New BSA Officer Training - · PDF fileTo assist in the risk assessment process, the Exam...

New BSA Officer Training

Community Bankers Webinar Network

June 2017

© Copyright 2017 Young & Associates, Inc.

All rights reserved [email protected]

mailto:[email protected]

Table of Contents

Section 1: Introduction .................................................................................................................................................. 1

Section 2: Risk Assessment ........................................................................................................................................... 2

Section 3: Program Requirements ........................................................................................................................... 11

Section 4: Definitions [31 C.F.R. § 1010.100] ......................................................................................................... 17

Section 5: Currency Transaction Reports ............................................................................................................. 27

Section 6: Targeting Orders [31 C.F.R. § 1010.370] ............................................................................................. 35

Section 7: CTR Exemptions [31 C.F.R. § 1020.315] .............................................................................................. 37

Section 8: Suspicious Activity Reports [31 C.F.R. § 1020.320] ......................................................................... 47

Section 9: Customer Due Diligence [31 C.F.R. § 1020.220] ............................................................................... 71

Section 10: Foreign Financial Accounts [31 C.F.R. § 31 C.F.R. § 1010.350, 1010.360 & 1010.420]......... 81

Section 11: Purchases of Monetary Instruments [31 C.F.R. § 1010.415] ...................................................... 88

Section 12: Wire Transfer Records [31 C.F.R. § 1020.410] ............................................................................... 90

Section 13: Information Sharing With Government [31 C.F.R. § 1010.520] ............................................... 94

Section 14: Information Sharing With Other Financial Institutions [31 C.F.R. § 1010.540] ................. 98

Section 15: Correspondent Accounts [31 C.F.R. § 1010.605, 1010.630] ........................................................ 101

Section 16: Additional Records Requirements [31 C.F.R. § 1010.410, 1010.430, 1010.440 & 1020.410]

............................................................................................................................................................................................ 105

Young & Associates, Inc. • www.younginc.com • Page ii

Sponsors Alabama Bankers Association Arkansas Community Bankers

California Community Banking Network Independent Bankers of Colorado

Florida Bankers Association Community Bankers Association of Georgia Community Banker Association of Illinois

Indiana Bankers Association Community Bankers of Iowa

Community Bankers Association of Kansas Kentucky Bankers Association

Maine Bankers Association Community Bankers of Michigan

Independent Community Bankers of Minnesota Missouri Independent Bankers Association Montana Independent Bankers Association Nebraska Independent Community Bankers

Independent Comm. Bankers Assoc. of New Mexico Independent Bankers Assoc. of New York State

Independent Community Banks of North Dakota Community Bankers Association of Ohio

Community Bankers Association of Oklahoma Pennsylvania Association of Comm. Bankers

Independent Banks of South Carolina Independent Comm. Bankers of South Dakota

Independent Bankers Association of Texas Vermont Bankers Association

Virginia Association of Community Banks Community Bankers of Washington

Community Bankers of West Virginia Wisconsin Bankers Association

Directed by

The Community Bankers Webinar Network

Young & Associates, Inc. • www.younginc.com • Page i

Presenter

Bill Elliott, CRCM, Senior Consultant and Manager of Compliance Bill Elliott has over 35 years of banking experience. As a senior compliance consultant and manager of the compliance division with Young & Associates, Inc., Bill works on a variety of compliance-related issues, including leading compliance seminars, conducting compliance reviews, conducting in-house training, and writing compliance articles and training materials.

Bill’s career includes 15 years as a compliance officer and CRA officer in a large community bank, as well as working at a large regional bank. He has experience with consumer, commercial, and mortgage loans, and has

managed a variety of bank departments, including loan review, consumer/commercial loan processing, mortgage loan processing, loan administration, credit administration, collections, and commercial loan workout.

Disclaimer This presentation is designed to provide accurate and authoritative information in regard to the subject matter covered. The handouts, visuals, and verbal information provided are current as of the webinar date. However, due to an evolving regulatory environment, Financial Education & Development, Inc. does not guarantee that this is the most-current information on this subject after that time. Webinar content is provided with the understanding that the publisher is not rendering legal, accounting, or other professional services. Before relying on the material in any important matter, users should carefully evaluate its accuracy, currency, completeness, and relevance for their purposes, and should obtain any appropriate professional advice. The content does not necessarily reflect the views of the publisher or indicate a commitment to a particular course of action. Links to other websites are inserted for convenience and do not constitute endorsement of material at those sites, or any associated organization, product, or service.

Young & Associates, Inc. • www.younginc.com • Page 1

Section 1: Introduction

Introduction The Bank Secrecy Act (BSA) is implemented by a regulation [31 C.F.R. Chapter X] issued by

the Department of the Treasury (Treasury). It requires domestic financial institutions to file a report of each single or multiple deposits, withdrawal, exchange of currency, or other payment or transfer by, through, or to such financial institution, which involves a transaction in currency of more than $10,000.

Financial institutions also must report suspicious activity involving potential losses, generally, that exceed $5,000.

In addition to the reporting requirements, the BSA regulations require financial institutions to keep a variety of internal records on designated transactions to provide an audit trail for either Treasury, other law enforcement, or the Internal Revenue Service (IRS) to use during criminal investigations.


Section 2: Risk Assessment

Each financial institution must have a BSA program. In order to make decisions regarding the specifics of a financial institution’s program, the regulators have placed a renewed emphasis on the financial institution’s Risk Assessment. A graphic representation of this interrelationship appeared in the Exam Manual (Appendix I) as follows:

This brief flow chart makes it clear that all financial institutions need to develop an overall BSA process that includes a periodic review of the financial institution’s risk assessment. This assessment will follow approaches similar to the risk assessment that the Customer Identification Program required. To assist in the risk assessment process, the Exam Manual (Appendix J) set forth 11 criteria, and offered a description of what might be low, moderate, or high risk. This appendix appears below and on the following two pages:



Identification of Specific Risk Categories The first step of the risk assessment process is to identify the specific products, services,

customers, entities, and geographic locations unique to the financial institution.

Products and Services • Certain products and services offered by financial institutions may pose a higher risk of

money laundering or terrorist financing depending on the nature of the specific product or service offered. Such products and services may facilitate a higher degree of anonymity, or involve the handling of high volumes of currency or currency equivalents. Some of these products and services are listed below, but the list is not all inclusive: Electronic funds payment services — electronic cash (e.g., prepaid and payroll cards), funds transfers (domestic and international), payable upon proper identification (PUPID) transactions, third-party payment processors, remittance activity, automated clearing house (ACH) transactions, and automated teller machines (ATM).

• Electronic services. • Private banking (domestic and international). • Trust and asset management services. • Monetary instruments.

• Foreign correspondent accounts (e.g., bulk shipments of currency, pouch activity, payable through accounts (PTA), and U.S. dollar drafts).

• Trade finance. • Services provided to third-party payment processors or senders. • Foreign exchange. • Special use or concentration accounts. • Lending activities, particularly loans secured by cash collateral and marketable

securities. • Non-deposit account services (e.g., non-deposit investment products and insurance). The expanded sections of the manual provide guidance and discussion on specific products and services detailed above.

Customers and Entities Although any type of account is potentially vulnerable to money laundering or terrorist financing, by the nature of their business, occupation, or anticipated transaction activity, certain customers and entities may pose specific risks. At this stage of the risk assessment process, it is essential that financial institutions exercise judgment and neither define nor treat all members of a specific category of customer as posing the same level of risk. In assessing customer risk, financial institutions should consider other variables, such as services sought and geographic locations. The expanded sections of the manual provide guidance and discussion on specific customers and entities that are detailed as follows:



• Foreign financial institutions, including banks and foreign money services providers (e.g., casas de cambio, currency exchanges, and money transmitters).

• Nonbank financial institutions (e.g., money services businesses; casinos and card clubs; brokers/dealers in securities; and dealers in precious metals, stones, or jewels).

• Senior foreign political figures and their immediate family members and close associates (collectively known as politically exposed persons (PEP))

• Nonresident alien (NRA) and accounts of foreign individuals. • Foreign corporations and domestic business entities, particularly offshore corporations

(such as domestic shell companies and Private Investment Companies (PIC) and international business corporations (IBC)) located in higher-risk geographic locations.

• Deposit brokers, particularly foreign deposit brokers. • Cash-intensive businesses (e.g., convenience stores, restaurants, retail stores, liquor

stores, cigarette distributors, privately owned ATMs, vending machine operators, and parking garages).

• Nongovernmental organizations and charities (foreign and domestic). • Professional service providers (e.g., attorneys, accountants, doctors, or real estate

brokers).

Geographic Locations Identifying geographic locations that may pose a higher risk is essential to a bank’s BSA/AML compliance program. U.S. financial institutions should understand and evaluate the specific risks associated with doing business in, opening accounts for customers from, or facilitating transactions involving certain geographic locations. However, geographic risk alone does not necessarily determine a customer’s or transaction’s risk level, either positively or negatively.

Higher-risk geographic locations can be either international or domestic. International higher-risk geographic locations generally include:

• Countries subject to OFAC sanctions, including state sponsors of terrorism. • Countries identified as supporting international terrorism under section 6(j) of the

Export Administration Act of 1979, as determined by the Secretary of State. • Jurisdictions determined to be “of primary money laundering concern” by the Secretary of

the Treasury, and jurisdictions subject to special measures imposed by the Secretary of the Treasury, through FinCEN, pursuant to section 311 of the USA PATRIOT Act.

• Jurisdictions or countries monitored for deficiencies in their regimes to combat money laundering and terrorist financing by international entities such as the Financial Action Task Force (FATF).

• Major money laundering countries and jurisdictions identified in the U.S. Department of State’s annual International Narcotics Control Strategy Report (INCSR), in particular, countries, which are identified as jurisdictions of primary concern.

• Offshore financial centers (OFC).



• Other countries identified by the financial institution as higher-risk because of its prior experiences or other factors (e.g., legal considerations, or allegations of official corruption).

• Domestic higher-risk geographic locations may include, but are not limited to, financial institution offices doing business within, or having customers located within, a U.S. government-designated higher-risk geographic location. Domestic higher-risk geographic locations include: o High Intensity Drug Trafficking Areas (HIDTA). o High Intensity Financial Crime Areas (HIFCA).

Analysis of Specific Risk Categories The second step of the risk assessment process entails a more detailed analysis of the data obtained during the identification stage in order to more accurately assess BSA/AML risk. This step involves evaluating data pertaining to the financial institution’s activities (e.g., number of: domestic and international funds transfers; private banking customers; foreign correspondent accounts; PTAs; and domestic and international geographic locations of the financial institution’s business area and customer transactions) in relation to Customer Identification Program (CIP) and customer due diligence (CDD) information. The level and sophistication of analysis may vary by financial institution. The detailed analysis is important because within any type of product or category of customer there will be accountholders that pose varying levels of risk.

This step in the risk assessment process gives management a better understanding of the financial institution’s risk profile in order to develop the appropriate policies, procedures, and processes to mitigate the overall risk. Specifically, the analysis of the data pertaining to the financial institution’s activities should consider, as appropriate, the following factors:

• Purpose of the account. • Actual or anticipated activity in the account. • Nature of the customer’s business/occupation. • Customer’s location.

• Types of products and services used by the customer.

The value of a two-step risk assessment process is illustrated in the following example. The data collected in the first step of the risk assessment process reflects that a financial institution sends out 100 international funds transfers per day. Further analysis may show that approximately 90 percent of the funds transfers are recurring well-documented transactions for long-term customers. On the other hand, the analysis may show that 90 percent of these transfers are nonrecurring or are for noncustomers. While the numbers are the same for these two examples, the overall risks are different.”



Other Risk Factors In addition to the four assessment factors expected by examiners, financial institutions

should also focus on some operational areas. One such area would include an assessment of your financial institutions policies related to account opening procedures, various transactions conducted for customers only versus non-customers (i.e., wire transfers, monetary instrument sales, safe deposit box rental, etc.)

In developing your risk profile, consider the asset size of your financial institution as well as its structure. Areas of the financial institution important to BSA that may be understaffed should be considered and, conversely, a large financial institution staff may increase BSA/AML risk. Obtain employee turnover statistics especially in key BSA areas.

Other factors to consider include your financial institution’s data processing systems and other software tools that assist the financial institution in complying with the BSA regulatory requirements. It can be inferred that the greater and more sophisticated a financial institution’s BSA systems, the more likely any evident risks will be mitigated.

When evaluating risk associated with operations, a financial institution should take into consideration staff experience, expertise, and management’s support of providing continuing education and educational resources.

A financial institutions risk assessment process should be ongoing. As the customer base expands, mergers occur, geographic areas grow, and as the institution offers new products or services, your risk assessment should reflect these factors. On an annual basis, or as changes occur, your BSA/AML risk assessment should be reviewed and updated.

Summarizing Your Risk Assessment Using and analyzing the data you have obtained is the second phase in the risk assessment.

Not only will your risk assessment be evaluated, but the analysis process used to reach a risk conclusion will be assessed. Controls that are in place, management’s ability and willingness to identify and mitigate risk will be evaluated. A financial institution need not necessarily consider itself at higher risk because of a large volume of wire transfers if the analysis of the information proves the majority of the transfers were recurring and took place for well-established customers and that transfers, in fact, are only conducted for existing customers. Compare that same volume of funds transfers for non-customers or nonrecurring customers, many transfers being destined for high-risk geographic areas, and the risk analysis outcome will be vastly different.

At the conclusion of completing the risk profile for your institution, the results must be reviewed and analyzed to determine whether the existing policies and procedures remain adequate. In addition, the risk profile should be summarized to inform both management and the board of directors of the financial institution’s overall BSA/AML risks.

In general, it is recommended that the data you have obtained through the risk profile be summarized into a narrative document that briefly discusses each risk factor. The summary document should be written not only from a perspective where risks are evident but it should also highlight areas of the financial institution’s operations that are not as prone to risks. Those conducting a risk assessment may not consider for inclusion factors that are not applicable to the



financial institution. Excluding what does not apply may give the appearance that the issues were not taken into consideration. For example, if your institution is not located within or near an HIDTA, the risk profile summary should make note of this fact. In proving the validity of a self-assessed lower risk rating to a high-risk area such as funds transfers, the institution could include the fact that the that wires are conducted for customers only, the majority of wires are for long established customers, any monitoring processes in place, and that all names associated with a wire are compared to the current OFAC list as well as the country and financial institution when conducting an international transfer.


Section 3: Program Requirements

There are minimum requirements of an acceptable Bank Secrecy Act compliance program. To meet the minimum requirements, a financial institution’s BSA compliance program should include a system of internal controls, provisions for independent testing for compliance with the requirements of the regulation, the designation of an individual or individuals to be responsible for coordinating and monitoring compliance with the BSA, and training for appropriate personnel.

Every compliance program must be in writing, approved by the financial institution’s board of directors, and noted in the board meeting minutes.

System of Internal Controls Ultimately, the board of directors is responsible for ensuring that the financial institution

maintains an effective BSA/AML internal control structure, including suspicious activity monitoring and reporting. The board of directors in concert with management is charged with creating a culture of compliance to ensure staff adherence to the financial institution’s BSA policies, procedures, and processes. Internal controls cover a number of areas, including:

• policies, • procedures, and

• processes

Designed to limit and control the financial institution’s risks relative to BSA.

Depending upon the financial institution’s needs, the level of sophistication of the internal controls should be commensurate with the size, structure, risks, and complexity of the financial institution. Large complex financial institutions usually have more defined departmental internal controls for BSA compliance. Smaller institutions may have less structure; however, all financial institutions must have a comprehensive BSA compliance program.

The Exam Manual includes these additional internal control features: • Identify financial institution operations (i.e., products, services, customers, entities, and

geographic locations) more vulnerable to abuse by money launderers and criminals; provide for periodic updates to the financial institution’s risk profile; and provide for a BSA/AML compliance program tailored to manage risks.

• Inform the board of directors, or a committee thereof, and senior management, of compliance initiatives, identified compliance deficiencies, and corrective action taken, and notify directors and senior management of SARs filed.

• Identify a person or persons responsible for BSA/AML compliance. • Provide for program continuity despite changes in management or employee composition

or structure.



• Meet all regulatory recordkeeping and reporting requirements, meet recommendations for BSA/AML compliance, and provide for timely updates in response to changes in regulations.

• Implement risk-based CDD policies, procedures, and processes. • Identify reportable transactions and accurately file all required reports including SARs,

CTRs, and CTR exemptions. (Financial institutions should consider centralizing the review and report-filing functions within the financial institution.)

• Provide for dual controls and the segregation of duties to the extent possible. For example, employees that complete the reporting forms (such as SARs, CTRs, and CTR exemptions) generally should not also be responsible for the decision to file the reports or grant the exemptions.

• Provide sufficient controls and systems for filing CTRs and CTR exemptions. • Provide sufficient controls and monitoring systems for timely detection and reporting of

suspicious activity.

• Provide for adequate supervision of employees that handle currency transactions, complete reports, grant exemptions, monitor for suspicious activity, or engage in any other activity covered by the BSA and its implementing regulations.

• Incorporate BSA compliance into the job descriptions and performance evaluations of personnel, as appropriate.

• Train employees to be aware of their responsibilities under the BSA regulations and internal policy guidelines.

The above list is not to be considered all-inclusive and should reflect the financial institution’s BSA/AML risk profile. Additional policy guidance for specific risk areas is provided in the expanded sections of the Exam Manual.

Independent Testing Independent testing for compliance with the BSA and its corresponding regulation should be

conducted at least annually, preferably by the internal audit department, outside auditors, consultants, or other qualified individuals. Financial institutions that do not employ outside auditors or consultants or that do not operate internal audit departments can comply with this requirement by utilizing the use of employees who are not involved with the BSA function that is under review. In general, it is advised that independent testing be conducted every 12 to 18 months, again commensurate with your financial institutions risk profile.

The Exam Manual indicates that the persons or companies conducting the BSA testing should report directly to the board of directors or to a designated board committee comprised primarily or completely of outside directors.

The independent testing should be risk based (see risk assessment, discussed earlier) and evaluate the quality of risk management for every area of financial institution operations, including departments and subsidiaries. Therefore, risk-based audit programs will vary from financial institution to financial institution depending on the financial institution’s size, complexity, scope of activities, risk profile, quality of control functions, geographic diversity, and



use of technology. The risk based testing should include all financial institution activities. The results of which will allow the board of directors and auditors to focus on areas of greater concern.

An effective risk-based auditing program will cover all of the financial institution’s activities. The frequency and depth of each activity’s audit will vary based on the activity’s risk assessment. This risk-based auditing approach enables the board of directors and auditors to use the financial institution’s risk assessment to focus the audit scope on the areas of greatest concern. The results of testing should be to assist the board of directors and management in the identification of areas of weakness or areas where there appears to be a need for enhancements or stronger controls.

The scope of an independent test has expanded dramatically over the last few years. The Exam Manual sets forth the following list of items that should be subject to review:

Independent testing should, at a minimum, include:

• An evaluation of the overall adequacy and effectiveness of the BSA/AML compliance program, including policies, procedures, and processes. Typically, this evaluation will include an explicit statement about the BSA/AML compliance program’s overall adequacy and effectiveness and compliance with applicable regulatory requirements. At the very least, the audit should contain sufficient information for the reviewer (e.g., an examiner, review auditor, or BSA officer) to reach a conclusion about the overall quality of the BSA/AML compliance program.

• A review of the financial institution’s risk assessment for reasonableness given the financial institution’s risk profile (products, services, customers, entities, and geographic locations).

• Appropriate risk-based transaction testing to verify the financial institution’s adherence to the BSA recordkeeping and reporting requirements (e.g., CIP, SARs, CTRs and CTR exemptions, and information sharing requests).

• An evaluation of management’s efforts to resolve violations and deficiencies noted in previous audits and regulatory examinations, including progress in addressing outstanding supervisory actions, if applicable.

• A review of staff training for adequacy, accuracy, and completeness. • A review of the effectiveness of the suspicious activity monitoring systems (manual,

automated, or a combination) used for BSA/AML compliance. Related reports may include, but are not limited to: o Suspicious activity monitoring reports. o Large currency aggregation reports. o Monetary instrument records. o Funds transfer records. o Nonsufficient funds (NSF) reports. o Large balance fluctuation reports. o Account relationship reports.



• An assessment of the overall process for identifying and reporting suspicious activity, including a review of filed or prepared SARs to determine their accuracy, timeliness, completeness, and effectiveness of the financial institution’s policy.

• An assessment of the integrity and accuracy of MIS used in the BSA/AML compliance program. MIS includes reports used to identify large currency transactions, aggregate daily currency transactions, funds transfer transactions, monetary instrument sales transactions, and analytical and trend reports.

The Exam Manual suggests that auditors document the audit scope, procedures performed, transaction testing completed, and findings of the review. In addition, all audit documentation and work papers should be available for examiner review, upon request. Any violations, policy or procedures exceptions, or other deficiencies noted during the audit should be included in an audit report and reported to the board of directors or a designated committee in a timely manner. The board or designated committee and the audit staff should track audit deficiencies and document corrective actions.

Designation of BSA Officer Each financial institution must annually designate, by name, a senior financial institution

official to be responsible for coordinating and monitoring compliance with the BSA. This must be noted in the minutes of the board of directors. This might be the compliance officer, chief auditor, or another officer of similar status. In addition, other individuals in each office, department, or regional headquarters should be given the responsibility for day-to-day compliance so that appropriate controls are in place at all levels of the financial institution.

The BSA compliance officer must also manage all aspects of the BSA/AML compliance program and managing the financial institution’s adherence to the BSA and its implementing regulations. Although the board must make this annual appointment, the board of directors is ultimately responsible for the financial institution’s BSA/AML compliance.

The regulation makes no specific requirement regarding the title of the individual responsible for overall BSA compliance, his or her level of authority and responsibility within the financial institution is critical. In many institutions, the BSA compliance officer delegates some BSA duties to other employees, but the officer is still responsible for overall BSA/AML compliance. The board of directors must assure that the BSA compliance officer has sufficient authority and resources (monetary, physical, and personnel) to administer an effective BSA compliance program based on the financial institution’s risk assessment.

The person designated as the BSA compliance officer should be fully knowledgeable of the BSA and all related regulations. This individual must also understand the financial institution’s products, services, customers, and geographic locations, and the potential money laundering and terrorist financing risks associated with those activities.

The Exam Manual makes it clear that the appointment of a BSA compliance officer is not sufficient to meet the regulatory requirement if that person does not have the expertise, authority, or time to satisfactorily complete the job.

The BSA compliance officer must have direct access to the board of directors and senior management regarding the financial institution’s ongoing compliance with the BSA. Pertinent BSA-related information, including the reporting of SARs filed with FinCEN, should be reported



to the board of directors or an appropriate board committee so that these individuals can make informed decisions about overall BSA/AML compliance.

The BSA compliance officer is also responsible for carrying out the direction of the board to ensure that employees adhere to the financial institution’s BSA policies, procedures, and processes.

Training for Appropriate Personnel A financial institution’s training program must provide training for tellers who handle

currency transactions. In addition, anyone who is involved in Bank Secrecy Act compliance should be trained in their areas of compliance as well. The training should be tailored to the employee’s specific responsibilities. In addition, an overview of the BSA/AML requirements typically should be given to new staff during employee orientation. Training should encompass information related to applicable business lines, such as trust services, and international and private banking. The BSA compliance officer should receive periodic training that is relevant and appropriate given changes to regulatory requirements as well as the activities and overall BSA/AML risk profile of the financial institution. Depending on the financial institution’s needs, training materials can be purchased from financial institution associations, trade groups, or outside vendors, or they can be developed by the financial institution. Financial institutions should assure that the training includes not only the regulatory requirements, but also the financial institution’s specific rules and procedures for compliance. Copies of the training materials must be available in the financial institution for review by examiners, as well as proof of training (generally sign-in sheets at training sessions, etc.).

Management, including Board members, must also receive periodic updates on the requirements so that adequate resources are allocated to comply with this regulation. Since there is scarcely any area of the financial institution that is not potentially affected by the Bank Secrecy Act, financial institution-wide training is recommended. While the board of directors may not require the same detailed level of training as provided to financial institution operations personnel, they need to understand the importance of BSA/AML regulatory requirements, the ramifications of noncompliance, and the risks posed to the financial institution. Without this sort of general understanding, the board of directors cannot adequately monitor the program, including their oversight, policy/procedure approvals, and resource allocation.

Training is an ongoing necessity and should incorporate current developments and changes to the BSA and any related regulations. Inclusion of changes to internal policies, procedures, and processes in training coverage is a must to keep staff up-to-date on the financial institution’s expectations for compliance.

Examples of money laundering activity and suspicious activity monitoring and reporting can and should be tailored to each individual audience. For example, training for tellers should focus on examples involving large currency transactions or other suspicious activities; training for the loan department should provide examples involving money laundering through lending arrangements.

Lastly, financial institutions should document their training programs. Copies of the training materials must be available in the financial institution for review by examiners. Documentation of attendance is an important step in the process. Signed attendance sheets



(with employee job title and recording of completed online training), help ensure the adequacy of the financial institution’s training program.

Board Responsibilities

First, a financial institution’s board of directors (“board”) is ultimately responsible for the financial institution’s BSA compliance program. As noted earlier, this process begins with the board’s approval of its written BSA compliance program. In today’s current examination environment, such approval should follow the board being apprised of the financial institution’s BSA/AML/OFAC risk profile (discussed earlier). Only after evaluating a financial institution’s risks may it identify the necessary requirements of the financial institution’s written program. Communicating these risks to the board on a periodic and regular basis (i.e., annually) allows for such informed decisions. Therefore, the board should expect and demand regular updates on the status of the financial institution’s program.

The designation of a BSA compliance officer is another key element of an effective BSA compliance program. It is another of the board’s responsibilities to designate the staff member or member to carry out the program. Failure to identify and designate a knowledgeable and effective BSA compliance officer may eventually lead to an ineffective and possibly criticized BSA compliance program. Therefore, such designation of an effective BSA compliance officer is paramount.

As part of the overall responsibility for a financial institution’s BSA compliance program, the board is also responsible for assuring that risk-based independent audits are performed to assess the effectiveness of the program. While the BSA compliance officer typically coordinates and identifies potential individuals or firms to conduct such reviews, the final word rests with the board. In that light, the board, or a committee thereof, needs to be the catalyst to hire effective internal auditors or engage capable outside auditors. Additionally, the results from these audits need to be communicated directly to the board or indirectly through a committee of the board.

In addition to receiving periodic updates on the financial institution’s BSA risk profile, as well as results of independent audits, the board should expect to receive regular reports on the status of the financial institution’s BSA compliance program. Such status reports might include the following with one certain item a mandatory requirement:

• Notification of any suspicious activity reports that have been filed, generally at the next regularly scheduled board meeting (this is a regulatory mandate)

• Updates on procedural changes, as appropriate • Education on new and/or amended regulatory requirements

• Status of BSA-related training initiatives, including board member training • Changes or trends in the level of required reports, such as currency transaction reports • Industry related BSA issues, trends, and concerns


Section 4: Definitions [31 C.F.R. § 1010.100]

All regulations have key definitions. These definitions are crucial to understanding each regulation, as a word may have slightly different meanings in different regulations. This section discusses the definitions that are included in Subpart A. There are several locations in the regulation that include another set of definitions. These definitions will be addressed in the sections of the manual in which those definitions are pertinent.

Accept – A receiving financial institution, other than the recipient’s financial institution, accepts a transmittal order by executing the transmittal order. A recipient’s financial institution accepts a transmittal order by paying the recipient, by notifying the recipient of the receipt of the order, or by otherwise becoming obligated to carry out the order.

At One Time – For purposes of the reporting requirements regarding international shipment of currency and monetary instruments [section 1010.340], a person who transports, mails, ships, or receives monetary instruments is deemed to do so “at one time” if that person, either alone, in conjunction with, or on behalf of others, transports, mails, ships, or receives in any manner monetary instruments, into or out of the United States, totaling more than $10,000 on any one calendar day (or, if for the purpose of evading the reporting requirements of section 1010.340, on one or more days).

Attorney General - The Attorney General of the United States.

Bank – Each agent, agency, branch, or office within the United States of any person doing business in one or more of the following capacities:

• A commercial bank or trust company organized under the laws of any state or of the United States

• A private bank • A savings and loan or building and loan association organized under the laws of any state

or of the United States • A federally insured institution • A savings bank, industrial bank, or other thrift institution

• A credit union organized under the laws of any state or of the United States • Any other organization chartered under the banking laws of any state and subject to the

supervision of bank supervisory authorities of a state • A bank organized under foreign law • Any national banking association/corporation acting under the Federal Reserve Act Bank Secrecy Act - The Currency and Foreign Transactions Reporting Act, its

amendments, and the other statutes relating to the subject matter of that Act, have come to be referred to as the Bank Secrecy Act. These statutes are codified at 12 U.S.C. 1829b, 12 U.S.C. 1951–1959, 18 U.S.C. 1956, 18 U.S.C. 1957, 18 U.S.C. 1960, and 31 U.S.C. 5311–5314 and 5316–5332 and notes thereto.

Beneficiary – The person to be paid by the beneficiary’s bank.



Beneficiary’s Bank – The bank identified in a payment order in which an account of the beneficiary is to be credited pursuant to the order or which otherwise is to make payment to the beneficiary if the order does not provide for payment to an account.

Business Day – That day that is normally communicated to its depository customers on which a bank routinely posts a particular transaction to an account.

Commodity – Any good, article, service, right, or interest described in section 1a(4) of the Commodity Exchange Act (“CEA”), 7 U.S.C. 1a(4).

Common Carrier – Any person engaged in the business of transporting individuals or goods for a fee who holds himself out as ready to engage in such transportation for hire and who undertakes to do so for all persons who are prepared to pay the fee for the particular service offered.

Contract of Sale – Any sale, agreement of sale, or agreement to sell as described in section 1a(7) of the CEA, 7 U.S.C. 1a(7).

Currency – The coin and paper money of the United States or of any other country that is designated as legal tender and is customarily accepted as a medium of exchange in the country of issuance. (Examples: silver certificates, U.S. notes, Federal Reserve notes, and foreign currency that is an accepted medium of exchange.)

Deposit Account – Transaction accounts, savings accounts, and other time deposits.

Domestic – Refers to “doing business within the United States.”

Established Customer – A person with an account with the financial institution, including a loan account or deposit or other asset account, or a person with respect to which the financial institution has obtained and maintains on file the person’s name and address, as well as taxpayer identification number (e.g., Social Security or employer identification number) or, if none, alien identification number or passport number and country of issuance, and to which the financial institution provides financial services relying on that information.

Execution Date – The day on which the receiving financial institution may properly issue a transmittal order in execution of the sender’s order. The execution date may be determined by instruction of the sender but cannot be earlier than the day the order is received and, unless otherwise determined, is the day the order is received. If the sender’s instruction states a payment date, the execution date is the payment date or an earlier date on which execution is reasonably necessary to allow payment to the recipient on the payment date.

Federal Functional Regulator • The Board of Governors of the Federal Reserve System; • The Office of the Comptroller of the Currency; • The Board of Directors of the Federal Deposit Insurance Corporation; • The Office of Thrift Supervision; • The National Credit Union Administration;

• The Securities and Exchange Commission; or • The Commodity Futures Trading Commission.



FinCEN – The Financial Crimes Enforcement Network, an office within the Office of the Under Secretary (Enforcement) of the Department of the Treasury.

Financial Institution – Each agent, agency, branch, or office within the United States of any person doing business, whether or not on a regular basis or as an organized business concern, in one or more of the following capacities:

• A bank (except bank credit card systems) • A broker/dealer in securities

• A money service business as defined below • A telegraph company • A casino/gambling casino licensed as a casino or gambling casino by a state or local

government and having a gross gaming revenue in excess of $1,000,000 (includes principal headquarters and any branch of the business)

• A card club licensed as a card club, gaming club, card room, or similar gaming establishment by a state or local government, and having gross gaming revenue in excess of $1,000,000 (includes principal headquarters and any branch of the business)

• A person subject to supervision by any state/federal supervisory authority • A futures commission merchant • An introducing broker in commodities Foreign Bank – A bank organized under foreign law located outside the United States. It

does not include an agent, agency, branch, or office organized under foreign law located within the United States.

Foreign Financial Agency – A person acting outside the United States for a person (except for a country, a monetary or financial authority acting as a monetary or financial authority, or an international financial institution of which the United States government is a member) as a financial institution, bailee, depository trustee, or agent, or acting in a similar way related to money, credit, securities, or gold.

Funds Transfer – The series of transactions, beginning with the originator’s payment order, made for the purpose of making payment to the beneficiary of the order. The term includes any payment order issued by the originator’s bank or an intermediary bank intended to carry out the originator’s payment order. A funds transfer is completed by acceptance by the beneficiary’s bank of a payment order for the benefit of the beneficiary of the originator’s payment order. Funds transfers governed by the Electronic Fund Transfer Act of 1978, as well as any other funds transfers that are made through an automated clearinghouse, an automated teller machine, or a point of sale system, are excluded from this definition.

Futures Commission Merchant – Any person registered or required to be registered as a futures commission merchant with the Commodity Futures Trading Commission (“CFTC”) under the CEA, except persons who register pursuant to section 4f(a)(2) of the CEA, 7 U.S.C. 6f(a)(2).

Indian Gaming Regulatory Act – The Indian Gaming Regulatory Act of 1988 codified at 25 U.S.C. 2701–2721 and 18 U.S.C. 1166–68.



Intermediary Bank – A receiving bank other than the originator’s bank or the beneficiary’s bank.

Intermediary Financial Institution – A receiving financial institution, other than the transmitter’s financial institution or the recipient’s financial institution. The term “intermediary financial institution” includes an intermediary bank.

Introducing Broker-Commodities – Any person registered or required to be registered as an introducing broker with the CFTC under the CEA, except persons who register pursuant to section 4f(a)(2) of the CEA, 7 U.S.C. 6f(a)(2).

Investment Security – An instrument that (1) is issued in bearer or registered form; (2) is of a type commonly dealt with by securities exchanges or markets or commonly recognized in any area in which it is issued or dealt in as a medium for investment; (3) is either one of a class or series or by its terms is divisible into a class or series of instruments; and (4) evidences a share, participation, or other interest in property or in an enterprise, or evidences an obligation of the issuer.

Monetary Instruments – Currency; traveler’s checks in any form; negotiable instruments such as personal checks, business checks, official bank checks, cashier’s checks, third-party checks, promissory notes, and/or money orders; incomplete instruments (i.e., all of the instruments noted above signed but with the payee’s name omitted); and securities or stock in bearer form or in such other form that title passes upon delivery. The term does not include warehouse receipts or bills of lading.

Money Services Business – Each agent, agency, branch, or office within the United States of any person doing business, whether or not on a regular basis or as an organized business concern, in one or more of the capacities listed below. Notwithstanding the preceding sentence, the term “money services business” shall not include a bank, nor shall it include a person registered with, and regulated or examined by, the Securities and Exchange Commission or the Commodity Futures Trading Commission.

• Dealer in foreign exchange – A person that accepts the currency, or other monetary instruments, funds, or other instruments denominated in the currency, of one or more countries in exchange for the currency, or other monetary instruments, funds, or other instruments denominated in the currency, of one or more other countries in an amount greater than $1,000 for any other person on any day in one or more transactions, whether or not for same-day delivery.

• Check casher – A person that accepts checks or monetary instruments in return for currency or a combination of currency and other monetary instruments or other instruments, in an amount greater than $1,000 for any person on any day in one or more transactions. Facts and circumstances; Limitations. Whether a person is a check casher as described in this section is a matter of facts and circumstances. The term “check casher” shall not include: o A person that sells prepaid access in exchange for a check, monetary instrument or

other instrument; o A person that solely accepts monetary instruments as payment for goods or services

other than check cashing services;



o A person that engages in check cashing for the verified maker of the check who is a customer otherwise buying goods and services;

o A person that redeems its own checks; or o A person that only holds a customer's check as collateral for repayment by the

customer of a loan. • Issuer or seller of traveler's checks or money orders – A person that issues

traveler's checks or money orders that are sold in an amount greater than $1,000 to any person on any day in one or more transactions or sells traveler's checks or money orders in an amount greater than $1,000 to any person on any day in one or more transactions.

• Provider of prepaid access – A provider of prepaid access is the participant within a prepaid program that agrees to serve as the principal conduit for access to information from its fellow program participants. The participants in each prepaid access program must determine a single participant within the prepaid program to serve as the provider of prepaid access. o Considerations for provider determination – In the absence of registration as the

provider of prepaid access for a prepaid program by one of the participants in a prepaid access program, the provider of prepaid access is the person with principal oversight and control over the prepaid program. Which person exercises “principal oversight and control” is a matter of facts and circumstances. Activities that indicate “principal oversight and control” include: Organizing the prepaid program; Setting the terms and conditions of the prepaid program and determining that the

terms have not been exceeded; Determining the other businesses that will participate in the prepaid program,

which may include the issuing bank, the payment processor, or the distributor; Controlling or directing the appropriate party to initiate, freeze, or terminate

prepaid access; and Engaging in activity that demonstrates oversight and control of the prepaid

program. o Prepaid program – A prepaid program is an arrangement under which one or more

persons acting together provide(s) prepaid access. However, an arrangement is not a prepaid program if: It provides closed loop prepaid access to funds not to exceed $2,000 maximum

value that can be associated with a prepaid access device or vehicle on any day; It provides prepaid access solely to funds provided by a Federal, State, local,

Territory and Insular Possession, or Tribal government agency; It provides prepaid access solely to funds from pre-tax flexible spending

arrangements for health care and dependent care expenses, or from Health Reimbursement Arrangements (as defined in 26 U.S.C. 105(b) and 125) for health care expenses; or

It provides prepaid access solely to: • Employment benefits, incentives, wages or salaries; or



• Funds not to exceed $1,000 maximum value and from which no more than $1,000 maximum value can be initially or subsequently loaded, used, or withdrawn on any day through a device or vehicle; and

• It does not permit: o Funds or value to be transmitted internationally; o Transfers between or among users of prepaid access within a prepaid

program; or o Loading additional funds or the value of funds from non-depository sources.

• Money transmitter – A person that provides money transmission services. The term “money transmission services” means the acceptance of currency, funds, or other value that substitutes for currency from one person and the transmission of currency, funds, or other value that substitutes for currency to another location or person by any means. “Any means” includes, but is not limited to, through a financial agency or institution; a Federal Reserve Bank or other facility of one or more Federal Reserve Banks, the Board of Governors of the Federal Reserve System, or both; an electronic funds transfer network; or an informal value transfer system or any other person engaged in the transfer of funds.

• Facts and circumstances; Limitations. Whether a person is a money transmitter as described in this section is a matter of facts and circumstances. The term “money transmitter” shall not include a person that only: o Provides the delivery, communication, or network access services used by a money

transmitter to support money transmission services; o Acts as a payment processor to facilitate the purchase of, or payment of a bill for, a

good or service through a clearance and settlement system by agreement with the creditor or seller;

o Operates a clearance and settlement system or otherwise acts as an intermediary solely between BSA regulated institutions. This includes but is not limited to the Fedwire system, electronic funds transfer networks, certain registered clearing agencies regulated by the Securities and Exchange Commission (“SEC”), and derivatives clearing organizations, or other clearinghouse arrangements established by a financial agency or institution;

o Physically transports currency, other monetary instruments, other commercial paper, or other value that substitutes for currency as a person primarily engaged in such business, such as an armored car, from one person to the same person at another location or to an account belonging to the same person at a financial institution, provided that the person engaged in physical transportation has no more than a custodial interest in the currency, other monetary instruments, other commercial paper, or other value at any point during the transportation;

o Provides prepaid access; or o Accepts and transmits funds only integral to the sale of goods or the provision of

services, other than money transmission services, by the person who is accepting and transmitting the funds.



• U.S. Postal Service. The United States Postal Service, except with respect to the sale of postage or philatelic products.

• Seller of prepaid access. Any person that receives funds or the value of funds in exchange for an initial loading or subsequent loading of prepaid access if that person: o Sells prepaid access offered under a prepaid program that can be used before

verification of customer identification under §1022.210(d)(1)(iv); or o Sells prepaid access (including closed loop prepaid access) to funds that exceed

$10,000 to any person during any one day, and has not implemented policies and procedures reasonably adapted to prevent such a sale.

For the purposes of this section, the term “money services business” shall not include:

o A bank or foreign bank; o A person registered with, and functionally regulated or examined by, the SEC or the

CFTC, or a foreign financial agency that engages in financial activities that, if conducted in the United States, would require the foreign financial agency to be registered with the SEC or CFTC; or

o A natural person who engages in an activity identified in paragraphs (ff)(1) through (ff)(5) of this section on an infrequent basis and not for gain or profit.

Mutual Fund – An ‘‘investment company’’ (as the term is defined in section 3 of the Investment Company Act (15 U.S.C. 80a–3)) that is an ‘‘open-end company’’ (as that term is defined in section 5 of the Investment Company Act (15 U.S.C. 80a–5)) registered or required to register with the Securities and Exchange Commission under section 8 of the Investment Company Act (15 U.S.C. 80a–8).

Option on a Commodity – Any agreement, contract, or transaction described in section 1a(26) of the CEA, 7 U.S.C. 1a(26).

Originator – The sender of the first payment order in a funds transfer.

Originator’s Bank – The receiving bank to which the payment order of the originator is issued if the originator is not a bank, or the originator if the originator is a bank or a foreign bank.

Payment Date – The day on which the amount of the transmittal order is payable to the recipient by the recipient’s financial institution. The payment date may be determined by instruction of the sender, but cannot be earlier than the day the order is received by the recipient’s financial institution and, unless otherwise prescribed by instruction, is the date the order is received by the recipient’s financial institution.

Payment Order – An instruction of a sender to a receiving bank, transmitted orally, electronically, or in writing, to pay, or to cause another bank to pay, a fixed or determinable amount of money to a beneficiary if all of the following conditions are met:

• The instruction does not state a condition to payment to the beneficiary other than time of payment.

• The receiving bank is to be reimbursed by debiting an account of, or otherwise receiving payment from, the sender.



• The instruction is transmitted by the sender directly to the receiving bank or to an agent, funds transfer system, or communication system for transmittal to the receiving bank.

Person – All entities recognized as legal personalities (individuals, corporations, partnerships, trusts or estates, joint stock companies, associations, syndicates, joint ventures, Indian tribes, and other unincorporated groups or organizations).

Receiving Bank – The bank or foreign bank to which the sender’s instruction is addressed.

Receiving Financial Institution – The financial institution or foreign financial agency to which the sender’s instruction is addressed. The term “receiving financial institution” includes a receiving bank.

Recipient – The person to be paid by the recipient’s financial institution. The term “recipient” includes a beneficiary, except where the recipient’s financial institution is a financial institution other than a bank.

Recipient’s Financial Institution – The financial institution identified in a transmittal order in which an account of the recipient is to be credited pursuant to the transmittal order or which otherwise is to make payment to the recipient if the order does not provide for payment to an account. The term “recipient’s financial institution” includes a beneficiary’s bank, except where the beneficiary is a recipient’s financial institution.

Secretary – The Secretary of the Treasury or any other person designated to perform the function mentioned.

Security – Any instrument or interest described in section 3(a)(10) of the Securities Exchange Act of 1934, 15 U.S.C. 78c(a)(10).

Self-regulatory organization – Shall have the same meaning as provided in section 3(a)(26) of the Securities Exchange Act of 1934 (15 U.S.C. 78c(a)(26)); and means a “registered entity” or a “registered futures association” as provided in section 1a(29) or 17, respectively, of the Commodity Exchange Act (7 U.S.C. 1a(29), 21).

Sender – The person giving the instruction to the receiving financial institution. State – The States of the United States and, wherever necessary to carry out the provisions

of this part, the District of Columbia.

Prepaid access – Access to funds or the value of funds that have been paid in advance and can be retrieved or transferred at some point in the future through an electronic device or vehicle, such as a card, code, electronic serial number, mobile identification number, or personal identification number.

Structure (Structuring) – For purposes of section 1010.314, a person structures a transaction if that person, acting alone or in conjunction with, or on behalf of, other persons, conducts or attempts to conduct one or more transactions in currency, in any amount, at one or more financial institutions, on one or more days, in any manner, for the purpose of evading the reporting requirements under sections 1010.311, 1010.313, 1020.315, 1021.311 and 1021.313 of the regulation. “In any manner” includes, but is not limited to, the breaking down of a single sum of currency exceeding $10,000 or the conduct of a transaction, or series of currency transactions, including transactions at or below $10,000. The transaction or transactions need not exceed the $10,000 reporting threshold at any single financial institution on any single day in order to constitute structuring within the meaning of this definition.



Taxpayer Identification Number – Taxpayer Identification Number (“TIN”) is defined by section 6109 of the Internal Revenue Code of 1986 (26 U.S.C. 6109) and the Internal Revenue Service regulations implementing that section (e.g., social security number or employer identification number).

Territories and Insular Possessions – The Commonwealth of Puerto Rico, the United States Virgin Islands, Guam, the Commonwealth of the Northern Mariana Islands, and all other territories and possessions of the United States other than the Indian lands and the District of Columbia.

Transaction Account – Accounts that take deposits and are subject to withdrawal by check or other negotiable order (includes money market accounts).

Transaction in Currency – A transaction that involves the actual physical transfer of currency from one person to another.

Transmittal of Funds – A series of transactions beginning with the transmitter’s transmittal order, made for the purpose of making payment to the recipient of the order. The term includes any transmittal order issued by the transmitter’s financial institution or an intermediary financial institution intended to carry out the transmitter’s transmittal order. The term “transmittal of funds” includes a funds transfer. A transmittal of funds is completed by acceptance by the recipient’s financial institution of a transmittal order for the benefit of the recipient of the transmitter’s transmittal order. Funds transfers governed by the Electronic Fund Transfer Act of 1978, as well as any other funds transfers that are made through an automated clearinghouse, an automated teller machine, or a point of sale system, are excluded from this definition.

Transmittal Order – The term “transmittal order” includes a payment order and is an instruction of a sender to a receiving financial institution, transmitted orally, electronically, or in writing, to pay, or to cause another financial institution to pay, a fixed or determinable amount of money to a recipient if all of the following conditions are met:

• The instruction does not state a condition to payment to the recipient other than time of payment.

• The receiving financial institution is to be reimbursed by debiting an account of, or otherwise receiving payment from, the sender.

• The instruction is transmitted by the sender directly to the receiving financial institution or to an agent or communication system for transmittal to the receiving financial institution.

Transmitter – The sender of the first transmittal order in a transmittal of funds. The term “transmitter” includes an originator, except where the transmitter’s financial institution is a financial institution other than a bank.

Transmitter’s Financial Institution – The receiving financial institution to which the transmittal order of the transmitter is issued if the transmitter is not a financial institution or foreign financial agency, or the transmitter if the transmitter is a financial institution. The term “transmitter’s financial institution” includes an originator’s bank, except where the originator is a transmitter’s financial institution other than a bank.



United States – The states of the United States, the District of Columbia, the Commonwealth of Puerto Rico, the U.S. Virgin Islands, Guam, the Commonwealth of the Northern Mariana Islands, American Samoa, the Trust Territory of the Pacific Islands, and all other territories and possessions of the United States and/or any political subdivision or subdivisions thereof.

U.S. Person – A United States citizen, or a person other than an individual (such as a corporation, partnership or trust), that is established or organized under the laws of a State or the United States. Non-U.S. person means a person that is not a U.S. person.

United States Postal Service – The United States Postal Service, except with respect to the sale of postage or philatelic products.

Closed loop prepaid access – Prepaid access to funds or the value of funds that can be used only for goods or services in transactions involving a defined merchant or location (or set of locations), such as a specific retailer or retail chain, a college campus, or a subway system.


Section 5: Currency Transaction Reports

Over the course of the history of the Bank Secrecy Act, the Secretary of the Treasury has determined that the reports required by the regulation have a high degree of usefulness in the proceedings that surround criminal, tax, or regulatory investigations. Therefore, the regulation outlines very specific guidelines for the submission of the reports deemed useful for this purpose.

Reports of Currency Transactions [31 C.F.R. § 1010.311]

General Rule Each financial institution must file a report of each deposit, withdrawal, exchange of

currency, or other payment or transfer by, through, or to such an institution that involves a transaction of currency of more than $10,000.00.

Types of currency transactions subject to reporting requirements individually or by aggregation include, but are not limited to:

• denomination exchanges, • individual retirement accounts (IRAs), • loan payments, • automated teller machine (ATM) transactions, • purchases of certificates of deposit, • deposits,

• withdrawals, • funds transfers paid for in currency, and • monetary instrument purchases.

Financial institutions must develop systems necessary to aggregate currency transactions throughout the financial institution. The BSA officer along with financial institution management should ensure that an adequate system is implemented that will appropriately report currency transactions subject to the BSA requirement.

Multiple Transactions [31 C.F.R. § 1010.313] Multiple currency transactions must be treated as a single transaction if the financial

institution has knowledge that the transactions are made by or on behalf of any one person and result in cash in or cash out in an amount that exceeds $10,000 during any one-business day. Knowledge, in this context, means knowledge on the part of a partner, director, officer, or employee of the financial institution or on the part of any existing automated or manual system at the financial institution that permits it to aggregate transactions.



Holiday, Weekend, or Night Deposits Deposits made at night, over a weekend, or during a holiday must be treated as if they were

received the next business day.

CTR Backfiling If a financial institution fails to file CTRs on reportable transactions for a specific customer,

the financial institution should immediately begin filing CTRs for this customer, and should contact the Internal Revenue Service (IRS) Enterprise Computing Center - Detroit at 800-800-2877 to request a determination on whether the back filing of unreported transactions is necessary.

Currency Transaction Reporting Guidelines [31 C.F.R. § 1010.330]

Financial institutions are to use FinCEN Form 104: Currency Transaction Report to report any reportable transaction as defined above. The regulation calls for making reports in a timely manner. The following guidelines should be used when filing this form: [31 C.F.R. § 1010.306]:

1. A report must be filed by the financial institution within 15 days following the day on which the reportable transaction occurred.

2. A report must be filed by the financial institution within 15 days after receiving a request for the report.

3. A copy of each report filed must be retained by the financial institution for a period of five years from the date of the report.

4. All reports must be required to be filed with the Commissioner of Internal Revenue, unless otherwise specified.

5. The report shall be filed on forms prescribed by the Secretary. All information called for in such forms shall be furnished.

Transactions between Financial Institutions and Exempt Persons [31 CFR § 1020.315]

Reports of transactions are not required from Federal Reserve Banks, Federal Home Loan Banks, transactions that occur between domestic financial institutions, and reports by non-bank banks of transactions with commercial banks. However, commercial banks must report such transactions with non-bank banks.

Reports of transactions between financial institutions and exempt persons are not required. Exempt persons are discussed in Section 6 of this manual.



Identification Required [31 C.F.R. § 1010.312] Before concluding any transaction in which a report is required, the financial institution

must verify and record the required information in the following manner:

1. Record the name and address of the person presenting the transaction. 2. Record the identity, account number, and tax identification number of any person/entity

that the transaction will affect. 3. Verification of the identity of an individual who indicates he or she is an alien or is not a

resident of the United States must be made by a passport, alien identification card, or other official document evidencing nationality or residence.

4. Verification of identity in any other case must be made by examination of a document (not a financial institution signature card) that is normally accepted within the financial institution community as a means of cashing checks for nondepositors. A financial institution signature card may be relied upon only if it was issued after examining documents for establishing the identity of the person in question and such note was made on the signature card.

5. In each instance, the identifying information used in verifying the identity of the customer must be recorded on the report. (The notation of “known customer” or “financial institution signature card on file” is not sufficient and is prohibited.)

Elderly/Disabled Exception Certain elderly or disabled patrons do not possess identification documents that would

normally be considered acceptable within the financial institution community (e.g., driver’s licenses, passports, or state issued identification cards). Accordingly, the procedure set forth below should be followed to fulfill the identification verification requirements of sections 1010.312 and 1010.415.

According to a Treasury Administrative Ruling [FIN-1992-R001], financial institutions may accept as appropriate identification a Social Security, Medicare, Medicaid, or other insurance card presented along with another document that contains both the name and address of the patron (e.g., an organization membership card, voter registration card, utility bill, or real estate tax bill). Such forms of identification shall be specified in the financial institution’s formal written policy and operating procedures as acceptable identification for transactions involving elderly or disabled patrons who do not possess identification documents normally considered acceptable within the financial institution community for cashing checks for nondepositors.

This procedure may be applied only if the following circumstances exist:

1. The financial institution must establish that the identification the elderly or disabled patron has is limited to a Social Security or Medicare/Medicaid card plus another document that contains the patron’s name and address.

2. The financial institution must use whatever information it has available, or policies and procedures it has in place, to determine the patron’s identity. If the patron is a deposit accountholder, the financial institution should review its internal records to determine if there is information on file to verify the patron’s identity.



3. Only if the financial institution is confident that the elderly or disabled patron is who he (she) says he is may the transaction be concluded.

Failure to identify an elderly or a disabled customer’s identity as required by 31 C.F.R. § 1010.312 and as described herein may result in the imposition of civil and/or criminal penalties.

The financial institution shall establish a formal written policy and shall implement operating procedures for processing reportable currency transactions or recording cash sales of certain monetary instruments to elderly or disabled patrons who do not have forms of identification ordinarily considered “acceptable.” Once implemented, the financial institution shall permit no exceptions to its policy and procedures. In addition, financial institutions are encouraged to record the elderly or disabled patron’s identity and address. When the information has been obtained and verified, the method of identification should be noted on a signature card or other record.

In completing a CTR, if all of the above conditions have been satisfied, the financial institution should enter the words “Elderly” or “Disabled” and the method used to verify the patron’s identity, such as “Social Security and (Organization) Membership Cards Only ID.”

Retention Period [31 C.F.R. § 1010.430]

All records must be retained for a period of five years and will be stored in such a way as to be accessible within a reasonable amount of time, taking into account the nature of the record and the amount of time expired since the record was made.

The CTR The following pages include the actual CTR report.


Section 6: Targeting Orders [31 C.F.R. § 1010.370]

Introduction If the Treasury Department determines, or receives a request from an appropriate Federal or

State law enforcement official, and concludes that reasonable grounds exist for requiring additional recordkeeping and/or reporting requirements to be imposed, then the Treasury Department may issue a targeting order. These orders are to prevent persons from evading the reporting and/or recordkeeping requirements of the regulation. The order may be issued requiring any domestic financial institution or group of domestic financial institutions in a geographic area and any other person participating in the type of transaction to file a report in the format specified in such order.

When an order is issued to a financial institution, it must be directed to the Chief Executive Officer of the financial institution and must designate one or more of the following categories of information to be reported: each deposit, withdrawal, exchange of currency, or other payment or transfer by, through, or to such financial institution specified in the order, which involves all or any class of transactions in currency and/or monetary instruments equal to or exceeding an amount to be specified in the order.

Targeting Order Content

An issued order must prescribe all of the following:

1. The dollar amount of transactions subject to the reporting requirement in the order 2. The type of transaction(s) subject to or exempt from a reporting requirement in the order 3. The appropriate form for reporting the transactions required in the order 4. The address to which reports required in the order are to be sent or from which they will

be picked up 5. The starting and ending dates by which such transactions specified in the order are to be

reported 6. The name of a Treasury official to be contacted for any additional information or

questions 7. The amount of time the reports and records of reports generated in response to the order

will have to be retained by the financial institution 8. Any other information deemed necessary to carry out the purposes of the order

Prohibited Disclosure

No officer, director, employee, or agent of any financial institution subject to a special reporting order can disclose the existence or terms of the order except as authorized by the Treasury Department.



Term of Order No order issued can prescribe a reporting period of more than 60 days unless renewed

pursuant to the requirements of the regulations.

Revised Orders

Any revisions to an order issued under this section will not be effective until made in writing.

Treatment of Exemptions During the Order

Unless otherwise specified in the order, a financial institution receiving an order under this section may continue to use the exemptions granted under section 1020.315 of the regulation prior to receipt of the order, but it may not grant additional exemptions.


Section 7: CTR Exemptions [31 C.F.R. § 1020.315]

Introduction The Department of the Treasury’s experience in enforcing the Bank Secrecy Act has shown

that certain legitimate businesses engage in regular and frequent currency transactions with domestic financial institutions. The routine reporting of these transactions is not likely to be useful to law enforcement agencies. Treasury has, therefore, included in the BSA regulations, provisions that permit financial institutions to exempt certain entities or accounts of certain customers from the Currency Transaction Report (CTR) reporting requirements.

The Money Laundering Suppression Act of 1994 (MLSA) established a two-phase exemption process. Under Phase I exemptions, transactions in currency by financial institutions, governmental departments or agencies, and public or listed companies and their subsidiaries are exempt from reporting. Under Phase II exemptions, transactions in currency by smaller businesses that meet specific criteria laid out in FinCEN’s regulations may be exempted from reporting. The standards for what constitutes eligible Phase I and Phase II Exempt Persons follow below. The definitions changed January 5, 2009.

Phase I Exempt Persons

1. A bank, to the extent of its domestic operations. 2. A department or agency of the United States, of any state, or of any political subdivision

of any state. 3. Any entity exercising governmental authority established under the laws of the United

States, of any state, of any political subdivision of any state, or under an interstate compact between two or more states.

4. Any entity, other than a bank, whose common stock or other analogous equity interest is listed on the New York Stock Exchange or the American Stock Exchange or whose common stock or analogous equity interest have been designated as a NASDAQ National Market Security listed on the NASDAQ Stock Market (except stock listed under the separate “NASDAQ Capital Markets Companies” heading). Under this heading, a person that is a financial institution other than a bank, is exempt only to the extent of its domestic operations.

5. Any subsidiary of any corporation (non-bank entity) described above that is organized under the laws of the United States or of any state and at least 51 percent of whose common stock or analogous equity interest is owned by the listed entity, to the extent of its domestic operations.



Designating Phase I Exempt Persons The rule imposes one condition on a bank’s exemption of currency transactions of a customer

who satisfies the definition of an exempt person. That condition is that a single form be filed designating the exempt person and the financial institution. FinCEN has a form (FinCEN 110) specifically for this purpose.

The designation form will exempt all transaction accounts of the customer. Transaction accounts include demand deposits, negotiable order of withdrawal accounts, savings deposits subject to automatic transfers, and share draft accounts.

The designation of new customers as exempt persons should be made no later than 30 days following the first transaction in currency in excess of $10,000 between a financial institution and the new customer. It should be noted, however, that FinCEN wishes financial institutions to file designations whenever they become aware of a qualifying customer who has had currency transactions exceeding $10,000.00.

Financial institutions do not need to file the exemption form, or perform any annual due diligence for:

• Federal Reserve Banks and other banks, to the extent of their domestic operations, • Government Departments or Agencies (National, state, or local) • Any entities exercising government control under national, state, or local law

Financial institutions do need to file the form for any other Phase I exemptions with whom they do business.

Phase II Exempt Persons

“Non-listed businesses” are Phase II exemptions. The following businesses are not eligible non-listed businesses. In other words, they may not be exempted.

Non-Exemptible Non-Listed Businesses A business engaged primarily in one or more of the following activities may not be treated as

a non-listed business:

• Businesses serving as financial institutions or agents of financial institutions of any type; purchase or sale to customers of motor vehicles of any kind, vessels, aircraft, farm equipment or mobile homes;

• The practice of law, accountancy, or medicine; • Auctioning of goods; • Chartering or operation of ships, buses, or aircraft; • Gaming of any kind (other than licensed pari-mutuel betting at race tracks); • Investment advisory services or investment banking services;



• Real estate brokerage; • Pawn brokerage;

• Title insurance and real estate closing; • Trade union activities; and • Any other activities that may be specified by FinCEN.

A business that engages in multiple business activities may be treated as a non-listed business so long as no more than 50 percent of its gross revenue is derived from one or more of the ineligible business activities. Before issuing a Phase II exemption, banks are encouraged to determine if any additions or amendments have been made to the non-exemptible non-listed business list.

Questions often arise in determining the “gross revenue” of gaming activities, such as lottery sales. FinCEN has ruled that for the purpose of determining if a business derives more than 50 percent of its gross revenue from gaming, the term gross revenue is intended to encompass the amount of money that a business actually earns from a particular activity, rather than the sales volume of such activity conducted by the business. For example, if a business engages in lottery sales, the “gross revenue” from this activity would be the amount of money that the business actually earns from lottery sales, rather than the amount of money that the business takes in on behalf of the state lottery system. See FinCEN Ruling 2002-1 at:

http://www.fincen.gov/news_room/rp/rulings/pdf/fincenruling2002-1.pdf Exemptible Non-Listed Businesses

1. A non-listed business, to the extent of its domestic operations, other than those listed as non-exemptible, that: a. Has maintained a transaction account at the financial institution for at least two

months; b. Frequently engages in transactions in currency with the financial institution in

excess of $10,000, defined as at least five transactions per year; and c. Is incorporated or organized under the laws of the United States or a state, or is

registered as and eligible to do business within the United States or a state. 2. A payroll customer, with respect solely to withdrawals for payroll purposes from existing

transaction accounts, that: a. Has maintained a transaction account at the financial institution for at least two

months; b. Operates a firm that regularly withdraws (at least five times per year) more than

$10,000 in order to pay its United States employees in currency; and c. Is incorporated or organized under the laws of the United States or a state, or is

registered as and eligible to do business within the United States or a state. 3. A non-listed business or payroll customer that meets the criteria of 1 or 2 above, and has

maintained a money market deposit account (MMDA), used for business purposes, for at least two months (along with a transaction account) is eligible to have the MMDA exempted also.

http://www.fincen.gov/news_room/rp/rulings/pdf/fincenruling2002-1.pdf



As noted above, the term “frequently” means five or more times per year. Depending upon the type of business, all of the five times per year may only occur at certain times of the year. For instance, a golf course in a northern area of the country may only have transactions in excess of $10,000.00 during the summer months. The rules state that seasonality such as this is acceptable for the purposes of this rule. Therefore, if the golf course only has large deposits in the summer, and at least five of them are for amounts in excess of $10,000.00, the golf course may be exempted.

A sole proprietorship may be treated as a non-listed business (Phase II exemption) if the business otherwise meets the definition set forth in items 1 through 3 above. Care should be taken not to permit confusion between the customer’s personal accounts and activities from the customer’s business accounts and activities. Designating Phase II Exempt Persons

The initial designation of exempt persons for Phase II exempt persons is essentially the same as for Phase I exempt persons. Phase II initial exemptions must be filed designating the exempt person and the financial institution. FinCEN Form 110 is specifically designed for this purpose.

The designation form will exempt all transaction accounts of the customer. Transaction accounts include demand deposits, negotiable order of withdrawal accounts, savings deposits subject to automatic transfers and share draft accounts. As noted above, the exemption also can extend to MMDAs of Phase II exempt persons.

Risk-Based Analysis to Exempt Non-Listed Businesses

Notwithstanding the above mentioned criteria, a financial institution may choose to designate a non-listed business or a payroll customer as an exempt person before the customer has maintained a transaction account for at least two months if the financial institution conducts and documents a risk-based assessment of the customer and forms a reasonable belief that the customer has a legitimate business purpose for conducting frequent transactions in currency. This permitted risk-based assessment was added to the BSA effective January 5, 2009.

The final rule, as published in the Federal Register included the following commentary as it relates to conducting a risk-based assessment on non-listed businesses:

“When conducting a risk-based analysis to determine the Phase II exemption eligibility of a customer, the depository institution should form a reasonable belief that the customer has a legitimate business purpose for conducting frequent transactions in currency. Factors the depository institution might consider in order to form a reasonable belief include, but are not limited to: whether the depository institution had a past relationship with the customer, certain specific characteristics of the customer’s business model that may be pertinent, the types of business in which the customer engages, and where the business is operating. Exempting an otherwise eligible Phase II customer prior to two months’ time may be particularly appropriate when, for example: a returning customer reopens a previously maintained exempt transaction account with the institution; a customer that would now be eligible for Phase II exemption but under the current regulations was previously not eligible because the customer had conducted fewer than eight, but at least five, large cash transactions; or, when a customer that was a publicly listed company or a subsidiary becomes ineligible for exemption under Phase I, but may be designated for exemption under Phase II.”



Operating Procedures In addition to the preceding changes to the exempt person rules, the Treasury has also elected to

remove the requirement to conduct an annual review of certain Phase I exempt persons (i.e., those where a FinCEN Form 110 is not necessary.) There continues to be, however, an annual review requirement for the remaining Phase I and all Phase II exempt persons.

First, a financial institution must annually ascertain that a customer continues to qualify as an exempt person. Second, a financial institution must, at least annually and as necessary, review its monitoring of the currency transactions of its Phase II exempt customers for suspicious activity. A financial institution should retain documentation of these reviews.

Financial institutions are expected to perform the same degree of due diligence in determining whether a customer is an exempt person (and documenting that determination) that a reasonable and prudent financial institution would perform to conduct its own business in order to avoid losses from fraud or misstatement. The objective is to allow financial institutions, who have already designed business procedures and protocols to deal with similar problems, to adapt their present procedures to achieve the results sought. An assessment of compliance will focus not on whether a bank necessarily makes every judgment perfectly, but on whether it takes the steps a reasonable and prudent banker would take to create appropriate systems. Annual Review – Phase I Exemptions

The rule permits a bank to determine the status of a customer as a government department, agency, or instrumentality based on its name or community knowledge. An entity generally exercises “governmental authority” only if its authorities include one or more of the powers to tax, to exercise the authority of eminent domain or to exercise police powers with respect to matters within its jurisdiction.

To determine whether a customer is a listed corporation, a bank may rely on any:

• New York Stock Exchange, American Stock Exchange, or NASDAQ Stock Market listing published in a newspaper of general circulation;

• commonly accepted or published stock symbol guide; • information contained in the Securities and Exchange Commission Edgar System; or • information contained on an Internet World Wide Web site or sites maintained by the

New York Stock Exchange, the American Stock Exchange, or the National Association of Securities Dealers.

In determining whether a person is a subsidiary of a listed entity, a financial institution may rely upon the following: • Any reasonably authenticated corporate officer’s certificate; • Any reasonably authenticated photocopy of Internal Revenue Service Form 851

(Affiliation Schedule) or the equivalent thereof for the appropriate tax year; or • A person’s Annual Report or Form 10 K, as filed in each case with the Securities and

Exchange Commission.



Annual Review – Phase II Exemptions Phase II exemptions are non-listed businesses and require a different type of annual review.

The financial institution must determine that the Phase II exempt customer continues to qualify for exempt status. To qualify, the accounts need to meet all of the original requirements of the initial exemption process, including the requirement that there be at least five transactions in currency in excess of the $10,000 limit during the previous 12 months.

Aggregated Accounts

In determining the qualification of a customer as an exempt person, a financial institution may treat all transaction accounts of the customer as a single account. If a financial institution elects to treat all transaction accounts of a customer as a single account, the financial institution must continue to treat such accounts consistently as a single account for purposes of determining the qualification of the customer as an exempt person.

Limitations on Exemption

The exemption for transactions by an exempt person applies only to transactions involving that person’s own funds and does not apply to situations in which an exempt person is engaging in a transaction as an agent on behalf of another, beneficial owner of currency. In other words, an exempt person cannot lend its status, for a fee or otherwise, to another person’s transactions.

In addition, the provisions of the new rule create an exemption only with respect to the currency transaction reporting requirement. The rule does not create any exemption, and in fact has no effect of any kind, on the requirement that financial institutions file Suspicious Activity Reports on transactions, including currency and non-currency transactions, that meet the Suspicious Activity Report filing requirements.

For example, multiple exchanges of small denominations of currency into large denominations of currency or currency transactions that are not (or whose amounts are not) commensurate with the stated business or other activity of the exempt person may indicate the need to file a Suspicious Activity Report. Similarly, a sudden need for currency by a business that never before had such a need can form a basis for the determination that a Suspicious Activity Report is due.

Limitations on Liability

No financial institution will be subjected to penalties for failure to file a Currency Transaction Report, unless the financial institution:

• Knowingly files false or incomplete information with respect to the transaction or the customer engaging in the transaction; or



• Has reason to believe that the customer does not meet the criteria established for exemptions, or the transaction is not that of an exempt person.

If the financial institution subsequent to the filing determines that the customer no longer meets the requirements, and had no prior knowledge of this fact, there will be no penalty. However, the financial institution is required to assure that it does a full and complete analysis and review at the time of the annual review, to assure that the “error” does not continue past that point.

If the financial institution files a CTR for an exempt customer, it will be subject to the same rules and restrictions as if the customer was not exempt. Therefore, any errors will be treated as exception items, even though the customer was exempt.

Revocations

FinCEN has the authority to revoke the status of any person as an exempt person by written notification published in the Federal Register. In addition, and without any action on the part of the Treasury Department, the status of a corporation as an exempt person ceases once the corporation ceases to be listed on the applicable stock exchange. Likewise, the status of a subsidiary as an exempt person ceases once the subsidiary ceases to be included in a consolidated federal income tax return.

If the financial institution determines that an exemption is no longer appropriate, the financial institution may revoke the exemption at any time, without notice.


Section 8: Suspicious Activity Reports [31 C.F.R. § 1020.320]

Introduction Both the Department of the Treasury and the federal financial institution regulatory

agencies have rules outlining the reporting requirements for suspicious transactions. The Suspicious Activity Report (SAR) has been developed as the primary method of suspicious activity reporting, and is considered the cornerstone of the BSA reporting system. It is through this system that financial institutions can help the United States fight terrorism and its financing, money laundering and other financial crimes.

The SAR reporting system creates a uniform reporting form for all financial institutions to use when reporting known or suspected criminal offenses and transactions that a financial institution suspects involve money laundering or violate the Bank Secrecy Act. All completed forms are filed in one central location. This centralized filing will allow the establishment of a database that will be accessible to federal and state financial institution regulators and law enforcement agencies. FinCEN has been working diligently to improve the filing process to make the central depository retention more meaningful and helpful in the pursuit of illegal activities.

In the Exam Manual, the regulators state “Within this system, FinCEN and the federal banking agencies recognize that, as a practical matter, it is not possible for a financial institution to detect and report all potentially illicit transactions that flow through the financial institution. Examiners should focus on evaluating a financial institution’s policies, procedures, and processes to identify, evaluate, and report suspicious activity. However, as part of the examination process, examiners should review individual SAR filing decisions to determine the effectiveness of the financial institution’s suspicious activity identification, evaluation, and reporting process.”

The latest version of the SAR was issued in March 2011. A copy of the form and its instructions appear at the end of this section.

Reporting Thresholds

Even if the filing of an SAR is not required by the regulation, the regulation permits the filing of an SAR any time the financial institution believes the filing of the SAR for a suspicious transaction would be relevant to the possible violation of any law or regulation.

There are four major categories of activities or transactions that require the filing of a Suspicious Activity report. The first three categories address the same type of known or suspected criminal violations but have different reporting thresholds based upon the suspected perpetrators of the violation(s). An SAR would be required (assuming the reporting thresholds are met) upon the detection of any known or suspected federal criminal violation(s):

• committed or attempted against the financial institution, or

• involving a transaction or transactions conducted through the financial institution, if the financial institution knows, suspects, or has reason to suspect:



• that it was either an actual or potential victim of a criminal violation(s) or • that the financial institution was used to facilitate a criminal transaction. Although the regulation itself limits the filing of an SAR to amounts in excess of $5,000, the

instructions for the filing of an SAR and the requirements of the regulators state that an SAR shall be filed in the following situations:

• Insider Abuse. Criminal violations involving insider abuse in any amount.

• Known Suspect. Criminal violations aggregating $5,000 or more when a suspect can be identified.

• Unknown Suspect. Criminal violations aggregating $25,000 or more regardless of a potential suspect.

• Money Laundering. The fourth category of activities or transactions that requires the filing of a Suspicious Activity Report is transactions aggregating $5,000 or more that involve potential money laundering or violate the Bank Secrecy Act. This would include any type of a transaction (not just a currency transaction) aggregating $5,000 or more conducted or attempted to be conducted by, at, or through a financial institution, if the financial institution knows, suspects, or has reason to suspect that: o The transaction involves funds derived from illegal activities or is intended or

conducted in order to hide or disguise funds or assets derived from illegal activities as part of a plan to violate or evade any law or regulation or to avoid any transaction reporting requirement under federal law,

o The transaction is designed to evade any Bank Secrecy Act regulations, or o The transaction has no business or apparent lawful purpose or is not the sort in

which the particular customer would normally be expected to engage, and the financial institution knows of no reasonable explanation for the transaction after examining the available facts (including the background and possible purpose of the transaction).

Money Laundering and Terrorist Financing Red Flags

Appendix F of the 2010 (pages F-1 through F-11) Exam Manual contains significant lists of red flags that financial institutions should include in training as well as implement in their daily monitoring process that would aid in recognizing potential money laundering or terrorist financing activity. These red flags cover account opening, reporting and recordkeeping, funds transfers, ACH activity, lending, cross border transactions, trade finance, insurance, domestic and foreign customers, as well as unusual employee activity. Appendix F, in its entirety, appears on the next several pages.

Appendix F: Money Laundering and Terrorist Financing “Red Flags”

The following are examples of potentially suspicious activities, or “red flags” for both money laundering and terrorist financing. Although these lists are not all-inclusive, they may help



financial institutions and examiners recognize possible money laundering and terrorist financing schemes. Management’s primary focus should be on reporting suspicious activities, rather than on determining whether the transactions are in fact linked to money laundering, terrorist financing, or a particular crime.

The following examples are red flags that, when encountered, may warrant additional scrutiny. The mere presence of a red flag is not by itself evidence of criminal activity. Closer scrutiny should help to determine whether the activity is suspicious or one for which there does not appear to be a reasonable business or legal purpose.

Potentially Suspicious Activity That May Indicate Money Laundering Customers Who Provide Insufficient or Suspicious Information • A customer uses unusual or suspicious identification documents that cannot be readily

verified.

• A customer provides an individual tax identification number after having previously used a Social Security number.

• A customer uses different tax identification numbers with variations of his or her name. • A business is reluctant, when establishing a new account, to provide complete

information about the nature and purpose of its business, anticipated account activity, prior financial institution relationships, the names of its officers and directors, or information on its business location.

• A customer’s home or business telephone is disconnected. • The customer’s background differs from that which would be expected on the basis of his

or her business activities. • A customer makes frequent or large transactions and has no record of past or present

employment experience.

• A customer is a trust, shell company, or Private Investment Company that is reluctant to provide information on controlling parties and underlying beneficiaries. Beneficial owners may hire nominee incorporation services to establish shell companies and open financial institution accounts for those shell companies while shielding the owner’s identity.

Efforts to Avoid Reporting or Recordkeeping Requirement • A customer or group tries to persuade a financial institution employee not to file required

reports or maintain required records. • A customer is reluctant to provide information needed to file a mandatory report, to have

the report filed, or to proceed with a transaction after being informed that the report must be filed.

• A customer is reluctant to furnish identification when purchasing negotiable instruments in recordable amounts.

• A business or customer asks to be exempted from reporting or recordkeeping requirements.

• A person customarily uses the automated teller machine to make several financial institution deposits below a specified threshold.



• A customer deposits funds into several accounts, usually in amounts of less than $3,000, which are subsequently consolidated into a master account and transferred outside of the country, particularly to or through a location of specific concern (e.g., countries designated by national authorities and Financial Action Task Force on Money Laundering (FATF) as noncooperative countries and territories).

• A customer accesses a safe deposit box after completing a transaction involving a large withdrawal of currency, or accesses a safe deposit box before making currency deposits structured at or just under $10,000, to evade CTR filing requirements.

Funds Transfers • Many funds transfers are sent in large, round dollar, hundred dollar, or thousand dollar

amounts. • Funds transfer activity occurs to or from a financial secrecy haven, or to or from a higher-

risk geographic location without an apparent business reason or when the activity is inconsistent with the customer’s business or history.

• Many small, incoming transfers of funds are received, or deposits are made using checks and money orders. Almost immediately, all or most of the transfers or deposits are wired to another city or country in a manner inconsistent with the customer’s business or history.

• Large, incoming funds transfers are received on behalf of a foreign client, with little or no explicit reason.

• Funds transfer activity is unexplained, repetitive, or shows unusual patterns. • Payments or receipts with no apparent links to legitimate contracts, goods, or services

are received. • Funds transfers are sent or received from the same person to or from different accounts. • Funds transfers contain limited content and lack related party information. Automated Clearing House Transactions • Large-value, automated clearinghouse (ACH) transactions are frequently initiated

through third-party service providers (TPSP) by originators that are not financial institution customers and for which the financial institution has no or insufficient due diligence.

• TPSPs have a history of violating ACH network rules or generating illegal transactions, or processing manipulated or fraudulent transactions on behalf of their customers.

• Multiple layers of TPSPs that appear to be unnecessarily involved in transactions. • Unusually high level of transactions initiated over the Internet or by telephone. • NACHA — The Electronic Payments Association (NACHA) information requests indicate

potential concerns with the financial institution’s usage of the ACH system. Activity Inconsistent with the Customer’s Business • The currency transaction patterns of a business show a sudden change inconsistent with

normal activities.



• A large volume of cashier’s checks, money orders, or funds transfers is deposited into, or purchased through, an account when the nature of the accountholder’s business would not appear to justify such activity.

• A retail business has dramatically different patterns of currency deposits from similar businesses in the same general location.

• Unusual transfers of funds occur among related accounts or among accounts that involve the same or related principals.

• The owner of both a retail business and a check-cashing service does not ask for currency when depositing checks, possibly indicating the availability of another source of currency.

• Goods or services purchased by the business do not match the customer’s stated line of business.

• Payments for goods or services are made by checks, money orders, or financial institution drafts not drawn from the account of the entity that made the purchase.

Lending Activity • Loans secured by pledged assets held by third parties unrelated to the borrower. • Loan secured by deposits or other readily marketable assets, such as securities,

particularly when owned by apparently unrelated third parties. • Borrower defaults on a cash-secured loan or any loan that is secured by assets, which are

readily convertible into currency. • Loans are made for, or are paid on behalf of, a third party with no reasonable

explanation. • To secure a loan, the customer purchases a certificate of deposit using an unknown

source of funds, particularly when funds are provided via currency or multiple monetary instruments.

• Loans that lack a legitimate business purpose, provide the financial institution with significant fees for assuming little or no risk, or tend to obscure the movement of funds (e.g., loans made to a borrower and immediately sold to an entity related to the borrower).

Changes in Bank-to-Bank Transactions • The size and frequency of currency deposits increases rapidly with no corresponding

increase in noncurrency deposits.

• A financial institution is unable to track the true accountholder of correspondent or concentration account transactions.

• The turnover in large-denomination bills is significant and appears uncharacteristic, given the financial institution’s location.

• Changes in currency-shipment patterns between correspondent financial institutions are significant.

Cross-Border Financial Institution Transactions • U.S. financial institution increases sales or exchanges of large denomination U.S.

financial institution notes to Mexican financial institution(s).



• Large volumes of small denomination U.S. banknotes being sent from Mexican casas de cambio to their U.S. accounts via armored transport or sold directly to U.S. financial institutions. These sales or exchanges may involve jurisdictions outside of Mexico.

• Casas de cambio direct the remittance of funds via multiple funds transfers to jurisdictions outside of Mexico that bear no apparent business relationship with the casas de cambio. Funds transfer recipients may include individuals, businesses, and other entities in free trade zones.

• Casas de cambio deposit numerous third-party items, including sequentially numbered monetary instruments, to their accounts at U.S. financial institutions.

• Casas de cambio direct the remittance of funds transfers from their accounts at Mexican financial institutions to accounts at U.S. financial institutions. These funds transfers follow the deposit of currency and third-party items by the casas de cambio into their Mexican financial institution.

Bulk Currency Shipments • An increase in the sale of large denomination U.S. financial institution notes to foreign

financial institutions by U.S. financial institutions. • Large volumes of small denomination U.S. financial institution notes being sent from

foreign nonfinancial institution financial institutions to their accounts in the United States via armored transport, or sold directly to U.S. financial institutions.

• Multiple wire transfers initiated by foreign nonbank financial institutions that direct U.S. financial institutions to remit funds to other jurisdictions that bear no apparent business relationship with that foreign nonbank financial institution. Recipients may include individuals, businesses, and other entities in free trade zones and other locations.

• The exchange of small denomination U.S. bank notes for large denomination U.S. bank notes that may be sent to foreign countries.

• Deposits by foreign nonbank financial institutions to their accounts at U.S. financial institutions that include third-party items, including sequentially numbered monetary instruments.

• Deposits of currency and third-party items by foreign nonbank financial institutions to their accounts at foreign financial institutions and, thereafter, direct wire transfers to the foreign nonbank financial institution’s accounts at U.S. banks.

Trade Finance • Items shipped that are inconsistent with the nature of the customer’s business (e.g., a

steel company that starts dealing in paper products, or an information technology company that starts dealing in bulk pharmaceuticals).

• Customers conducting business in higher-risk jurisdictions.

• Customers shipping items through higher-risk jurisdictions, including transit through noncooperative countries.

• Customers involved in potentially higher-risk activities, including activities that may be subject to export/import restrictions (e.g., equipment for military or police organizations of foreign governments, weapons, ammunition, chemical mixtures, classified defense articles, sensitive technical data, nuclear materials, precious gems, or certain natural resources such as metals, ore, and crude oil).



• Obvious over- or underpricing of goods and services. • Obvious misrepresentation of quantity or type of goods imported or exported.

• Transaction structure appears unnecessarily complex and designed to obscure the true nature of the transaction.

• Customer requests payment of proceeds to an unrelated third party. • Shipment locations or description of goods not consistent with letter of credit. • Significantly amended letters of credit without reasonable justification or changes to the

beneficiary or location of payment. Any changes in the names of parties should prompt additional OFAC review.

Privately Owned Automated Teller Machines • Automated teller machine (ATM) activity levels are high in comparison with other

privately owned or bank-owned ATMs in comparable geographic and demographic locations.

• Sources of currency for the ATM cannot be identified or confirmed through withdrawals from account, armored car contracts, lending arrangements, or other appropriate documentation.

Insurance • A customer purchases products with termination features without concern for the

product’s investment performance. • A customer purchases insurance products using a single, large premium payment,

particularly when payment is made through unusual methods such as currency or currency equivalents.

• A customer purchases a product that appears outside the customer’s normal range of financial wealth or estate planning needs.

• A customer borrows against the cash surrender value of permanent life insurance policies, particularly when payments are made to apparently unrelated third parties.

• Policies are purchased that allow for the transfer of beneficial ownership interests without the knowledge and consent of the insurance issuer. This would include secondhand endowment and bearer insurance policies.

• A customer is known to purchase several insurance products and uses the proceeds from an early policy surrender to purchase other financial assets.

• A customer uses multiple currency equivalents (e.g., cashier’s checks and money orders) from different financial institutions and money services businesses to make insurance policy or annuity payments.

Shell Company Activity • A financial institution is unable to obtain sufficient information or information is

unavailable to positively identify originators or beneficiaries of accounts or other financial institution activity (using Internet, commercial database searches, or direct inquiries to a respondent financial institution).

• Payments to or from the company have no stated purpose, do not reference goods or services, or identify only a contract or invoice number.



• Goods or services, if identified, do not match profile of company provided by respondent financial institution or character of the financial activity; a company references remarkably dissimilar goods and services in related funds transfers; explanation given by foreign respondent financial institution is inconsistent with observed funds transfer activity.

• Transacting businesses share the same address, provide only a registered agent’s address, or have other address inconsistencies.

• Unusually large number and variety of beneficiaries are receiving funds transfers from one company.

• Frequent involvement of multiple jurisdictions or beneficiaries located in higher-risk offshore financial centers.

• A foreign correspondent financial institution exceeds the expected volume in its client profile for funds transfers, or an individual company exhibits a high volume and pattern of funds transfers that is inconsistent with its normal business activity.

• Multiple high-value payments or transfers between shell companies with no apparent legitimate business purpose.

• Purpose of the shell company is unknown or unclear. Embassy and Foreign Consulate Accounts • Official embassy business is conducted through personal accounts. • Account activity is not consistent with the purpose of the account, such as pouch activity

or payable upon proper identification transactions. • Accounts are funded through substantial currency transactions. • Accounts directly fund personal expenses of foreign nationals without appropriate

controls, including, but not limited to, expenses for college students. Employees • Employee exhibits a lavish lifestyle that cannot be supported by his or her salary.

• Employee fails to conform to recognized policies, procedures, and processes, particularly in private financial institution.

• Employee is reluctant to take a vacation. Other Unusual or Suspicious Customer Activity • Customer frequently exchanges small-dollar denominations for large-dollar denominations. • Customer frequently deposits currency wrapped in currency straps or currency wrapped

in rubber bands that is disorganized and does not balance when counted. • Customer purchases a number of cashier’s checks, money orders, or traveler’s checks for

large amounts under a specified threshold. • Customer purchases a number of open-end prepaid cards for large amounts. Purchases of

prepaid cards are not commensurate with normal business activities. • Customer receives large and frequent deposits from online payments systems yet has no

apparent online or auction business.



• Monetary instruments deposited by mail are numbered sequentially or have unusual symbols or stamps on them.

• Suspicious movements of funds occur from one financial institution to another, and then funds are moved back to the first financial institution.

• Deposits are structured through multiple branches of the same financial institution or by groups of people who enter a single branch at the same time.

• Currency is deposited or withdrawn in amounts just below identification or reporting thresholds.

• Customer visits a safe deposit box or uses a safe custody account on an unusually frequent basis.

• Safe deposit boxes or safe custody accounts opened by individuals who do not reside or work in the institution’s service area, despite the availability of such services at an institution closer to them.

• Customer repeatedly uses a financial institution or branch location that is geographically distant from the customer’s home or office without sufficient business purpose.

• Customer exhibits unusual traffic patterns in the safe deposit box area or unusual use of safe custody accounts. For example, several individuals arrive together, enter frequently, or carry bags or other containers that could conceal large amounts of currency, monetary instruments, or small valuable items.

• Customer rents multiple safe deposit boxes to store large amounts of currency, monetary instruments, or high-value assets awaiting conversion to currency, for placement into the financial institution system. Similarly, a customer establishes multiple safe custody accounts to park large amounts of securities awaiting sale and conversion into currency, monetary instruments, outgoing funds transfers, or a combination thereof, for placement into the financial institution system.

• Unusual use of trust funds in business transactions or other financial activity. • Customer uses a personal account for business purposes. • Customer has established multiple accounts in various corporate or individual names

that lack sufficient business purpose for the account complexities or appear to be an effort to hide the beneficial ownership from the financial institution.

• Customer makes multiple and frequent currency deposits to various accounts that are purportedly unrelated.

• Customer conducts large deposits and withdrawals during a short time period after opening and then subsequently closes the account or the account becomes dormant. Conversely, an account with little activity may suddenly experience large deposit and withdrawal activity.

• Customer makes high-value transactions not commensurate with the customer’s known incomes.



Potentially Suspicious Activity That May Indicate Terrorist Financing The following examples of potentially suspicious activity that may indicate terrorist

financing are primarily based on guidance “Guidance for Financial Institutions in Detecting Terrorist Financing” provided by the FATF. FATF is an intergovernmental body whose purpose is the development and promotion of policies, both at national and international levels, to combat money laundering and terrorist financing.

Activity Inconsistent With the Customer’s Business • Funds are generated by a business owned by persons of the same origin or by a business

that involves persons of the same origin from higher-risk countries (e.g., countries designated by national authorities and FATF as noncooperative countries and territories).

• The stated occupation of the customer is not commensurate with the type or level of activity.

• Persons involved in currency transactions share an address or phone number, particularly when the address is also a business location or does not seem to correspond to the stated occupation (e.g., student, unemployed, or self-employed).

• Regarding nonprofit or charitable organizations, financial transactions occur for which there appears to be no logical economic purpose or in which there appears to be no link between the stated activity of the organization and the other parties in the transaction.

• A safe deposit box opened on behalf of a commercial entity when the business activity of the customer is unknown or such activity does not appear to justify the use of a safe deposit box.

Funds Transfers • A large number of incoming or outgoing funds transfers take place through a business

account, and there appears to be no logical business or other economic purpose for the transfers, particularly when this activity involves higher-risk locations.

• Funds transfers are ordered in small amounts in an apparent effort to avoid triggering identification or reporting requirements.

• Funds transfers do not include information on the originator, or the person on whose behalf the transaction is conducted, when the inclusion of such information would be expected.

• Multiple personal and business accounts or the accounts of nonprofit organizations or charities are used to collect and funnel funds to a small number of foreign beneficiaries.

• Foreign exchange transactions are performed on behalf of a customer by a third party, followed by funds transfers to locations having no apparent business connection with the customer or to higher-risk countries.

Other Transactions That Appear Unusual or Suspicious • Transactions involving foreign currency exchanges are followed within a short time by

funds transfers to higher-risk locations. • Multiple accounts are used to collect and funnel funds to a small number of foreign

beneficiaries, both persons and businesses, particularly in higher-risk locations.



• A customer obtains a credit instrument or engages in commercial financial transactions involving the movement of funds to or from higher-risk locations when there appear to be no logical business reasons for dealing with those locations.

• Financial institutions from higher-risk locations open accounts. • Funds are sent or received via international transfers from or to higher-risk locations. • Insurance policy loans or policy surrender values that are subject to a substantial

surrender charge.

Filing Guidelines The SAR rules require that an SAR be filed no later than 30 calendar days from the date of

the initial detection of facts that may constitute a basis for filing an SAR. If no suspect can be identified, the time period for filing an SAR is extended to 60 days. Organizations may need to review transaction or account activity for a customer to determine whether to file an SAR. The need for a review of customer activity or transactions does not necessarily indicate a need to file an SAR. The time period for filing an SAR starts when the organization, during its review or because of other factors, knows or has reason to suspect that the activity or transactions under review meet one or more of the definitions of suspicious activity.

The phrase “initial detection” should not be interpreted as meaning the moment a transaction is highlighted for review. There are a variety of legitimate transactions that could raise a red flag simply because they are inconsistent with an accountholder’s normal account activity. The financial institution’s automated account monitoring system or initial discovery of information, such as system-generated reports, may flag a transaction; however, this should not be considered initial detection of potential suspicious activity.

Whenever possible, a prompt review of an unusual transaction or account is recommended, which can be of significant assistance to law enforcement. In any event, the review should be completed in a reasonable period of time. What constitutes a “reasonable period of time” will vary according to the facts and circumstances of the particular matter being reviewed and the effectiveness of the SAR monitoring, reporting, and decision-making process of each financial institution. The key factor is that a financial institution has established adequate procedures for reviewing and assessing facts and circumstances identified as potentially suspicious, and that those procedures are documented and followed.

For violations requiring immediate attention, in addition to filing a timely SAR, a financial institution is required to immediately notify, by telephone, an “appropriate law enforcement authority” and, as necessary, the financial institution’s primary regulator. An “appropriate law enforcement authority” would generally be the local office of the Internal Revenue Service Criminal Investigation Division or the FBI. Notifying law enforcement of a suspicious activity does not relieve a financial institution of its obligation to file an SAR.

For suspicious activity related to terrorist activity, institutions may also call FinCEN’s Financial Institution’s terrorist hotline at the toll free number 866-556-3974 (7 days a week, 24 hours a day) to further facilitate the immediate transmittal of relevant information to the appropriate authorities.



Ongoing Suspicious Activity

Should the circumstances that led to a SAR filing continue (such as suspected money laundering issues), financial institutions should re-file a new SAR at least every 90 days, giving an update as to current activity. This notifies law enforcement of continuing activity and serves as a reminder to the institution to continue monitoring account and transaction activity to determine whether other appropriate actions, such as terminating a customer or employee relationship, is required.

Financial institutions should be aware that law enforcement may have an interest in ensuring that certain accounts remain open notwithstanding suspicious or potential criminal activity in connection with those accounts. If a law enforcement agency requests that a financial institution maintain a particular account, the financial institution should ask for a written request. The written request should indicate that the agency has requested that the financial institution maintain the account and the purpose and duration of the request. Ultimately, the decision to maintain or close an account should be made by a financial institution in accordance with its own standards and guidelines.

The financial institution should develop policies, procedures, and processes indicating when to escalate issues or problems identified as the result of repeat SAR filings on accounts. The procedures should include:

• Review by senior management and legal staff (e.g., BSA compliance officer or SAR committee).

• Criteria for when analysis of the overall customer relationship is necessary. • Criteria for when to close the account, • Criteria for when to notify law enforcement, if applicable.

As part of the filing process, financial institutions are required to collect and maintain all supporting information so that it will be available to the appropriate authorities should further action be required.

Exceptions

An SAR is not required for actual or attempted robberies or burglaries that are reported to the appropriate law enforcement authorities. SARs are also not required for lost, missing, counterfeit, or stolen securities that are properly reported to the appropriate regulatory agencies.

Systems to Identify, Research and Report Suspicious Activity

The Suspicious Activity Reporting section of the Exam Manual discuss the systems and procedures that financial institutions are expected to have in place to assure that all possible suspicious transactions are reported, as follows:



“Suspicious activity monitoring and reporting are critical internal controls. Proper monitoring and reporting processes are essential to ensuring that the financial institution has an adequate and effective BSA compliance program. Appropriate policies, procedures, and processes should be in place to monitor and identify unusual activity. The sophistication of monitoring systems should be dictated by the financial institution’s risk profile, with particular emphasis on the composition of higher-risk products, services, customers, entities, and geographies. The financial institution should ensure adequate staff is assigned to the identification, research, and reporting of suspicious activities, taking into account the financial institution’s overall risk profile and the volume of transactions. Monitoring systems typically include employee identification or referrals, transaction-based (manual) systems, surveillance (automated) systems, or any combination of these.

Generally, effective suspicious activity monitoring and reporting systems include four key components (refer to Appendix S “Key Suspicious Activity Monitoring Components”). The components, listed below, are interdependent, and an effective suspicious activity monitoring and reporting process should include successful implementation of each component. Breakdowns in any one or more of these components may adversely affect SAR reporting and BSA compliance. The four key components to an effective monitoring and reporting system are:

1. Identification or alert of unusual activity (which may include employee identification, law enforcement inquiries, other referrals, and transaction and surveillance monitoring system output).

2. Managing alerts. 3. SAR decision making. 4. SAR completion and filing. These four components are present in financial institutions of all sizes. However, the structure and formality of the components may vary. Larger financial institutions will typically have greater differentiation and distinction between functions, and may devote entire departments to the completion of each component. Smaller financial institutions may use one or more employees to complete several tasks (e.g., review of monitoring reports, research activity, and completion of the actual SAR). Policies, procedures, and processes should describe the steps the financial institution takes to address each component and indicate the person(s) or departments responsible for identifying or producing an alert of unusual activity, managing the alert, deciding whether to file, and SAR completion and filing.”

Record Retention

Copies of filed SARs and records of any supporting documentation must be maintained for a period of five years from the date of filing the SAR. The financial institution should treat the supporting records as if they had been filed with the SAR, and should be properly maintained and labeled. Records of the supporting documentation must be available to appropriate law enforcement agencies, FinCEN and financial institution supervisory agencies upon request.



SAR Confidentiality [31 C.F.R. 1020.320(e)]

A SAR, and any information that would reveal the existence of a SAR, are confidential and shall not be disclosed except as authorized in this section. For purposes of this section, a SAR shall include any suspicious activity report filed with FinCEN pursuant to any regulation in this chapter.

Prohibition on Disclosures by Financial institutions: General. No financial institution, and no director, officer, employee, or agent of any

financial institution, shall disclose a SAR or any information that would reveal the existence of a SAR. Any financial institution, and any director, officer, employee, or agent of any financial institution that is subpoenaed or otherwise requested to disclose a SAR or any information that would reveal the existence of a SAR, shall decline to produce the SAR or such information, citing this section and 31 U.S.C. 5318(g)(2)(A)(i), and shall notify FinCEN of any such request and the response thereto.

Rules of Construction. Provided that no person involved in any reported suspicious transaction is notified that the transaction has been reported, this section shall not be construed as prohibiting:

• The disclosure by a financial institution, or any director, officer, employee, or agent of a financial institution, of:

o A SAR, or any information that would reveal the existence of a SAR, to FinCEN or any Federal, State, or local law enforcement agency, or any Federal regulatory authority that examines the financial institution for compliance with the Bank Secrecy Act, or any State regulatory authority administering a State law that requires the financial institution to comply with the Bank Secrecy Act or otherwise authorizes the State authority to ensure that the financial institution complies with the Bank Secrecy Act; or

o The underlying facts, transactions, and documents upon which a SAR is based, including but not limited to, disclosures: To another financial institution, or any director, officer, employee, or agent of a

financial institution, for the preparation of a joint SAR; or In connection with certain employment references or termination notices, to the

full extent authorized in 31 U.S.C. 5318(g)(2)(B); or • The sharing by a financial institution, or any director, officer, employee, or agent of the

financial institution, of a SAR, or any information that would reveal the existence of a SAR, within the financial institution's corporate organizational structure for purposes consistent with Title II of the Bank Secrecy Act as determined by regulation or in guidance.

Prohibition on disclosures by government authorities. A Federal, State, local, territorial, or Tribal government authority, or any director, officer, employee, or agent of any of the foregoing, shall not disclose a SAR, or any information that would reveal the existence of a SAR, except as necessary to fulfill official duties consistent with Title II of the Bank Secrecy Act. For purposes of this section, “official duties” shall not include the disclosure of a SAR, or any



information that would reveal the existence of a SAR, in response to a request for disclosure of non-public information or a request for use in a private legal proceeding, including a request pursuant to 31 CFR 1.11.

Limitation on Liability [31 C.F.R. 1020.320(f)] A bank, and any director, officer, employee, or agent of any financial institution, that makes

a voluntary disclosure of any possible violation of law or regulation to a government agency or makes a disclosure pursuant to this section or any other authority, including a disclosure made jointly with another institution, shall be protected from liability to any person for any such disclosure, or for failure to provide notice of such disclosure to any person identified in the disclosure, or both, to the full extent provided by 31 U.S.C. 5318(g)(3).

Compliance [31 C.F.R. 1020.320(g)] Financial institutions shall be examined by FinCEN or its delegatees for compliance with

this section. Failure to satisfy the requirements of this section may be a violation of the Bank Secrecy Act and of this chapter. Such failure may also violate provisions of title 12 of the Code of Federal Regulations.

FinCEN Advisory

On March 2, 2012, FinCEN issued the following advisory to financial institutions regarding SAR confidentiality. It has been formatted for manual purposes, but the text remains unchanged.

FIN-2012-A002 Issued: March 2, 2012

Subject: SAR Confidentiality Reminder for Internal and External Counsel of Financial Institutions

The Financial Crimes Enforcement Network (FinCEN) is issuing this Advisory to remind financial institutions, and in particular, the lawyers that advise them, of the requirement to maintain the confidentiality of Suspicious Activity Reports (SARs). FinCEN is concerned that an increasing number of private parties, who are not authorized to know of the existence of filed SARs, are seeking SARs from financial institutions for use in civil litigation and other matters. Financial institutions, and their current and former directors, officers, employees, agents, and contractors, are prohibited from disclosing SARs, or any information that would reveal the existence of a SAR.1 FinCEN recognizes that an escalation in the number of requests for use of SARs in private litigation may increase the likelihood of an unauthorized disclosure of a SAR. This is especially true when external counsel is unfamiliar with the regulations covering SAR

1 See 31 CFR §§ 1020.320(e), 1021.320(e), 1022.320(d), 1023.320(e), 1024.320(d), 1025.320(e), and 1026.320(e), see also

Pub. L. 112-74: Consolidated Appropriations Bill, Division C, Title I, Section 118 amending 31 U.S.C. § 5318(g)(2)(A)(December 23, 2011).



confidentiality. Financial institutions, and their current and former directors, officers, employees, agents, and contractors could be subject to civil and criminal penalties for the unauthorized disclosure of a SAR.

FinCEN is responsible for both safeguarding the information it collects under its regulations implementing the Bank Secrecy Act, including SARs, and promoting appropriate protection of this by authorized users of the data across the Federal, State and local levels of government. The unauthorized disclosure of SARs could undermine ongoing and future investigations by tipping off suspects, deterring financial institutions from filing SARs, and threatening the safety and security of institutions and individuals who file such reports. Such disclosure of SARs compromises the essential role SARs play in protecting our financial system and in preventing and detecting financial crimes and terrorist financing. The success of the SAR reporting system depends upon the financial sector's confidence that these reports will be appropriately protected.

Possible Civil and Criminal Penalties for Unauthorized SAR Disclosures The unauthorized disclosure of a SAR is a violation of federal law.2 Both civil and criminal

penalties may be imposed for SAR disclosure violations. Violations may be enforced through civil penalties3 of up to $100,000 for each violation and criminal penalties4 of up to $250,000 and/or imprisonment not to exceed five years.5 In addition, financial institutions could be liable for civil money penalties resulting from anti-money laundering program deficiencies (i.e., internal controls, training, etc.) that led to the SAR disclosure. Such penalties could be up to $25,000 per day for each day the violation continues.6 FinCEN is committed to working with regulatory agencies, law enforcement, SROs, and financial institutions to take appropriate action for unauthorized disclosures of SARs. Incidents involving possible unauthorized SAR disclosures are investigated, and appropriate action is taken for violations of the law.

Guidance on Maintaining SAR Confidentiality FinCEN reminds financial institutions to be vigilant in maintaining the confidentiality of

SARs. This includes ensuring all employees, agents, and individuals appropriately entrusted with information in a SAR are informed of the individual obligation to maintain SAR confidentiality. This obligation applies not only to the SAR itself, but also to information that would reveal the existence (or non-existence) of the SAR. Likewise, such persons should be informed of the consequences for failing to maintain such confidentiality, which could include civil and criminal penalties as explained herein.

A financial institution may consider including such information as part of its ongoing training of all employees. Furthermore, financial institutions may want to remind their counsel of the strict requirements of SAR confidentiality. Additional risk-based measures to enhance the confidentiality of SARs could include, among other appropriate security measures, limiting access on a "need-to-know" basis, restricting areas for reviewing SARs, logging of access to SARs, using cover sheets for SARs or information that reveals the existence of a SAR, or providing electronic notices that highlight confidentiality concerns before a person may access or disseminate the information.

2 31 U.S.C. §§ 5318(g)(2), 5321, and 5322. 3 31 U.S.C. § 5321 and 31 CFR § 1010.820. 4 31 U.S.C. § 5322 and 31 CFR § 1010.840. 5 31 U.S.C. § 5322(b) and 31 CFR § 103.59(c) (Criminal penalties may increase if the violation is committed while

violating another law of the United States or as part of a pattern of illegal activity). 6 31 U.S.C. § 5321(a)(1).



If you or your institution becomes aware of an unauthorized disclosure of a SAR, or if your institution receives a subpoena or other request for a SAR from other than an authorized government authority or self-regulatory organization as defined in the applicable SAR regulations, you should immediately contact FinCEN's Office of Chief Counsel at (703) 905-3590.7 Additionally, an institution may be required to contact its primary federal regulator, as may be applicable in a corresponding SAR rule.

Questions or comments regarding the contents of this Advisory should be addressed to the FinCEN Regulatory Helpline at 800-949-2732. Financial institutions wanting to report suspicious transactions that may relate to terrorist activity should call the Financial Institutions Toll-Free Hotline at (866) 556-3974 (7 days a week, 24 hours a day). The purpose of the hotline is to expedite the delivery of this information to law enforcement. Financial institutions should immediately report any imminent threat to local-area law enforcement officials.

The SAR Form The following pages contain the current SAR report.

7 31 CFR §§ 1020.320(e), 1021.320(e), 1022.320(d), 1023.320(e), 1024.320(d), 1025.320(e), and 1026.320(e).


Section 9: Customer Due Diligence [31 C.F.R. § 1020.220]

Customer Due Diligence (CDD) Overview The foundation of strong BSA/AML programs is the implementation of complete CDD

policies, procedures, and controls for all customers, particularly those that present a higher risk for money laundering and terrorist financing. The concept of CDD builds upon the CIP regulatory requirements for identifying and verifying a customer’s identity.

The goal of a CDD program is to develop an awareness of the unique financial details of the institution’s customers and the ability to predict the type and frequency of transactions in which its customers are likely to engage. In this way, institutions can better identify, research, and report suspicious activity as required under BSA. Although customer due diligence is not required by statute or regulation, an effective CDD program is the framework that allows the institution to comply with regulatory requirements.

Benefits of an Effective CDD Program An effective CDD program protects the reputation of the institution by: • Preventing unusual or suspicious transactions that would expose the financial institution

to loss or expense • Helps the financial institution avoid criminal exposure by those who would use the

financial institution for illegal activity • Ensuring compliance with BSA regulations and holding to sound financial institution

practices. Another way to realize the benefits of an effective CDD program is through the following: • Using a customer risk rating system to allocate financial institution resources for

monitoring purposes

• Focusing the majority of the financial institution’s monitoring efforts on those customers that present the greatest risk

• Compliance with the BSA through a risk-based approach.

CDD Program Guidance CDD programs should be tailored to each institution’s BSA/AML risk profile; consequently,

the scope of any CDD program will vary. Even though a small financial institution may have more frequent direct contact with customers than those at larger financial institutions, all financial institutions should adopt a CDD program.

An effective CDD program should:

• Be in proportion to a financial institutions BSA/AML risk profile, • Be clear in management’s expectations and staff responsibility, and



• Establish monitoring systems and procedures to identify activity that is inconsistent for a customer’s normal financial institution activity.

Elements of a CDD Program

While there is a great deal of flexibility allotted to financial institutions in devising an appropriate CDD program, all Know Your Customer programs should contain certain critical features, which are discussed below. Each program should also delineate acceptable documentation requirements and the due diligence procedures the financial institution will follow. The delineation of this information in the CDD program will ensure that the same standards are applied throughout the financial institution and will inform auditors and examiners of the financial institution’s established standards for review of customer information.

Minimum Steps for Compliance The following are the minimum steps the financial institutions should take in order to

comply with the CDD expectations.

Identify the Customer The USA PATRIOT Act, Section 326 made a provision part of the law to identify the “true”

identity of a customer. The rule for customer identification was discussed earlier in this manual.

Determine the Source of Funds The CDD program should provide a system for determining the source of a customer’s funds.

The amount of information needed to do this can depend on the type of customer in question. As an example, if a retail financial institution customer maintains demand deposit accounts funded primarily from payroll deposits, it should be a relatively simple task to identify and document the source of funds as payroll deposits. On the other hand, a more detailed analysis, with a more extensive documentation process, would be required for high net worth customers with multiple deposits from a variety of sources.

For these reasons, among others, it may be beneficial for financial institutions to classify customers into varying categories, based on factors such as the types of accounts maintained, the types of transactions conducted, and the potential risk of illicit activities associated with such accounts and transactions. Financial institutions could then develop procedures to obtain necessary information and documentation based on the risk assessment for the various categories or classes established by a financial institution.

Determine Normal and Expected Transactions The CDD program should provide a system for determining a customer’s normal and

expected transactions involving the financial institution. Without this information, a financial



institution is unable to identify suspicious transactions. A financial institution’s understanding of a customer’s normal and expected transactions should be based on information obtained both when an account is opened and during a reasonable period of time afterward. It also should be based on normal transactions for similarly situated customers.

Monitor the Account Transactions The CDD program should provide a system for monitoring, on an ongoing basis, the

transactions conducted by customers and identifying transactions that are inconsistent with the normal and expected transactions for particular customers or for customers in the same or similar categories or classes. The examiners do not require that every transaction of every customer be reviewed. Rather, they do expect a financial institution to develop a monitoring system that is appropriate for the risks presented by the accounts maintained at that financial institution.

In designing a monitoring system, a financial institution may choose to classify accounts into various categories based on factors such as the type and size of account; the types, number, and size of transactions conducted in the account; and the risk of illicit activity associated with the account. For certain classes or categories of accounts, it would be sufficient for an effective monitoring system to establish parameters for which the transactions within these accounts will normally occur. Rather than monitoring each transaction, an effective monitoring system could entail monitoring only for those transactions that exceed the established parameters for that particular class or category of accounts. For other categories or classes of accounts, such as private banking accounts, it may be necessary to monitor each significant transaction.

Determine If the Transaction Should Be Reported Once a transaction is identified as inconsistent with normal and expected transactions, the

financial institution must determine if the transaction warrants the filing of a Suspicious Activity Report. In identifying reportable transactions, a financial institution should not conclude that every transaction that falls outside what is expected for a given customer should be reported. Rather, a financial institution should focus on patterns of inconsistent transactions and isolated transactions that present risk factors that warrant further review.

Customer Risk

As observed in the risk assessment portion of this manual, a financial institution is expected to identify and understand its money laundering and terrorist financing risks of the financial institution’s customer base. The most efficient method to understand the ongoing risks is to obtain appropriate and relevant information at account opening. Such information should be sufficient enough to allow the financial institution to develop an understanding of normal and expected activity for the customer’s occupation or business operations. This is best illustrated in Appendix K of the Exam Manual, which focuses on the relationship between the type of customer and the level of suggested/expected due diligence.



Assessing Risk

In general, customers may pose low-risk or high-risk or some combination in between. Examples of low risk (routine or usual accounts) include: • Low aggregate balances • Low volume of activity • Household accounts • Most retail passbook savings/checking accounts • Accounts for minors

Examples of higher-risk accounts or activities includes:

• Large balances • High volume of activity • Frequent or excessive funds transfers • Frequent or excessive large cash transactions

Personal Accounts. When opening personal accounts, financial institutions may want to consider the following:

• Location of residence • Follow-up calls • Source of funds (especially large sums of cash) • For larger accounts, prior financial institution references are recommended • Checking with service bureaus (i.e., ChexSystems)

Business Accounts: In addition, consider the following when opening business accounts, as applicable:

• Evidence of customer’s legal status • Article of incorporation, partnership agreement, etc. • Certificate of Good Standing with state • Business license • Check with reporting agency (i.e., Dunn & Bradstreet, etc.) • Prior financial institution references

• Follow-up calls and on-site visits • Source of funds • Description of line of business



• For larger accounts: • Financial statements

• Listing of major suppliers, customers, and geographic locations • Description of business’s primary trade area • Whether international transactions are expected • Description of business operations (i.e., retail vs. wholesale) • Anticipated volume of cash activity

High-Risk Products and Services

While a financial institution may have additional high risk products and services, three forms of possible high-risk products or services are presented here:

• Wire transfer/International Correspondent Bank Accounts

• Private Banking Relationships, and • Electronic Banking

Wire Transfer/International Correspondent Bank Accounts. When dealing with wire transfers or international accounts, financial institutions should consider the following factors:

• Account purpose • Location of foreign bank, if applicable • Nature of banking license of correspondent bank

• Correspondent’s AML program • Prevention controls • Extent of banking regulation enforced in the foreign country

For our typical domestic based customers, wire transfer activity can pose an issue if the purpose or frequency of the funds transfer activity is not reasonable for the type of customer or the customer’s business. Therefore, it is important to determine the level of any funds transfer activity of a prospective customer at the time of account opening and continually monitor such activity to ensure that it falls in line with the original expectations. One simple method to accomplish this objective is to inquire at account opening the following:

• Does the customer perform funds transfers? • What will be the expected frequency and amounts of such transfers? • Does the customer deal with international suppliers or customers?

• Obtain a list of such suppliers and customers • Ensure that none appear on any sanctioned lists (i.e., OFAC)



• Does the customer deposit currency and then subsequently wire funds out of the financial institution on a regular basis?

Depending on the answers to the above, there may be some initial high-risk concerns by the financial institution if the customer is dealing in a high level of funds transfer activity, especially on an international basis.

Private Banking Relationships. Private banking is generally considered the personal or discreet offering of a wide variety of financial services and products to the affluent market. It can involve customers as individuals, commercial businesses, law firms, investment advisors, trusts, etc. Proper due diligence when opening private banking accounts goes beyond the normal procedures or controls employed with a financial institution’s typical retail customer base. Items to consider when opening private banking accounts includes:

• Confirming references

• Background checks • Determining the source of the client’s wealth, needs and expected transactions

Electronic Banking. Electronic banking is a broad term that encompasses a variety of delivery channels: telephone banking, Internet banking, PC-base banking, ATMs and ACHs. In today’s environment, electronic banking is becoming more and more popular given our hectic lifestyles. While most customers that utilize electronic banking channels to conduct transactions do so in a legitimate manner, the mere existence of such channels has raised concerns by the regulators. In general, electronic banking is vulnerable to money laundering and terrorist financing due to user anonymity, rapid transaction speed and its wide geographic availability. When offering electronic banking channels, financial institutions should consider the following:

• Customer’s proximity to the financial institution’s branches

• Requirement for the customer to initiate electronic banking services on-site at the financial institution

• Review of customer’s transactions and expected transactions

High-Risk Customers

Financial institutions are expected to develop a high-risk customer list from their customer base. While included in Section 2 of this manual, the following is reproduced as a reminder of those types of entities that are considered as possessing a higher degree of risk:

• Cash intensive businesses such as convenience stores, restaurants, retail stores, liquor stores, cigarette distributors, privately owned ATMs, vending machine operators and parking garages

• Pawn brokers • Purchasers or sellers of any type of motor vehicle, vessel, aircraft, farm equipment or

mobile home • Auctioneering

• Chartering or operation of ships, buses or aircraft



• Gaming of any kind • Trade unions

• Title insurance operations and real estate closing • Professional service providers such as doctors, attorneys, accounts and real estate

brokers • Non-governmental organizations and charities • Non-bank financial institutions, which would include money service businesses (MSB),

casino and card clubs, brokers/dealers in securities, and dealers in precious metals, stones and jewels

• Senior political figures, their immediate families and close associates (PEPs) • Non-resident aliens and accounts of foreign individuals • Foreign corporations maintaining transactions accounts, offshore corporations, and

international business corporations located in high-risk geographic areas • Deposit brokers (including foreign brokers) • Foreign financial institutions, including financial institutions and foreign money service

providers

Once identified, the financial institution can determine which customers are conducting transactions and/or using services of the financial institution that would warrant remaining on a high-risk list and necessitate further monitoring.

High-Risk Geographic Locations

Identifying high-risk geographic locations is essential to a financial institution’s anti-money laundering program. A condensed reminder of those available resources of high-risk geographic locations is as follows:

• Jurisdiction identified by intergovernmental organizations (e.g., FATF) • Countries/jurisdictions identified by the US Department of State’s International

Narcotics Control Strategy Report (INCSR) • Geographies identified by OFAC

• Jurisdictions designated by the Secretary of the Treasury as being primary money concern as authorized by the USA Patriot Act

• Jurisdictions identified by financial institution management

Risk Codes

A customer risk rating system should be developed before a financial institution may begin assigning risk ratings to its customers. Risk rating systems can range from the most simplistic



to highly sophisticated. Given the wide variety of financial institution sizes, types, customer bases and locations, there is no one perfect method for every financial institution.

Agreeing on a risk rating system or model might be considered simple when compared to the daunting task of assigning a rating to all existing customers. The following will discuss a logical approach to initiate the process and establish benchmarks that can be used for existing and new customers.

It is important to note that, when assigning risk ratings to specific customers, the financial institution must be cognizant that the various risk factors can interrelate. For example, a customer that might utilize a higher risk service may not result in a high-risk rating for that particular customer. The customer’s profile should be considered in such situations. When assessing the existing customer base, the above risk rating code sample (or similar) should be referenced as ratings are assigned.

The assignment of responsibility to assign risk ratings is integral in a financial institution’s overall CDD process. An effective risk rating process will have checks and balances, and allow for modification over time. Each institution will need to find a process that works best; however, the following are offered as suggestions in its development:

• Initial risk rating options – o Developing a comprehensive, user-friendly account opening form used by line staff,

which guides staff on assigning initial ratings o Deferring the risk rating process to select individuals within the institution

• Risk rating adjustments – allowing for a post-review of risk ratings to assure that the rating system is properly employed

• Account closure – allowing for authority to close an account relationship should the risk rating prompt such action

• Modifications to system – allowing for adjustments to the risk rating system, as necessary

Step One: High-Risk Types. Begin the process by identifying those existing customers that fall into any of the customer type categories identified by regulators as high-risk. While this process can take time when reviewing a financial institution’s existing customer database, it can be broken down into manageable pieces to expedite the process. For example, customers can be grouped into account types and assigned to designated staff to complete the assessment. The analysis of customers’ geographic locations may present a problem since it is impractical to assess each and every customer’s address, as compared to the listing of regulator-defined high-risk areas. A more practical approach is to first determine if any of the customer base resides, overlaps, or is adjacent to such areas. If the financial institution is located nowhere near such areas, then this part of the assessment should be minimal.

As part of the high-risk type analysis, the reviewer should identify any customers that engage in a business that is not eligible for a Phase II exemption.

Step Two: Suspicious Activity. Next, financial institutions should identify any customers where suspicious activity reports (SARs) have been considered or filed in the past. Care should be taken on the final risk rating category assigned for these customers so that the risk rating does not readily highlight the fact that an SAR has been filed, since this information is to remain confidential. When bringing an assessment up-to-date, the reviewer might consider reviewing those instances where an SAR was filed or considered within a predefined time frame,



such as during the most recent 12 months. Financial institutions with effective suspicious activity monitoring programs should be able to rely on these procedures to readily identify those individuals of particular concern.

Step Three: High-Risk Products/Services. As a result of the financial institution products or services that have been identified as possessing a higher risk (which will be discussed in the next section,) financial institutions should next create a listing of the customers that utilize such products or services. This list of customers should then be cross-referenced with the other high-risk areas (i.e., customer type and geographic location).

Step Four: Customer Activity. Financial institutions are afforded with a wealth of customer activity records. These records, including cash activity, can provide a significant amount of information about a customer’s profile. Subject to system limitations, financial institutions should utilize their databases to identify the following:

• Cash Activity. Customers that routinely engage in large currency transactions. The minimum thresholds for cash activity should be below the regulatory reporting amount of $10,000. In today’s financial institution environment, many financial institutions already track cash activity that is above $3,000 (or similar) to assist in their CTR reporting process and suspicious activity monitoring programs. As part of this process, financial institutions need to become familiar with a customer’s usual activity. If a wage earner customer (i.e., someone whose income is reported on a W-2) has frequent cash activity, then the financial institution needs to determine the source of the funds. While many financial institutioners may be uncomfortable asking for customer explanations, the financial institution must, by whatever method, determine if the cash activity is normal or unusual.

• Monetary Instrument Purchases. The regulations require financial institutions to record any sales of monetary instruments involving currency of $3,000 to $10,000, inclusive. These records, when reviewed periodically, can provide the financial institution with insight concerning any suspicious activity. Such records should be reviewed during the risk rating process to determine if any customers are frequently purchasing such instruments without any reasonable or legitimate purpose. A subset of this review might include reviewing where the instruments are cashed (i.e., in a foreign country) to determine if the risks need to be elevated.

• Funds Transfers. Since financial institutions are required to record certain information about persons that originate or receive funds through the wire system involving amounts of $3,000 or more, these records can be used to identify customers or persons that conduct frequent transactions without any reasonable or legitimate purpose. These records should already be incorporated into an ongoing review by a financial institution’s BSA officer or designee, which serves to determine whether frequent funds transfers by a particular customer meet his/her risk profile.

Step Five: Customer Location. A review should be performed to identify any customers that reside outside of the financial institution’s predefined market area. It should be noted that some of these customers may not pose higher risks, but rather have relocated or have family connections to the market area. Customers that do fall into this category with no ascertainable reason to maintain an account at the financial institution require further evaluation. In addition, customers that are classified as non-U.S. persons will need to be identified.



Step Six: CIP Concerns. Finally, the reviewer shall identify those customers that have recently opened a customer relationship but have not fulfilled the financial institution’s CIP requirements. Ideally, a designated person or department within the financial institution should be tracking such customers on an ongoing basis. Any customers that have failed to provide either identity or verification information should be flagged to allow the institution to track the fulfillment of CIP requirements. Depending on the financial institution’s written CIP, eventually the financial institution should take appropriate action when CIP requirements are not met.

Monitoring

Once the customer base has been risk rated, the process of ongoing monitoring begins. Depending on each financial institution’s resources, the level of available reports and/or tools will vary. However, even the smallest of institutions shall have methods employed to assess customer risks on an ongoing basis. In the simplest of examples, higher risk rated customers should be monitored more frequently than the low-risk customers. In addition, the types of monitoring reports for high-risk customers will likely contain transaction or customer profile specific parameters. For example, cash activity for “one” risk rated customers might be monitored for any cash activity of $3,000 and greater each business day. In addition, these same customers might be monitored for cash activity exceeding specific amounts over a designated time period (i.e., cash activity of $15,000 or more in a seven-day period).

When developing such monitoring methods, financial institutions must first be cognizant of its higher risk customers and the tools available to effectively monitor the accounts. Not every financial institution will be expected to spend large sums of money or resources to implement such methods, but the methods should be commensurate with its overall risks.


Section 10: Foreign Financial Accounts [31 C.F.R. § 31 C.F.R. § 1010.350, 1010.360 & 1010.420]


Section 11: Purchases of Monetary Instruments [31 C.F.R. § 1010.415]

Purchases of Bank Checks and Drafts, Cashier’s Checks, Money Orders, And Traveler’s Checks [31 C.F.R. § 1010.415]

When a financial institution issues or sells a check or draft, cashier’s check, money order, or traveler’s check for $3,000 to $10,000, inclusive, in currency, it must maintain records of certain information regarding the sales of these instruments. The following information must be obtained for each issuance or sale of one or more of these instruments to any individual purchaser that involves currency in amounts of $3,000 to $10,000, inclusive.

Deposit Accountholder If the purchaser has a deposit account with the financial institution, the following

information must be collected:

1. The name of the purchaser 2. The date of the purchase 3. The type(s) of instrument(s) purchased 4. The serial number(s) of each of the instruments purchased 5. The dollar amount(s) of each of the instrument(s) purchased In addition, the financial institution must verify the individual is a deposit accountholder or

must verify the individual’s identity. Verification may be done by one of two methods:

1. Through a signature card or other file or record at the financial institution, if the deposit accountholder’s name and address were verified at the time the account was opened or at any subsequent time and if that information was recorded on the signature card or other file or record

2. If the deposit accountholder’s identity has not been verified previously, or if the financial institution is unable to determine whether the individual’s identification has been verified previously, then the financial institution must verify the deposit accountholder’s identity by examination of a document that contains the name and address of the purchaser and is normally acceptable within the banking community as a means of identification when cashing checks for nondepositors, and the financial institution must record the specific identifying information (e.g., state of issuance and number of driver’s license).

Non-Deposit Accountholder If the purchaser does not have a deposit account with the financial institution, the following

information must be collected:

1. The name and address of the purchaser



2. The Social Security number of the purchaser or, if the purchaser is an alien and does not have a Social Security number, then the alien identification number

3. The date of birth of the purchaser 4. The date of the purchase 5. The type(s) of instrument(s) purchased 6. The serial number(s) of each of the instruments purchased 7. The dollar amount(s) of each of the instrument(s) purchased

In addition, the financial institution must verify the purchaser’s name and address by examination of a document that contains the name and address of the purchaser and is normally acceptable within the financial institution community as a means of identification when cashing checks for nondepositors, and the financial institution must record the specific identifying information (e.g., state of issuance and number of driver’s license).

Same-Day Transactions Contemporaneous purchases of the same or different types of instruments totaling $3,000 or

more must be treated as one purchase. Multiple purchases during one business day totaling $3,000 or more must be treated as one purchase if an individual employee, director, officer, or partner of the financial institution has knowledge that these purchases have occurred.

Record Retention Records required to be kept must be retained by the financial institution for a period of five

years and must be available to the Secretary of the Treasury upon request at any time.

Impact on Other Areas of BSA

Unusual and/or frequent purchases (without a personal/business need) of monetary instruments with currency generally are considered as a “red flag”. In essence, such transactions outside of the customer’s normal behavior are usually indicative of suspicious activity. Following are examples of unusual activity that would warrant the BSA officer’s review:

• Frequent cash purchases when it is apparent the customer has no legitimate need for monetary instruments.

• Multiple same day purchases below the recordkeeping dollar amount threshold of $3,000 and possibly purchased at multiple branch locations on the same day.

• Deposit of sequentially numbered monetary instruments for the same or similar amounts.

• Routine purchases of monetary instruments following large cash deposits.

Each of the above are warning signs that the purchaser may be engaging in illegal activity and attempting to “layer” illicit funds already “placed” into the financial system.


Section 12: Wire Transfer Records [31 C.F.R. § 1020.410]

Funds Transfer Requirements On January 3, 1995, the Department of the Treasury and the Board of Governors of the

Federal Reserve System issued several final rulings relating to funds transfer documentation and record keeping. These amendments became effective April 1, 1996, and require financial institutions to record, retain, and transmit certain information on funds transfers. The type of information necessary to be recorded, retained, and transmitted depends upon a financial institution’s role in a particular funds transfer, the amount of the wire transfer, and the relationship of the parties to the transfer with the financial institution.

Originator’s Financial Institution For each payment order in an amount of $3,000 or more that it accepts as an originator’s

financial institution, a financial institution must obtain and retain either the original, microfilm, other copy, or an electronic record of the following information relating to the payment order:

1. The name and address of the originator 2. The amount of the funds transfer 3. The execution date of the payment order 4. Any payment instructions received from the originator with the payment order 5. The identity of the beneficiary’s financial institution 6. As many of the following items as are received with the payment order:

a. The name and address of the beneficiary b. The account number of the beneficiary c. Any other specific identifier of the beneficiary

If the originator is not an established customer (one with a loan, deposit, or other asset account or a person from whom the financial institution has obtained and maintains on file the person’s name, address, and taxpayer identification number or, if none, an alien identification number or passport number and the country of issuance and to whom the financial institution provides financial services relying on this information), a financial institution must also do the following:

1. Verify the identity of the person placing the payment order if the order is made in person. This verification must take place prior to accepting the payment order. In addition, the following information must be recorded and retained: a. The name and address of the person placing the payment order b. The type of identification reviewed



c. The number of the identification document (e.g., driver’s license) d. The person’s taxpayer identification number or, if none, the person’s alien

identification number or passport number and country of issuance, or a notation of the lack of such a number

e. The originator’s (if different from the person placing the order and the financial institution has knowledge that the person placing the payment order is not the originator) taxpayer identification number or, if none, the person’s alien identification number or passport number and country of issuance, if known by the person placing the order, or a notation of the lack of such a number

2. Record and retain the following information if the payment order is not made in person: a. The name and address of the person placing the payment order b. The person’s taxpayer identification number or, if none, the person’s alien

identification number or passport number and country of issuance, or a notation of the lack of such a number

c. A copy or record of the method of payment (e.g., check or credit card transaction) for the funds transfer

d. The originator’s (if different from the person placing the order and the financial institution has knowledge that the person placing the payment order is not the originator) taxpayer identification number or, if none, the person’s alien identification number or passport number and country of issuance, if known by the person placing the order, or a notation of the lack of such a number

Intermediary Financial Institutions An intermediary financial institution that accepts a payment order in an amount of $3,000 or

more must retain either the original or a microfilm of the original, a copy, or an electronic record of the payment order.

Beneficiary’s Financial Institution For each payment order in an amount of $3,000 or more that it accepts as a beneficiary’s

financial institution, a financial institution must retain either the original or a microfilm of the original, a copy, or an electronic record of the payment order. If the beneficiary is not an established customer, the financial institution must also do the following:

1. Verify the identity of the person receiving the proceeds if they are delivered in person and record and retain the following: a. The name and address of the person receiving the proceeds b. The type of identification reviewed c. The number of the identification document (e.g., driver’s license)



d. The person’s taxpayer identification number or, if none, the person’s alien identification number or passport number and country of issuance, or a notation of the lack of such a number

e. The beneficiary’s (if different from the person receiving the funds and the financial institution has knowledge that the person receiving payment is not the beneficiary) taxpayer identification number or, if none, the person’s alien identification number or passport number and country of issuance, if known by the person placing the order, or a notation of the lack of such a number

2. Record and retain the following if the proceeds are delivered other than in person: a. A copy of the check or other instrument used to effect payment, or the information

contained in the method of payment b. The name and address of the person to whom the payment was sent

Identity Verification Where verification is required, a financial institution shall verify a person’s identity by

examination of a document (other than a financial institution signature card), preferably one that contains the person’s name, address, and photograph, that is normally acceptable by financial institutions as a means of identification when cashing checks for persons other than established customers. Verification of the identity of an individual who indicates that he or she is an alien or is not a resident of the United States may be made by passport, alien identification card, or other official document evidencing nationality or residence (e.g., a foreign driver’s license with indication of home address).

Retrievability Requirements

The information that an originator’s financial institution must retain must be retrievable by the originator’s financial institution by reference to the name of the originator. If the originator is an established customer of the originator’s financial institution and has an account used for funds transfers, then the information shall also be retrievable by account number.

The information that a beneficiary’s financial institution must retain must be retrievable by the beneficiary’s financial institution by reference to the name of the beneficiary. If the beneficiary is an established customer of the beneficiary’s financial institution and has an account used for funds transfers, then the information also shall be retrievable by account number.

This information need not be retained in any particular manner, as long as the financial institution is able to retrieve the required information by accessing funds transfer records directly or through reference to some other record maintained by the financial institution.

Exemptions from the recordkeeping requirements include funds transfers (1) where both the originator and beneficiary are the same person, and the originator’s financial institution and the beneficiary’s financial institution are the same domestic financial institution and (2) where both the originator and beneficiary are any of the following:



• A domestic financial institution • A wholly owned domestic subsidiary of a domestic financial institution

• A domestic broker or dealer in securities • A wholly owned domestic subsidiary of a domestic broker or dealer in securities • The United States • A state or local government • A federal state or local government agency or instrumentality

Transmittal Orders Actual fund transmittal orders must include much of the information that is required to be

recorded and retained. In order to accommodate the transmittal requirements, the Fedwire message format is expanded.

Orders to transmit funds in an amount of $3,000 or more must include the following:

1. The name and account number (if the payment is ordered from an account) of the transmitter

2. The address of the transmitter (If sending the transmittal order through the Fedwire system, the address of the transmitter need not be included until a financial institution converts to the expanded Fedwire message format.)

3. The amount of the funds transfer 4. The execution date of the transmittal order 5. The identity of the recipient’s financial institution 6. As many of the following items as are received with the transmittal order. If sending the

transmittal order through the Fedwire system, a financial institution need only include one of these items, if received from the sender, until the financial institution converts to the expanded Fedwire message format: a. The name and address of the recipient b. The account number of the recipient c. Any other specific identifier of the recipient

7. Either the name and address or numerical identifier of the transmitter’s financial institution

A receiving financial institution that acts as an intermediary financial institution must include all of the above-received information at the time the transmittal order is sent to the next receiving institution.


Section 13: Information Sharing With Government [31 C.F.R. § 1010.520]

Introduction This rule establishes procedures that encourage information sharing between governmental

authorities and financial institutions. The rule establishes a mechanism for law enforcement to communicate names of suspected terrorists and money launderers to financial institutions in return for securing the ability to locate promptly accounts and transactions involving those suspects. Financial institutions receiving the names of those suspects must search their account and transaction records for potential matches.

Definitions

The statute does not define “money laundering” or “terrorist activity.” However, Treasury states that each of these terms has well-established definitions. Accordingly, and consistent with the broad intent underlying section 314(b), these terms are being defined by cross references to existing sections of the United States Code (USC).

• “Money laundering” means any activity involving proceeds from unlawful activities or to carry on some unlawful activity (18 U.S.C. § 1956 or 1957).

• “Terrorist activity” means an act of domestic terrorism or international terrorism – activities that involve illegal violent acts or acts dangerous to human life and appear to be intended to intimidate or coerce a civilian population or government, or to affect the conduct of a government by assassination or kidnapping (18 U.S.C. § 2331).

Sharing Information with the Government

A federal law enforcement agency investigating terrorist activity or money laundering may request that FinCEN solicit, on the investigating agency’s behalf, certain information from a financial institution or a group of financial institutions. When submitting such a request to FinCEN, the federal law enforcement agency must provide FinCEN with a written certification, in such form and manner as FinCEN may prescribe.

At a minimum, such certification must:

• state that each individual, entity, or organization about which the federal law enforcement agency is seeking information is engaged in, or is reasonably suspected based on credible evidence of engaging in, terrorist activity or money laundering;

• include enough specific identifiers, such as date of birth, address, and social security number, that would permit a financial institution to differentiate between common or similar names; and

• identify one person at the agency who can be contacted with any questions relating to its request.



Upon receiving the requisite certification from the requesting federal law enforcement agency, FinCEN may require any financial institution to search its records to determine whether the financial institution maintains or has maintained accounts for, or has engaged in transactions with, any specified individual, entity, or organization.

In March 2005, FinCEN began posting section 314(a) subject lists through the 314(a) Secure Information Sharing System. The financial institution’s designated point(s) of contact will receive notification from FinCEN that there are new postings to FinCEN’s secure web site. The point of contact will be able to access the current section 314(a) subject list (and one prior) and download the files in various formats for searching. Financial institutions should report all positive matches via the Secure Information Sharing System. Those financial institutions choosing to receive the section 314(a) subject lists by facsimile will continue to receive the lists in that manner. For those financial institutions, positive matches should be indicated on the respective subject information form and faxed to FinCEN.

The obligations of a financial institution receiving an information request are:

• Record search: Upon receiving an information request from FinCEN under this section, a financial institution must expeditiously search its records to determine whether it maintains or has maintained any account for, or has engaged in any transaction with, each individual, entity, or organization named in FinCEN’s request. A financial institution may contact the federal law enforcement agency named in the information request provided to the institution by FinCEN with any questions relating to the scope or terms of the request. Except as otherwise provided in the information request, a financial institution will only be required to search its records for the following: o Any current account maintained for a named suspect o Any account maintained for a named suspect during the preceding 12 months o Any transaction conducted by or on behalf of a named suspect, or any transmittal of

funds conducted in which a named suspect was either the transmitter or the recipient, during the preceding six months that is required under law or regulation to be recorded by the financial institution or is recorded and maintained electronically by the institution

• Report to FinCEN. If a financial institution identifies any account or transaction, it must report to FinCEN that it has a match.

o No details should be provided to FinCEN other than the fact that the financial institution has a match.

o A negative response is not required. o A financial institution may provide the subject lists to a third-party service provider

or vendor to perform or facilitate record searches as long as the institution takes the necessary steps, through the use of an agreement or procedures, to ensure that the third-party safeguards and maintains the confidentiality of the information.



Designation of Contact Person Upon receiving an information request under this section, a financial institution shall

designate one or more persons to be the point of contact at the institution regarding the request and to receive similar requests for information from FinCEN in the future. When requested by FinCEN, a financial institution shall provide FinCEN with the name, title, mailing address, e-mail address, telephone number, and facsimile number of such person.

A financial institution that has provided FinCEN with contact information must promptly notify FinCEN of any changes to such information. This is generally accomplished through the financial institution’s primary regulator.

Use and Security of Information Request

The regulation states that a financial institution shall not use information provided by FinCEN for any purpose other than:

• Reporting to FinCEN as provided in this section; • Determining whether to establish or maintain an account, or to engage in a transaction;

or • Assisting the financial institution in complying with any requirement of this part.

Therefore, a financial institution shall not disclose to any person, other than FinCEN, the institution’s primary financial institution regulator, or the federal law enforcement agency on whose behalf FinCEN is requesting information, the fact that FinCEN has requested or has obtained information under the information sharing rules, except to the extent necessary to comply with such an information request.

However, a financial institution authorized to share information under the sharing of information among financial institutions (see section 19) may share information, following the financial institution sharing rules, concerning an individual, entity, or organization named in a request from FinCEN. However, such sharing shall not disclose the fact that FinCEN has requested information concerning such individual, entity, or organization.

Each financial institution shall maintain adequate procedures to protect the security and confidentiality of requests from FinCEN for information under this section. This requirement shall be deemed adequate provided that a financial institution applies to such information procedures that the institution has established to satisfy the requirements of section 501 of the Gramm-Leach-Bliley Act with regard to the protection of its customers' nonpublic personal information.

No Other Action Required

The regulation does not require a financial institution to:

• take any action, or to decline to take any action, with respect to an account established for, or a transaction engaged in with, an individual, entity, or organization named in a request from FinCEN; or



• to decline to establish an account for, or to engage in a transaction with, any such individual, entity, or organization.

Except as otherwise provided in an information request from FinCEN, such a request shall not require a financial institution to report on future account opening activity or transactions or to treat a suspect list received under this section as a government list for purposes of section 326 of the USA PATRIOT Act (Customer Identification Program).

FinCEN advises that inclusion on a section 314(a) list should not be the sole factor used to determine whether to file a Suspicious Activity Report (SAR). Consequently, actions taken due to information provided in a request from FinCEN do not affect a financial institution’s obligations to comply with all of the rules and regulations of OFAC nor do they affect a financial institution’s obligations to respond to any legal process. Additionally, actions taken in response to a request do not relieve a financial institution of its obligation to file an SAR and immediately notify law enforcement, if necessary, in accordance with applicable laws and regulations.

The information that a financial institution is required to report is information required to be reported in accordance with a Federal statute or rule; therefore, it is not a violation of the Right to Financial Privacy Act or the privacy sections of the Gramm-Leach-Bliley Act.

Nothing in this portion of the regulation affects the authority of a Federal agency or officer to obtain information directly from a financial institution through normal channels and under applicable law.


Section 14: Information Sharing With Other Financial Institutions [31 C.F.R. § 1010.540]

Introduction Financial institutions are encouraged to share information among themselves for the

purpose of identifying and reporting suspected terrorism and money laundering once the financial institutions have notified FinCEN. The notice will inform FinCEN that they intend to share such information, and assure the agency that they will take adequate steps to maintain confidentiality.

The intent of this rule, and the statute behind it, is to facilitate financial institutions’ ability to identify and report to the federal government instances of money laundering or terrorism.

Definitions

The statute does not define “money laundering” or “terrorist activity.” However, Treasury states that each of these terms has a well-established definition. Accordingly, and consistent with the broad intent underlying section 314(b), these terms are being defined by cross references to existing sections of the United States Code (USC).

• “Money laundering” means any activity involving proceeds from unlawful activities, or to carry on some unlawful activity (18 U.S.C. § 1956 or 1957).

• “Terrorist activity” means an act of domestic terrorism or international terrorism – activities that involve illegal violent acts or acts dangerous to human life and appear to be intended to intimidate or coerce a civilian population or government, or to affect the conduct of a government by assassination or kidnapping (18 U.S.C. § 2331).

Sharing of Information

Upon appropriate filing of the prescribed notice, a financial institution may, under the protection of the safe harbor from liability, transmit, receive, or otherwise share information with any other financial institution regarding individuals, entities, organizations, and countries for purposes of identifying and, where appropriate, reporting activities that the financial institution suspects may involve possible terrorist activity or money laundering.

Notice Requirement

A financial institution that intends to share information as permitted by this section of the regulation must submit to FinCEN a notice. Each notice shall be effective for the one-year period beginning on the date of the notice. In order to continue to engage in the sharing of information after the end of the one-year period, a financial institution or association of financial institutions must submit a new notice.



Completed notices may be submitted to FinCEN by accessing FinCEN’s Internet Web site, http://www.treas.gov/fincen, and entering the appropriate information as directed, or, if a financial institution does not have Internet access, by mail to FinCEN, P.O. Box 39, Vienna, VA 22183.

A copy of the notice appears at the end of this section.

Verification Requirement

Prior to sharing information, a financial institution must take reasonable steps to verify that the other financial institution with which it intends to share information has submitted a notice to FinCEN as well.

A financial institution or an association of financial institutions may satisfy this paragraph by confirming that the other financial institution appears on a list that FinCEN will periodically make available to financial institutions that have filed a notice with it, or by confirming directly with the other financial institution that they have filed the required notice.

Use and Security of Information

Information received by a financial institution using this section shall not be used for any purpose other than:

• Identifying and, where appropriate, reporting on money laundering or terrorist activities; • Determining whether to establish or maintain an account, or to engage in a transaction;

or • Assisting the financial institution in complying with any requirement of the regulation.

Each financial institution or association of financial institutions that use these information-sharing rules must maintain adequate procedures to protect the security and confidentiality of such information.

The requirements of this section are satisfied to the extent that a financial institution applies to such information procedures that the institution has established to satisfy the requirements of section 501 of the Gramm-Leach-Bliley Act with regard to the protection of its customers’ nonpublic personal information.

Safe Harbor from Certain Liability

A financial institution that shares information under this section of the regulation shall be protected from liability for such sharing, or for any failure to provide notice of such sharing, to an individual, entity, or organization that is identified in such sharing, to the full extent provided in subsection 314(b) of the USA PATRIOT Act.

This safe harbor does not apply if the financial institution does not comply with all of the requirements of this section of the regulation.



Information Sharing with the Federal Government

If, as a result of information shared under these rules, a financial institution knows, suspects, or has reason to suspect that an individual, entity, or organization is involved in, or may be involved in terrorist activity or money laundering, and the financial institution is subject to a suspicious activity reporting requirement under this part or other applicable regulations, the institution shall file a Suspicious Activity Report in accordance with those regulations.

In situations involving violations requiring immediate attention, such as when a reportable violation involves terrorist activity or is ongoing, the financial institution shall immediately notify, by telephone, an appropriate law enforcement authority and financial institution supervisory authorities in addition to filing, in a timely manner, a Suspicious Activity Report.

No Effect on Financial Institution Reporting Obligations

Nothing in this section of the regulation affects the obligation of a financial institution to file a Suspicious Activity Report pursuant to any other applicable regulation, or to otherwise contact directly a Federal agency concerning individuals or entities suspected of engaging in terrorist activity or money laundering.


Section 15: Correspondent Accounts [31 C.F.R. § 1010.605, 1010.630]

Definitions A correspondent account is an account established by a covered financial institution for a

foreign financial institution to receive deposits from, to make payments or other disbursements on behalf of, or to handle other financial transactions related to the foreign financial institution.

The term account means any formal financial institution or business relationship established to provide regular services, dealings, and other financial transactions; and includes a demand deposit, savings deposit, or other transaction or asset account and a credit account or other extension of credit.

Covered financial institution means:

• An insured bank; • A commercial bank or trust company; • A private banker; • An agency or branch of a foreign bank in the United States; • A credit union; or • A thrift institution.

Foreign shell bank means a foreign bank without a physical presence in any country.

The term owner means any person who, directly or indirectly:

• Owns, controls, or has power to vote 25 percent or more of any class of voting securities or other voting interests of a foreign bank; or

• Controls in any manner the election of a majority of the directors (or individuals exercising similar functions) of a foreign bank.

For purposes of this definition, members of the same family shall be considered to be one person. This includes parents, spouses, children, siblings, uncles, aunts, grandparents, grandchildren, first cousins, stepchildren, stepsiblings, and parents-in-law, and spouses of any of the foregoing.

Each member of the same family who has an ownership interest in a foreign bank must be identified if the family is an owner because of aggregating the ownership interests of the members of the family. In determining the ownership interests of the same family, any voting interest of any family member shall be taken into account.

Physical presence means a place of business that:

1. Is maintained by a foreign bank;



2. Is located at a fixed address (other than solely an electronic address or a post-office box) in a country in which the foreign bank is authorized to conduct banking activities, at which location the foreign bank: a. Employs one or more individuals on a full-time basis; and b. Maintains operating records related to its banking activities; and

3. Is subject to inspection by the banking authority that licensed the foreign bank to conduct banking activities.

The term regulated affiliate means a foreign shell bank that:

1. Is an affiliate of a depository institution, credit union, or foreign bank that maintains a physical presence in the United States or a foreign country, as applicable; and

2. Is subject to supervision by a banking authority in the country regulating such affiliated depository institution, credit union, or foreign bank.

For purposes of this definition, affiliate means a foreign bank that is controlled by, or is under common control with, a depository institution, credit union, or foreign bank.

Control means:

A. Ownership, control, or power to vote 50 percent or more of any class of voting securities or other voting interests of another company; or

B. Control in any manner the election of a majority of the directors (or individuals exercising similar functions) of another company.

Prohibition on correspondent accounts for foreign shell banks

A covered financial institution shall not establish, maintain, administer, or manage a correspondent account in the United States for, or on behalf of, a foreign shell bank.

A covered financial institution shall take reasonable steps to ensure that any correspondent account established, maintained, administered, or managed by that covered financial institution in the United States for a foreign bank is not being used by that foreign bank to indirectly provide banking services to a foreign shell bank.

Nothing in this section prohibits a covered financial institution from providing a correspondent account or banking services to a regulated affiliate.

Records of owners and agents

A covered financial institution that maintains a correspondent account in the United States for a foreign bank shall maintain records in the United States identifying the owners of each such foreign bank whose shares are not publicly traded and the name and street address of a person who resides in the United States and is authorized, and has agreed to be an agent to accept service of legal process for records regarding each such account.



A covered financial institution need not maintain records of the owners of any foreign bank that is required to have on file with the Federal Reserve Board a Form FR Y-7 that identifies the current owners of the foreign bank as required by such form.

A covered financial institution will be deemed to be in compliance with the requirements of this section with respect to a foreign bank if the covered financial institution obtains, at least once every three years, a certification or recertification from the foreign bank. However, if at any time a covered financial institution knows, suspects, or has reason to suspect, that any information contained in a certification or recertification provided by a foreign bank, or otherwise relied upon by the covered financial institution is no longer correct, the covered financial institution shall request that the foreign bank verify or correct such information, or shall take other appropriate measures to ascertain the accuracy of the information or to obtain correct information, as appropriate.

In the case of any correspondent account in existence on October 28, 2002, if the covered financial institution:

• Has not obtained a certification (or recertification) from the foreign bank, or • Has not otherwise obtained documentation of the information required by such

certification (or recertification), on or before March 31, 2003, and at least once every three years thereafter,

Then the covered financial institution:

• Shall close all correspondent accounts with such foreign bank within a commercially reasonable time, and

• Shall not permit the foreign bank to establish any new positions or execute any transaction through any such account, other than transactions necessary to close the account.

In the case of any correspondent account established after October 28, 2002, if the covered financial institution:

• Has not obtained a certification (or recertification), or has not otherwise obtained documentation of the information required by such certification (or recertification) within 30 calendar days after the date the account is established, and at least once every three years thereafter,




If the bank wishes to verify information from a foreign bank, if the covered financial institution:

• Has not obtained, from the foreign bank or otherwise, verification of the information or corrected information within 90 calendar days after the date of undertaking the verification,






A covered financial institution may not reestablish any account closed due to a verification issues, and may not establish any other correspondent account with the concerned foreign bank, until it obtains from the foreign bank the certification or the recertification, as appropriate.

A covered financial institution shall not be liable to any person in any court or arbitration proceeding for terminating a correspondent account in accordance with the rules state above.

A covered financial institution shall retain the original of any document provided by a foreign bank, and the original or a copy of any document otherwise relied upon by the covered financial institution, for purposes of this section, for at least five years after the date that the covered financial institution no longer maintains any correspondent account for such foreign bank. A covered financial institution may have to retain the records for a longer period, if directed to do so by the Department of the Treasury.

Law Enforcement Access to Foreign Bank Records

The Secretary of the Treasury or the Attorney General may issue a summons or subpoena to any foreign bank that maintains a correspondent account in the United States, and may request records related to such correspondent account, including records maintained outside of the United States relating to the deposit of funds into the foreign bank. The summons or subpoena may be served on the foreign bank in the United States if the foreign bank has a representative in the United States, or in a foreign country pursuant to any mutual legal assistance treaty, multilateral agreement, or other request for international law enforcement assistance.

Upon receipt of a written request from a Federal law enforcement officer for information required to be maintained by a covered financial institution under the rules stated above, the covered financial institution shall provide the information to the requesting officer not later than seven days after receipt of the request.

A covered financial institution shall terminate any correspondent relationship with a foreign bank not later than 10 business days after receipt of written notice from the Secretary or the Attorney General (in each case, after consultation with the other) that the foreign bank has failed:

1. To comply with a summons or subpoena issued under this section; or 2. To initiate proceedings in a United States court contesting such summons or subpoena. A covered financial institution shall not be liable to any person in any court or arbitration

proceeding for terminating a correspondent relationship in accordance with these rules. Failure to terminate a correspondent relationship in accordance with this section shall render the covered financial institution liable for a civil penalty of up to $10,000 per day until the correspondent relationship is terminated.


Section 16: Additional Records Requirements [31 C.F.R. § 1010.410, 1010.430, 1010.440 & 1020.410]

Records to Be Retained By Financial Institutions [31 C.F.R. § 1010.410] Financial institutions must retain either the original or a microfilm of the original, a copy, or

another form of reproduction of the following records: 1. A record of each extension of credit in excess of $10,000, except an extension of credit

secured by an interest in real property. The record must contain the person’s name and address, the amount of the extension of credit, the purpose of the credit, and the date of the extension of credit.

2. A record of any advice, request or instruction received or given regarding any transaction resulting in the transfer of currency, funds, checks, investment securities, or credit of more than $10,000 to or from any person, account or place outside the United States

3. A record of any advice, request or instruction given to another financial institution or other person located within or outside of the United States regarding a transaction intended to result in the transfer of funds, currency, checks, investment securities, or credit of more than $10,000 to a person, account or place outside of the United States

Additional Records to Be Retained By Financial Institutions [31 C.F.R. § 1020.410(c)]

Each financial institution must retain either the original or a microfilm of the original, a copy, or another form of reproduction of each of the following:

1. Each document granting signature authority over each deposit or share account, including any notations of specific identifying information verifying the identity of the signer, such as a driver’s license, credit card, etc.

2. Each statement, ledger card, or other record on each deposit or share account showing each transaction in or with respect to that account, such as a monthly statement

3. Each check, draft, or money order drawn or issued on the financial institution and payable by it, except for those (a) drawn for $100 or less; (b) drawn on accounts which can be expected to have drawn on them an average of 100 checks per month over the calendar year, such as high-volume business accounts; or (c) special purpose checks which are issued under the normal course of business, such as dividend checks, payroll checks, employee benefit checks, insurance claim checks, medical benefit checks, checks drawn on government agency accounts, checks drawn by brokers or dealers in securities, checks drawn on other financial institutions, or pension or annuity checks

4. Each item in excess of $100, other than financial institution charges or periodic charges made pursuant to an agreement with the customer, comprising a debit to a customer’s deposit or share account, not required to be kept, and not specifically exempted

5. Each item, including checks, drafts, or transfers of credit of more than $10,000 remitted or transferred to a person, account, or place outside the United States



6. A record of each remittance or transfer of funds (currency, monetary instruments, checks, investment securities, or credit) of more than $10,000 to a person, account, or place outside the United States

7. Each check or draft in excess of $10,000 drawn or issued by a foreign financial institution for which the domestic financial institution has paid or presented to a nonbank drawee for payment

8. Each item, including checks, drafts, or transfers of credit of more than $10,000 received directly from (not through) a domestic financial institution by letter, cable, or any other means from a bank, broker, or dealer in foreign exchange outside the United States

9. A record of each receipt of currency, monetary instruments, investment securities, checks, or other transfers of funds or credit exceeding more than $10,000 received on any one occasion directly from a bank, broker, or dealer in foreign exchange outside the United States

10. Records prepared or received in the ordinary course of business which would be needed to reconstruct a transaction and trace a check in excess of $100 deposited into such an account through its domestic processing system or to supply a description of that deposited check (applicable to demand deposit accounts only)

11. A record containing the name, address, and TIN of the purchaser of each certificate of deposit, a description of the instrument, a notation of the method of payment, and the date of the transaction

12. A record containing the name, address, and TIN of the person presenting a certificate of deposit for payment, the description of the instrument, and the date of the transaction

13. Each deposit slip or credit ticket reflecting a transaction in excess of $100 or an equivalent record for direct deposit or wire transfer

Nature of Records and Retention Period [31 C.F.R. § 1010.430]

Wherever it is required to retain the original or a microfilm of the original, a copy, or another form of reproduction of a monetary instrument or document, a copy of both front and back of each instrument or document must be retained, unless the side to be copied is blank or contains only standardized printed information. Record Creation

The records required by this regulation may be made in the ordinary course of business, unless no record is made during the ordinary course of business, in which case a record must be prepared in writing by the financial institution. Retention Period

All records must be retained for a period of five years and will be stored in such a way as to be accessible within a reasonable amount of time, taking into account the nature of the record and the amount of time expired since the record was made.



Person Outside the United States [31 C.F.R. § 1010.440] A remittance, transfer of funds, or other monetary instruments or credit to the domestic

account of a person whose address is known by the person making the transfer to be outside the United States must be deemed a transfer outside the United States, unless otherwise directed by the Secretary. This section does not apply to a transaction on the books of a domestic financial institution if a customer of such financial institution’s address is within 50 miles of the location of the financial institution or is known to be out of the United States temporarily.

New BSA Officer Training - · PDF fileTo assist in the risk assessment process, the Exam...

Documents

Transcript of New BSA Officer Training - · PDF fileTo assist in the risk assessment process, the Exam...