What’s Hot in BSA
Compliance with the requirements of the Bank Secrecy Act and
Anti Money Laundering (“BSA/AML”) laws will likely always be a “hot topic” when
it comes to the ongoing operation of a financial institution. The fact is that our world is filled with
people who are willing to do bad things and who must use financial institutions
to move the cash that they receive for their activities. Because financial institutions are the nexus
point for most criminal activities the role that compliance plays in BSA/AML
enforcement will continue to be large and will likely continue to grow.
Developments in technology, continuing world events,
expectations of regulators and political events all come together to impact
expectations for BSA/AML compliance.
The goal of BSA/AML compliance is to detect activity that is suspicious
and does not fit with what one might expect from a particular customer. Why would a flower shop in downtown Los
Angeles need to wire money to Serbia (or for that matter Miami)? Of course there may be a legitimate reason
for this, but the idea is that your financial institution must have a system in
place that allows for such a transaction to be flagged and for staff to
document the legitimate reason.
With the basic principle of knowing your customer in mind,
there have been recent developments that have or will soon change BSA/AML
expectations for your institution. Here
are a few recent developments that will impact BSA/AML:
Fintech
Financial technology, also known as FinTech, is
a line of business based on using software to provide financial services.
Financial technology companies are generally startups founded with the purpose
of disrupting incumbent financial systems and corporations that rely less on
software.[1]
Fintech companies have developed many products that allow
customers to have many of the same services and abilities as a bank account. Digital wallets for example, allow customers
to receive payroll, reload debit cards, payment bills and purchase gift
cards among other things. These
platforms also allow customers to send wires, ACH’s or other transfers.
The very nature of fintech relationship are often that the
customer and the provider are not in physical contact with one another. The identification process is completed
through various means such as texts to telephones, IP address verification and
scanned copies of documents. The
ability of fintech companies to discern fraud and detect unauthorized use of an
account has become increasingly adept.
In response to developments in fintech, the FFIEC BSA manual
has been updated to include more information about expectations for electronic
banking customers. In addition, FFIEC
issued Interagency Guidance to Issuing Banks on Applying Customer
Identification Program Requirements to Holders of Prepaid Cards in March 21,
2016. This guidance defines when the
opening on a reloadable card account becomes subject to the CIP rules. The guidance recognizes that with fintech,
many times accounts are opened without an actual face-to-face meeting. However, the basic concept remains; the
account issuer must be able to establish that the person who is trying to open
the account is who they say they are. Developments in fintech will continue to
push and change the contours of BSA/AML requirements.
Beneficial
Ownership
Probably the most talked about impending change in the
BSA/AML area are the new rules that cover beneficial ownership. It is
our intention to write an entire blog series on these new rules, so we will
simply summarize here.
At its core, the beneficial ownership rule requires that
when an account is opened for a legal entity, that information must be
collected on the persons who either own or control the entity. Both the concepts of “own” and “control” the
company are defined in the regulation.
The final rule creates a new section in the BSA regulations at 31 C.F.R.
§ 1010.230 setting forth the beneficial ownership identification requirements
for covered financial institutions, as well as a number of exclusions for
specific types of customers and accounts.
As a result, the beneficial ownership rule is widely being referred to
as the “fifth pillar” of the BSA/AML program.
The goal of this rule is to allow enforcement agencies such as Fin Cen
to be able to track the flow of funds through commonly owned businesses and
entities.
This fifth pillar of the BSA/AML program is expected to do
more than simply collect information on the beneficial owners of entities. Once the information is collected, the nature
of the relationship between the owner and the entity should be considered. The idea here is that the entity should not
be a conduit through which an individual can funnel transactions that would
otherwise be considered suspicious. The
beneficial ownership rule will most definitely add an additional layer of
customer due diligence for legal entities.
Geographic
Targeting Orders
As the behavior of suspected money launderers continues to
change and evolve, so do the tactics employed by the enforcement agencies. One area that Fin Cen has been watching is
the practice of money launderers to buy high end real estate for cash. In many cases, the purchases are made through
legal entities such as limited liability companies. This is the very type of transaction that
made the beneficial ownership rules necessary.
To combat this practice, Fin Cen issues geographically
targeted orders (“GTO”) which require title companies to identify all of the
individuals involved in shell companies that purchase real estate for all
cash. For some time, the GTO’s issued
only applied to the Miami and Manhattan areas.
In July of 2016, Fin Cen expanded GTO’s to include six metropolitan
areas;
·
(1) all boroughs of New York City;
·
(2) Miami-Dade County and the two counties
immediately north (Broward and Palm Beach);
·
(3) Los Angeles County, California;
·
(4) three counties comprising part of the San
Francisco area (San Francisco, San Mateo, and Santa Clara counties);
·
(5) San Diego County, California;
·
(6) the county that includes San Antonio, Texas
(Bexar County)
Although the GTOs apply directly to title companies, the
cash purchase of real estate is the type of transaction against which financial
institutions must be vigilant.
MSB’s with Agents
Yet another area that will be getting the attention of
regulators is the ability of Money Service Businesses (“MSB’s”) to monitor and
administrate the agents that they engage.
Fin Cen has issued guidance that specifies the BSA/AML standards for
MSBs. The guidance focuses on the need
to establish standards for monitoring and review and to insist on proper
independent testing.
Model Validation
It is not enough to simply test whether or not the data in
your BSA/AML software has been properly mapped. You must also determine
that the software is doing what the bank needs it to do to monitor suspicious
activity.
OCC guidance points out that the use of models in any
banking environment must fit within a risk framework. This framework has
essentially four elements:
·
Business and regulatory alignment – the model
must fit the bank’s risk profile and regulatory requirements
·
Project management – a proper and appropriate
implementation is an ongoing project that is dynamic as the bank’s operation
·
Enabling Technology – The use of the technology
should facilitate the bank’s ability to meet its regulatory requirements
·
Supporting documentation – As a best practice,
documentation of the rational for using the model should be maintained.
For BSA/AML, monitoring software, the risk framework means
that regulators expect financial institutions to know how its software works as
well as the “blind spots” for transactions that may not be completely
covered by the way the software operates. The expectations are that
your staff will use monitoring software as a tool that is constantly being
sharpened and improved. The model validation process is the means to
ensure that the software is improving.
BSA and AML programs for financial institutions have to be
nimble and flexible as changes in technology, world politics and schemes of
people who launder money continue to change.
No comments:
Post a Comment