- Customer Identification Program (CIP) and Regulations under Section 326 of the USA Patriot Act. Know Your Customer.
(a) The Customer Identification Program.
The opening of new bank or other financial account now requires much more personal information than in the past. The purpose is not to prove identity as such but as part of the Customer Identification Programs (CIPs), which are part of the domestic law of most countries to prevent money laundering and financing of terrorist operations. In addition to verifying the identity of the customer, it is invariably required for Banks to keep records of identifying information and also they are supposed to check customer names against terrorist risks. These requirements apply to all people who want to open new accounts.
(b) Regulations under Section 326 of the USA Patriot Act.
Section 326 of the USA Patriot Act imposes customer identification programs for financial institutions. The details of the requirements imposed under this section are spelled out in regulations published by multiple federal agencies. These details are otherwise collectively called the CIP Rules.
The primary purpose of the CIP Rules is to require banks and other financial institutions to adopt procedures in written form that are geared to ensuring that new customers are properly identified. The Rules are flexible enough to allow institutions to work within parameters that are suitable for sizes and customers. Therefore, the procedures vary from one institution to the other, and the identification items will vary from institution to institution.
(c) Know Your Customer.
(i) Know Your Customer has different connotations depending on the context in which you use the term. In this discussion, the context in use is that of common parlance in anti-money laundering (AML) and combating the financing of terrorists (CFT).
(ii) According to the online Wikipedia, Know your customer (KYC) is the due diligence and bank regulation that financial institutions and other regulated companies must perform in order to identify their clients and ascertain relevant information pertinent to doing financial business with them. In the USA, KYC is typically a policy implemented to conform to a customer identification program mandated under the Bank Secrecy Act and USA Patriot Act. The main purpose of KYC policies and programs is to prevent identity theft fraud, money laundering and terrorist financing.
(iii) One of the aspects of KYC is to verify that the customer is not on any list of known fraudsters, terrorists or money launders such as the Office of Foreign Assets Control’s Specially Designated Nationals’ list.
(iv) A key aspect of KYC controls is to monitor transactions of a customer against their recorded profile, history on the customers’ account(s) and with peers.
(v) Banks doing KYC monitoring for anti-money laundering (AML) and checks relating to combating the financing of terrorist (CFT) increasingly use specialized transaction monitoring software, particularly names analysis software and trend monitoring software. The generated alerts identify unusual activity which is then subject to due diligence or enhanced due diligence (EDD) processes that use internal and external sources of information on the subject, including the internet. This helps to determine whether a transaction or activity is suspicious and requires reporting to the authorities. In the US, it would require Suspicious Activity Reporting (SAR) filing to Financial Crimes Enforcement Network (FinCEN). In the UK, it would require a report to Serious Organised Crime Agency (SOCA). In Canada, KYC is monitored and managed by the Financial Transactions and Reports Analysis Centre of Canada also known as FINTRAC.
(vi) There are specialist consultants who help multinational companies and SMEs conduct KYC processes when entering new markets.
- Suspicious Activity Reports (SARs).
(a) A suspicious activity report (SAR) is a report regarding suspicious or potentially suspicious activity, filed with the Financial Crimes Enforcement Network (FinCEN), an agency of the United States Department of the Treasury.
(b) The purpose of the suspicious activity report is to report known or suspected violations of law or suspicious activity observed by financial institutions subject to the regulations of the Bank Secrecy Act (BSA). SARs have invariably enabled law enforcement to initiate or supplement major money laundering or terrorist financing investigations and other criminal cases.
(c) The information that is usually provided in SAR forms provide the agency of the United States Department of the Treasury called FinCEN with a method of identifying emerging trends and patterns that are associated with financial crimes. This information (showing trends and patterns) is vital to law enforcement agencies including FinCEN and also provides crucial feedback to financial institutions.
- Internal Compliance Program to Monitor for the Office of Foreign Assets Control.
(a) The internal compliance program is a measure intended to control the legal or compliance risk which arises from the failure of an institution to enact appropriate policies, procedures or controls to ensure that the institution conforms to laws, regulations, contractual arrangements, and other legally binding agreements and requirements e.g. the risk arising after an institution’s lack of adequate attention to the operating circulars, procedures and rules of the payment and settlement systems in which it participates including lack of sound and appropriate contractual relationships with the institutions contractual relationships with customers, counterparties, and vendors.
(b) The Office of Foreign Assets Control (OFAC) is an agency of the U.S. Treasury which administers a series of laws imposing economic sanctions against targeted hostile foreign countries to further U.S. foreign policy and national security objectives. The U.S. government economic sanctions are exercised through trade embargoes, blocked assets controls, travel bans, and other commercial and financial restricts.
- Annual Audit of an AML Compliance Program.
(a) It is prudent for a banking or financial institution to undertake a periodic test of its compliance program. This test should be carried out by the bank’s internal audit department in conjunction with outside auditors, consultants, lawyers or other qualified independent parties.
(b) The frequency of the audit should be consistent with the institution’s compliance risk profile although it is prudent to undertake an in-depth audit of each department in the banking or financial institution at least once a year.
(c) The person responsible for the test is required to do an objective, comprehensive evaluation of OFAC policies and procedures. The scope of the audit must be comprehensive and sufficient to assess OFAC compliance risks across the entire spectrum of the activities of the particular institution. If in the course of the test, it is found that there are violations of OFAC compliance, not only should these violations be reported to OFAC but they should also be reported to the institution’s banking regulator.
(d) Most organizations find that it is, therefore, prudent to undertake the AML compliance program on an annual basis.
Sources and references:
- Course Materials, International Compliance, Thomas Jefferson School of Law
- http://www.privacyrights.org/fs/fs31-CIP.htm
- http://en.wikipedia.org/wiki/Know_your_customer
- http://en.wikipedia.org/wiki/Suspicious_activity_report_(banking)
- http://www.ffiec.gov/ffiecinfobase/booklets/wholesale/14.html
- http://www.nigc.gov/LinkClick.aspx?link=NIGC+Uploads%2Freadingroom%2Fbulletins%2FSound_Banking_Guidance_ver1+0.pdf&tabid=117&mid=94
I am a Kenyan Advocate and the Managing Partner of B M Musau & Co., Advocates, a position I have held since 1999. My work encompasses regulatory reforms, reduction of administrative burdens, the structure of business entities, joint ventures, acquisitions, banking, foreign investment and other general corporate areas
Write a comment: