CBA Publications >> CBA Regulatory Compliance Bulletin >> Vol 2002 No. 1, January 18, 2002

Vol 2002 No. 1, January 18, 2002

The USA Patriot Act: Complying with New Anti-Money Laundering Requirements

This article was written by Robert Ballieu, Product Development Attorney with Bankers Systems Inc. ("BSI"), and is reprinted with permission from BSI.

The USA PATRIOT Act was signed on October 26, 2001, following a flurry of legislative activity and wrangling that brought together various pieces of previous legislation, the President's 2001 National Money Laundering Strategy, and public will. It comprises ten titles aimed at providing stronger surveillance powers, strengthening criminal laws against terrorism, improving intelligence, and combating money laundering. The provisions of the USA PATRIOT Act that probably most affect financial institutions are those contained in Title III. Among other things, Title III amends the Bank Secrecy Act and provides the Treasury Department and federal agencies with enhanced authority to combat international money laundering. This article will discuss the Bank Secrecy Act initiatives of the USA Patriot Act, emerging implementing regulations, and the effects all of this will have on your policies, practices and overall operations.

Title III of the USA PATRIOT Act applies to all financial institutions regardless of charter or size, and in fact has expanded the scope of the Bank Secrecy Act to include organizations not formerly covered. For example, the Bank Secrecy Act has been amended to include brokers and dealers under the requirements for suspicious activity reporting. Unfortunately, the law itself is not clear on a number of issues and many portions require the Secretary of Treasury to issue implementing regulations to address specific requirements. However, until the Secretary issues additional regulations to implement the law, the complete effect of these new requirements remains unclear.

Despite the lack of detail with Title III of the USA PATRIOT Act, we do know that certain things are likely to occur. Changes will be seen in the kinds of business that institutions are authorized to engage in, how that business is conducted, the tools necessary to carry out anti-money laundering policies and procedures, and some of the penalties for noncompliance.

Some of these changes will result in additional regulations relating to various procedures, such as those requiring more careful identity verification. There will be new or enhanced due diligence procedures for account officers and private banking specialists. Mandates relating to operations such as recordkeeping and reporting information may cause financial institutions, from a risk management standpoint, to increase their recordkeeping capabilities and reporting frequency. To accommodate the additional tracking of data, institutions may need to enhance their documentation processes. As part of the requirement to create policies for and implement anti-money laundering programs, examiners can be expected to review the safeguards an institution has in place to keep it in compliance with the law. An example of the type of safeguard an examiner may look for includes whether an institution is utilizing interdict software for the identification of persons and groups on OFAC's list of Specially Designated Nationals, and other agency lists.

Another area of changes involves penalties. Civil and criminal penalties are increased, in some cases, to range between not less than twice the amount of the transaction and not more than $1 million dollars for any one violation by any financial institution. Penalties may also include complete forfeiture of accounts and property involved in prohibited and regulated transactions. Needless to say, the penalties in this area can make noncompliance a very expensive risk.

Ultimately, all of these issues will necessitate an increased focus on education and training from the top down and in all areas. The training requirement under the Bank Secrecy Act has long been in place, but expect an increased focus on your efforts by examiners.

Within Title III of the PATRIOT Act, effective dates vary, depending on the particular activity regulated or portion of the Act amended. The USA PATRIOT Act, itself, does not have an overall effective date, which arguably means an immediate effective date to most sections. Of the effective dates that are stated, the earliest include those relating to the prohibition on certain correspondent accounts and various recordkeeping requirements.

§ 313. After this date, U.S. financial institutions are absolutely prohibited from establishing, maintaining, administering, or managing a correspondent account with any foreign institutions that do not have a physical presence in any country (shell banks). A domestic institution must also take steps to make sure that any correspondent account with a foreign institution is not being used to indirectly provide services to another foreign shell bank.

§319. Also by this date, domestic institutions must have in place a system to record the names of owners of any foreign institution with which it has a correspondent account, and the person who is authorized to accept service of process for the foreign institution. This information must be made available to Federal law enforcement within seven days of a written request. Following additional written direction from the Attorney General, a domestic institution must terminate such an account within ten days of that notice. The financial institution doing so is provided immunity from liability toward the persons involved in the account. Failure to terminate a correspondent relationship will make the financial institution liable for a civil penalty of up to $10,000 per day until the relationship is terminated.

The Department of the Treasury has provided interim guidance to institutions to carry out these requirements and it, along with a sample certification document is available on the Treasury Web site at www.treas.gov/press/releases/po813.htm. The regulators have informally stated that as long as a certification has been provided to an institution's correspondent banks by the December 25th deadline, a reasonable time may be allowed after the deadline for the correspondent institution to respond before a domestic institution will be required to close an account.

§356. The Secretary must make proposed regulations by December 31 to require brokers and dealers to file suspicious activity reports. It has been generally accepted that these SARs will be different from those filed by other financial institutions. It is expected that these proposed regulations will define what those SARs will look like and how they should be completed.

The Financial Crimes Enforcement Network (FinCEN) issued proposed rules on December 31st which are available in the Federal Register for that date at page 67670.

April 24th, 2002:

§312. This is the deadline for the Secretary to make regulations that specify what due diligence policies, procedures, and controls are necessary for private banking and correspondent accounts for non-U.S. persons. The policies, procedures, and controls must be appropriate, specific, and possibly enhanced in certain cases, and designed to detect and report money laundering through those types of accounts.

§352. Each financial institution will be required to have in place an anti-money laundering program by this date. A financial institution's program must include at a minimum the development of internal policies, procedures, and controls; the designation of a compliance officer to implement this policy; an ongoing employee training program; and an independent audit function to test programs. The Secretary of Treasury has authority to prescribe additional minimum standards and may exempt various financial institutions from this requirement.

§356. The proposed regulations that were issued on December 31st requiring brokers and dealers to file suspicious activity reports must be in final form by this date.

July 23rd, 2002:

§312. Even if the due diligence regulations that the Secretary was required to make by April 24th have not been made, this is the deadline for financial institutions to comply with this portion of the law. Financial institutions will still need to have due diligence policies, procedures, and controls for private banking and correspondent accounts for non-U.S. persons. They must be appropriate, specific, and possibly enhanced in certain cases, and designed to detect and report money laundering through those types of accounts.

For private banking accounts by non-U.S. persons, domestic institutions shall determine the identities of the named and beneficial owners, and the source of the funds. They shall conduct enhanced scrutiny of such an account by a senior foreign political figure, or any immediate family member or close associate of a political figure to detect the movement of money generated through foreign corruption.

Additionally, institutions must have due diligence policies, procedures and controls for correspondent accounts with certain foreign banks. These include those operating under an offshore banking license; under license by a foreign country that is designated a NCCT (non cooperative countries and territories) with international anti-money laundering principles; and those in a country or territory that warrants special measures because of money laundering concerns. These include special steps to identify the principals of a foreign banks and nature of their ownership, conducting enhanced scrutiny to report suspicious transactions, and to identify the foreign banks with which the correspondent bank also has correspondent accounts.

§326. Requires the Secretary to have finalized regulations for minimum standards of identifying customers, maintaining records of the information used for identification, and to require regular comparisons against agency lists of suspected terrorists and their organizations and money launderers.

Although we continue to wait for implementing regulations and additional guidance, there are actions that financial institutions should be taking now. Such actions include the following:

With the release of the USA Patriot Act and various implementing regulations, institutions can expect that their examiners will focus on the law's new requirements. Given the sizeable penalties and the inclination of the regulators to levy them because of the current political climate, it could mean considerable risk to wait until the last word has been said to implement solid anti-money laundering policies, procedures and controls. Compliance officers and executives should keep their eyes and ears open for emerging developments and be prepared to respond in a timely fashion.

The information contained in this CBA Regulatory Compliance Bulletin is not intended to constitute, and should not be received as, legal advice. Please consult with your counsel for more detailed information applicable to your institution.