Bank Secrecy Act and OFAC Compliance: Understanding Recent Examination Manual Revisions

1
Bank Secrecy Act and OFAC ComplianceUnderstandin
g Recent ExaminationManual Revisions

• NACHA Teleseminar
• October 5, 2006

2
Overview

• The Revised Exam Manual
• OFAC Compliance Expectation
• Key Revisions
• Incorporating ACH Transactions into the AML
  Compliance Program
• Risks
• Mitigation
• Regulatory Expectations
• Looking Ahead

3
The Bank Secrecy Act/Anti-Money Laundering
Examination Manual

• Released on June 30, 2005
• Compilation of pre-existing materials
• Nothing new
• Revised July 28, 2006
• Reflects regulatory activity in past year
• Nothing new
• FinCEN good guide for non-banks

4
Revised Examination Manual

• Easier to use
• Incorporates recent guidance
• New sections
• Updated sections
• Clarified sections

5
Key Examination Manual Issues

• Added
• Risk Assessment
• ACH Transactions
• Updated to Reflect Regulatory Changes
• Correspondent Banking (Foreign) Due Diligence
  Program
• Private Banking / PEPs Due Diligence
• Insurance
• SARs

6
Key Examination Manual Issues

• Clarified/Expanded
• OFAC
• Trade Finance
• CIP for Subsidiaries
• Enterprise-wide
• Business Entities
• Correspondent Banking (Domestic)
• New Red Flags
• Statutory/ Regulatory Appendix

7
OFAC COMPLIANCE
EXPECTATIONS
8
OFAC Compliance

• New examination procedures
• Risk assessment
• New enforcement approach and procedures
• ACH transactions

9
The Manuals New Paradigm

• Assess risks
• Perform customer due diligence
• Monitor for suspicious activity
• Implement enterprise-wide compliance
• Test transactions

10
What Makes an AML Program Good?

• Adequate and effective
• Comprehensive risk assessment
• Appropriate policies, procedures and controls
• Good training
• Compliance personnel
• Time
• Money
• Commitment
• Technology
• Knowledgeable auditors
• Enterprise wide

11
The Manual onRisk Assessment

• MANY effective methods and formats
• Concise, organized and comprehensive analysis of
  BSA/AML risks
• Two step process
• Structure BSA/AML compliance program to
  adequately address risk profile
• Ongoing
• Enterprise-wide
• Examiners role
• Aggregate risk profile risk mitigation
  efforts

12
The Manual on Trade Financing

• Risk Factors
• Risk Mitigation
• Sound Customer Due Diligence
• Level of due diligence depends on role
• Issuing bank
• Conduct a thorough review and reasonably know the
  customer
• Thorough understanding of documentation
• Comply with OFAC

13
The Manual on Trade Financing

• Red Flags
• Over or under pricing
• Items inconsistent with customers business
• High risk activities
• Transactions structured to evade laws
• Review not investigate
• Pricing

14
The Manual on ACH Transactions

• Description of ACH Systems
• Roles of Participants
• Third Party Service Providers (TPSP)
• Risk Factors
• Risk Mitigation
• OFAC Screening
• Examination Procedures

15
ACH Transactions Historically

• Low dollar domestic transactions
• Batched
• Not generally regarded as high risk

16
ACH Transactions Today

• Rapid growth
• High dollar transactions
• TPSP
• Originator is not direct customer of ODFI
• No due diligence by TPSP or ODFI on originator
• Transactions originated over Internet or
  telephone
• International growth

17
Third Party Service Providers

• ACH processor
• Originator
• ODFI
• RDFI
• Roles
• Create ACH file for originator using originators
  data
• Act as sending point
• Multiple layers
• Contractual agreements

18
Defining the Risks

• Third party service providers
• International originators/receivers
• Originating from Internet or via telephone
• Customers

19
Customer Risks

• Business or occupation not consistent with volume
  or nature of activity
• Duplicate or fraudulent ACH transactions
• High rate or high volume
• Invalid account returns
• Consumer unauthorized returns
• Other unauthorized transactions

20
Mitigating ACH Risk

• Effective solid customer due diligence (CDD)
• Strong program for regular customers
• For TPSP include DD on Principals/Originators
• Effective risk based suspicious activity
  monitoring and reporting
• Review TPSP program if heavily reliant
• General guidelines for TPSP Agreement
• Address originators with questionable or
  deceptive practices
• Match review of an application with the level of
  risk
• Background check of each originator to support
  validity of business
• Scrutinize international ACHs more closely
• Possibly separate from domestic transactions

21
ACH OFAC Screening

• Domestic
• ODFI checks Originator
• ODFI not responsible for unbatching
• If unbatched must screen
• RDFI verifies Receiver
• Cross Border
• Outbound
• ODFI cannot rely on foreign RDFI
• Inbound RDFI must comply

22
Understanding What Regulators Want

• Adequacy of policies, procedures and processes
• Effective identification and monitoring of high
  risk customers using ACH transactions
• Nature of banks risks
• Adequacy of suspicious activities monitoring and
  reporting system

23
What Are Regulators Looking For

• Suspicious activity monitoring
• TPSPs
• Customers with frequent high dollar ACH
  transactions
• Unbatched for other purposes
• Increased DD for international ACH transactions
• Identify ACH transactions originated to foreign
  RDFI
• Methods for tracking, reviewing, investigating
  customer complaints

24
ACH Action Items

• Have ACH activities been included in risk
  assessment?
• Does CDD look at proposed customer ACH activity?
• Have high risk ACH customers/transactions been
  identified?
• Is enhanced CDD performed on TPSP?
• Can suspicious activity detection and monitoring
  process capture ACH activity?
• Are duplicate, fradulent ACH transactions
  reviewed?
• Does training address ACH issues?
• Has audit scope been modified?

25
Treasury Inspector GeneralAudit Report (8/06)

• IG Recommendations
• Take prompt enforcement action if failure to
  comply
• Keep FinCEN fully informed of progress
• Improve future handling of noncompliance with BSA
• Report informal actions to FinCEN
• Seek appropriate committee input before
  enforcement action
• Document deliberation and basis
• OCC Position
• Agreed with recommendations
• Firm, consistent expectation of strong compliance
  programs
• Fair in response to potential problems and
  weaknesses

26
Cross Border Transactions

• Study required by Congress
• Survey conducted by US Treasury
• Reporting of information already collected
• Congressional testimony

27
Funds Transfer Rule Proposal

• Reviewing 3000 recordkeeping threshold
• FATF recommendation
• Discussions with NACHA
• Industry comments

28
Internet Gambling

• New law
• Regulatory authority to exempt ACH transactions

29
Outlook

• ACH a key focus in next examination cycle
• Law enforcement spending more money and time
• Criminals continue to get smarter
• Technology improving
• Industry to spend yet more on compliance
• Ever evolving challenges

30
CONTACT

• Carol R. Van Cleef
• Partner
• Bryan Cave LLP
• 700 Thirteenth Street, NW
• Washington, D.C. 20005
• 202-508-6112
• Carol.VanCleef_at_bryancave.com