large payment amounts, lies on loan applications, mortgage (both residential and business) loan fraud

23. SARs Are Secret!
The filing and content of SARs are to be considered secret. The Bank Secrecy Act regulations prohibit the disclosure of the existence and/or content of any SAR filing.
Discussions within the credit union should be limited to those with a direct involvement in the identification of the activity or the preparation of the SAR.

24. SAR Resources www.fincen.gov SAR Narrative Guidance
SAR Tips and Trends
SAR Powerpoint Presentation

25. Money Services Businesses (MSBs)
Currency dealer or exchanger
Check Casher
Issuer of travelers checks, money orders, stored value
Seller or redeemer of travelers checks, money orders, stored value
Money transmitter
All except money transmitters subject to $1,000 for any person on any day rule. All money transmitters are MSBs regardless of activity level
“day” = business day = day communicated to members that their transactions will normally post

26. Why We Care About MSBs FinCEN requires all MSBs to be registered
If an MSB is not registered and is a member of your credit union you have a SAR filing responsibility.
Check the MSB list at

27. Monetary Instrument Log
Record all cash purchases of cashiers checks, travelers checks and money orders in the amounts of $3,000 - $10,000
Required info:
Name
Address
Date of Birth
ID #
Amount of transaction
Type of instrument
Number of instrument
Date of purchase
Most credit unions do not have to keep a physical log because they do not offer these products to non-members. If you do, you will probably need to keep a log.

28. PATRIOT ACT 314(a)
Requires financial institutions to respond to periodic requests for account/member information from the international law enforcement community.
Credit unions must:
Identify an employee as the 314(a) point of contact. This person is listed as such on the 5300.
Compare the 314(a) biweekly list against the CU’s membership. Any matches must be communicated to the requesting officer/agent within 12 days of the request.

29. PATRIOT ACT 314(b)
Section 314(b) provides for voluntary sharing of information with other financial institutions. A CU must complete a free registration process. There is no requirement to participate in this program.

30. PATRIOT Act 326 Requires financial institutions to:
Implement reasonable procedures to verify the identity of any person seeking to open an account.
Maintain records of the information used to verify the person’s identity.
Determine whether the person appears on any lists of known or suspected terrorists or terrorist organizations provided to the FI by any government agency.
Provide the consumer opening a new account with notice of the information collection requirement.

31. PATRIOT Act 326 continued Social Security Number
At a minimum, must obtain and maintain records of the following for each new member:
Name
Date of birth (for individuals)
Address (physical address is required)
Identification number
Social Security Number
Individual Tax Identification Number
Passport Number and Country of Issuance
An Alien Identification Card Number
Number and Country of Issuance of any other foreign government issued ID

32. Member Due Diligence From the FFIEC BSA/AML Exam Manual:
"The cornerstone of a strong BSA/AML…program is adoption and implementation of comprehensive MDD policies, procedures, and processes for all members, particularly those that present a higher risk for money laundering or terrorist financing. The objective…should be to allow the credit union the predict with relative certainty the types of transactions the member is likely to engage.”

33. Member Due Diligence
“The concept of MDD begins with verifying the member’s identity and assessing the risks associated with the member.”
“Processes should also include enhanced MDD for higher risk members and ongoing due diligence for the entire membership.”

34. Record Retention
BSA generally requires record retention of 5 years from the date of creation of the record
MIP (PATRIOT ACT 326) requires
Member name, address, date of birth, ID number must be kept for 5 years following the closing of the account
Documents relied upon to verify the member’s identity must be retained for 5 years from the date of the creation of the record
Records do not have to be physical

35. Money Laundering What is money laundering?
Moving “dirty money” (funds from illegal enterprises) through financial systems to disguise the origin of the funds and make them appear legal or “clean”.

36. The Stages of Money Laundering
Placement: Physically placing bulk cash proceeds. (e.g. making a deposit into a credit union account)
Layering: Separating the proceeds of criminal activities from their origins through layers of complex financial transactions. (e.g. buying big ticket items such as securities, cars, travel tickets often placed in someone else’s name to further distance the criminal from the cash.)
Integration: Providing an apparent legitimate explanation for the proceeds. (e.g. business investments or transactions)

37. Money Laundering and Your Credit Union
Financial institutions are prime targets for money launderers based on the many products and services offered that can be used to facilitate all three stages of money laundering.
Placement = deposit accounts (savings, money market, share certificates)
Layering = purchase of monetary instruments for use in purchasing big ticket items (money orders, cashiers checks, travelers checks) and using wire transfers to move money around the country and the world
Integration = cash used as down payment for real estate (loan obtained through credit union), investments in securities offered through CUSOs, obtaining business accounts for “front” businesses

38. Money Laundering Red Flags
Refusal or reluctance to proceed with or abrupt withdrawal of a transaction after learning of CTR filing
Refusal or reluctance to provide required information or identification
Structured or recurring non-reportable transactions
Multiple transactions in even dollar amounts
Transactions structured to lose the paper trail
Suspicious movement of funds between institutions
Non-local address

39. Money Laundering Red Flags
Multiple accounts for a single member
High activity volume with low balances
Share certificates used as collateral for loans
Loan payments by third parties
Disbursement of loan proceeds by multiple credit union checks
Replacement of monetary instruments (e.g. purchasing travelers checks with a money order)
Monetary instruments purchased with large amounts of cash

40. Office of Foreign Assets Control (OFAC)
OFAC is a division of the U.S. Treasury Department.
OFAC “administers and enforces economic and trade sanctions based on U.S. foreign policy and national security goals against targeted foreign countries, terrorist, international narcotics traffickers, and those engaged in activities related to the proliferation of weapons of mass destruction.”

41. OFAC continued
OFAC can “impose controls on transactions and freeze foreign assets in U.S. jurisdiction.”
In order to accomplish these goals OFAC has compiled a number of lists of nationals and other entities with whom FIs are prohibited from doing any sort of business.
Each OFAC enforced sanction has different restrictions as determined by the federal government and often by order of the President.

42. Current OFAC Sanction Programs
Balkans Related
Belarus
Burma
Cote d’Ivoire
Counter Narcotics Trafficking
Counter Terrorism
Cuba
Democratic Republic of Congo
Diamond Trading
Iran
Iraq Related
Former Liberian Regime of Charles Taylor
Lebanon
Libya
Non Proliferation
Somalia
Sudan
Syria
Zimbabwe

43. OFAC continued
Non-compliance with OFAC sanctions can result in personal penalties of up to $1,000,000 or 12 years in jail!

44. How to Stay Out of Trouble
Include OFAC compliance in your BSA/AML program
Checks the names of payees for all Cashier’s Checks and Wire Transfers against the OFAC master list(s).
All new account applicants are checked against the master list(s) prior to providing services.
The entire membership is checked against the OFAC master list(s) periodically, or as frequently as the list(s) are updated.

45. Recent Developments
Trends & Changes in Bank Secrecy Act and Anti-Money Laundering Regulations, Requirements, and Procedures

46. BSA Rules Get New Home BSA formerly lived at 31 CFR 103
As of March 1, 2011 can now be found at 31 CFR Chapter X
New CTR and SAR forms are required
No substantive change to the forms or filing procedure. The only update is to code citations in the instructions.
For info on the change go to fincen.gov
NO CHANGE TO FILING REQUIREMENTS OR METHODS

47. New Data Fields Proposed for CTR and DOEP
Technical changes were proposed to both forms, with a comment period that ended March 28th.
The changes are made to support FinCEN’s move to all electronic processing.

48. SAR Confidentiality Rules
New guidance allows SAR information sharing with domestic affiliates provided that the affiliate is also subject to SAR filing requirements, is linked to the filing entity by common ownership and is not itself the subject of the SAR.

49. BSA &Money Laundering in the News
Former Speaker of the House Tom DeLay convicted on money laundering and conspiracy charges. Sentenced to three years in prison
Utah bank official charged with money laundering for accepting payments from online gambling companies to process transactions
South Korean police say they've arrested a farmer for allegedly hiding about $10 million in cash in a garlic field. Police say his relatives made the money by running an illegal Internet gambling site.
Digital currency, stored value cards, internet gambling, virtual life all possible avenues for money laundering

50. Summary BSA Requirements Non-compliance penalties? Record retention?
Board approved policy
Annual risk assessment
Annual training
BSA Officer
Annual independent review
Non-compliance penalties?
Record retention?
CTR filing limit?
CTR timing?
SAR filing reasons?
Insider abuse – any $$
$5,000 when suspect id’d
$25,000 w/o suspect
Computer intrusion
Money Laundering, Terrorist Financing, BSA avoidance
SAR timing?
SAR Sharing?
MIP minimums?
OFAC?

51. The End
Contact: Jason Clarke