Speaker 1: Welcome to this session on the Bank Secrecy Act and Anti-Money Laundering. Today, we'll go over the history of the BSA, major players in the BSA world, and the necessary components of a BSA program. It all started with the Bank Secrecy Act, which was passed in 1970 to determine money laundering and identify the movement of criminal proceeds. This was a big change for the financial services industry as it established regulatory reporting standards and requirements. Why is this important? Because with the passing of the Bank Secrecy Act, banks now have an obligation to create a paper trail for suspicious activity that could be related to financial crimes or terrorism. The BSA was helpful in improving the detection and investigation of criminal tax and regulatory violations, safeguarding the financial system, detecting and deterring criminals, creating official records of suspicious activity reports, and aiding law enforcement. Following the BSA, there was the Money Laundering Control Act in 1986, which defined and criminalized money laundering, the creation of the Financial Crimes Enforcement Network, or FinCEN, in 1990, which is a key organization in administering and monitoring the BSA within the U.S., and the 1992 Anunzio-Wiley Anti-Money Laundering Act, which amended the BSA to require that financial institutions must report any suspicious transactions. This Act lays out specific instructions for reporting situations where the institution or customers may be victims of fraud, or where the institution may be a channel for funding criminal activity such as terrorist financing or money laundering. Then, in 2001, Congress passed the USA PATRIOT Act, which stands for Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism. This legislation contained provisions for combating domestic and international money laundering, as well as blocking terrorist access to the U.S. financial system. More specifically, it provided guidance on how financial institutions should organize their money laundering compliance programs and their relationship with foreign banks and customers. Under the combined direction of the BSA and the PATRIOT Act, banks are required to adhere to these four pillars, maintaining a formal BSA AML program with specific internal policies, procedures, and controls, designating a Bank Secrecy Act officer, independent testing of your bank's BSA AML program to ensure compliance, and annual training for all bank staff and board members. Now that we know some of the background on the BSA, let's see who's involved in the BSA process. There are two big players here, the Office of Foreign Asset Control, or OFAC, and FinCEN, which we mentioned earlier. OFAC is a division of the U.S. Department of the Treasury and was established in 1950 to implement economic sanctions against certain countries outside of the U.S. The intent is to keep financial institutions from interacting with those entities. OFAC maintains a list of these sanctioned countries, individuals, and organizations that banks must use to screen membership and transactional activity, and it is updated regularly as more sanctions are added. So, when any monetary transaction is performed within your bank, it must be scanned against the SDN list. If a match is found, the transaction can either be blocked or rejected. Then there's FinCEN, which seeks to safeguard the financial system from illicit use and combat money laundering. This organization is responsible for managing suspicious activity reporting and currency transaction reporting processes. In addition, FinCEN facilitates the information sharing portion of the BSA requirements. Speaking of BSA requirements, let's talk about those. What exactly is required? Your bank should have policies and procedures for a customer identification program, beneficial ownership, information sharing under sections 314A and B, suspicious activity reporting, currency transaction reporting, record keeping, and risk assessment. The customer identification program, CIP for short, is necessary to verify the identity of any person seeking to open an account with your bank. This means not only acquiring different pieces of information, such as the person's name, date of birth, address, and identification number of some sort. It's also about understanding the person and what kinds of activity to expect from them. Is the customer a college student with limited funds and a minimum wage job? If so, that can help you determine what sorts of financial activity would be normal for that person in terms of deposits, transactions, lending, etc. In this case, a check for $10,000 may be a bit strange and potentially suspicious, or it might be funds for a tuition payment. So the responsibility for verifying and validating unusual transactions would rest with your staff. Along with the initial step of getting to know your customer, BSA requires continuous customer due diligence. This means checking up on them every so often to check for changes in activity, your relationship history, anticipated volumes of activity versus actual volumes, and potential red flag activity. Enhanced due diligence, as it's referred to, will check for sudden or significant changes in transaction activity, did the customer go from biweekly deposits to daily, links to common beneficiaries or remitters of seemingly unrelated accounts, interactions with high-risk areas or with high-risk entities, and any indications of money laundering or criminal activity that may be occurring. New Tripoli Bank uses a system known as Verifin, which is an integral part of our enhanced due diligence process. This system uploads all transactions from the previous day and then alerts the BSA Department of any unusual or suspicious activities via alerts. Every morning, the BSA Department reviews these alerts to determine if we need to do anything further. Once and done certainly does not apply to the BSA process. Enhanced ongoing due diligence is the name of the game. On May 11, 2018, FinCEN made the beneficial ownership role official as part of the BSA process. This new fifth pillar requires that financial institutions identify the beneficial owner of legal entity customers. These include corporations, LLCs, partnerships, business trusts, entities created by filing with a state office, and, finally, entities formed under the laws of non-U.S. jurisdiction. To identify the beneficial owner, you must determine individuals who own or control the entity. Your bank simply needs to obtain a certification document from the customer that states the identities of the beneficial owner or owners and the name of the person with the controlling interest. The BSA process includes information sharing under Sections 314A and 314B of the USA PATRIOT Act. 314A applies to mandatory sharing, where banks must disclose information when requested through a biweekly request. This information is used by law enforcement to help them track down and seek out criminals. For each request, 10 new accounts and 47 new transactions are identified in association with the criminal activity, so it's incredibly important. 314B applies to voluntary sharing among other financial institutions. In order to participate in voluntary sharing, employees from the bank must be registered with FinCEN to share information under BSA regulations. By allowing the limited shared information, more criminal activity can be identified and stopped. Suspicious activity reports, also known as SARs, are a critical part of a bank's BSA AML program. If any sort of activity, not just cash transactions, is deemed suspicious, a SAR must be filed no more than 30 days following the date the activity was determined. Reportable activities include any suspected violations of federal, state, local, or foreign laws, transactions with no business or apparent lawful purpose, activity that involves an employee of the bank, activity involving a known suspect and an amount of $5,000 or more, and any activity that reaches an amount of $25,000 or more. For example, a wire or ACH transaction that was reported as fraudulent might require a SAR. Attempts from a customer to access your institution's data would constitute another. When completing a SAR, you should be certain to explain everything you know about the transaction in a way that a person unfamiliar with banks would understand. It's also important to note that SARs are to remain confidential. A customer should never be notified that a SAR was filed. In fact, unauthorized disclosure of a SAR is a violation of federal law. If any further suspicious activity occurs related to the initial incident, more SARs may be required. Another kind of mandatory BSA reporting is Currency Transaction Reporting, or CTR. A CTR must be filed for cash transactions over $10,000. The $10,000 threshold is met when cash transactions of any one direction exceed that amount on a single business day. If a customer withdraws $9,900 in cash at the teller line and later also withdraws $500 from an ATM, he or she would have exceeded the amount required for reporting. If the customer withdrew $9,900 and later deposited $5,000 on the same day, no CTR would be required because the total in and out had not exceeded $10,000. Now you might be asking yourself, with all these reporting obligations, are there also record-keeping requirements? The answer is yes, and the good news is that BSA record-keeping requirements are easy to remember. Your bank must keep records of CTRs, SARs, official checks, drafts, cashier's checks, money orders, and traveler's checks for five years. Simple enough, right? Finally, your bank must perform an annual risk assessment as it pertains to the BSA and AML. This means evaluating products and services, vendors, security measures, and even your customers to identify potential risks where money laundering, fraud, terrorist financing, and other BSA-related crimes might occur. Thank you for exploring the Bank Secrecy Act and anti-money laundering regulations. Have a great day.