Consider the following procedures at each examination. Examiners are encouraged to exclude items deemed unnecessary. This procedural analysis does not represent every possible action to be taken during an examination. The references are not intended to be all-inclusive and additional guidance may exist. For the examination process to be successful, examiners must maintain open communication with bank management and discuss relevant concerns as they arise.
1 Review and analyze management's anti-money laundering risk assessment of all major business lines and products to determine if the bank engages in activities that could expose the institution to potential money laundering activities. Such risk assessment should include the institution's size, location, market, and services, including new services or products to identify high-risk areas, such as the following:
(Note: If the bank is engaged in any of these activities, the examiner should strongly consider conducting the Expanded Analysis for "Anti-Money Laundering Policies, Procedures, and Programs" and the applicable sections for other activities.)
1A Private banking.
1B Payable through accounts.
1C International correspondent bank relationships.
1D Electronic banking.
1E Significant funds transfer activity.
1F International funds transfer activity.
1G Non-bank financial institution relationships.
1H Deposit broker activity.
1I Special use/concentration accounts.
2 Review the prior examination report, workpapers, and written correspondence to identify previously noted violations, deficiencies, and weaknesses. If the institution is under a supervisory action, review the requirements of the action. Review correspondence concerning management's corrective actions.
3 Review internal and external audit reports, gaining a preliminary assessment of their adequacy regarding Bank Secrecy Act (BSA) and Anti-Money Laundering (AML) matters. Review management's response to audit findings.
4 Review Suspicious Activity Reports (SARs) related to money laundering obtained from the FDIC Regional Special Activities Case Manager. Determine if the institution or any branches had significant changes in the volume or nature of SARs filed, and investigate the reason(s) for these change(s).
(Note: Increases in SARs may be caused by an increase in high-risk customers, entry into a high-risk market or product, or an improvement in the bank’s method for identifying suspicious activity. Decreases may be caused by deficiencies in the bank’s process for identifying suspicious activity, the closure of high-risk or suspicious accounts, personnel changes, or the failure of the bank to file SARs.)
5 Review a listing of the Currency Transaction Reports (CTRs) obtained from the FDIC Regional Special Activities Case Manager. Determine if the institution or any branches had significant changes in the volume or nature of CTRs filed.
(Note: Increases in CTRs may be caused by growth, eliminations of exemptions, or increases in retail or other high-risk customers. Decreases may be caused by the failure of the bank to file CTRs, an increase in exemptions, the elimination of retail and/or other high-risk customers, or structuring.)
6 Review cash shipment reports available from the institution for unusual trends in the volume or composition of cash shipments.
7 Review correspondence that the bank has received from the Treasury (Financial Crimes Enforcement Network, Detroit Computing Center, Office of Foreign Asset Control, etc.) to determine areas that may warrant additional emphasis during the examination.
8 Title 31 USC Section 5318A authorizes the Secretary of the Treasury to impose special measures against jurisdictions, financial institutions, or one or more classes of transactions that are found to be of primary money laundering concern. Determine if any such measures have been imposed, and if the financial institution has taken appropriate steps to comply with said measures.
ANTI-MONEY LAUNDERING POLICIES, PROCEDURES, AND PROGRAMS
9 Determine if the board has adopted a written anti-money laundering program designed to ensure compliance. (Note: This program is required by Subpart B of Part 326 of the FDIC's Rules and Regulations.)
10 Determine if the written anti-money laundering compliance program contains the following required elements:
10A A system of internal controls to ensure ongoing compliance.
10B Independent testing for compliance conducted by either bank personnel or an outside party.
10C Designation of a qualified individual(s) responsible for coordinating and monitoring day-to-day compliance.
10D Training for appropriate personnel.
11 Determine if the Board has adopted a written customer identification program for new accounts that meets the requirements of 31 CFR 103.121, which includes the following:
11A Required customer identification information.
11B Identity verification procedures.
11C Recordkeeping and retention procedures.
11D Procedures regarding circumstances where a bank cannot form a reasonable belief that it knows the true identity of a customer.
11E Procedures for comparison with government lists of known or suspected terrorists, or terrorist organizations, including a requirement to follow all federal directives issued in connection with such lists.
11F Customer notification procedures.
11G Procedures specifying when the bank will rely on the performance of another financial institution for any part of their customer identification program.
12 Determine if the bank has adopted account opening and monitoring guidelines that are appropriate for the bank's size, location, products, customers, and strategic focus, including the following:
12A Verifying the customer's source of funds and type of business, as deemed necessary.
12B Determining the customer's expected transactions at or through the bank.
12C Identifying and reporting unusual transactions or activity.
13 Assess the effectiveness of anti-money laundering policies, procedures, and programs, and determine if they address the following areas:
13A The definition and examples of money laundering in its various forms (for example, placement, layering, integration, etc.).
13B Compliance with the BSA and related anti-money laundering laws and regulations.
13C Identification and documentation of higher-risk activities, businesses, locations, and countries.
14 Determine if anti-money laundering policies, procedures, and programs cover all areas of the bank, which may include the following:
14A Retail operations including teller and currency operations and monetary instrument sales.
14B Loan department.
14C Funds transfer function.
14D Trust department.
14E Safe deposit box rental.
14F Correspondent banking.
14G Private banking operations.
14H International banking activities.
14I Discount brokerage operations
14J Sale of non-deposit investment products.
14K Deposit broker relationships.
CURRENCY TRANSACTION REPORTS
15 Determine if the written compliance program includes procedural guidelines for meeting the following reporting requirements of BSA regulations:
15A Filing of CTRs (IRS Form 4789) for currency transactions greater than $10,000.
15B Filing of CMIRs (U.S. Customs Form 4790) for currency shipments of greater than $10,000 out of or into the U.S. on behalf of the institution, except via common carrier.
15C Filing of an annual report, Report of Foreign Bank Financial Accounts (Treasury Form 90-22.1), of each person who has a financial interest in, or signature authority over, bank, securities, or other financial accounts in a foreign country. If applicable, determine if these reports were filed.
16 Review a sample of completed CTRs, whether hard copy or from computer-generated filings, to determine that:
16A CTRs are completed in accordance with Internal Revenue Service instructions and are filed accurately and completely within 15 calendar days after the date of the transaction (25 days if magnetically filed).
16B CTRs are filed for large cash transactions identified by tellers' cash proof sheets, automated large currency transaction system, or other type of aggregation system that covers all relevant areas of the bank, unless an exemption exists for the customer.
SUSPICIOUS ACTIVITY REPORTING
17 Determine if the compliance program provides an adequate suspicious activity identification and reporting process, and includes the following:
17A An individual responsible for preparing and filing suspicious activity reports.
17B A process for ensuring that suspicious activity reports (SARs) are filed within timeframes established by regulation along with factual and sufficiently detailed content to describe the suspicious activity.
17C A process for ensuring that transaction amounts are consistent with the type and nature of the business or occupation of the customer.
17D A process for reviewing "exempt person" accounts for unusual or suspicious activity.
17E A process for establishing expected activity levels (for example, historical transaction pattern or input from client or bank officer) including who has the authority to change profiles.
17F A process for reconciling activity levels of higher-risk accounts against expected activity to ensure that activity levels are reasonable.
17G A system for reviewing exception reports and what parameters are used to filter exceptions.
17H A process for requesting timely and adequate explanations of activity generated by monitoring reports.
17I A system for ensuring exception reports are responded to in a timely manner and are utilized and maintained by appropriate parties to assist in detecting patterns of unusual activity.
17J A system (automated or manual) to detect structured transactions (both cash in and cash out) that are under the $10,000 reporting threshold.
17K Procedures for documentation of decision not to file a SAR.
17L Procedures for providing notice of SARs filed to the Directorate (or a committee thereof).
18 Determine if the bank has Phase I or Phase II exemptions.
19 Determine if the bank has revoked any exemptions since the previous examination. If so, determine the reason for the revocation(s) and whether the bank completed Form TD F 90-22.53 (optional for revocations).
EXEMPTIONS ("PHASE I")
20 Determine if Treasury Form TD F 90-22.53 (Designation of Exempt Person) has been filed with the Internal Revenue Service for each "exempt person" as defined in 31 CFR 103 (for example, a bank's domestic operations, governmental agencies, "listed entities" and their subsidiaries, etc.) within 30 days of the first reportable transaction that was exempted.
21 Determine if documentation on file supports Phase I exemptions granted by the bank.
22 Assess whether required annual reviews are performed to determine if a customer remains eligible for designation as an "exempt person" under Phase I Rules.
EXEMPTIONS ("PHASE II")
(Note: Under the "Phase II" Rules, the definition of exempt persons includes "non-listed businesses" and "payroll customers" as defined in 31CFR 103. Notwithstanding, there are several businesses that remain ineligible for exemption purposes, please refer to 31 CFR 103 for additional detail.)
23 Determine if Treasury Form TD F 90-22.53 has been filed with the Internal Revenue Service for each "exempt person" identified by bank management.
24 Determine if documentation on file supports Phase II exemptions granted by the bank.
25 Assess whether required annual reviews are performed to determine if a customer remains eligible for designation as an "exempt person."
26 Determine if Form TD F 90-22.53 is filed on March 15 of the second year from the date of the original filing and biennially thereafter (Phase II exemptions only).
27 Verify that the biennial filing includes both a notification of any change in control relative to the "exempt persons" and a certification by the bank as to its maintenance of a system for reporting suspicious activity.
PURCHASES AND SALES OF MONETARY INSTRUMENTS
28 For sales in currency in amounts between $3,000 and $10,000, inclusive, of bank checks, bank drafts, cashier's checks, money orders, or traveler's checks, determine that the required records are maintained for purchasers that have deposit accounts with the bank.
29 For purchasers who do not have deposit accounts with the bank, determine that the required information for cash purchases of monetary instruments in amounts of $3,000 to $10,000, inclusive, is retained.
30 Assess whether the bank has a system for capturing multiple cash sales of monetary instruments in one day in amounts totaling $3,000 or more.
30A If an automated system is used for identifying cash sales of monetary instruments, assess whether the internal audit or independent review adequately tests the accuracy and validity of the system with regard to all points of purchase/sale.
30B If a manual system is used for identifying cash sales of monetary instruments, assess whether the internal audit or independent review verifies that required information is obtained and retained.
31 Determine if available records for monetary instrument "log" show suspicious trends with regard to purchase or sale of instruments (for example, common names, addresses, sequentially numbered purchases).
FUNDS TRANSFER ACTIVITY
32 If cash is accepted for funds transfers, assess whether the bank requires proper identification, maintains documentation and records, and files CTRs, if applicable.
33 Determine if the volume of funds transfer activity is appropriate given the bank's size, location, and nature of customer account relationships.
34 Determine if the bank’s system for monitoring funds transfer operations for suspicious activities is adequate given the bank’s size, complexity, location, and type of customer relationships.
(Note: Pouch activity entails the use of a carrier or courier to transport currency, monetary instruments, and other documents from outside the United States to a U.S. bank account. Pouches can contain a variety of transactions (for example, demand deposit accounts, loan payments, etc.) and can come from another financial institution or from individuals. Examiners and banks should be aware that bulk amounts of monetary instruments purchased in the United States that appear to have been structured to avoid the BSA reporting requirements often have been found in pouches or cash letters received from foreign banks.)
35 Determine if the bank has either incoming or outgoing pouch activity via carrier or courier (for example, DHL, FedEx).
36 Assess the adequacy of logs or other documents maintained by management with regard to this activity.
37 Witness the opening of a sample of incoming pouches (for a period of several days) and the preparation of outgoing pouches to determine the nature of transactions.
38 Identify any suspicious patterns (for example, sequentially numbered items), and determine whether CTRs, CMIRs and/or SARs should be filed.
OFFICE OF FOREIGN ASSETS CONTROL (OFAC)
(Note: The Department of the Treasury's OFAC administers the laws that impose economic sanctions against foreign countries to further U.S. foreign policy and national security objectives. OFAC also is responsible for regulations restricting transactions by banks with certain foreign countries, “specially designated nationals,” “specially designated terrorists,” and “specially designated narcotics traffickers.” Further information relating to OFAC and “restricted” transactions can be found on their website at www.ustreas.gov/ofac.)
39 Determine if the board and senior management have developed policies and procedures that comply with OFAC laws and regulations, including:
39A Maintaining (and distributing as appropriate) a list of prohibited countries, entities, and individuals.
39B Comparing new accounts to the OFAC listing.
39C Comparing incoming and outgoing funds transfers to the OFAC listing.
39D Monitoring transactions for possible prohibited activity, including transactions through non-bank financial institutions, if applicable.
39E Comparing the bank’s entire database to the OFAC listing periodically (depending on the bank’s location, type of customers, type of transactions, etc.).
39F Having a process for determining potential matches versus false hits.
39G Having a process for blocking or rejecting accounts and notifying OFAC and the customer.
BSA RECORDKEEPING REQUIREMENTS
40 Determine if procedural guidelines provide for the minimum five-year retention of the original, microfilm, copy, or other reproduction of the required items.
41 Determine if records are updated frequently.
42 Determine if records are reasonably available.
INFORMATION SHARING REQUIREMENTS (USA PATRIOT ACT SECTION 314)
Information sharing between Federal law enforcement agencies and financial institutions (31 CFR 103.100)
43 Determine if the bank has a program to comply with Section 314(a) information requests, which includes the following:
43A Designation of an employee as the contact person responsible for handling Section 314(a) information requests.
43B Procedures to ensure that all required records are searched, with positive hits reported to the Treasury’s Financial Crimes Enforcement Network (FinCEN) within designated timeframes.
43C Procedures to ensure that the confidentiality of the information requested is safeguarded.
43D Maintaining appropriate records of search results.
44 If a bank uses a third-party vendor to conduct information searches, determine that there is an agreement and/or procedures to ensure confidentiality.
Voluntary information sharing among financial institutions (31 CFR 103.110)
45 If the bank has chosen to share information with other financial institutions for the purpose of identifying and reporting activities involving possible terrorism or money laundering, determine that policies and procedures address the following:
45A Designation of a point of contact for receiving and providing information.
45B Ensuring the confidentiality of the information received and requested.
45C A process for sending and responding to requests, including ensuring that other parties with whom the institution intends to share information (including affiliates) have filed the proper notice.
46 If the bank has chosen to share information with other financial institutions for the purpose of identifying and reporting activities involving possible terrorism or money laundering, determine that the appropriate certification has been filed with FinCEN.
47 If the bank has shared information with another financial institution, ensure that the bank has verified that the other financial institution filed a certification with FinCEN.
48 If the bank has shared information with another financial institution, ensure that the bank has not disclosed to the other institution that suspicious activity reports have been filed.
INTERNAL ROUTINE AND CONTROLS
49 Determine if management has adequately integrated written policies and procedures into internal controls to minimize the risk of money laundering, including procedures to:
49A Identify possible money laundering.
49B Monitor account activity and comply with regulatory reporting and recordkeeping requirements.
49C Identify, investigate, and report suspicious transactions.
AUDIT OR INDEPENDENT REVIEW
50 Determine if the AML/BSA audit function is independent with direct reporting to the Directorate or Audit Committee.
51 Determine if the scope of the audit or independent review is sufficient to assess anti-money laundering risks of all major business lines, products, and locations, including branches and overseas offices.
52 Determine if the audit/independent review is conducted at least annually.
53 Determine if the review verifies compliance with the bank's anti-money laundering policies and procedures, and tests internal controls designed to prevent money-laundering activity.
54 Determine if the scope of the review is adequate and addresses the following items for applicable functions of the bank:
54A BSA reporting requirements, such as Currency Transaction Reports (CTRs) and Suspicious Activity Reports (SARs).
54B Compliance with exemption rules and requirements.
54C Customer identification program.
54D Identifying and reporting suspicious activities.
54E BSA recordkeeping requirements for deposits, loans, funds transfers, and sales of monetary instruments.
54F Funds transfer operations.
54G On-going training of appropriate personnel.
54H Office of Foreign Asset Control (OFAC) compliance.
54I High-risk activities/customers/areas.
54J Retention of required records.
54K Customer due diligence.
54L Compliance with information sharing requirements (Title III, Section 314 USA PATRIOT Act).
55 Determine if the audit or independent review has adequately tested the accuracy and validity of the automated large transaction identification system.
55A If an automated large transaction identification or aggregation system is not used, determine if the audit or independent review includes a sample test check of tellers' cash proof sheets or tapes to determine if large cash transactions are being reported.
56 Determine if the review procedures confirm the integrity and accuracy of management information reports used in the anti-money laundering compliance program (for example, reports used to identify large currency transactions and aggregate daily cash transactions by customer or account).
57 Determine if management adequately addresses deficiencies and violations in a timely manner.
58 Determine how deficiencies are tracked until resolved and assess the adequacy of the tracking system.
INFORMATION AND COMMUNICATION SYSTEMS
59 Determine if the bank's information systems adequately and accurately identify reportable cash transactions.
59A If an automated system is used to capture and provide information on cash transactions, determine the following:
59A1. Whether the reports show all transactions (individual and multiple transactions) in excess of $10,000 on the same business day by or on behalf of the same individual, or account.
59A2. Whether the system includes all points of cash entry and exit.
59A3. Whether the discount brokerage, private banking, trust, or any other department within the bank engages in currency transactions subject to the regulations, and, if so, that aggregation systems cover such activities.
59B If a manual system is used to identify and report cash transactions, determine how large and multiple transactions are identified and aggregated for reporting purposes.
BOARD AND SENIOR MANAGEMENT OVERSIGHT
60 Determine if deficiencies in the bank's information systems relative to anti-money laundering and BSA reporting are reported to senior management and the board.
61 Assess whether management provides adequate reports on anti-money laundering and BSA compliance to senior management or the Board.
62 Determine if the following elements are adequately addressed in the training program:
62A The importance management places on ongoing education and training.
62B Documenting the appropriateness of the scope and frequency of training.
62C The inclusion of personnel from all functional areas of the bank.
62D Coverage of bank policies and procedures.
62E Coverage of new rules and requirements.
62F Enhanced procedures to address previously cited violations and deficiencies.
62G Coverage of different forms of money laundering.
62H Identification of (and examples of) suspicious activity.
63 Determine that training is comprehensive, conducted on a regular basis, required for new hires and all relevant personnel, and clearly documented.
ANTI-MONEY LAUNDERING POLICIES, PROCEDURES, AND PROGRAMS
1 Investigate why the policy, procedure, program, or internal control deficiencies identified in the Core Analysis exist. Policy deficiencies may be attributed to the following:
1A Management overlooked these issues.
1B Management is unfamiliar with these issues.
1C Management is unwilling to create or enhance policies and procedures.
2 If poor compliance with policies, procedures, or programs exists, determine the reason. Possible reasons are detailed below.
2A Lack of awareness of policies' existence.
2B Disregard for established policies.
2C Misunderstanding the intent of policy guidelines.
2D Poor internal communication of subsequent revisions to policies, procedures, or programs.
3 Determine if management commits to corrective action and supports proper controls and monitoring to ensure policy guidelines are followed in the future.
CURRENCY TRANSACTION REPORTS
4 If the review of the information and areas outlined in the Core Analysis indicates significant weaknesses in handling, identifying and reporting of large currency transactions, or if money laundering activity is suspected, conduct the following steps:
4A Review tellers' cash proof sheets for non-reporting of large currency transactions for periods of time of suspected violations.
4B If available, review copies of the following internally generated reports to identify and verify that large cash transactions are being reported:
4B1. Automated Large Cash Transaction Reports - This is typically a daily report that aggregates large cash transaction amounts to assist the bank in identifying multiple transactions that meet reporting requirements and/or structuring of transactions under the reporting threshold.
4B2. Suspected Kiting Reports - The account profile of an account used for money laundering can be similar to the profile of an account used for kiting.
4B3. Demand Deposit Activity Report - These reports show daily balances and accumulated deposits and withdrawals over a 30-day period and can show accounts that have significant changes in the average balance or number of transactions.
4B4. Incoming and Outgoing Wire Transfer Logs - These logs can help identify transfers out of the country, transfers funded by cash or monetary instruments, transfers for non-customers, and unusual patterns of activity.
4B5. Loans Listed by Collateral - These reports can identify significant loans secured by cash (for example, CDs, bank accounts), which should be reviewed for purpose and consistency with customer's business and resources.
SUSPICIOUS ACTIVITY REPORTING
5 Review automated systems reports for the following indicators of possible money laundering:
5A Evidence of structured transactions.
5B Evidence of "concentration" accounts.
5C Customers with frequent cash transactions that have provided either a foreign address or post office box as an address or have requested that the bank hold monthly statements.
5D Other suspicious or unusual activities.
6 Review copies of major correspondent bank statements for at least two months, together with reconcilement sheets and general ledger sheets covering the same period. Investigate large transactions reflected on either the institution's or the correspondent's records to determine their nature, as indicated by copies of credit or debit advices, or general ledger tickets. Note any cash shipments made on behalf of individual customers to a correspondent bank for credit to the customer's account at the correspondent bank.
7 Review correspondent account statements, customer account records, or telex records of accounts controlled by the same person for large deposits of cashier's checks, money orders, or similar instruments drawn on other institutions in amounts under $10,000. These funds may possibly be transferred elsewhere in bulk amounts. Note whether the instruments under $10,000 are sequentially numbered.
8 Review incoming mail of the institution to determine if currency deposits are received via mail, courier services, or internal deliveries, and whether CTRs are properly filed.
9 Review SARs to determine whether any accounts or functional areas of the bank require further investigation. Determine if a SAR should be filed for suspicious activity noted during the examination.
10 Compare a listing of exempt customers obtained from the FinCEN database to the forms maintained at the institution to determine if all forms were filed as required, including forms for applicable correspondent banks. If forms were not filed as required, perform the following steps:
10A Investigate the cause, determining whether it was inadvertent or intentional.
10B Determine if a backfiling determination should be requested.
11 If significant changes in the volume of exemptions are noted from the prior examination, research and document the cause.
Purchases and Sales of Monetary Instruments
12 If the review of the information and areas outlined in the Core Section indicates significant weakness in the handling, identifying or reporting of the sale of monetary instruments for currency between $3,000 and $10,000, determine if bank records capture the following information for established customers.
12A The name of the purchaser.
12B Date of purchase.
12C The type(s) of instrument(s) purchased.
12D The serial number(s) of each of the instrument(s) purchased.
12E The dollar amount(s) of each of the instrument(s) purchased in currency.
12F Method of verifying identity of the purchaser (either at the time of purchase or when deposit account opened).
13 If the review of the information and areas outlined in the Core Section indicates significant weakness in the handling, identifying or reporting of the sale of monetary instruments for currency between $3,000 and $10,000 to purchasers who do not have deposit accounts with the bank, determine if bank records capture the following information.
13A The name and address of the purchaser.
13B The social security or alien identification number of the purchaser.
13C The date of birth of the purchaser.
13D The date of purchase.
13E The serial number(s) of each of the instrument(s) purchased.
13F The type(s) of instrument(s) purchased.
13G The dollar amount(s) of each of the instrument(s) purchased in currency.
13H Method of verifying the identity of purchaser and specific identifying information (for example, state of issuance and driver's license number).
14 If the review of the information and areas outlined in the Core Section indicates significant weakness in record retention, determine if the following records, either original, microfilm, copy, or other reproductions are retained for a minimum of five years:
14A Currency Transaction Reports and other required forms.
14B For each loan greater than $10,000 (except those secured by real estate) the borrower's name and address, date of loan, amount, and purpose.
14C Each advice, request, or instruction received regarding a transaction which results in the transfer of funds, currency, checks, investment securities, other monetary instruments or credit of more than $10,000 to a person, account, or place outside of the U.S.
14D Each advice, request, or instruction given to another financial institution or other person located within or outside the U.S., regarding a transaction intended to result in a transfer of funds, currency, checks, investment securities, other monetary instruments or credit, of more than $10,000 to a person, account, or place outside the U.S.
14E Each payment order that a financial institution accepts as an originator's, intermediary, or beneficiary's bank with respect to a funds transfer of $3,000 or more.
14F Each document granting signature authority over each deposit account.
14G Each statement, ledger card, or other record of each deposit account showing each transaction involving the account, except those items listed in 31 CFR 103.34(b)(3).
14H Each document relating to a transaction of more than $10,000 remitted or transferred to a person, account, or place outside the U.S.
14I Each check or draft in excess of $10,000 drawn on or issued by a foreign bank which the domestic bank has paid or presented to a non-bank drawee for payment.
14J Each item relating to any transaction of more than $10,000 received on any one occasion directly and not through a domestic financial institution from a bank, broker, or dealer in foreign exchange outside the U.S.
14K Records prepared or received by a bank in the ordinary course of business which would be needed to reconstruct a demand deposit account and to trace a check in excess of $100 deposited in such demand deposit account.
14L A record containing the name, address, and taxpayer identification number, if available, of any person presenting a certificate of deposit for payment, as well as a description of the instrument and the date of the transaction.
14M A record containing the name, address, and taxpayer identification number, if available, of the purchaser of each certificate of deposit, as well as a description of the instrument, a notation of the method of payment, and the date of the transaction.
14N Each deposit slip or credit ticket reflecting a transaction in excess of $100 or the equivalent record for direct deposits or other wire transfer deposit transactions.
14O Records to document the bank's compliance with rules relating to exemptions from currency reporting.
14P A record for each monetary instrument purchased or sold for currency in amounts between $3,000 and $10,000.
14Q A record for each funds transfer greater than $10,000 if transfer is to or from any person, account, or place outside the United States.
14R Records required by 31 CFR 103.34 for deposit accounts, payment orders, loans, and account holders.
14S Documents provided by a foreign bank, or documents otherwise relied upon by a covered financial institution, required by 31 CFR 103.177.
14T Required records under customer identification rules, to include the following:
14T1. All identifying information about a customer obtained under paragraph (b)(2)(i) of 31 CFR Section 103.121 for 5 years after the account is closed.
14T2. The information obtained pursuant to paragraphs (b)(3)(i)(B)(C) and (D) of 31 CFR Section 103.121 for 5 years after the record is made.
(Note: Private banking consists of comprehensive financial services offered to high net worth individuals. Section 312 of the USA PATRIOT Act defines a private banking account as an account (or any combination of accounts) that requires a minimum aggregate deposit of funds or other assets of not less than $1,000,000; is established on behalf of 1 or more individuals who have a direct or beneficial ownership interest in the account; and is assigned to, or is administered or managed by, in whole or in part, an officer, employee, or agent of a financial institution acting as a liaison between the financial institution and the direct or beneficial owner of the account. Because private banking activities expose banks to greater reputational and legal risks, supervisors must make sure that banks have the necessary risk management controls in place. (Note: For additional information on private banking, please refer to the Federal Reserve's SR 97-19 (SUP) dated June 30, 1997 on Private Banking Activities, and the interim final rule issued by the Treasury effective July 23, 2002.)
15 Determine if management completes due diligence on private banking customers and transactions, which may include the following:
15A Documenting the beneficial owners of private investment companies, trust, or hedge fund partnerships.
15B Obtaining information on the clients' source of income and line of business.
15C Corroborating sources of wealth.
15D Obtaining references from known third parties.
15E Verifying the good standing of business customers, which may include searching available data sources to ensure that a business has been legally established.
15F Requiring written contact/visitation reports documenting visits to places of business.
15G Establishing guidelines for loans secured by highly liquid collateral.
15H Monitoring transaction activity and reporting suspicious transactions.
16 In accordance with Title III, Section 312 of the USA PATRIOT Act, and implemented by an interim final rule effective July 23, 2002, determine if the bank has taken the following additional steps with regard to private banking accounts maintained in the U.S. for non-U.S. persons:
16A Ascertaining the identity of the nominal and beneficial owners of the account, along with the source of funds deposited into the account.
16B Applying enhanced scrutiny for accounts maintained by or on behalf of senior foreign political figures, an immediate family member, or close associate, to guard against laundering the proceeds of foreign corruption. (Refer to interagency guidance dated January 2001 entitled Guidance on Enhanced Scrutiny for Transactions That May Involve the Proceeds of Foreign Official Corruption.)
16C Developing a due diligence program reasonably designed to detect and report money laundering and the existence of the proceeds of foreign corruption.
PAYABLE THROUGH ACCOUNTS (PTA)
(Note: Payable through accounts are demand deposit accounts or correspondent accounts through which the bank extends check writing privileges to the customers of a foreign bank. A master account is opened in the name of a foreign bank, and the master account is subsequently divided into sub-accounts, each in the name of one of the foreign bank's customers. (Note: For additional information on PTAs, please refer to the Federal Reserve's Supervisory Letter SR 95-1 or FDIC FIL 30-95.)
17 Review the contract with the foreign bank for the PTA to determine if it addresses the following areas:
17A Procedures for opening sub-accounts.
17B Requirements to provide the U.S. bank with the true identity of sub-account holders.
17C Cash transactions by sub-account holders.
17D Investigation and reporting of suspicious transactions.
17E Audit of the foreign bank's operations by the U.S. bank.
18 Determine if the U.S. bank has an effective system of internal controls for opening and monitoring PTAs, addressing the following areas:
18A Operating procedures.
18B Staff responsibilities.
18E Identifying and reporting suspicious transactions.
19 Assess if the U.S. bank:
19A Has determined if the home country supervisor of the foreign bank requires banks in its jurisdiction to monitor transactions of its own customers consistent with U.S. requirements.
19B Is able to obtain adequate information about the ultimate users of the PTA.
19C Can ensure that its PTA is not being used for money laundering or other illicit purposes.
(Note: If the U.S. bank has failed to accomplish any of these three steps, the PTA arrangement with the foreign bank should be terminated as expeditiously as possible.)
INTERNATIONAL CORRESPONDENT BANKING RELATIONSHIPS
(Note: A bank must assess the level of risk associated with each of its correspondent accounts through proper due diligence. Information should be gathered to understand the nature of the correspondent's business. The level of perceived risk in each account relationship, including the availability of the account to third parties, should dictate the nature of risk management.)
20 Determine the adequacy of the bank’s policies and procedures pertaining to foreign correspondent relationships, including policies of foreign branches. At a minimum, policies and procedures should address the following:
20A The process for identifying foreign correspondent accounts.
20B The process for sending, tracking, receiving, and reviewing certification requests/requests for information.
21 Determine the adequacy of the account approval process. Does bank management consider the following:
21A Whether the bank is located in a bank secrecy or money laundering haven (if so, the nature of the license).
21B Whether the foreign bank has an effective anti-money laundering program.
21C Whether the account is accessible by third parties, and if so, is recordkeeping adequate to determine who has access to the account.
22 Determine if the bank has assessed the expected frequency, type, and volume of account activity, and other relevant information, and whether the activity is consistent with management's expectation.
23 Evaluate the bank's system to identify suspicious activity in foreign correspondent accounts.
24 In accordance with Title III, Section 312 of the USA PATRIOT Act, and implemented by an interim final rule effective July 23, 2002, determine if the bank has implemented due diligence policies, procedures, and controls reasonably designed to detect and report money laundering through correspondent accounts established, maintained, administered, or managed in the U.S. for a foreign financial institution.
25 Determine if the bank has procedures to comply with Title III, Sections 313 and 319 of the USA PATRIOT Act, implemented by Sections 103.177 and 103.185 of the Treasury’s Financial Recordkeeping Regulations, to include the following:
25A Obtaining required documentation on foreign correspondent accounts existing on October 28, 2002, by March 31, 2003. For accounts established after October 28, 2002, documentation should be obtained within 30 calendar days after the date the account is established. Documentation should include the following:
25A1. The foreign correspondent bank is not a foreign shell bank and the U.S. correspondent account is not used to indirectly provide services to foreign shell banks.
25A2. A record identifying the owners of each foreign correspondent whose shares are not publicly traded.
25A3. The name and address of a person who resides in the United States and is authorized and has agreed to accept service of legal process for records regarding each such account.
25B Procedures for closing foreign correspondent accounts if required documentation is not obtained within specified timeframes.
25C Procedures to re-certify required documentation on foreign correspondent accounts every 3 years.
25D Procedures to respond to written requests from Federal law enforcement officers for information regarding foreign correspondent accounts within 7 days after receipt of such requests.
25E Procedures to terminate foreign correspondent relationship(s) not later than 10 days after receipt of a written notice from the Secretary of the Treasury or Attorney General that the foreign correspondent has failed to comply or initiate proceedings contesting a summons or subpoena issued under this section.
26 Determine if the bank has closed any foreign correspondent accounts due to nonconformance with Section 103.177 of the Treasury’s Financial Recordkeeping Regulation since the earlier of the regulation’s effective date (October 28, 2002) or the previous examination. If so, determine that
26A Accounts were closed within a commercially reasonable time period.
26B No new positions were taken upon notification of closing.
26C Accounts were not re-established without obtaining the required information (Section 103.77 (d)).
(Note: Electronic banking consists of electronic access through direct PC connection, the Internet, or other means to bank services, including opening of deposit accounts, applying for loans, and conducting various transactions.)
27 Review procedures used to conduct due diligence on customers opening accounts (loan or deposit) through electronic means to determine if management obtains the following:
27A Proper identifying information consistent with the bank’s customer identification program, and
27B The source of funds used to open deposit accounts.
28 Determine if management has established procedures to review transaction activity through electronic banking products for possible money laundering and suspicious activity.
FUNDS TRANSFER ACTIVITY
29 If funds transfers are sent to or received from financial institutions in other countries, especially countries with strict privacy and secrecy laws, determine if amounts, frequency, and countries are consistent with the nature of the business or occupation of the customer.
30 Assess whether the bank has procedures to monitor accounts with frequent cash deposits and subsequent funds transfers to a larger institution or out of the country.
31 Assess whether there are any unusual trends or patterns with regard to funds transfers (for example, commonalties with regard to beneficiaries, originators, account numbers, addresses, etc.).
RECORDKEEPING FOR FUNDS TRANSFERS
32 For funds transfer originations of $3,000 or more, ascertain if the following records are retained (which may be with the payment order in the bank's files if the originator has an established relationship with the bank):
32A The name and address of the originator.
32B The amount of the funds transfer.
32C The date of the funds transfer.
32D Any payment instructions received from the originator with the payment order.
32E The identity of the beneficiary's bank.
32F As many of the following items as are received with the payment order:
32F1. The name and address of the beneficiary.
32F2. The account number of the beneficiary.
32F3. Any other specific identifier of the beneficiary.
33 For funds transfers of $3,000 or more for originators that do not have an established relationship with the bank, ascertain if the information listed in procedure 32 is retained, plus the following:
33A If the payment order is made in person, the identity of the non-customer should be verified and documented.
33B If the payment order is not made in person, the bank should obtain and retain a record of the name and address of the person placing the payment order, as well as the person's taxpayer identification number (for example, social security number) or, if none, alien identification number or passport number and country of issuance. The bank should also note the lack of this information. A copy or record of the method of payment (for example, check or credit card) should also be retained.
33C If the bank has knowledge that the person placing the payment order (whether placing the order in person or not) is not the originator, the bank should obtain and retain a record of the originator's taxpayer identification number (for example, social security number) or, if none, alien identification number or passport number and country of issuance (if known by the person placing the order). The bank should also note the lack of this information.
34 For funds transfers of $3,000 or more for which the bank is acting as the intermediary, determine that either the original or a microfilm, other copy, or electronic record of the payment order is retained.
35 For each payment order accepted by a beneficiary's bank, determine that either the original or a microfilm, other copy, or electronic record of the payment order is retained.
36 For each payment order accepted by a beneficiary's bank, if the beneficiary does not have an established relationship with the originating bank, determine that the beneficiary bank retains the following information:
36A If the proceeds are delivered in person to the beneficiary or its representative or agent, the bank must verify the identity of the person receiving the proceeds and retain a record of that information.
36B If the bank has knowledge that the person receiving the proceeds is not the beneficiary, the bank must obtain and retain a record of the beneficiary's name and address, as well as the beneficiary's taxpayer identification number (for example, social security number or employer identification number) or, if none, alien identification number or passport number and country of issuance, if known by the person receiving the proceeds, or a notation of the lack of this information.
36C If the proceeds are delivered other than in person, a copy of the check or other instrument used to effect payment, or the information contained thereon, as well as the name and address of the person to whom it was sent must be retained.
37 Determine that the information retained for funds transfers greater than $3,000 is retrievable by the name of the originator or beneficiary. If the originator or beneficiary is an established customer of the bank, the information must also be retrievable by account number.
NON-BANK FINANCIAL INSTITUTIONS (NBFI)
(Note: Non-bank financial institutions (NBFI) are broadly defined as institutions that offer financial services. Banks that maintain account relationships with these entities are exposed to higher risk for potential money laundering because these entities are less regulated and may have limited or no documentation on customers. Additionally, a bank may be exposed to possible OFAC violations for unknowingly engaging in prohibited transactions through a NBFI account relationship.
Money services businesses are a subset of NBFIs and consist of non-banks offering financial-type services, such as check cashing, money transmittals, sales of monetary instruments, or currency exchange. These businesses may be licensed by the state or local government.)
38 Determine if management conducts proper due diligence on customers offering currency exchange, check cashing, money transmittals, sale of monetary instruments, etc. Determine if management's analysis includes the following:
38A Whether the business is in compliance with all state laws requiring licensing and approval.
38B Whether the business is registered with the Treasury’s Financial Crimes Enforcement Network (this applies to money services businesses only).
38C Whether the business has procedures to comply with applicable Bank Secrecy Act requirements, including retention of records.
38D The types and amounts of currencies or instruments handled, and whether any additional services are offered.
38E The targeted customer base.
38F Whether international transfers are anticipated in the normal course of business, and what countries may be involved.
38G Whether the business has proper controls to monitor for suspicious activity, including patterns of transmittals over time.
38H Whether the business has procedures to ensure compliance with OFAC regulations.
39 Determine if the account activity of the NBFI is monitored to ensure that activity is consistent with expectations and that suspicious activity is properly reported.
DEPOSIT BROKER ACTIVITIES
40 Determine if adequate policies and procedures have been developed relative to deposit brokers by:
40A Verifying the legitimacy of the broker (for example, obtaining corporate or similar documentation, requesting references, or conducting independent database searches).
40B Performing independent reviews to verify the accuracy of information that the broker provides regarding deposit customers.
40C Determining whether the deposit broker will accept deposits from outside the United States. If placed in the bank, management should establish procedures for verifying the source of funds and identity of such depositors.
40D Obtaining periodic financial information from the broker.
(Note: Special-use accounts (SUAs) are in-house accounts established to facilitate the processing and settlement of multiple or individual customer transactions within the bank, usually on the same day. These accounts have several different names, including concentration, omnibus, suspense, settlement, intra-day, sweep, and collection accounts. SUAs are used widely in private banking, wire transfer, cash management operations, and other bank departments. Money laundering risk can arise in these accounts because customer-identifying information, such as name, address, and account number can be separated from financial transactions. If that happens, an effective audit trail is lost, and accounts can be misused or administered improperly.)
41 Assess the adequacy of internal controls that have been implemented to ensure the proper use of these accounts, including the following:
41A Whether employees can access (debit or credit) special-use accounts, and if so, who monitors this activity.
41B Whether customers are prohibited from directing the movement of their funds into, out of, or through special-use accounts.
41C Whether bank employees are prohibited from informing customers of the existence of, or the means of identifying, the special-use accounts of the bank.
41D Whether documentation is required that shows the movement, and ownership of, any customer funds placed in a special-use account.
41E Whether customer transactions are reported on the customer's account statements.
41F Whether the accounts are reconciled frequently.
41G Whether there is a process in place to resolve discrepancies.
41H Whether such accounts are monitored for suspicious activity.
42 Review the nature of account activity for any suspicious or unusual activity.