Preparing for an OFAC Review An Examiner s Perspective



Similar documents
NATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL

OFAC Compliance Overview and Recent Trends

Bank Secrecy Act, Anti-Money Laundering, and Office of Foreign Assets Control

HIGH-RISK COUNTRIES IN AML MONITORING

Validating Third Party Software Erica M. Torres, CRCM

FIRST COMMUNITY CREDIT UNION OFAC AND BSA RISK ASSESSMENTS

Regulatory Compliance Management (RCM) (formerly Legislative Compliance Management (LCM))

OFAC Compliance- Internal Compliance Program

Unlawful Internet Gambling Enforcement Act of 2006 Overview

Department of Financial Services Superintendent s Regulations

Risk Factors for OFAC Compliance in the Securities Industry

BANK EXAMINERS MANUAL FOR AML/CFT RBS EXAMINATION

Navigating OFAC demands a map. Access valuable information and key details to stay informed.

8 Guiding Principles for Anti-Money Laundering Polciies and Procedures in

FEDERAL DEPOSIT INSURANCE CORPORATION WASHINGTON, D.C. ) ) ) ) ) ) ) )

OFFICE OF FOREIGN ASSET CONTROL (OFAC)

Customer Identification Program - Overview

FEDERAL DEPOSIT INSURANCE CORPORATION WASHINGTON, D.C. CALIFORNIA DEPARTMENT OF FINANCIAL INSTITUTIONS SAN FRANCISCO, CALIFORNIA

Vendor Management: An Enterprise-wide Focus. Susan Orr, CISA CISM CRISC CRP Susan Orr Consulting, Ltd.

Application for Status as a Registered Bank:

Bank Secrecy Act Anti-Money Laundering Examination Manual

Following up recommendations/management actions

FEDERAL DEPOSIT INSURANCE CORPORATION WASHINGTON, D.C. ) CONSENT ORDER. ) FDIC b

FEDERAL EMPLOYEES CREDIT UNION DES MOINES BSA/AML/OFAC COMPLIANCE RISK ASSESSMENT

Recommendations on internal control measures for prevention of money laundering and terrorist financing.

The 2006 FFIEC Bank Secrecy Act/Anti-Money Laundering Examination Manual:

OFAC. policy & procedure. guide

FINANCIAL ASSESSMENT CRITERIA (The Assessment Criteria should be read in conjunction with OSFI s Supervisory Framework)

FEDERAL DEPOSIT INSURANCE CORPORATION WASHINGTON, D.C. CALIFORNIA DEPARTMENT OF FINANCIAL INSTITUTIONS SAN FRANCISCO, CALIFORNIA

INSURANCE CORE PRINCIPLES, STANDARDS, GUIDANCE AND ASSESSMENT METHODOLOGY

O OCC BULLETIN OCC Automated Clearing House Activities. Risk Management Guidance

GUIDANCE ON PAYMENT PROCESSOR RELATIONSHIPS (Revised July 2014)

THE CENTRAL BANK OF ARMENIA BOARD RESOLUTION

TERMS OF REFERENCE OF AUDIT COMMITTEE

MEMBERSHIP REQUIREMENTS NSCC LIMITED FUND MEMBER DISTRIBUTOR US REGISTERED BROKER/DEALER

How To Manage Risk At Atb Financial

Federal Financial Institutions Examination Council FFIEC. Retail Payment Systems RPS. February 2010 IT EXAMINATION HANDBOOK

Sample Financial institution Risk Management Policy 2011

Going All In on Board Reporting

GUIDELINES ON RISK MANAGEMENT AND INTERNAL CONTROLS FOR INSURANCE AND REINSURANCE COMPANIES

Third Party Payment Processors Job Aid

Outsourcing Technology Services A Management Decision

i-control Holdings Limited 超 智 能 控 股 有 限 公 司 (incorporated in the Cayman Islands with limited liability) (the Company )

A BSA/AML RISK ASSESSMENT. Page 1 of 35

Developing the Bank s BSA/AML Compliance Program Based upon its Risk Assessment

Nevada Registered Agents Association

AML & Mortgage Fraud Compliance Program v ANTI-MONEY LAUNDERING & MORTGAGE FRAUD COMPLIANCE PROGRAM

Risk Based Approach putting it into practice

Remote Deposit Capture Customer Due Diligence FFIEC Tier II Exam Considerations Plus Mobile Capture! March 5, Topics of Discussion

6/8/2016 OVERVIEW. Page 1 of 9

REGULATORY COMPLIANCE SOFTWARE SOLUTIONS. Dynamic Solutions. Superior Results.

FFIEC BSA/AML Examination Manual. Four Key Components of a Suspicious Activity Monitoring Program

HSBC FINANCE CORPORATION CHARTER OF THE RISK COMMITTEE

(unofficial English translation)

Managing TPPPs and TPSs in the Current Regulatory Environment

Funds Transfer Agreement

COMMERCIAL LENDERS MANDATED TO FIGHT WAR ON TERRORISM

Government Crime Prevention Regulations. Richard Fraher VP & Counsel to the Retail Payments Office Federal Reserve Bank of Atlanta

PERSONAL ACCOUNT SPECIFICATIONS AND FEE LISTING

2. For the remaining accounts not tested, select all general ledger suspense and in-process accounts:

Guidelines. ADI Authorisation Guidelines. Australian Prudential Regulation Authority. April 2008

UNITED STATES OF AMERICA BEFORE THE BOARD OF GOVERNORS OF THE FEDERAL RESERVE SYSTEM WASHINGTON, D.C.

HK Electric Investments Limited

Payment Processor Relationships Revised Guidance

International ACH IAT and the Corporate Practitioner

DEVELOPING AN AML (ANTI-MONEY LAUNDERING) PROGRAM:

Control Considerations For Auditing the OFAC Affidavit Program

CAIXA GERAL DE DEPÓSITOS, SA

MISSION VALUES. The guide has been printed by:

Vendor Management Compliance Top 10 Things Regulators Expect

Wolfsberg Anti-Money Laundering Principles for Private Banking (2012)

International ACH Transactions (IAT): What is it & How Does It Affect Your Organization?

B roker-dealers often face a significant challenge

Checklist for Operational Risk Management

Account Opening/Client Identification Program and Monitoring Client Activity

COMPLIANCE MANAGEMENT SYSTEM

Basel Committee on Banking Supervision. Consolidated KYC Risk Management

OFAC Office of Foreign Assets Control

ACH Internal Control Questionnaire

Domain 1 The Process of Auditing Information Systems

Corporate Governance Policies and Procedures Compendium. Inversiones Aguas Metropolitanas S.A. December 2015

Outsourced Third Party Relationship Management/ Vendor Management. TTS Webinar July 15, 2015 Susan Orr CISA, CISM, CRISC, CRP

Independent AML Testing of Introducing Broker- Dealers

THE AUDIT OF INTERNATIONAL COMMERCIAL BANKS CONTENTS

Credit Union Liability with Third-Party Processors

Insurance Inspection Manual

CHEUNG KONG INFRASTRUCTURE HOLDINGS LIMITED AUDIT COMMITTEE - TERMS OF REFERENCE

INTERNATIONAL CORRESPONDENT BANKS. Knowing Your Customer (KYC) Anti-Money Laundering Prevention of Terrorist Financing

Large Bank Supervision

Colour Life Services Group Co., Limited 彩 生 活 服 務 集 團 有 限 公 司 (Incorporated in the Cayman Islands with limited liability) (Stock Code: 1778)

Presented By Greg Baldwin

Aetna Anti-Money Laundering and Financial Sanctions Compliance Policy

Transcription:

Preparing for an OFAC Review An Examiner s Perspective John Reynolds Examining Officer and Team Leader, Legal and Consumer Compliance Risk Department Federal Reserve Bank of New York January 27, 2012 Disclaimer: The views and comments expressed herein are those of the presenter and do not necessarily represent those of the Federal Reserve Bank of New York or the Federal Reserve System. Neither these slides nor this presentation is intended to provide the reader with a complete description of regulatory focus for examining OFAC Compliance Programs at supervised institutions. For that, the reader should refer to applicable laws, statutes, interpretations and the FFIEC AML-BSA Examination Manual.

Objective Assess the risk-based OFAC program to evaluate whether it is appropriate for the institution s OFAC risk, taking into account products, services, customers, transactions, and geographic locations Written Program including elements Responsible officer Risk assessment Internal control structure Independent testing Training Transaction testing

What is the process? Entry-letter questionaire First Day Letter from the examiners Information preparation provided to examiner Examiner review and transaction testing (discussed on subsequent slides) Identification of potential issues / discussion with management Fed Internal vetting process and finalization of issues Formal close-out meeting with examined institution Written Report provided to examined institution Institution Response Corrective action implementation and follow-up

OFAC Risk Assessment OFAC sanctions can reach into virtually all areas of bank operations Banks should consider all types of transactions, products, services, activities and available technology when conducting the risk assessment Some examples of products, services, customers, and geographic locations which may carry higher OFAC risk include: International funds transfers Nonresident alien accts. Embassy/Foreign Consulate accts. Politically exposed persons Foreign customer accts. Cross-border ACH transactions Foreign correspondent banking accts. Commercial letters of credit Payable through accts. International private banking Overseas branches and subsidiaries Transactional electronic banking Remote deposit capture Trust/Asset management services Cash/currency services shipment Lending activities

Evaluate the OFAC internal control structure Internal controls should include the following elements: Screening and reviewing potential prohibited transactions Updating OFAC lists Reporting blocked or rejected transactions Maintaining license information

Evaluate the OFAC internal control structure Screening /reviewing potential prohibited transactions The method of screening should be defined: manual, interdiction software or combination of both. Screening criteria for comparing names to the OFAC list and identifying transaction involving sanctioned countries should be specified Address the accounts and transactions that should be screened and the frequency of screening New accounts: Should be compared with the OFAC lists prior of shortly thereafter (e.g. nightly processing) Transactional: Funds transfers, letters of credit, non-customer transactions should be checked against OFAC lists prior to being executed Existing customers: Screening should be done when there are additions/changes to the OFAC lists. The frequency of the screening should be based on the bank s risk (e.g. monthly or quarterly). ACH Screening: Originating institution responsible for verifying originator is not a blocked party & the receiving institution responsible for verifying the receiver is not a blocked party

Evaluate the OFAC internal control structure Screening and reviewing potential prohibited transactions It is important for the policies and procedures to address how personnel will determine whether an initial OFAC hit is valid match or a false hit Policies and procedures should address the escalation process for determining false or positive matches and ensuring positive matches area appropriately blocked or rejected. Policies and procedures should provide guidance for appropriate documentation required to support decisions made Updating OFAC lists The bank should have a process for timely updating the lists (manual or interdiction software) of blocked countries, entities, and individuals, when applicable The procedure should also include a process for disseminating the updated information throughout the organization

Evaluate the OFAC internal control structure Maintaining license information Does bank maintain copies of customer s OFAC licenses Allows verification of whether a transaction is legal and provides awareness of license expiration date Useful if another bank in payment chain requests verification of the license Copies should be maintained for five years following the most recent transaction conducted in accordance with the license Bank should confirm with OFAC if it is unclear if the transaction is authorized by the license Reporting blocked or rejected transactions Policies and procedures should address handling items that are valid blocked or rejected items Policies and procedures should address the management of blocked accounts

Determine the adequacy of independent testing Independent Testing Independent test should be performed by the internal audit department, outside auditors, consultants, or other qualified independent parties The frequency and area of independent testing should be based on the specific risk of the business area The testing should include a comprehensive evaluation of the OFAC policies, procedures, and processes The scope should be comprehensiveness to assess the OFAC compliance risks and evaluate the overall adequacy of the program

Determine the adequacy of OFAC training Should provide training to all appropriate employees Can be included with general BSA-AML training The scope and frequency of training should be consistent with the bank s OFAC risk profile and aligned with employee responsibilities Staff members with specific OFAC responsibilities may need more in-depth training to effectively fulfill responsibilities

Transaction testing Sample new accounts across business lines and evaluate the filtering process and the documentation evidencing the search Sample transaction (e.g. wire transfers) and evaluate the filtering process and the documentation evidencing the search Assess the timing of when necessary OFAC updates are made to the bank s systems and/or communicated to employees Evaluate whether all the bank s databases are run against the automated filtering system and the frequency of such screening Review potential OFAC matches and evaluate the resolution for blocking, rejecting, or clearing transactions Review a sample of reports to OFAC for completeness and timeliness If the bank has blocked accounts, test controls to verify the account is blocked, ensure adequate records of amounts blocked and ownership of blocked funds, and that a commercially reasonable interest rate is being paid

Why should we care? Selected OFAC Fine/Penalty Information

QUESTIONS?

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information