at a much higher level with less detail than institution-line employees. The training needs to be ongoing and incorporate current developments and changes to the BSA, AML laws and agency regulations. New and different money laundering schemes involving customers and financial institutions should be addressed. It also should include examples of money laundering schemes and cases tailored to the audience and the ways in which such activities can be detected or resolved. Another focus of the training should be on the consequences of an employee’s failure to comply with established policies and procedures (e.g., fines or termination). These programs also should provide personnel with guidance and direction in terms of bank policies and available resources. Beneficial Ownership Procedures The beneficial ownership rule contains three core requirements: 1. Identifying and verifying the identity of the beneficial owners of companies opening accounts; 2. Understanding the nature and purpose of customer relationships to develop customer risk profiles; and 3. Conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information. A beneficial owner is an individual who owns more than 25% of the equity interest in a company or is the single individual who exercises control. Also subject to these requirements is the one person who has control of each legal entity customer. Beyond the Basics BSA enforcement actions continue to raise the bar for all financial institutions. BSA compliance programs must meet additional standards in order to be considered adequate to meet the ever-evolving challenges that arise over time: • Customer Due Diligence (CDD): Verifying a customer’s name, address, date of birth and identification number will satisfy the basic BSA customer identification requirements. However, these four pieces of information will not be enough to help an institution determine a customer’s typical account activity. The recent C&D orders make clear that regulators expect community bank managers to use information collected as part of the institution’s CDD process to predict the type, dollar amount and volume of transactions that a customer is likely to conduct. This expectation goes beyond the new beneficial ownership rule to extend CDD expectations to the broader customer base. Several institutions subject to the recent round of enforcement actions were directed to develop specific procedures to describe how the institution will conduct customer due diligence. As computer and software technology has improved, regulators have come to expect small and large banks to gather and review information about the normal range of a customer’s banking activities. They view the CDD processes and analysis as providing the framework that enables institutions to comply with suspicious activity reporting requirements. • Account and Transaction Monitoring: A number of institutions that received the most recent orders did not have adequate, or any, procedures for detecting and reporting suspicious activities. The enforcement actions make clear that community banks must specify in writing how the institution will analyze and use customer information to detect suspicious activities. As this area gets more complex, it becomes more difficult to try to maintain an adequate suspicious activity monitoring regimen without some form of automated monitoring. Conclusion The costs of being subject to an enforcement action go beyond extra regulatory scrutiny in subsequent examinations. Institutions under the latest round of actions must report the enforcement action in communications with their shareholders and spend significant sums of money to hire outside consultants to train employees, audit the revised BSA programs and backfile required reports. They also must submit planned actions to the regulators involved for prior approval, as well as report regularly (usually quarterly) on their progress in remediating the deficiencies that led to their particular enforcement action. An interagency BSA enforcement policy statement clarifies that formal enforcement actions will not be issued for minor BSA infractions. These enforcement actions are levied against financial institutions — including community banks — with significant breakdowns in their BSA compliance systems. The consent and other orders illustrate that all banks are expected to have very specific procedures for how they will collect customer information, predict customer account activity, utilize transaction monitoring reports, and train and manage employees with BSA-related responsibilities. Be sure that you are not an object lesson for your banking fellows. If we can help, contact us. William J. Showalter, CRCM, CRP, is a senior consultant with Young & Associates Inc. (www.younginc.com) with over 35 years of experience in compliance consulting, advising and assisting financial institutions on consumer compliance and compliance management issues. He also has developed and conducted compliance training programs for individual banks and their trade associations and has authored or co-authored numerous compliance publications and articles. Bill can be reached at (330) 678-0524 or wshowalter@younginc.com. 20 In Touch
RkJQdWJsaXNoZXIy ODQxMjUw