1 / 38

Bank Secrecy Act: Beneficial Ownership

Understand the Bank Secrecy Act (BSA), anti-money laundering, stages of money laundering, safety measures, and the four pillars of BSA compliance. Learn about the role of a BSA Officer and the importance of training in ensuring compliance.

gavink
Download Presentation

Bank Secrecy Act: Beneficial Ownership

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Bank Secrecy Act: Beneficial Ownership By Silvia Garcia Maggio, CRCM, Associate General Counsel KNOWLEDGE. CLARITY. RELIABILITY. www.compliancealliance.com (888) 353-3933

  2. Bank Secrecy Act In 1970, Congress passed the Financial Recordkeeping and Reporting of Currency and Foreign Transactions Act of 1970, commonly known as the “Bank Secrecy Act” (BSA). The purpose of the BSA is to require U.S. financial institutions to maintain appropriate records and file certain reports involving currency transactions and a financial institution’s customer relationships. BSA was originally intended to aid investigations into an array of criminal activities including income tax evasion and money laundering. Today, BSA reporting also helps investigating individuals suspected of drug trafficking and terrorist financing activities.

  3. Anti-Money Laundering Money laundering is the process of making illegally-gained proceeds appear legal. The USA PATRIOT Act was enacted by Congress in response to the September 11, 2001 terrorist attacks on the United States. Among other things the act criminalized the financing of terrorism and enhanced the existing BSA framework by strengthening customer identification procedures The government has enacted several laws to combat money laundering over the years. One of the most recent being the Uniting and Strengthening America by Providing Appropriate Tools to Restrict, Intercept and Obstruct Terrorism Act of 2001 or the USA PATRIOT Act.

  4. Stages of Money Laundering • PLACEMENT • Objective: Get Funds into the financial system. • Transactions typically done in currency. • LAYERING • Objective: Confuse the paper trail. • Usually done so by moving funds after placement in a complex series of transactions. • INTEGRATION • Objective: Create appearance of legality. • Provide plausible explanation for funds or shield criminal from funds.

  5. Safety and Soundness • In 2012, the OCC began rating findings in conjunction with BSA/AML/OFAC in a safety and soundness context – specifically the Management rating. Prior to 2012, the OCC rated BSA as part of the consumer compliance piece of the examination. • This put the OCC in line with the other federal banking agencies and shed light on the increasing importance of BSA/AML/OFAC compliance.

  6. The Four Pillars of BSA • Board approved written program including policies, procedures,. and internal controls • Annual independent testing • Board approved Bank Secrecy Act Officer • Annual training for all Bank personnel and the Board. AND, the unofficial fifth pillar: Customer Identification Program (CIP)

  7. The Four Pillars of BSA: Written Program and Internal Controls • The written program should be revisited and revised annually based on the results of the Bank’s BSA/AML/OFAC Risk Assessment. • The written program must be approved by the Board annually. • The written program should be commensurate with the size and complexity of the Bank.

  8. The Four Pillars of BSA: Written Program and Internal Controls • Internal controls prescribed in policy and procedures should be based upon the Bank’s risk assessment and the size and complexity of the Bank. • EXAMPLE: The same employee who completes the CTR should not submit the CTR. The CTR should be reviewed and approved by another member of personnel before submission. • EXAMPLE: Accounts designated high risk should not be periodically reviewed by its account officer. Reviews should be conducted by an independent party within the bank who does not have a relationship with the account holder.

  9. The Four Pillars of BSA: Independent Testing • Banks are required to conduct annual independent testing of the BSA/AML/OFAC program. • Testing may be done internally if the personnel is truly independent from the processes and implementation of the BSA program. • The bank may also engage with an outside 3rd party for testing. • Testing should be comprehensive. • Results of the testing should be communicated to the Board in a timely manner. • The implementation of recommendations and correction of findings should be tracked with periodic progress reports to the Board.

  10. The Four Pillars of BSA: Bank Secrecy Act Officer • Annually, the Board of Directors must approve a BSA Officer. • The Bank’s BSA Officer must be provided the tools and training to effectively manage the BSA program. • The BSA Officer must also possess the authority sufficient to manage the BSA/AML Program.

  11. The Four Pillars of BSA: Training • Each and every member of Bank personnel must receive annual BSA/AML/OFAC training. • The Board of directors must also receive annual training. • The materials used and attendance records must be kept on file. • New employees should receive training prior to on-boarding during an orientation. • Training must be tailored to the individual’s responsibilities tied to BSA/AML/OFAC compliance.

  12. Customer Identification Program (CIP) • Banks are required to have a written Customer Identification Program. • CIP is intended to allow the Bank to reasonably believe that they know the true identity of each customer. • The program must include account opening procedures specifying the required identification for opening an account. • The program must also include procedures for verifying the identity of each customer.

  13. Customer Identification Program (CIP) • CIP procedures must be completed for all persons and entities that have a relationship with the Bank including, but not limited to: • Deposit Accounts • Asset Accounts • Loans • Safe Deposit Boxes • Other Safekeeping Services • Cash Management Services • Trust Services • Custodian Services

  14. Customer Identification Program (CIP) • At a minimum the Bank must obtain the following identifying information from each customer before account opening: • Legal Name (Individual or Business) • Date of Birth (individuals) • Physical Address • Identification Number (SSN, TIN, Passport Number, Foreign Alien ID Number) • Documentation (Articles of Incorporation, Doing Business As (DBA) Paperwork, etc.) • Banks commonly have new account applications or internal forms which gather this information while also aiding in documentation and record retention, i.e. CIP Form or New Accounts Form NOTE: The Bank should maintain adequate customer notices in the lobby or on their website stating the Bank’s identification requirements.

  15. Customer Identification Program (CIP) • Customer identities should be verified using risk-based procedures. • Appropriate procedures for various circumstances should be addressed in the program. • Document Verification: • EXAMPLE: Driver’s License with picture • Nondocumentary Methods: • EXAMPLE: Calling the number given on application, third party consumer reporting agency • Bank’s commonly use ChexSystems for verification of social security number

  16. Customer Identification Program (CIP) • The program should address: • Circumstances when an account should not be opened • Circumstances that require more due diligence in confirming the identity of a consumer • When an account should be closed • When a SAR should be filed based on false identification or other suspicious activity related to account opening.

  17. Customer Identification Program (CIP) – OFAC Check • Procedures should be included in the CIP for checking potential customers against federal government lists of known or suspected terrorists or terrorist organizations. • OFAC checks should be documented and kept on file.

  18. Background • BSA/AML/OFAC program is built around the adoption and implementation of strong and comprehesive CDD policies, procedures and processes for all customers; especially those with a higher than normal risk. • Since the USA Patriot Act has been implemented, the U.S. has been making attempts to combat risks associated with criminal abuse of legal entities, more specifically, shell companies. Because of the association these entities have with the exploitation of financial crimes; such as money laundering, terrorist financing and tax evasion.

  19. Why the focus on shell companies? • Shell Companies are notorious for a lack of transparency. • Shell Company generally refers to limited liability companies and other business entities that generally have no employees and have no economic value. Simply stated; no significant assets, no physical presence, and usually only a mailing address. • Shell Companies are very easy to set up and this has made them the number 1 vehicle used to conduct illegal activities through the American banking system.

  20. How are shell companies related to the beneficial ownership rule? • The way these companies are set-up there causes a lack of ability for authorities to identify the owners and/or beneficial owners, which in turn causes a lack of ability to share, analyze and track the monetary activities.

  21. Considered as the 5th Pillar of BSA/AMLCompliance Let’s take a look at the requirements for beneficial ownership identification: • The final rule imposes two requirements on covered financial institutions: • (1) to identify beneficial owners of legal entities for which a covered financial institution provides an account (“legal entity customers”), and • (2) to add risk-based customer due diligence procedures to the existing “four pillars” of AML program requirements. • Mandatory compliance is May 11, 2018 • Not retroactive, applies to new accounts on or after May 11, 2018 – not just deposit accounts affected, applies to ALL accounts

  22. What triggers the requirement? • The Rule applies when an account (of any type) is opened by a new or existing “legal entity customer,” including a corporation, limited liability company, or other entity that is created by the filing of a public document with a Secretary of State or similar office, a general partnership, or similar entities formed under the laws of a foreign jurisdiction.

  23. Who is included? • Corporations • Limited Liability Companies • Limited Partnerships • General Partnerships • Business Trusts (created by State Office filing) • Any other entity created by a State Office filing • Including similar entities formed under laws of other countries

  24. Who is excluded? Does Not Include: • Natural persons • Sole Proprietorships • Unincorporated Associations • Trusts - other than those created by a State Office filing

  25. The two prong test: The Ownership Prong • Each individual (natural person) who owns 25% or more of equity interests in the legal entity customer 25% ownership or more The Control Prong • One Individual (natural person) who exercises significant managerial control over the legal entity   How is the test applied? • Depending on the ownership structure of the legal entity, covered financial institutions may identify zero to four individuals under the ownership criteria • If a trust owns, directly or indirectly, 25% or more of the equity interest of a legal entity customer, the beneficial owner for the purposes of the ownership criterion is the trustee. • Covered financial institutions must identify at least one beneficial owner under the control criteria for each legal entity customer.

  26. How to identify beneficial owners • The financial institution may identify beneficial ownership by either obtaining a certification from the individual opening the account on behalf of the legal entity customer, or by obtaining the information from the customer through other means (so long as the individual certifies the accuracy of the information). • FYI - FinCEN added a “Certification Regarding Beneficial Owners of Legal Entity Customers” model form to the Final Rule. Ownership • Identify up to four with 25% or more ownership of the entity • No obligation to analyze calculations – may rely on info provided by customer • This prong may result in no beneficial owner with 25% or more • No obligation to determine if entity is structuring to avoid 25% threshold • – If suspected, depending on circumstances, file SAR • If an exempt entity is an owner, not required to identify/verify natural persons behind entity • A trustee is identified as the beneficial owner if the trust owns 25% or more of a legal entity

  27. Control • Need to identify only ONE • This requirement is to discourage those who say there is no one who has a 25% ownership in the entity • Keep in mind, IF the financial institution deems the customer to have higher risk, it is recommended to identify additional individuals Verification is the next step The financial institutions must verify information obtained in the identification step to verify the validity of the information using reasonable and practicable risk-based procedures. What does that mean? • Procedures must contain the elements required for verifying the identity of individual customers under the financial institutions’ customer identification program (CIP). • Financial institution may rely on information supplied by the legal entity customer regarding the identity of its beneficial owner(s), provided they do not have knowledge of facts that would reasonably call into question the reliability of the information, is acceptable. • In addition, covered financial institutions may rely on another financial institution’s (or its affiliates) identification and verification of the legal entity customer’s beneficial owner(s). 

  28. Important Take away: It is a two prong requirement: • Ownership of 25% or more and/or • Controls the entity Keep in mind – it is an AND/OR, not a combination of the two.

  29. At what point is identification required • Required  to  identify  beneficial  owner(s)  of  each  legal   entity at  the time a new  account  is  opened. • Remember this can be accomplished by either: Sample  certification  (available  in  appendix  A  of  rule) from   individual  opening  account  on  behalf  of  legal  entity; or same  information required in  sample  form  by  another   means,  as  long  as  individual  shall  certify,  to  the  best  of their  knowledge,  the  accuracy  of  the  information –  • May  be  produced  in  paper  or  electronic  format— • Rely  on  information  supplied  by  customer  regarding   identity  of  its  beneficial  owners,  provided  you  have  no   knowledge  of  facts  that  would  reasonably  call  into  question   the  reliability  of  the  information Model form: • FinCEN added a “Certification Regarding Beneficial Owners of Legal Entity Customers” model form • Not required but best practice Mandatory Compliance Date: • May 11, 2018

  30. What info has to be collected? • Name • Date of Birth • Address • SSN or Gov’t ID Number • For each listed (up to 5) Beneficial Owners • Copies of documents are allowed (different than CIP)

  31. Customer Due Diligence: Risk Rating Individual Customers • During the CIP process, Bankers should gather additional information to determine the amount of BSA/AML/OFAC risk the customer presents to the Bank. • Purpose of Account • Source of Funds • Occupation or Type of Business • Expected Cash Volumes • Expected International Activity

  32. Customer Due Diligence:Risk Rating Individual Customers Using this information, customers should be designated an individual risk rating such as low, moderate, or high. • Examples of high risk customers include: • Customers with expected high cash volumes • Customers who frequently do business or conduct transactions internationally • Business consider to inherently carry higher BSA/AML/OFAC risk such as jewelers, car dealers, import/export companies, etc.

  33. Enhanced Customer Due Diligence:Monitoring • All customer activity should receive periodic reviews. • Moderate and High risk customers should receive increased monitoring – or enhanced customer due diligence. • Example: Moderate Risk accounts are reviewed semi-annually and High Risk accounts are reviewed quarterly. Low risk account only receive an annual review or are reviewed daily by a system such as Yellow Hammer.

  34. Enhanced Customer Due Diligence:Monitoring • Accounts that were originally designated low, but demonstrate moderate or high risk traits later in the relationship should be reviewed and re-categorized as necessary. • Example: A low risk customer is suspected of structuring and the Bank files a SAR. This customer’s risk rating should be reassessed and their activity should receive heightened monitoring going forward.

  35. Enhanced Customer Due Diligence:Monitoring • Conversely, customers originally rated moderate or high that have demonstrated no unusual or risky activity may warrant a rating downgrade. • Example: A customer was originally rated high risk for high expected cash volumes. However, the customer now accepts credit cards which has reduced their cash volumes. After a period of time, the Bank may decide to move the customer to low risk and reduce account monitoring.

  36. Customer Due Diligence:Risk Rating Individual Customers Don’t forget internal controls. • New accounts personnel should gather all required information. A different member of personnel should risk rate the customer based on that information. The risk rating should be reviewed and approved by a different member of personnel. • Account officers should not conduct periodic monitoring on their own accounts. • Periodic monitoring reports should be reviewed by a second person and initialed off on. Separation of duties and dual controls should exist in every process to the extent possible.

  37. FinCEN Links CDD Final Rule : https://www.federalregister.gov/documents/2016/05/11/2016-10567/customer-due-diligence-requirements-for-financial-institutions FAQ: https://www.fincen.gov/sites/default/files/2016-09/FAQs_for_CDD_Final_Rule_%287_15_16%29.pdf

  38. Questions? Thank you for your participation! We hope you found value in the presentation. If you have any additional questions, contact Compliance Alliance at hotline@compliancealliance.com or 888-353-3933.

More Related