Article, Advanced Compliance and Technology

Benjamin M Musau
Thomas Jefferson School of Law
Module 2 Assignment
Module 2 Advanced Topics in Compliance and Technology/Investigations
Please discuss the following:

1. What are the four fundamental components of USA compliance program (as required by statute and regulation)? Briefly discuss each component.

According to the Bank Secrecy Act (BSA)/Anti-Money Laundering (AML) Examination Manual (2010), the four fundamental components of USA compliance program (as required by statute and regulation are:

• A system of internal controls to ensure ongoing compliance.  This means that the institution has written policies, procedures and processes that ensure compliance with the requirements of the BSA and AML statutory rules and regulations;
• Independent testing of BSA compliance.  The institution should have in place systems that ensure that its internal policies, rules and processes ensure compliance with the provisions of the BSA.  The testing or audit must be carried out by an independent person i.e. a person who is not involved with the institution’s compliance staff or officials who is qualified in BSA and AML independent testing e.g. an external auditor or external AML compliance officer;
• A specifically designated person or persons responsible for managing BSA compliance (BSA compliance officer).  This officer must be duly authorized by the board of directors of the institution and the institution should provide the officer with the resources that are required for the job of a BSA compliance officer.
• Training for appropriate personnel.  The training and materials should show the importance that the board of directors and senior management of the institution attach to ongoing education, training and compliance programs on BSA and AML.

 

1. Is an American bank required to designate an compliance officer? What would be his or her duties?

 
Under the Federal Banking Agencies’ BSA compliance program regulations, an American bank is required to designate a compliance officer.  The duties of the compliance officer would be:

• Coordinating and monitoring day-to-day BSA/AML compliance;
• Managing all aspects of the BSA/AML compliance program;
• Managing the bank’s adherence to the BSA and its implementing regulations although the board of directors is ultimately responsible for the bank’s BSA/AML compliance.

 

1. Are banks required to have a written CIP? What are the requirements for a CIP under the USA Patriot Act? Cite to the statute and the sections.

Yes, banks must have a written Customer Identification Program (CIP0, which must be included as part of the BSA/AML compliance program.
The requirements of a CIP are set out in section 326 of the USA Patriot Act:

• each bank to implement a written CIP that is appropriate for its size and type of business and that includes certain minimum requirements;
• CIP must be incorporated into the bank’s BSA/AML compliance program, which is subject to approval by the bank’s board of directors;
• Domestic subsidiaries (other than functionally regulated subsidiaries subject to separate CIP rules) of banks should comply with the CIP rule that applies to the parent bank when opening an account within the meaning of 31 CFR 103.121;
• The CIP is intended to enable the bank to form a reasonable belief that it knows the true identity of each customer;
• The CIP must include account opening procedures that specify the identifying information that will be obtained from each customer;
• It must also include reasonable and practical risk-based procedures for vetting the identity of each customer;
• Banks should conduct a risk assessment of their customer base and product offerings, and in determining the risk, the banks should consider the following matters:
  • The types of accounts offered by the bank;
  • The bank’s methods of opening accounts;
  • The types of identifying information available;
  • The bank’s size, location, and customer base, including types of products and services used by customers in different geographic locations.

 

1. What are the rules and standards for customer information requirements? Customer verification? What are the required documents for different types of customers?

 
Rules and standards for customer information requirements:

• CIP must contain account opening procedures detailing the identifying information that must be obtained from each customer.  When an individual opens a new account for an entity that is not a legal person or for another individual who lacks legal capacity, the identifying information for the individual opening the account must be obtained.  By contrast, when an account is opened by an agent on behalf of another person, the bank must obtain the identifying information of the on whose behalf the account is being opened.
• At a minimum, the bank is required to obtain the following identifying information from each customer before opening the account:
  • Name
  • Date of birth for individuals
  • Address
  • Identification number.
  • It is also possible for the bank to require identifying information in addition to the items listed above for certain customers or products lines, based on the bank’s risk assessment.

 

1. What are the CIP recordkeeping requirements?

Under 31 CFR 103.121(b)(3)(ii), the AML compliance program requires an evaluation of the bank’s CIP record retention policy to be examined to ensure that it corresponds to the regulatory requirements to maintain certain records:

• The bank must retain the identity information obtained at account opening for 5 years after the account closes;
• The bank must also maintain a description of documents relied on, methods used to verify identity, and resolution of discrepancies for 5 years after the record is made.

 
 

1. Does a bank’s CIP require consideration and comparison with government lists?

 
Yes.  BSA’s CIP regulation (31 CFR 103.121) requires banks to compare new accounts against government lists of known or suspected terrorists or terrorist organizations within a reasonable period of time after the account is opened.
 

1. Can a bank rely upon another financial institution for CIP?

Yes.  A bank is permitted to rely on another financial institution (including an affiliate) to perform some or all of the elements of the CIP, if reliance is addressed in the CIP and the following criteria are met:

• The relied upon financial institution is subject to a rule implementing the AML program requirements of 31 USC 5318(h) and is regulated by a federal functional regulator, which means the Board of Governors of the Federal Reserve System; Federal Deposit Insurance Corporation, National Credit Union Administration, Office of the Comptroller of the Currency.
• The customer has an account or is opening an account at the bank and at the other functionality regulated institution;
• Reliance is reasonable, under the circumstances;
• The other financial institution enters in a contract requiring it to certify annually to the bank that it has implemented its AML program, and that it will perform (or its agent will perform) the specified requirements of the bank’s CIP.

 

1. Does the CIP of a bank require customer notice?

 
Yes, the bank’s written CIP BSA/AML program must contain at a minimum (inter alia) policies, procedures, and processes to ensure:

• Procedures for providing adequate customer notice

 

1. The USA Patriot Act: Special Compliance Issues for Non-Traditional and High-Risk Businesses

There are non-traditional and high risk businesses that are controlled under the USA Patriot Act.  One type of funds transfer transaction that carries particular risk is the Payable Upon Proper Identification (PUPID) service.  PUPID transactions are funds transfers for which there is no specific account to deposit the funds into and the beneficiary of the funds is not a bank customer e.g. Western Money Union Money Transfer Service.  For example, an individual may transfer funds ot a relative or an individual who does not have an account relationship with the bank that receives the funds transfer.  In this case, the beneficiary bank may place the incoming funds into a suspense account and ultimately release the funds when the individual provides proof of identity.  In some cases, banks permit noncustomers to initiate PUPID transactions.  These are considered extremely high risk and require strong controls.
 

1. Section 312 of the USA Patriot Act

 
Section 312 of the USA Patriot Act requires due diligence policies, procedures, and processes for private banking account for non-U.S. persons.  The objective of this provision is to assess the bank’s compliance with statutory and regulatory requirements to implement policies, procedures, and controls to detect and report money laundering and suspicious activity through private banking accounts established, administered, or maintained for non-U.S. persons.
Section 312 of the USA Patriot Act added subsection (i) to 31 USC 5318 of the BSA requiring each U.S. financial institution that establishes, maintains, administers, or manages a private banking account in the United States for a non U.S. person to take certain AML measures with respect to these accounts.  In particular, the institution must establish appropriate, specific, and, where necessary, Enhanced Due Diligence (EDD) policies, procedures, and controls that are reasonably designed to enable the bank to detect and report instances of money laundering through such accounts.
Furthermore, section 312 mandates enhanced scrutiny to detect and, if appropriate, report transactions that may involve proceeds of foreign corruption for private banking accounts that are requested or maintained by or on behalf of foreign corruption for private banking accounts that are requested or maintained by or on behalf of a senior political figure or the individual’s immediate family and close associates.
On January 4, 2006, FinCEN issued a final regulation (31 CFR 103.178) to implement the private banking requirements of 31 USC 5318(i).
 
a. Money Laundering and Terrorism in Correspondent Banking Relationships
In Correspondent Banking Relationships, there is the risk of money laundering and terrorism.  Therefore, the AML compliance and examination procedures are geared towards the object of assessing the adequacy of the bank’s systems to manage the risks associated with offering domestic correspondent account relationships, and management’s ability to implement effective monitoring and reporting systems.  This involves a review of the policies, procedures, and processes, and any bank service agreements related to domestic correspondent banking relationships.  It also involves the evaluation of the adequacy of the policies, procedures, and processes given the bank’s domestic correspondent accounts and the risks they present.  This requires an assessment of whether the controls are adequate to reasonably protect the bank from money laundering and terrorist financing.
b. Money Laundering and Terrorism in Private Banking Relationships
The objective of examining money laundering and terrorism in private banking relationships is to assess the adequacy of the bank’s systems to manage the risks associated with private banking systems.  The section of the Examination Manual expands the core review of the statutory and regulatory requirements of private banking in order to provide a broader assessment of the AML risks associated with the activity of private banking relationships and activities.
 
11. Enhanced Due Diligence and Monitoring for High-Risk Clients including International and Foreign Political Figures
Enhanced Due Diligence is appropriate in the following situations:

• Bank is entering into a relationship with a new customer;
• Account principals or beneficiaries reside in a foreign jurisdiction, or the trust or its funding mechanisms are established offshore;
• Assets or transactions are atypical for the type and character of the customer;
• Account type, size, assets, or transactions are atypical of the bank;
• International funds transfers are conducted, particularly through offshore funding sources;
• Accounts are funded with easily transportable assets such as gemstones, precious metals, coins, artwork, rare stamps, or negotiable instruments;
• Accounts benefit charitable organizations or other nongovernmental organizations (NGO) that may be used as a conduit for illegal activities;
• Account assets include Private Investment Companies (PICs);
• Politically Exposed Persons (PEPs) are parties to any accounts or transactions;

12. Account Transaction Monitoring and Suspicious Activity Investigations for Foreign Banks with Offices in the USA
Under the BSA, as implemented by 31 CFR 103.11, the term “bank” includes a foreign bank with an office in the USA and, therefore, the account transaction monitoring and suspicious activity investigations for banks (as defined in the BSA and implemented by 31 CFR 103.11) apply equally to foreign banks with offices in the USA.
 
13. Global Anti-Money Laundering Industry Standards: What are the New Best Practices in the Field and How do You Implement Them?
The Clearing House Payments Co., LLC. And The Wolfsberg Group have published suggested industry standards and guidance for banks that provide foreign correspondent banking services as is apparent from Guidelines for Counter Money Laundering Policies and Procedures in Correspondent Banking (March 2002) at www.theclearinghouse.org/docs/000592.pdf and Wolfsberg AML Principles for Correspondent Banking (November 2002) at www.wolfsberg-principles.com/standards.html.
The Financial Action Task Force on Money Laundering (FATF) has helped set important industry standards and is a resource for banks that provide trade finance services (see Trade Based Money Laundering, June 23, 2006, at www.fatf.org.dataoecd/60/25/3703272.pdf).  The Wolfsberg Group also has published suggested industry standards and guidance for banks that provide trade finance services (see The Wolfsberg Trade Finance Principles, January 2009, at www.wolfsberg-principles.com/pdf/WG_Trade_Finance_Principles_Final_(Jan_09).pdf.
 
14. Other compliance Issues Including those Required by the USA Patriot Act.
The bank must maintain required CIP information and complete the required one-time check of trust account names against section 314(a) search requests.  The bank should also be able to identify customers who may be politically exposed persons (PEP), doing business with or located in a jurisdiction designated as “primary money laundering concern” under section 311 of the USA Patriot Act or match OFAC lists.  As a sound practice, the bank should determine the identity of other parties that may have control over the account, such as grantors or co-trustees.
Nonbank financial institutions (NBFIs) are broadly defined as institutions other than banks that offer financial services.  The USA Patriot Act has defined a variety of entities as financial institutions.  Examples of NBFIs include:

• Casinos and card clubs;
• Securities and commodities firms (e.g. brokers/dealers, investment advisers, mutual funds, hedge funds, or commodity traders);
• Money service businesses (MSB);
• Insurance companies;
• Other financial institutions (e.g. dealers in precious metals, stones, or jewels, pawnbrokers, loan or finance companies)

 
 
Pivots, Filters and Sorts: Excel, Internet, Complinet, IBM’s Threat and Fraud Intelligence:
Please go to the Course Materials module and read the testimony of James R. Richards before Congress (2004). Discuss each of the methods mentioned by Richards and also do research on Complinet and the IBM system.
James R. Richards used Excel (pivots, filters, and sorts) to ensure BSA/AML compliance.  This is not the right form of database to ensure compliance.  Excel is used to analyse computations and interpretation of data.  He was consequently found guilty of BSA/AML compliance and appropriately fined.
 
Benjamin M Musau, February 9, 2011