Ideas + Solutions = Success BSA/AML & OFAC Ideas + Solutions = Success Volunteer Compliance Training Presented by Dorie Fitchett HCUL Regulatory Officer April 25, 2013 Agenda 1. Bank Secrecy Act (BSA) 2. Your Compliance Program 3. USA Patriot Act 4. Office of Foreign Assets Control 2 1
Bank Secrecy Act (BSA) Financial Recordkeeping & Reporting of Currency & Foreign Transactions Act, commonly referred to as the Bank Secrecy Act Enacted 1970 - help identify & reduce money laundering Part of government s arsenal to fight terrorism 3 Bank Secrecy Act (cont.) Made up of several statutes 1. Money Laundering Control Act 2. Anti-Drug Abuse Act 3. Currency & Foreign Transactions Reporting Act 4. Title III of USA Patriot Act, which includes: CIP-Customer Identification Program Section 1010.220 Information Sharing Notice Sections 1010.520 & 1010.540 4 2
Bank Secrecy Act (cont.) Aids in investigations into criminal activities; such as: income tax evasion, money laundering by organized crime, & other illegal criminal activities Enforced by Financial Crimes Enforcement Network (FinCEN) & NCUA 5 Board Responsibilities Board & senior management have different responsibilities & roles in overseeing & managing BSA/AML compliance risk Board s primary responsibility ensure CU has comprehensive & effective BSA/AML compliance program Senior management responsible for implementing board approved BSA/AML compliance program Board responsible for approving BSA/AML compliance program 6 3
Board Responsibilities (cont.) Board responsible for setting appropriate culture of BSA/AML compliance Establish clear policies regarding management of key BSA/AML risks & ensuring policies adhered to in practice Board should ensure BSA/AML compliance function has appropriate prominent status within CU 7 Board Responsibilities (cont.) Board should ensure its views about importance of BSA/AML compliance, is understood & communicated across all levels of CU Board should ensure senior management integrated BSA/AML compliance objectives into management goals Senior management responsible for communicating & reinforcing compliance! 8 4
Board Responsibilities (cont.) NCUA requires written BSA compliance program based upon risk assessment & approved by Board: 1. Designate responsible individual for coordinating & monitoring day to day compliance (i.e., compliance officer); 2. Provide system of internal controls - ensure ongoing compliance with BSA; 3. Provide BSA training for appropriate personnel; and 9 Board Responsibilities (cont.) 4. Provide independent testing for compliance, conducted by CU personnel or outside parties 5. Effective BSA compliance program should include written policies & procedures designed to detect & prevent money laundering activities 6. Must first complete a Risk Assessment 7. Record any changes in board minutes 10 5
1. Compliance Officer Must be knowledgeable of BSA Responsible for coordinating & monitoring day-to-day BSA compliance Board ultimately responsible for BSA compliance Must have sufficient authority & resources Pertinent BSA related information, including reporting of SARs filed with FinCEN must be reported to the Board or an appropriate committee 11 2. Internal Controls Controls & monitoring systems for timely detection & reporting of money laundering & suspicious transactions Segregation of duties employee responsible for completing reporting forms should not be responsible for filing reports Written procedures Incorporate compliance with BSA into job descriptions & performance evaluations 12 6
3. Training All appropriate personnel including Volunteers Tailored to various departments Address requirements of your policies, procedures, or monitoring systems Must be documented Performed at least annually Will be reviewed by NCUA 13 4. Independent Testing Performed annually by qualified party Review internal controls, adequacy of staff training, effectiveness of suspicious i monitoring i systems, & whether CTRs & SARs filed timely Include transaction testing Violations, exceptions, or deficiencies included in audit report & reported to senior management & Board, review your minutes! Document corrective actions for deficiencies found through testing Develop training - address deficiencies found in independent testing 14 7
What are you doing at your CU? Provide board & management annual training Perform BSA/AML required risk assessments Monitoring activity requires CU to file CTRs & SARs Transaction testing Preparing for NCUA & internal exams 15 What Gets Examined? Board & senior management commitment to ongoing g education/training, compliance & frequency of training Employee accountability ensuring BSA compliance Comprehensiveness of training Coverage ensuring applicable policies i & procedures included in required annual training 16 8
USA PATRIOT Act Uniting & Strengthening America by Providing Appropriate p Tools Required to Intercept & Obstruct Terrorism Act Prevents, Detects, & Prosecute international money laundering criminals Amended & appended to BSA Primary CU sections are 326 Customer Identification Program (CIP) & 314a & 314b (information sharing) 17 USA Patriot Act (cont.) Must have written Customer Identification Program (CIP) policy appropriate p to your size & type of membership Must identify & verify any person who opens account Maintain records of information used to verify person s s identity Determine whether person appears on any terrorist list 18 9
OFAC Office of Foreign Assets Control (OFAC), within the U.S. Treasury Responsible for administering number of laws Impose economic sanctions against hostile targeted foreign countries & their agents, terrorism sponsoring organizations, international narcotics traffickers, & specially designated nationals. NCUA determines CU compliance Should have policy & procedures complying with OFAC regulations, may be part of your BSA policy 19 How does OFAC affect CUs? OFAC (cont.) Required to block or "freeze" property & payment of any funds transfers or transactions involving blocked countries or individuals Report the "blocks" within 10 days of occurrence Designate responsible person to oversee OFAC compliance Annual compliance audit for OFAC not required by regulation, but good practice 20 10
Currency Transaction Reports (CTRs) Designed to provide paper trail - money laundering activities CTRs assist law enforcement - investigating & prosecuting crimes Basic requirements: File Currency Transaction Report (CTR) for all currency transactions exceeding $10,000 in one day Includes, payments on loans, purchase of teller checks, wire transfers, money orders, and/or traveler s checks 21 CTRs (cont.) Effective 7/1/12 Electronically file CTR to IRS Detroit Computing Center (FinCEN) within 15 calendar days: Single transactions exceeding $10,000 in currency Multiple transactions totaling over $10,000 in currency in single day by, or on the behalf of, a single person Currency transactions include purchase of monetary instruments (teller checks, TC s, MO s) Effective 4/1/13 must use new forms 22 11
Suspicious Activity Reports (SARs) Required to report suspicious transactions to FinCEN Transactions involving funds from illegal activity Transactions designed to evade BSA requirements Transactions appear to serve no business or apparent lawful purpose or transactions not expected for type of business Filing SARs & information included in SAR s are confidential at all times! Electronically file within 30 days (effective 7/1/12) 23 SARs (cont.) File Insider abuse any amount Potential money laundering violation or other BSA violation $5,000 or more Management must notify board (or designated committee) of any SAR filings at least monthly Confidentiality Essential! 794,710 SARS filed in U.S. in 2011 69,022 filed by CUs nationwide 9,945 from Hawaii Hawaii ranked 28 th 24 12
BSA Penalties Fine $500 each incomplete or inaccurate CTR Fine $10,000 if CTR not filed within 15 days Fine up to $50,000 pattern of negligent violations Fine $10,000 each day report not filed 25 If It s Intentional Suspension or permanent removal of institution affiliated individuals If convicted, civil fine between $25,000 and $100,000 Criminal penalties up to $250,000 and/or imprisonment up to 5 years If activities are more than $100,000, criminal penalties up to $500,000 & 10 years imprisonment 26 13
OFAC Penalties Penalties can be significant Fines up to $1 million Up to 12 years in jail Civil money penalties up to $250,000 Forfeiture of funds involved in violation OFAC may consider mitigating factors Criminal penalties may also be imposed Credit unions have been fined! 27 Most Common Violations Training Not recent Not documented Independent testing Not covering all CU operations Not recent (12-18 months) Internal Controls Risk assessment not updated Suspicious activity monitoring system inadequate 28 14
Most Common Violations cont. Data quality errors in CTR/SAR filings Incomplete forms Blank narrative on SARs BSA e-file (www.fincen.gov) Information Sharing Not checking lists No documentation Self certification Notification of SAR filings to Board Not included in minutes Not referenced in policy 29 Conclusion BSA & OFAC compliance is critical Failure to comply can subject you & your CU to significant penalties Resources available to help you comply Call or e-mail if you have questions (dfitchett@hcul.org) or contact your NCUA examiner 30 15
NCUA Resources BSA section may be accessed by going to: http://www.ncua.gov/legal/bsa/pages/def ault.aspx Compliance Self-Assessment Guide (on NCUA website) http://www.ncua.gov/legal/guidesetc/page s/consumer-compliance-manual.aspx C l 31 Other BSA Resources CUNA e-guide http://www.cuna.org/compliance/member/bsa_manual.ht ml League InfoSight http://hi.leagueinfosight.com/bank_secrecy_act_10245. html FFIEC BSA/AML Examination Manual, Aug 07 http://www.ffiec.gov/bsa_aml_infobase/default.htm FinCEN s Q&As on BSA http://www.fincen.gov/statutes_regs/bsa/bsa_faqs.html 32 16
OFAC Resource List NCUA Letters to Credit Unions 01-CU-25, OFAC Regulatory Compliance Examination i Questionnaire i NCUA Regulatory Alerts 99-RA-6, Office of Foreign Asset Control Various Alerts regarding updates to the SDN list 05-RA-2, SAR on OFAC blocked transactions The OFAC website www.treas.gov/ofac The NCUA website www.ncua.gov (Search under OFAC ) Your NCUA examiner 33 Questions or concerns? We re Done! Ready for your exam? Thank you for your attention! 34 17
Index Agenda Page 2 BSA Overview Page 3-5 Money Laundering Page 6 Board Responsibilities Page 7-15 Compliance Officer Page 12 Internal Controls Page 13 Training Page 14 Independent Testing Page 15 What are you doing at your CU? Page 16 What Gets Examined? Page 17 USA Patriot Act Page18-19 OFAC Page 20-21 Currency Transaction Reports Page 22-23 Suspicious i Activity it Reports Page 24-2525 BSA Penalties Page 26 If It s Intentional Page 27 OFAC Penalties Page 28 Most Common Violations Page 29-30 Conclusion Page 31 NCUA Resources Page 32 Other BSA Resources Page 33 OFAC Resource List Page 34 Questions or concerns Page 35 Index Page 36 35 18