Account Documentation Series: Compliance & Due Diligence ...
Transcript of Account Documentation Series: Compliance & Due Diligence ...
P R E S E N T E D B Y
M A R Y - L O U H E I G H E S
C O M P L I A N C E P L U S , I N C .
m h e i g h e s @ c u a s k m e . c o m
J A N U A R Y 2 0 1 7
Compliance & Due Diligence at Account Opening
1
Disclaimer 2
This presentation is designed to provide accurate and authoritative information in
regard to the subject matter covered. The handouts, visuals, and verbal information
provided are current as of the webinar date. However, due to an evolving
regulatory environment, Financial Education & Development, Inc. does not
guarantee that this is the most-current information on this subject after that time.
Webinar content is provided with the understanding that the publisher is not
rendering legal, accounting, or other professional services. Before relying on the
material in any important matter, users should carefully evaluate its accuracy,
currency, completeness, and relevance for their purposes, and should obtain any
appropriate professional advice. The content does not necessarily reflect the views
of the publisher or indicate a commitment to a particular course of action. Links to
other websites are inserted for convenience and do not constitute endorsement of
material at those sites, or any associated organization, product, or service.
Sponsors
Alabama Bankers Association
Arkansas Community Bankers
California Community Banking Network
Independent Bankers of Colorado
Florida Bankers Association
Community Bankers Association of Georgia
Community Banker Association of Illinois
Indiana Bankers Association
Community Bankers of Iowa
Community Bankers Association of Kansas
Kentucky Bankers Association
Maine Bankers Association
Community Bankers of Michigan
Independent Community Bankers of Minnesota
Missouri Independent Bankers Association
Montana Independent Bankers Association
Nebraska Independent Community Bankers
Independent Comm. Bankers Assoc. of New Mexico
Independent Bankers Assoc. of New York State
Independent Community Banks of North Dakota
Community Bankers Association of Ohio
Community Bankers Association of Oklahoma
Pennsylvania Association of Comm. Bankers
Independent Banks of South Carolina
Independent Comm. Bankers of South Dakota
Tennessee Bankers Association
Independent Bankers Association of Texas
Vermont Bankers Association
Virginia Association of Community Banks
Community Bankers of Washington
Community Bankers of West Virginia
Wisconsin Bankers Association
Directed by The Community Bankers Webinar Network
3
Today’s Presenter 4
Mary-Lou Heighes, Compliance Plus, Inc.
Mary-Lou Heighes is President and founder of Compliance Plus, Inc., which has assisted financial institutions with the development of compliance programs since 2000. She provides compliance training for trade associations and financial institutions. Mary-Lou has been an instructor at regulatory compliance schools, conducts dozens of webinars, and speaks at numerous conferences throughout the country.
Involved with financial institutions since 1989, Mary-Lou has over 20 years’ compliance experience. Before starting Compliance Plus in 2000, she spent five years working as a loan officer, marketer, and collector. She also worked at a state trade association for seven years providing compliance assistance and advising on state and federal legislative issues that affect financial institutions.
Topics
Customer Identification Program
Customer Due Diligence
Identity Theft Red Flags
Office of Foreign Assets Control
Signature Cards
Disclosures
5
PATRIOT Act Identification
Every financial institution is required to identify every
accountholder with whom they have a “formal banking
relationship” (i.e., Customer Identification Program)
Must have a “reasonable belief” that they know the people
who have accounts are who they say they are
Must have an idea of the types of activities accountholders
will engage in (i.e., Customer Due Diligence)
6
CIP Notification
Notice must be posted wherever accounts are opened – in person, by mail, online, etc.
Important Information About Procedures For Opening A New Account
To help the government fight the funding of terrorism and money laundering activities, federal law requires all financial institutions to obtain, verify, and record information that identifies each person who opens an account.
What this means for you: when you open an account, we will ask for your name, address, date of birth, and other information that will allow us to identify you. We may also ask to see your driver’s license or other identifying documents.
7
Who is the Customer for CIP?
Natural person – the person
Formal business – the business
May also need to do it on the owner(s) and signer (May 2018)
Sole proprietor – the person
An UTMA account – the custodian
An account established using a power of attorney
If principal is incapacitated – the attorney in fact
If the principal is not incapacitated – the principal
A formal trust or estate – the trust or estate
May also need to do CIP on the trustor, trustee, or executor depending on whether the account/party is considered higher risk
8
Customer Identification Program (CIP)
4 required pieces of information (natural person):
Name
Date of birth
Physical address
Home, work
Description of location
Next of kin
Taxpayer identification (or other identifying number)
US person = Social Security number
Non-US person = SSN, individual taxpayer identification number or other number tied to a government issued document
9
Additional Information
The institution may collect additional information as needed
Occupation is often collected at account opening
Will facilitate completion of Currency Transaction and Suspicious Activity Reports (SARs)
Helps in investigations
Is this information kept current?
10
Documentary Verification for CIP
Documentary: non-expired, government-issued
document showing nationality or residence and
bearing a photograph or similar safeguard, such as a:
Passport or passport card
State-issued driver’s license or identification
Other government issued document
Can use any government ID specified in your
CIP program
11
Non-Documentary Verification for CIP
Non-documentary can be anything spelled out in your written program, for example:
Expired government-issued documents
Credit or consumer report
Utility bill
Paycheck stub
Employee ID
Etc.
Useful for minors or anyone lacking government ID
Cannot go outside the institution’s written program
12
Customer Identification for Businesses
For businesses and other accounts held by non-natural persons:
Name
Physical address
Taxpayer identification number (EIN usually)
Documentary verification
Based on form of business – articles of incorporation, certificate of partnership, etc.
Whatever is in your written program
13
Verifying Information
You must be able to verify enough information to
form a true belief of who the person is that is
opening the account.
This does not mean that every single piece of
information must be verified.
Refer to your written procedures for direction.
14
Clarifying Discrepancies
If your procedures call for clarifying discrepancies –
for example name and SSN don’t match
Follow written procedures
(may include additional documentation)
If you have satisfied the requirement that you have
formed a true belief that the person or entity is who
they say they are, then the process is complete
15
Additional Documentation
Additional documentation may be required if the
institution needs it to clarify discrepancies or form a
reasonable belief as to the person’s identity
Credit report
Utility or other bills
Lease or rental agreements
Etc.
16
CIP Conclusions
If you are unable to reach a reasonable belief that the
person is who they say they are during the CIP process, the
written CIP program should specify what action you are to
take regarding the account
CIP is only conducted once per accountholder, unless the
institution later determines that it no longer has a
reasonable belief that the person is who they say
For businesses, the beneficial ownership form will need to be
completed for every new account regardless of current
account ownership/relationship (May 2018)
17
Account Opening Procedures
Your procedures should address all the different ways accounts may be established:
In person
Online
By mail
By phone
Through third parties
The methods for establishing identity may vary based on how the account is opened
18
Remote Opening
For accounts opened by mail, phone, or online
Procedures for establishing identity
Out-of-wallet questions
Information from consumer reports
Third-party verification services
IRS TIN-matching program
Will you be receiving government-issued identification?
What about signatures?
For fraud purposes, check signing, indorsements
19
Due Diligence
Anticipate the type of activities in which accountholders will engage
The higher the risk of the accountholder, the more due diligence is needed
Lower risk = CIP information and normal monitoring
Higher risk = above plus additional information concerning the accountholder and transactional information up front
20
Due Diligence for Business Accounts
In addition to the regular due diligence, financial
institutions must obtain CIP information on any owner
of a business that has 25% or more ownership; and the
same information over the person with direct control
or management of the business
There is a model form for this purpose.
21
Enhanced Due Diligence
For higher-risk accounts
Source of funds and wealth
Types of transactions
Dollar amounts
Location of transaction parties
Domestic
International
Type of business engaged in
Any other information deemed necessary for risk management
22
Consumer Reports
It is permissible to run a consumer report on anyone establishing an account?
If the consumer gives written permission, or
Otherwise has a legitimate business need for the information in connection with a business transaction that is initiated by the consumer
Credit report, ChexSystems/Qualifile, etc.
23
Denial Based on Consumer Report
If denying an account or services based on information
in a consumer report, adverse action notice is needed.
Name, address, and toll-free number for the
consumer reporting agency.
If credit score was used, must include the score.
24
Prescreens
If using a consumer report run at account opening to
determine whether the consumer qualifies for other
products and services beyond the one he or she requested
Considered a “prescreen” where credit is involved
Requires a “firm offer of credit”
25
Identity Theft Red Flags
Written program approved by the board outlines
the types of activity that may indicate identity theft
Several categories of red flags are addressed in the
written program
Follow the guidance in your Identity Theft Red
Flags program
26
Red Flags at Account Opening
A fraud or active duty alert is included with a consumer report.
A consumer reporting agency provides a notice of credit freeze in
response to a request for a consumer report.
A consumer reporting agency provides a notice of
address discrepancy.
Documents provided for identification appear to have been
altered or forged.
The photograph or physical description on the identification is
not consistent with the appearance of the applicant or
customer presenting the identification.
27
Suspicious Documents
Other information on the identification is not consistent
with information provided by the person opening a new
covered account or customer presenting the identification.
Other information on the identification is not consistent
with readily accessible information that is on file with the
financial institution or creditor, such as a signature card or
a recent check.
An application appears to have been altered or forged,
or gives the appearance of having been destroyed and
reassembled.
28
Suspicious Information
Personal identifying information provided is inconsistent when
compared against external information sources used by the
financial institution or creditor. For example:
The address does not match any address in the consumer report; or
The Social Security number (SSN) has not been issued, or is listed on
the Social Security Administration’s Death Master File.
Personal identifying information provided by the customer is not
consistent with other personal identifying information provided
by the customer. For example, there is a lack of correlation
between the SSN range and date of birth.
29
Suspicious Information
The person opening the covered account or the customer fails to provide all required personal identifying information on an application or in response to notification that the application is incomplete.
Personal identifying information provided is not consistent with personal identifying information that is on file with the financial institution or creditor.
For financial institutions and creditors that use challenge questions, the person opening the covered account or the customer cannot provide authenticating information beyond that which generally would be available from a wallet or consumer report.
30
Identity Theft and Business
Identity theft can occur on business accounts,
fiduciary accounts, any type of account.
Look for suspicious business paperwork, lack of
paperwork on the business.
Resistance to providing documentation, unwillingness
to answer questions about the business.
31
Identity Theft Reporting
If you believe that an attempt at identity theft has
been made, it should be reported to management
and usually the Bank Secrecy Act Officer.
Identity theft is reportable on a Suspicious
Activity Report.
32
Red Flags During Account Opening
Fraudulent identification information
ID theft or Active Duty Alert on credit report
Use of incorrect/false Social Security number
Deceased, not issued yet, name or DOB mismatch
Stated income not supported
No credit report
False income statements/paystubs
Unable to locate using contact information
False addresses/employer
33
Address Discrepancies
If a credit report shows an address different than
what was provided, you should verify address prior
to providing a credit account or a new plastic card.
34
Office of Foreign Assets Control
Once a reasonable belief is formed that this is the true
identity of the person, the name must be checked
against the lists maintained by the Office of Foreign
Assets Control.
These lists are people, places, entities, foundations, and
others that no one in the U.S. can do business with.
Parties to the account should be checked against the
OFAC list as specified in your written procedures.
35
OFAC Matches
“Hits” on the OFAC search should be handled in
accordance with your written procedures
Many such hits are false positives and documentation
on the false positive should be maintained
Any possible true matches should be verified with OFAC
Any true matches are to be reported to OFAC within
10 days
36
Signature Cards
Based on type of ownership
Individual
Joint (with or without right of survivorship)
Trust (formal requires special signature card?)
With pay-on-death beneficiaries
Sole proprietorship?
Formal business, organization, or association
Fiduciary capacity (power of attorney, conservatorship, rep. payee)
Uniform Transfer to Minors
IRAs
38
Individual Accounts
One owner
Signs signature card
May name a beneficiary or pay on death payee
Use owner’s Social Security number if US person
If one US person on account, must use SSN to report to Internal Revenue Service
Non-US person may have SSN, ITIN, or other identifying number
May provide W-8BEN
39
Joint Accounts
More than one owner
All parties sign signature card
Any party’s SSN can be used on the account
If one US person on account, must use SSN to report to Internal Revenue Service
Non-US person may have SSN, ITIN, or other identifying number
May provide W-8BEN
May name a beneficiary or pay-on-death payee
40
Trust Accounts
Should have a special signature card/account agreement for formal trusts
Trustors create the trust but are not signers on the account
Trustees are nominated by trustors to manage trust assets
They sign the signature card but are not owners of the account, they are merely agents
Trustors may name themselves as trustees
Beneficiaries of the trust may be named
41
Sole Proprietorships
Usually one owner
Owner signs signature card
May have other authorized signers
Use owner’s Social Security number (IRS encourages SSN even if they have an EIN)
If using another name (DBA) what is required as proof according to policy/procedures?
42
Formal Legal Entity
Use name of formal entity
Resolution or other documentation on who is authorized to sign
Authorized signers not necessarily owners
Use taxpayer identification number of legal entity
Does resolution or other documentation have limitations on signers?
43
Fiduciary Accounts
A fiduciary acts on someone else’s behalf
Account should be in the name of the person being represented by the fiduciary and may indicate the fiduciary and capacity
Bob Smith, by Jill Jones under POA
Phil Price, by Robin Rounds, Representative Payee
Janice Johnson, by Amy Hart, Custodian/Guarantor
SSN of the actual owner, not fiduciary
44
Uniform Transfer to Minors
Minor is the owner of the funds
Minor cannot transact
Custodian establishes account and maintains for the minor’s benefit
One minor and one custodian per account
Most states – except VA
Custodian signs signature card
Use minor’s name and SSN to report to IRS
45
Individual Retirement Arrangements
Owned by one person
Can never be under a trust
Special IRS paperwork in addition to signature card for type of account (savings, certificate)
Use owner’s Social Security number
May name beneficiaries
46
IRS Rules on Reporting
The name and taxpayer identification number must match
W-9 form for certification or substitute W-9 on the signature card
If on the signature card, either a separate signature line for the certification or a statement that the IRS does not require signer to agree to any terms
W-8BEN for non-US persons if requested
47
Whose Tax ID?
For this type of account:
Individual
Two or more individuals (joint account)
Custodian account of a minor (Uniform Gift to Minors Act)
a. The usual revocable savings trust (grantor is also trustee)
b. So-called trust account that is not a legal or valid trust under state law
Sole proprietorship or disregarded entity owned by an individual
Give name and SSN of:
The individual
The actual owner of the account or, if combined funds, the first individual on the account
The minor
The grantor-trustee
The actual owner
The owner
49
Whose Tax ID?
For this type of account: Grantor trust filing under Optional
Form 1099 Filing Method 1
Disregarded entity not owned by an individual
A valid trust, estate, or pension trust
Corporation or LLC electing corporate status on Form 8832 or Form 2553
Association, club, religious, charitable, educational, or other tax-exempt organization
Give name and SSN of: The grantor
Give name and EIN of: The owner
Legal entity
The corporation
The organization
50
Whose Tax ID?
For this type of account:
Partnership or multi-member LLC
A broker or registered nominee
Account with the Department of Agriculture in the name of a public entity (such as a state or local government, school district, or prison) that receives agricultural program payments
Grantor trust filing under the Form 1041 Filing Method or the Optional Form 1099 Filing Method 2 (see Regulations section 1.671-4(b)(2)(i)(B))
Give name and EIN of:
The partnership
The broker or nominee
The public entity
The trust
51
Required Disclosures
Truth in Savings
Your ability to withdraw funds (check holds)
Regulation D – transaction limitations
Regulation E – electronic funds transfers
Home banking
Bill payer
Audio response
Debit cards/ATM cards
52
Truth in Savings
Provided at account opening
In person, online
For accounts opened by phone
Mailed within 10 business days
Disclosure of terms and conditions related to the account:
Opening deposit, minimum balance requirements
Payment of interest or dividends, when paid
Fees and rates of interest or dividends
Features of certificates and time accounts
53
Overdraft Privilege/Courtesy Pay
Disclose the categories of transactions that may incur an overdraft fee – this means all debits, not just checks
For example, “overdraft fees may apply to any overdraft created by check, draft, withdrawals, ATM withdrawals, or other electronic means” or
You may incorporate a list of transactions and fees
Disclose fees
Disclose when items might not be paid
54
Account Agreement and Disclosure
In addition to regulatory requirements, the
disclosures contain contractual terms and
conditions of the account
Needs to be provided when account is opened
and is often referenced in the signature card
55
Contractual Terms and Conditions
Termination of account
Accountholder in good standing
Calculation and payment of interest/dividends
Account ownership
Terms and conditions of each type of account
Transaction limitations
Privacy (may be separate notice)
Funds Availability (may be separate notice)
Additional contractual terms
Joint and several liability
Stop payments
Postdating
Stale dating
Endorsement of checks
Truncation of checks
Returned checks/provisional credit
Overdraft privilege conditions
Change of address
Dormant accounts/escheat
Authorization for consumer report
Negative credit report notice
Choice of law
56
Your Ability to Withdraw Funds
Regulation CC: check holds
Provided before (at the time) a transaction (checking) account is opened
Specifies the time period that funds from deposits will be held
Includes normal and exception holds
Holds for new accounts
Any funds held beyond the timeframe specified would receive notice at time a hold is placed
Notice also posted where deposits are accepted
57
Transaction Limitations
Regulation D: limitation on transactions
Usually incorporated into the Truth in Savings Account Agreement and Disclosure
Discloses the limitation of certain transaction from non-transaction (savings) accounts
Maximum of 6 per month or statement cycle – checks and drafts to a third party, debit card, ACH debits, POS, home banking, bill payer, audio response, overdrafts
58
Electronic Funds Transfer
Disclosure required at the time an electronic service is requested or before the first EFT can be made from an account
Outlines the rights and liabilities of the institution and the accountholder
Specific error resolution procedures
Institution contact info, business days
Types of transactions, limitations on transactions
Sharing of information
Fees (including fees charged by others), documentation
Stop payments
59
What is an EFT?
Any transfer of funds that is initiated through an electronic terminal telephone, computer for the purpose of ordering, instructing, or authorizing a financial institution to debit or credit a consumer’s account:
Point of sale; automated teller machines
Direct deposits or withdrawals
Transfers initiated by telephone
Debit card transactions whether or not initiated through a terminal
Check conversions to ACH
Home banking, bill payer, mobile banking
60
Issuance of Access Device
Access device = card, code, or pin
Can be solicited – at the request of the accountholder
Can be unsolicited if:
Not validated at the time
Explanation of how to validate or dispose of
Accompanied by the required disclosures
Validated only in response to an oral or written request by the accountholder
61
Opt In for Overdraft Fees
For ATM and one-time debit card transactions
May include information about other types of transactions that may overdraw account
Consumer must opt-in before a fee can be charged for overdrawing an account
Does not include overdrafts from savings or lines of credit
Provide notice at account opening or upon request for service
62
Remote Deposit Capture (RDC)
Consumer’s ability to deposit checks remotely
Not covered by Regulation CC – check holds
Hold timeframes should be disclosed in RDC disclosure and if longer than regular holds, redisclosed often in a manner the consumer is likely to notice
Risk assessment recommended to determine who qualifies for the service, and restrictions or limitations on allowable deposits
Disclosure of terms, limitations, and conditions of RDC use provided at time service is made available (upon request, activation, etc.)
64
Privacy Notice
Federal privacy notice to be provided at account opening
Describes what information about the consumer is collected
Describes what information is shared by the institution and with whom
May provide an opt out from sharing
65
Insurance on Accounts
Every federally-insured financial institution must make available a written explanation regarding federal deposit insurance
Provided upon request of accountholder
Disclosures/information available to download online
Privately insured institutions must disclose that accounts are not federally insured on signature cards and statements
67
Providing Disclosures Electronically
Federal law: Electronic Signatures in Global and National Commerce Act (E-SIGN)
State law: Uniform Electronic Transactions Act (UETA)
Both specify how documents required to be in writing may be provided electronically
All the consumer protection regulations allow electronic disclosures if following E-SIGN
68
Requirements of E-SIGN
Cannot require opting in
Cannot automatically opt people in
Pre-disclosure
System requirements, ability to download or print, costs for paper
disclosures, costs to discontinue electronic disclosures, keeping
institution informed of contact information, which products and
services it relates to
Consent – affirmative, demonstrable consent
“consents electronically, or confirms his or her consent
electronically, in a manner that reasonably demonstrates that the
consumer can access information in the electronic form that will be
used to provide the information that is the subject of the consent”
69
Business vs. Consumer
Business accounts are not covered by certain consumer protection regulations:
Truth in Savings
Regulation E
Privacy
The regulations relating to business accounts:
Membership
Identity Theft Red Flags
Regulation CC
Regulation D
Insurance on accounts
CIP/BSA/OFAC
70
Electronic Security Concerns 71
Financial institutions are often liable for unauthorized transactions
Electronic services, RDC, and other means of access pose significant risks
Financial institutions are encouraged to use multi-factor authentication,
particularly in high-risk or high-dollar transactions
Accountholders should be encouraged to:
Select robust passwords (not easy to guess)
Use unique passwords (no duplicates)
Some security experts go so far as to recommend that accountholders do
not answer security questions correctly making it more difficult for
identity thieves to correctly guess security answers
Example: Q. Where did you go to school?
(info on FB, Linked In, professional profile) A. Mushroom
Bank Secrecy Act
Risk assessment determines what constitutes
higher risk for money laundering:
Remote account opening
EFT and RDC services
Red flags at account opening
Internal controls are the policies, procedures, and
processes designed to mitigate the identified risks
72
BSA Account Opening Red Flags
An accountholder uses unusual or suspicious identification documents that cannot be readily verified.
An accountholder provides an individual tax identification number after having previously used a Social Security number.
An accountholder uses different tax identification numbers with variations of his or her name.
An accountholder’s home or business telephone is disconnected.
73
BSA Account Opening Red Flags
A business is reluctant, when establishing a new account, to provide complete information about the nature and purpose of its business, anticipated account activity, prior banking relationships, the names of its officers and directors, or information on its business location.
The accountholder’s background differs from that which would be expected on the basis of his or her business activities.
An accountholder makes frequent or large transactions and has no record of past or present employment experience.
74
Suspicious Activity Report Categories
Identification/Documentation
a. Changes spelling or arrangement of name
b. Multiple individuals with same or similar identities
c. Provided questionable or false documentation
d. Refused or avoided request for documentation
e. Single individual with multiple identities
z. Other (specify type of suspicious activity in space provided)
75
77
Thanks for Attending!
F O R Q U E S T I O N S , P L E A S E C O N T A C T :
M A R Y - L O U H E I G H E S
C O M P L I A N C E P L U S , I N C .
M H E I G H E S @ C U A S K M E . C O M