Full Text of the Bank Secrecy Act of 1970
The Financial Recordkeeping and Reporting of Currency and Foreign Transactions Act of 1970 (31 U.S.C. 1051 et seq.) is often referred to as "The Bank Secrecy Act" (BSA). Its purpose is to require financial institutions to maintain appropriate records and file certain reports which have a high degree of usefulness in criminal, tax, or regulatory investigations or proceedings. The regulation issued by the Department of the Treasury (Treasury) (31 C.F.R. 103) under the BSA was originally intended to aid investigations into an array of criminal activities, from income tax evasion to laundering of money by organized crime. In recent years the reports and records prescribed by the bank secrecy rules have been utilized mainly as tools for investigating individuals suspected of engaging in illegal drug activities. Law enforcement agencies have found currency transaction reports to be extremely valuable in tracking the huge amounts of cash generated by illicit drug traffickers. For this reason and because of the seriousness of the drug problem, comprehensive examination procedures were developed to detect possible instances of money laundering in federally insured financial institutions.
The Bank Secrecy Act
The BSA consists of two parts; Title I Financial Recordkeeping and Title II Reports of Currency and Foreign Transactions. Title I authorized the Secretary of the Treasury to issue regulations which require insured financial institutions to maintain certain records.
Title II directed Treasury to prescribe regulations governing the reporting of certain transactions by and through financial institutions in excess of $10,000 into, out of, and within the United States. The recordkeeping and reporting requirements are contained in the implementing regulations, 31 C.F.R. Part 103, which are included in the FDIC looseleaf service.
Currency Transaction Reports
A financial institution within the United States generally must file a Currency Transaction Report (CTR) Internal Revenue Service (IRS) Form 4789, for each transaction in currency over $10,000. Multiple currency transactions shall be treated as a single transaction if the financial institution has knowledge that they are by or on behalf of any person and result in either cash in or cash out totaling more than $10,000 during any one business day. In certain cases, transactions spread over a number of days may also constitute a reportable transaction. See Structured Transactions for details.
A transaction in currency is any transaction involving the physical transfer of currency from one person to another and covers deposits, withdrawals, exchanges or transfers of currency or other payments. Currency is defined as currency and coin of the United States or any other country as long as it is customarily accepted as money in the country of issue.
All CTRs required by section 103.22(a) of the regulation must be filed with the IRS within 15 days following the date of the transaction (25 days if the financial institution files electronically). The financial institution must retain a copy of each report filed for a period of five years from the date of the report.
The regulations specifically require financial institutions to provide all applicable information. Each party to the transaction must be identified by name, address, social security number or taxpayer identification number, and date of birth. A street address is required. A post office box number is not acceptable. Additionally, the account number and the social security number or taxpayer identification number, if any, must be recorded for any person or entity for whose account such transaction is to be effected. The method used to identify the person presenting the transaction must be recorded on the CTR. If the customer has no social security number or taxpayer identification number, the word "none" should be entered in the appropriate block. For an alien, or a person who indicates that he or she is not a resident of the United States, verification of identity must by made by passport, alien identification card, or other official document evidencing nationality or residence. For others, the identity verification procedures that would normally be used in cashing a check should be performed, e.g., driver's license or credit card.
Financial institutions should designate one person to collect, review and file CTRs for all offices and keep the copies in a central location. This will aid in internal control and auditing and will indicate to the reviewer which customers may be making large cash deposits at more than one office. This also will aid in the uniformity and timely filing of the reports.
The IRS, in processing the forms, edits all CTRs filed for accuracy and completeness. When certain critical information is incomplete, illegible or is not provided, IRS corresponds with the financial institution to obtain the information.
Effective May 1, 1996, banks are not required to file Currency Transaction Reports, IRS Form 4789, for transactions by "exempt persons" occurring after April 30, 1996. "Exempt persons" are defined as:
1. a bank, to the extent of such bank's domestic operations;
2. A department or agency of the United States, of any state, or of any political subdivision of any state;
3. Any entity established under the laws of the United States, of any state, or of any political subdivision of any state, or under an interstate compact between two or more states, that exercises governmental authority on behalf of the United States or any such state or political subdivision;
4. Any corporation whose common stock is listed on the New York Stock Exchange or the American Stock Exchange (except stock listed on the Emerging Company Marketplace of the American Stock Exchange) or whose common stock has been designated as a Nasdaq National Market Security listed on the Nasdaq Stock Market (except stock listed under the separate "Nasdaq Small-Cap Issues" heading); and 5.Any subsidiary of any corporation described in No. 4 above whose federal income tax return is filed as part of a consolidated federal income tax return with such corporation, pursuant to section 1501 of the Internal Revenue Code and the regulations promulgated thereunder, for the calendar year 1995 or for its last fiscal year ending before April 15, 1996.
Designation of Exempt Persons
A bank must designate each exempt person with whom it engages in transactions in currency, on or before the latter of August 15, 1996, and the date 30 days following the first transaction in currency between the bank and such exempt person that occurs after April 30, 1996.
Designation of an exempt person shall be made by a single filing of IRS Form 4789, in which line 36 is marked "Designation of Exempt Person" and items 2-14 (Part I, Section A) and items 37-49 (Part III) are completed. The designation must be made separately by each bank that treats the person in question as an exempt customer. This designation requirement applies whether or not the designee has previously been treated as exempt from the reporting requirements of Section 103.22(a).
The exemption applies only to transactions involving the exempt person's own funds. A transaction carried out by an exempt person as an agent for another person, who is the beneficial owner of the funds involved in a transaction in currency, is not subject to the exemption from reporting.
Franchisees of listed corporations (or of their subsidiaries) are not included within the definition of exempt person unless such franchisees are independently exempt as listed corporations or listed corporation subsidiaries. For example, a local corporation that holds a McDonald's franchise is not an exempt person simply because McDonald's Corporation is a listed corporation. A McDonald's outlet owned by McDonald's Corporation directly, on the other hand, would be an exempt person because McDonald's Corporation's common stock is listed on the New York Stock Exchange.
Banks are not required to implement the new exemption procedures. A bank may continue to operate under the previous procedures if it wishes. If a bank uses the previous procedures, it remains subject to the requirements and penalty rules governing that system.
THE FOLLOWING INFORMATION PERTAINS TO ALL EXEMPTIONS GRANTED PRIOR TO MAY 1, 1996.
A bank may exempt transactions of certain retail customers from the reporting requirements:
1. Deposits and withdrawals by an established depositor who is a United States resident and operates a retail type of business in the United States. A retail business is defined as one which provides goods to the ultimate consumer, except that dealerships which buy or sell motor vehicles, vessels, or aircraft are not included and their transactions may not be exempted from the reporting requirements;
2. Deposits and withdrawals of currency from an existing account by an established depositor who is a United States resident and operates a sports arena, race track, amusement park, bar, restaurant, hotel, check cashing service licensed by state or local governments, vending machine company, theater, regularly scheduled passenger carrier or any public utility;
Note: For purposes of this section, a licensed check cashing service is one which is licensed and subject to regulation and examination by a state or local authority in the same manner as a financial institution.
3. Deposits or withdrawals, exchanges of currency or other payments and transfers by local or state governments, or the United States or any of its agencies or instrumentalities; or
4. Withdrawals for payroll purposes from an existing account by an established depositor who is a United States resident and operates a firm that regularly withdraws more than $10,000 in currency for payroll purposes.
A bank may exempt transactions of these types of customers provided the transactions are in amounts which the bank may reasonably conclude do not exceed the customary needs of the lawful domestic business of that customer.
A bank must maintain a centralized list of all exemptions. After October 27, 1986, a bank may not place any customer on its exempt list without first obtaining a written statement, signed by the customer, describing the customary conduct of the lawful domestic business of that customer and a detailed statement of the reasons why such person is qualified for an exemption. The required statement shall include the name, address, nature of the business, taxpayer identification number, and account number of the customer being exempted. The signature, including the title and position of the person signing, will attest to the accuracy of the information concerning the name, address, nature of business, and tax identification number of the customer. Immediately above the signature line, the following statement must appear: "The information contained above is true and correct to the best of my knowledge and belief. I understand that this information will be read and relied upon by the Government."
The bank shall indicate in the written statement whether the exemption covers withdrawals, deposits, or both, as well as the dollar limit of the exemption for both deposits and withdrawals (e.g., withdrawals for payroll purposes). In each instance, the exempted transactions must be in amounts that the bank may reasonably conclude do not exceed amounts commensurate with the customary conduct of the lawful domestic business of that customer. The bank is responsible for independently verifying the activity of the account and determining applicable dollar limits for exempted deposits or withdrawals. The bank must retain each statement that it obtains as long as the customer is on the exempt list, and for a period of five years following removal of the customer from the bank's exempt list.
For exemptions granted under the old rule, except for transactions of government entities, the regulation only allows an exemption for deposits and/or withdrawals. All other currency transactions (e.g., exchanges of currency or purchases of cashier's checks which do not flow through a deposit account) exceeding $10,000 must be reported even if the customer has been granted an exemption. Also, currency transactions which exceed the dollar limit established for each exempt customer must be reported. Exemptions may not be granted for dealerships which buy or sell motor vehicles, vessels or aircraft, or for nonbank financial institutions. A nonbank financial institution is any entity defined in section 103.11 as a "financial institution" which does not also meet the definition of a "bank" in the regulation.
The bank's exempt customer list should include the date each exemption was granted and the dates of any changes in the exempt amounts. A review of any changes in the list dictated by direct correspondence between the bank and the Treasury Department might help to assess the reasonableness of exemptions.
The granting of exempt status to customers is a management decision, as long as those customers satisfy the criteria set forth in section 103.22(b). A bank may make a request to the Commissioner of Internal Revenue for permission to grant special exemptions. Each such request must be accompanied by a statement of the circumstances that warrant special exemption treatment and a copy of the statement signed by the customer required by section 103.22(d). To comply with the regulation, the bank must research and analyze each account in order to justify an exemption and to set a dollar limit for the deposits and withdrawals exempted. Any questionable exemptions should be discussed with bank management.
Reports Of Transportation Of Currency Or Monetary Instruments
Section 103.23(a) requires the filing of U. S. Customs Form 4790 whenever U. S. currency or other monetary instruments (as defined), aggregating over $10,000 on any one occasion, are shipped, mailed, or otherwise physically transported into or out of the U. S. Any person who receives an incoming shipment of currency or monetary instruments must file a Form 4790 if no report was filed under Section 103.23(a), even if a report under 103.23(a) was not required, for example, the shipment came from a foreign party not subject to U. S. regulation. This report must be filed within 15 days of receipt of the currency or monetary instruments.
A financial institution is not required to file a Form 4790 if it receives currency or monetary instruments over the counter from a person who may have transported them into the United States nor if the financial institution delivers currency or monetary instruments over the counter to a person who may transport them out of the United States.
The financial institution is not expected to inquire of a customer whether the funds have been brought into or will be taken out of the country. However, if an officer or employee of the financial institution knows that a complete and truthful report has not been filed by its customer, the financial institution is strongly encouraged to inform the customer of the requirement to file a Form 4790. If the financial institution has knowledge that the customer is aware of the requirement to file a Form 4790, but has not done so, or if information about the transaction is otherwise suspicious, the financial institution should file a Suspicious Activity Report.
Reports Of Foreign Bank Accounts
Each person subject to the jurisdiction of the United States (except a foreign subsidiary of a U. S. person) having a financial interest in, or signature authority over a bank, securities, or other financial account in a foreign country shall file a prescribed report with the IRS for each year in which the relationship exists. A bank officer or employee need not file a report in his/her own name unless he/she has an actual financial interest in the account; however, the bank must file a report where applicable.
Under section 103.25 of the regulation, the Secretary of the Treasury may require financial institutions to report detailed information on transactions with foreign financial agencies.
Required Records For Sales Of Monetary Instruments For Cash In Amounts From $3,000 To $10,000 Inclusive
Effective October 17, 1994, 31 C. F. R. 103.29 requires financial institutions to maintain information concerning sales of monetary instruments purchased with cash in amounts from $3,000 to $10,000 inclusive. The records must contain certain information about the purchaser(s), with different requirements for transactions involving customers with deposit accounts and those without deposit accounts. The rule states that no sale may be completed unless the required information is obtained. Purchases of the same or different types of instruments at the same time that total $3,000 or more are to be treated as one purchase and must be recorded. Multiple purchases during the same day that total $3,000 or more must be recorded if any employee, director, officer, or partner of the financial institution has knowledge that these purchases have occurred. If multiple purchases by or for the same person during the same business day exceed $10,000, the required information must be obtained and a Form 4789 would be required. Conversely, a single monetary instrument purchased for cash in excess of $10,000 would require the filing of a Form 4789, but section 103.29 requirements would not apply. Required records must be made available to Treasury upon request.
Records To Be Made And Retained By Financial Institutions
Each financial institution must retain either the original or a microfilm or other copy or reproduction of each of the following:
1. A record of each extension of credit in an amount in excess of $10,000, except an extension of credit secured by an interest in real property. The record must contain the name and address of the borrower, the amount, the nature or purpose and the date of the loan. The stated purpose can be very general such as a passbook loan, personal loan, business loan, etc.; however, financial institutions should be encouraged to be as specific as possible when stating the loan purpose. Additionally, the purpose of a renewal, refinancing or consolidation is not required as long as the original purpose has not changed and the original statement of purpose is retained for a period of five years after the renewal, refinancing or consolidation has been paid out.
2. A record of each advice, request, or instruction received or given regarding any transaction resulting in the transfer of currency or other monetary instruments, funds, checks, investment securities, or credit, of more than $10,000 to or from any person, account, or place outside the United States. This requirement also applies to transactions later canceled if such a record is normally made.
Required Records For Deposit Accounts
Section 103.34 (a)(1) requires banks to obtain a social security number or taxpayer identification number for each deposit account opened after June 30, 1972 and each certificate of deposit sold or redeemed after May 31, 1978.
The bank must make a reasonable effort to obtain the identification number within 30 days after opening the account but will not be held in violation of the regulation if it maintains a list of the names, addresses and account numbers of those customers from whom it has been unable to secure an identification number. Where a person is a nonresident alien, the bank also shall record the person's passport number or a description of some other government document used to verify his/her identity.
Section 103.34(b) generally requires banks to maintain records of items needed to reconstruct transaction accounts and other receipts or remittances of funds through a bank. Refer to that section for more detailed information.
Record Retention Period
All records required by the regulation shall be retained for five years. Microfilm, microfiche or other commonly accepted forms of copying and retaining records are acceptable as long as the records are accessible within a reasonable period of time.
Section 103.53 prohibits the structuring of transactions for the purpose of evading the currency transaction reporting requirements. Anyone who causes or attempts to cause a bank to fail to file a CTR or to file a false CTR is covered under this section as well as anyone who attempts to structure or assists in structuring any transaction with one or more domestic financial institutions. A cash transaction in excess of $10,000, which is subsequently withdrawn upon realization that a CTR is being prepared, should be reported as a possible attempt to structure a transaction. See also 31 U. S. C. 5324.
Examiners should be alert to consecutive transactions involving cash in excess of $10,000. Suspect transactions should be pursued further. The following are examples of types of transactions that may be reviewed for possible structuring activity:
1.Cashed checks – pay particular attention to multiple items cashed by the same person.
3.Savings withdrawals/certificates of deposit redemptions.
4.Personal money orders or official checks sold.
5.Official checks sold or cashed – look for consecutive items.
6.Savings Bonds sold or redeemed.
7.Traveler's checks sold or cashed.
8.Loan payments or loan proceeds made in cash.
9.Securities sold or purchased for cash if the financial institution acts as agent for an individual and the transaction involves more than $10,000.
Money Laundering Control Act Of 1986
Section 1352 of the Anti-Drug Abuse Act of 1986, Public Law 99-570, added sections 1956 and 1957 to Title 18, United States Code. Section 1956 makes it illegal to conduct or attempt to conduct a financial transaction knowing that the property involved in the transaction represents the proceeds of specified unlawful activity. Section 1956 also makes it illegal intentionally to transport, or attempt to transport, a monetary instrument or funds either with the intent to promote the conduct of specified unlawful activity or knowing that the funds constitute the proceeds of some form of unlawful activity. Section 1957 makes it illegal to engage or attempt to engage in a monetary transaction in property derived from unlawful activity with a value of over $10,000.
Suspected money laundering activity should be reported to the appropriate federal law enforcement authority using a Suspicious Activity Report (SAR). The same form also should be used to report suspected structuring activity. See Structured Transactions.
Monitoring Bank Secrecy Act Compliance
Section 1359 of the Anti-Drug Abuse Act of 1986 ("Act") contains a number of provisions amending section 8 of the Federal Deposit Insurance Act (12 U.S.C. 1818). Specifically, these provisions require the federal financial regulatory agencies, including FDIC, to:
(1) prescribe regulations requiring regulated institutions to establish and maintain procedures reasonably designed to assure and monitor compliance with the Bank Secrecy Act; and
(2) review such procedures during the course of their examinations. The Act also authorizes the agencies to issue cease and desist orders in the event that a regulated institution fails to establish and maintain such procedures, or to correct problems with the procedures after an agency has notified the institution that problems exist, and to impose civil money penalties for violations of cease and desist orders.
Section 326.8(b) of the FDIC's rules and regulations requires a bank to develop and administer a program to assure compliance with the Bank Secrecy Act (BSA) and 31 C.F.R. 103. The compliance program must be in writing, approved by the bank's board of directors and noted in the minutes.
Section 326.8(c) sets out four minimum requirements of the compliance program. To meet the minimum requirements, a bank's compliance program should include:
1. A system of internal controls. At a minimum, the system must be designed to:
a. Identify reportable transactions at a point where all of the information necessary to properly complete the required reporting forms can be obtained. The bank might accomplish this by sufficiently training all tellers or by referring large currency transactions to a designated teller. If all pertinent information cannot be obtained from the customer, the bank should consider declining the transaction.
b. Ensure that all required reports are completed accurately and properly filed. Banks should consider centralizing the review and report-filing functions within the banking organization.
c. Ensure that customer exemptions are properly granted and recorded. The compliance officer or other designated officer should review and initial all exemptions prior to implementation.
d. Provide for adequate supervision of employees who accept currency transactions, complete reports, grant exemptions or engage in any other activity covered by 31 C.F.R. 103.
e. Establish dual controls and provide for separation of duties. Employees who complete the reporting forms should not be responsible for filing them or for granting customer exemptions.
2. Independent testing for compliance with the BSA and 31 C.F.R. 103. The independent testing should be conducted at least annually, preferably by the internal audit department, outside auditors or consultants. Banks that do not employ outside auditors or consultants or that do not operate internal audit departments can comply with this requirement by utilizing for testing, employees who are not involved in the currency transaction reporting function.
The compliance testing should include, at a minimum:
a. A test of the bank's internal procedures for monitoring compliance with the BSA, including interviews of employees who handle cash transactions and their supervisors.
b. A sampling of large currency transactions followed by a review of CTR filings.
c. A test of the validity and reasonableness of the customer exemptions granted by the bank.
d. A test of the bank's recordkeeping system for compliance with the BSA.
e. Documentation of the scope of the testing procedures performed and the findings of the testing. Any apparent violations, exceptions or other problems noted during the testing procedures should be promptly reported to the board of directors or an appropriate committee thereof.
It is essential that the scope of any testing procedures, and the results of those procedures, be thoroughly documented. In most cases, this will involve retention of workpapers from internal and/or external audits of BSA compliance. Procedures that are not adequately documented will not be accepted as being in compliance with the independent testing requirement.
3. The designation of an individual or individuals to be responsible for coordinating and monitoring compliance with the Bank Secrecy Act. To meet the minimum requirement, each bank must designate a senior bank official to be responsible for overall BSA compliance. Other individuals in each office, department or regional headquarters should be given the responsibility for day-to-day compliance. The title of the individual responsible for overall BSA compliance is not important; however, the level of authority is. The senior bank official in charge of BSA compliance should be in a position, and have the authority, to make and enforce policies. A "BSA Officer" who reports to a senior official would not be sufficient to meet the requirements unless the senior official is officially in charge of overall BSA compliance.
For purposes of BSA compliance, the senior bank official responsible for overall compliance does not have to be an "executive officer" as defined in Federal Reserve Regulation O. Regulation O defines an "executive officer" as a person who participates or has authority to participate in major policymaking functions of the bank. An officer who has authority to make and enforce policies in a narrowly defined area such as BSA would not automatically be designated an "executive officer"; nor is it the intent of the guidelines to require the BSA officer to meet the requirements of the Regulation O definitions. In many banks, the institution's compliance officer would be a suitable designee.
4. Training for appropriate personnel. At a minimum, the bank's training program must provide training of tellers and other personnel who handle currency transactions. In addition, an overview of the BSA requirements should be given to new employees and efforts should be made to keep executives informed of changes and new developments in BSA regulation.
Depending on the bank's needs, training materials can be purchased from banking associations, trade groups or outside vendors or they can be developed by the bank. Copies of the training materials must be available in the bank for review by examiners.
When citing an apparent violation of 31 C.F.R. Part 103, the following information should be included:
1.Reference to the appropriate section of the regulation;
2.The nature of the apparent violation;
3.The date of the transaction;
4.The name of each party to the transaction;
5.The amount of the transaction; and
6.The nature of the transaction.
When citing violations of Part 103, DO NOT include statements attributing the violations to causes, such as oversight or inadvertent errors. Treasury reserves the authority to determine if civil or criminal penalties should be pursued for violations of Part 103, and comments on the supposed causes of violations may affect Treasury's ability to pursue a case.
When citing an apparent violation of section 326.8 of FDIC rules and regulations, the following information should be included:
1. The nature of the apparent violation;
2. The name(s) of the individual(s) responsible for coordinating and monitoring compliance with the Bank Secrecy Act;
3. The internal control deficiency that contributed to the apparent violation; and 4.Management's response, including the name of the bank official promising corrective action.
The FDIC is required to report to the Treasury Department all BSA violations discovered during each examination. This does not mean that each violation should be separately written up in the examination report. In most instances, violations involving different sections of the regulation may be grouped. For example, if the bank failed to obtain and record the required information for ten monetary instruments sold for cash in excess of $3,000, the examiner may cite the appropriate section of the regulation and indicate there are ten such violations and list a minimum of three examples. If the bank failed to file a Currency Transaction Report (CTR) on the same cash sales of monetary instruments where the aggregate amount exceeded $10,000, the violations may be grouped together, but each section of the regulation violated must be cited. If violations are grouped, they may be written up similar to the following:
The bank is in apparent violation of the above cited sections of the Treasury Departments's financial recordkeeping regulations because it failed to record the purchaser's social security number in ten instances, including the following listed transactions. Additionally, the three transactions listed below, when aggregated, exceed $10,000. The bank failed to file a currency transaction report.
John Q. Customer
John Q. Customer
John Q. Customer
When grouping violations, examiners should ensure that each separate violation is properly accounted for on the BSA Data Entry Sheet. For example, the above represents violations of two separate sections of the regulation; therefore, there should be 10 violations of Section 103.29(a)(2) [Currently Code 6625] and one violation of Section 103.22(a) [Currently Code 6601] reflected on the data entry form.
Random, isolated violations do not require lengthy explanations on the violations pages. A citation of each section violated and a brief comment is all that is necessary. Additionally, lengthy comments concerning those violations are not always necessary in comments sections of the examination report. If deemed warranted, a brief reference will be sufficient. Random, isolated violations may be written up similar to the following: (Use column format.)
The following represent random, isolated violations of Treasury's financial recordkeeping regulations, Title 31 C.F.R Part 103:
Name: John Borrower
Failed to record purpose of loan.
Name: Jack Depositor
Description: Currency Deposit
Failed to obtain identification.
Name: C. D. Purchaser
Description: CD purchase
Failed to note method of purchase.
Repeat violations of the same provision of the same section of the regulation may trigger a formal or informal enforcement action. For BSA purposes, repeat violations do not include violations of a section requiring that several pieces of information be kept, where one piece of data was missing at the last examination, and a different piece of data is missing at the current examination, but the regulatory citation is the same. Repeat violations must be thoroughly documented, and each example of such violations should be included in the report with appropriate comments. Examiners also should thoroughly document all violations when considering a recommendation for a referral to Treasury for civil money penalties; however, examiners should not make any verbal or written comments to the bank concerning any referrals to Treasury.
Regardless of whether a few examples are used to illustrate multiple violations, or an all inclusive listing of violations is included in the examination report, it is imperative that a complete listing of all violations discovered during the examination be left with bank management at the conclusion of the examination.
If repeat violations of the regulations are noted, the Report should include a brief explanation of the seriousness of and reasons for continued noncompliance. For example, if random, isolated violations resulted from minor deficiencies in the bank's procedures, procedural changes should be recommended to ensure future compliance. However, where there appears to be a pattern or practice resulting in numerous exceptions which are not sufficiently explained and which may reflect willful or negligent disregard for the regulation, the examiner should consider recommending civil money penalties to Treasury and/or initiating cease and desist action under section 8 of the FDI Act.
Formal Supervisory Action
Repeat violations of Subpart B of Part 326, in most instances, will necessitate that formal supervisory action (Cease and Desist Order) be initiated against the institution as required by 12 U.S.C. Section 1818(s). In situations where the institution has failed to take corrective action for deficiencies cited in previous examinations, formal supervisory action and/or civil money penalties also may be warranted. If an institution is convicted of a Title 18 or Title 31 U.S. Code offense involving money laundering, 12 U.S.C. Section 1818(w) provides for possible termination of deposit insurance proceedings against the institution by FDIC.
Willful Or Deliberate Disregard For The Regulations
In cases of willful or deliberate violations of the Treasury regulation or whenever the bank appears to be deliberately or willfully disregarding regulatory provisions in an attempt to conceal or abet the violation of some other law or regulation or to conceal a customer's transaction, the examiner should prepare a Suspicious Activity Report (SAR) for transmittal to the Financial Crimes Enforcement Network (FinCEN).
It is important to be able to distinguish between willful and deliberate violations resulting from a total disregard for the Treasury regulation and willful and deliberate violations in furtherance of the commission of violations of other federal law or as part of a pattern of illegal activity. Noncompliance due to disregard for the regulation would likely trigger civil penalties whereas noncompliance contributing to the furtherance of the commission of violations of other federal law or as part of a pattern of illegal activity may call for criminal penalties.
Comments to the effect that 31 C.F.R. Part 103 violations appear to lack willfulness or criminality should not be included in the Report. Conclusions such as this cannot always be supported without further investigation and should only be made by the Treasury Department. On the other hand, examiners should recommend civil money penalties where circumstances warrant. Recommendation for penalties must be supported by facts not opinions.
When discussing the findings of the examination with bank management, the examiner should be careful not to tell management or lead them to believe that if they correct the deficiencies and violations of 31 C.F.R. Part 103, this action will eliminate the possibility of civil money penalties for past violations. That decision is left to Treasury.
Referrals To Treasury For Civil Money Penalties
It is FDIC's policy to refer significant violations of the BSA by insured nonmember banks to Treasury for review and possible assessment of civil and/or criminal penalties. If situations exist which appear to warrant a referral, examiners should consult with their Regional Office before proceeding further. If the decision is made to proceed with the referral, the original of the referral should be sent to FinCEN after review by Regional Office staff. A copy should be sent to the Special Activities Section in Washington. Examiners should not advise the financial institution that a civil penalty referral is being submitted to Treasury. If an investigation by the IRS Criminal Investigation Division is warranted, it may be compromised by disclosure of this information. It is permissible to tell management that Treasury is routinely notified of all BSA violations.
"Know Your Customer" Policy
One of the most important, if not the most important means by which financial institutions can hope to avoid criminal exposure to the institution from customers who use the resources of the institution for illicit purposes is to have a clear and concise understanding of each customer's practices. The adoption of "know your customer" guidelines or procedures by financial institutions has proven extremely effective in detecting suspicious activity by customers of the institution in a timely manner.
Even though not required by regulation or statute, it is imperative that financial institutions adopt "know your customer" guidelines or procedures to enable the immediate detection and identification of suspicious activity at the institution. The concept of "know your customer" is, by design, not explicitly defined so that each institution can adopt procedures best suited for its own operations. An effective "know your customer" policy must, at a minimum, contain a clear statement of management's overall expectations and establish specific line responsibilities. While the officers and staff of smaller banks may have more frequent and direct contact with customers than their counterparts in large urban institutions, it is incumbent upon all institutions to adopt and follow policies appropriate to their size, location, and type of business.
Objectives Of "Know Your Customer" Policy
1. A "know your customer" policy should increase the likelihood the financial institution is in compliance with all statutes and regulations and adheres to sound and recognized banking practices.
2. A "know your customer" policy should decrease the likelihood the financial institution will become a victim of illegal activities perpetrated by a customer.
3. A "know your customer" policy that is effective will protect the good name and reputation of the financial institution.
4. A "know your customer" policy should not interfere with the relationship of the financial institution with its good customers.
At the present time there are no statutory mandates requiring a "know your customer" policy or specifying the contents of such a policy. However, in order to develop and maintain a practical and useful policy, financial institutions should incorporate the following principles into their business practices:
1. Financial institutions should make a reasonable effort to determine the true identity of all customers requesting the bank's services;
2. Financial institutions should take particular care to identify the ownership of all accounts and of those using safe-custody facilities;
3. Identification should be obtained from all new customers;
4. Evidence of identity should be obtained from customers seeking to conduct significant business transactions; and
5. Financial institutions should be aware of any unusual transaction activity or activity that is disproportionate to the customer's known business.
An integral part of an effective "know your customer" policy is a comprehensive knowledge of the transactions carried out by the customers of the financial institution. Therefore, it is necessary that the "know your customer" procedures established by the institution allow for the collection of sufficient information to develop a "transaction profile" of each customer. The primary objective of such procedures is to enable the financial institution to predict with relative certainty the types of transactions in which a customer is likely to be engaged. Internal systems should then be developed for monitoring transactions to determine if transactions occur which are inconsistent with the customer's "transaction profile". A "know your customer" policy must consist of procedures that require proper identification of every customer at the time a relationship is established in order to prevent the creation of fictitious accounts. In addition, the bank's employee education program should provide examples of customer behavior or activity which may warrant investigation.
Identifying The Customer
As a general rule, a business relationship with a financial institution should never be established until the identity of a potential customer is satisfactorily established. If a potential customer refuses to produce any of the requested information, the relationship should not be established. Likewise, if requested follow-up information is not forthcoming, any relationship already begun should be terminated.
Payable Through Accounts
Regulators have become aware of the increasing international use of an account service known as the "payable through account". They are being marketed by U.S. banks, Edge corporations and the U.S. branches and agencies of foreign banks to foreign banks that otherwise would not have the ability to offer their customers direct access to the U.S. banking system. While payable through accounts provide legitimate business benefits, the operational aspects of the account make it particularly vulnerable to abuse as a mechanism to launder money. In addition, payable through accounts present unique safety and soundness risks to banking entities in the U.S.
NOTE: The payable through account has long been used in the U.S. by credit unions (e.g. for checking account services) and investment companies (e.g. for checking account services associated with money market management accounts) to offer customers the full range of banking services that only a commercial bank has the ability to provide. Since these organizations are regulated by federal or state agencies, or are otherwise subject to established industry standards, the traditional use of PTAs has not been a cause for concern by bank regulators.
A payable through account (PTA) is a demand deposit account through which banking agencies located in the United States extend check writing privileges to the customers of foreign banks.
Under the PTA arrangement, a U.S. bank, Edge corporation or the U.S. branch or agency of a foreign bank (U.S. banking entity) opens a master checking account in the name of a foreign bank operating outside the United States.
The master account is subsequently divided by the foreign bank into "sub-accounts" each in the name of one of the foreign bank's customers.
1. Each sub-account holder becomes a signatory on the foreign bank's account at the U.S. banking entity and may conduct banking activities through the account.
2. Sub-account holders in turn may solicit other foreign banks, rather than individuals, to use their accounts at the U.S. banking entity. These second tier foreign banks then solicit individuals as customers. This may result in thousands of individuals having signatory authority over a single account at a U.S. banking entity.
The PTA mechanism permits the foreign bank operating outside the U.S. to offer its customers, the sub-account holders, U.S.- denominated checks and ancillary services, such as the ability to receive wire transfers to and from sub-accounts and to cash checks.
1. Checks are encoded with the foreign bank's account number along with a numeric code to identify the sub-account.
2. Deposits into the master account may flow through the foreign bank, which pools them for daily transfer to the U.S. banking entity.
3. Funds may also flow directly to the U.S. banking entity for credit to the master account, with further credit to the sub-account.
Benefits And Risks Associated With Payable Through Accounts
While the objectives of U.S. banking entities marketing PTAs and foreign banks which subscribe to the PTA service may vary, essentially three benefits currently drive provider and user interest.
1. PTAs permit U.S. banking entities to attract dollar deposits from the home market of foreign banks without jeopardizing the foreign bank's relationship with its clients.
2. PTAs provide fee income potential for both the U.S. PTA provider and the foreign bank.
3. Foreign banks can offer their customers efficient and low cost access to the U.S. payment system.
The PTA arrangement between a U.S. banking entity and a foreign bank may be subject to the following risks:
1. Credit risk – the risk the foreign bank will fail to perform according to the terms and conditions of the payable through agreement, either due to bankruptcy or other financial difficulties.
2. Settlement risk – the risk that arises when the U.S. banking entity pays out funds before it can be certain that it will receive the corresponding deposit from the foreign bank.
3. Country risk – the risk the foreign bank will be unable to fulfill its international obligations due to domestic strife, revolution, political disturbances, etc.
4. Regulatory risk – the risk deposit and withdrawal transactions through the PTA may violate state and/or federal laws and regulations.
Possible Illegal Or Improper Conduct Associated With Payable Through Accounts
Regulators are concerned that the use of PTAs may facilitate unsafe and unsound banking practices and other misconduct, including money laundering and related criminal activities. Unless a U.S. banking entity is able to identify adequately, and understand the transactions of, the ultimate users of the foreign bank's account maintained at the U.S. banking entity, there is a potential for serious illegal conduct.
Guidelines On Payable Through Accounts
Because of the possibility of illicit activities being conducted through PTAs at U.S. banking entities, regulators believe it is inconsistent with the principles of safe and sound banking for U.S. banking entities to offer PTA services without developing and maintaining policies and procedures designed to guard against the possible improper or illegal use of PTA facilities.
1. Policies and Procedures – Policies and procedures must be fashioned to enable each U.S. banking entity offering PTA services to foreign banks to:
a. Identify sufficiently the ultimate users of its foreign bank PTAs, including obtaining (or having the ability to obtain), in the United States, substantially the same type of information on the ultimate users as the U.S. banking entity obtains for its domestic customers.
b. Review the foreign bank's own procedures for identifying and monitoring sub-account holders, as well as the relevant statutory and regulatory requirements placed on the foreign bank to identify and monitor the transactions of its own customers by its home country supervisory authorities.
c. Monitor account activities conducted in the PTAs with foreign banks and report suspicious or unusual activity in accordance with federal regulations.
2. Termination of PTAs – It is recommended the U.S. banking entity terminate a PTA with a foreign bank as expeditiously as possible in the following situations:
a. Adequate information about the ultimate users of the PTAs cannot be obtained;
b. The U.S. banking entity cannot adequately rely on the home country supervisor to require the foreign bank to identify and monitor the transactions of its own customers; or
c. The U.S. banking entity is unable to insure that its PTAs are not being used for money laundering or other illicit purposes.
Treasury's Office Of Foreign Assets Control (OFAC)
The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) administers laws that impose economic sanctions against hostile foreign countries to further U.S. foreign policy and national security objectives.
OFAC also is responsible for issuing regulations that restrict transactions by U.S. persons or entities (including banks), located in the U.S. or abroad, with certain foreign countries, their nationals or "specially designated nationals". OFAC regularly provides to banks, or banks may subscribe to certain databases or other informational providers, including the Federal Register, to receive current listings of foreign countries and designated nationals that are prohibited from conducting business with any U.S. entity or individual. Violations of these laws can expose financial institutions to substantial penalties.
OFAC rules require banks to identify transactions with prohibited entities. The rules may require banks to reject or freeze the funds involved in the transactions. In either event, banks are required to notify OFAC when transactions with prohibited entities are attempted or completed.
Examiners are not required to compare the OFAC listings with accounts at institutions under examination. However, examiners should determine if an institution under examination has policies and procedures in place to monitor compliance with OFAC regulations. At a minimum, each institution should maintain a current listing of prohibited countries, entities and individuals. New accounts should be compared to the OFAC list before opening, and established accounts should be regularly compared to current OFAC listings. Failure to maintain policies and procedures to comply with OFAC rules is not a violation of law; however, failure to block transactions with prohibited countries, entities or individuals may expose the institution to substantial penalties.
Suspicious Activity Reports
Part 353 of FDIC Rules and Regulations requires insured state nonmember banks to report to FinCEN on FDIC Form 6710/06, Suspicious Activity Report (SAR), known or suspected criminal offenses. Details on the reporting requirements may be found in Section 8.2 (Criminal Violations) of this manual. Among the suspicious activities required to be reported are any transactions aggregating $5,000 or more that involve potential money laundering or violations of the BSA. Suspicious transactions may no longer be reported by using a CTR. If the suspicious transaction involves more than $10,000 in cash, a CTR and a SAR must be prepared and filed. If the suspicious transaction involves between $5,000 and $10,000 in cash, only the SAR should be prepared and filed.
The SAR should be filed if the bank knows, suspects, or has reason to suspect that:
1. The transaction involves funds derived from illegal activities or is intended or conducted in order to hide or disguise funds or assets derived from illegal activities (including, without limitation, the ownership, nature, source, location, or control of such funds or assets) as part of a plan to violate or evade any federal law or regulation or to avoid any transaction reporting requirement under federal law;
2. The transaction is designed to evade any regulations promulgated under the Bank Secrecy Act; or
3. The transaction has no business or apparent lawful purpose or is not the sort of transaction in which the particular customer would normally be expected to engage, and the bank knows of no reasonable explanation for the transaction after examining the available facts, including the background and possible purpose of the transaction.
A bank shall file the SAR no later than 30 calendar days after the date of initial detection of facts that may constitute a basis for filing a SAR. If no suspect was identified on the date of detection of the incident requiring the filing, a bank may delay filing a suspicious activity report for an additional 30 calendar days to identify a suspect. In no case shall reporting be delayed more than 60 days after the date of initial detection of a reportable transaction. The bank's board of directors, or a designated committee thereof, should be promptly notified of any SAR filed, and a copy of each SAR filed, along with supporting documentation, should be retained for a period of five years from the date filed.
If an examiner determines that a bank has failed to file a suspicious activity report when there is evidence to indicate a report should have been filed, the examiner should instruct the bank to immediately file the report. If the bank refuses, the examiner should complete the report and cite a violation of Part 353 of FDIC Rules and Regulations without providing details of the suspicious activity or the SAR in the report of examination. The SAR should be sent to the regional office, accompanied by a memorandum detailing the suspicious activity. Any examiner prepared SARs and all supporting documents should be maintained in the field office files for five years.
Confidentiality Of Reports
Suspicious activity reports are confidential. Any bank subpoenaed or otherwise requested to disclose a suspicious activity report or the information contained in a suspicious activity report shall decline to produce the suspicious activity report or to provide any information that would disclose that a suspicious activity report has been prepared or filed.
Suspicious Activity Report Database
FinCEN maintains a database containing information from SARs filed by all federally insured financial institutions. Currently, the database is accessible only to specifically designated personnel in the Washington Office and each Regional Office. If an examiner has reason to believe suspicious activity has not been reported by the bank under examination, the examiner may request through the Regional Office contact a listing of SARs filed or copies of SARs filed. If suspicious activity is discovered at the bank under examination, the examiner also may utilize the resources of the FinCEN database to obtain information concerning possible suspicious activity involving the same person or entity at other federally insured financial institutions.
Currency And Banking Retrieval System
The Currency and Banking Retrieval System (CBRS) is a database of CTRs filed with the IRS. It is maintained at the Internal Revenue Service Detroit Data Center. The Regional Office contact who has access to the FinCEN database may also access the CBRS. The CBRS may be used to verify CTRs filed by the bank under examination if the examiner suspects reports have not been filed, or it may be used to provide information for further investigation of suspicious currency transaction activity. Information required to obtain information from the CBRS includes:
(1) the name and taxpayer identification number of the filing bank, if requesting information on CTRs filed by a particular bank,
(2) the taxpayer identification number of the party named in Part I and/or Part II of the CTR, if seeking information on the subject(s) of the CTR; and
(3) the range of dates for which reports are requested. Examiners should take into consideration the volume of CTRs filed by the bank under examination when determining the range of dates requested.
FinCEN prepares a number of reports which may aid examiners in targeting certain financial institutions for special review of BSA compliance and in identifying money laundering schemes. The reports include Cash Flow Reports showing currency shipments between banks and the Federal Reserve, and an analysis of each bank's currency shipment trends compared to its peers, as well as the FinCEN Advisory, which advises financial institutions, regulatory agencies and law enforcement agencies of trends and developments related to money laundering and financial crime.