BSA/AML and OFACNew Employee Training

• Purpose of Training

• Introduction to BSA/AML and OFAC

• Your Responsibilities as a New Employee

New BSA/AML Employee Training

is designed to train new employees

on the requirements and

responsibilities of complying with

regulatory guidance and all

applicable laws.

Introduction of BSA/AML/OFAC

Frequently Used BSA/AML/OFAC Acronyms

The following acronyms are used throughout the training document.

• AML – Anti Money Laundering

• BSA – Bank Secrecy Act

• CDD – Customer Due Diligence

• CIP – Customer Information Program

• CTR - Currency Transaction Report

• DOEP – Designation of Exempt Person (CTR Exempt)

• EDD/ADD – Enhanced Due Diligence or Additional Due Diligence

• FFIEC – Federal Financial Institutions Examination Counsel

• FinCEN – Financial Crimes Enforcement Network

• OFAC – Office of Foreign Asset Control

• Patriot Act – Uniting and Strengthening America by Providing Appropriate Tools Required to

Intercept and Obstruct Terrorism

• SAR – Suspicious Activity Report

MONEY LAUNDERING

Money Laundering is any act that disguises the source of money originally derived

from illegitimate activity. Money launderers seek to conceal the true ownership and

origin of criminal funds.

Three Steps in Money Laundering

Detection and reporting is critical during steps 1 and 2 to stop the process.

1. Placement: Illicit funds are introduced into the financial system. Often utilizing multiple smaller

deposits to avoid CTR reporting.

2. Layering: The illegal funds are passed through many complex financial transactions to avoid a SAR and

conceal the criminal origins. Transactions can involve deposits, loans, investments, etc.

3. Integration: Illegal proceeds are introduced back into the mainstream economy, which provides a

legitimate explanation for its use and ownership and can be used to support other criminal activity.

BSA, AML AND OFAC COMPLIANCE IS MANDATORY

All financial institution directors, officers, and employees have responsibility for

BSA/AML compliance.

Consequences of noncompliance include:

• Regulatory enforcement actions and/or assessment of civil money penalties.

• Willful violations by the bank could result in punitive penalties causing a loss of capital

and earnings and/or result in the loss of regulatory insurance coverage.

• Willful violations of regulations could lead to criminal prosecution and possible

incarceration.

BSA compliance is monitored by the Bank’s regulators through the Safety and

Soundness Exam.

Bank Secrecy Act (BSA)

• Enacted to detect and deter money laundering and terrorist financing. Expanded to also include other criminal activity.

• Requires paper trail of large currency, funds transfers, and suspicious activity reports to be used by law enforcement to track and investigate financial crime.

BSA/AML Training USA Patriot Act

United and Strengthening America by Providing Appropriate Tools

Required to Intercept and Obstruct Terrorism (USA Patriot Act):

▪ Added to BSA following September 11, 2001

▪ Requires financial institutions to:

1. Conduct enhanced due diligence for higher risk customers

2. Respond to information requests from law enforcement

Office of Foreign Assets Control (OFAC)

OFAC administers and enforces economic

and trade sanctions against:• targeted foreign countries and regimes;

• terrorists;

• international narcotics traffickers;

• those engaged in activities related to the

proliferation of weapons of mass destruction;

• and other threats to the national security,

foreign policy or economy of the U.S.

Office of Foreign Assets Control (OFAC)

OFAC provides a list of Specially Designated

Nationals (SDN) and Blocked Persons.▪ All U.S. persons and entities are prohibited from

engaging in transactions with/for an individual, entity,

or country on the SDN List.

▪ Banks are responsible for establishing risk-based

OFAC compliance programs designed to screen

customers and transactions against the SDN and

other lists of sanctioned individuals, entities, and

countries.

▪ Both OFAC and BSA share a common national security

goal. OFAC is a significant part of BSA compliance.

Client facing teams should have a clear understanding of BSA regulatory

requirements in order to open new accounts and identify suspicious

activity.

Client Facing Teams are expected to:

• Complete all required documentation (in full) and provide additional

information when requested by BSA Team.

• Report suspicious activity IMMEDIATELY once suspected to the

designated area (e.g. BSA Officer).

Your Responsibility

Your Responsibility as a New Employee for Maintaining Confidentiality for BSA/AML

It is important to never disclose publicly any escalated suspicious activity.

Understanding the Five Pillars of BSA Compliance

1. Establish a written program that includes system of

internal controls

2. Designate a BSA officer

3. Provide for ongoing personnel training

4. Conduct periodic independent testing (audit)

5. Beneficial Ownership

BSA Written Program Documenting the System of Internal Controls

• The BSA/AML compliance program must be

written, approved by the board of directors,

and noted in the board minutes.

• A bank must have a BSA/AML compliance

program commensurate with its respective

BSA/AML risk profile.

• Financial institutions should require all

employees to review the BSA/AML/OFAC

Policy/Procedures on an annual basis.

BSA Written Program Documenting the System of Internal Controls

The BSA/AML compliance program must

provide for the following minimum

requirements:

1. A system of internal controls to ensure

ongoing compliance.

2. Independent testing of BSA/AML

compliance.

3. Designation of an individual or

individuals responsible for managing BSA

compliance (BSA compliance officer).

4. Beneficial Ownership

5. Training for appropriate personnel.

Designation of BSA Officer

• The Board of Directors is

responsible for appointing a

BSA Officer.

• The BSA Officer is responsible

for the management and

oversight of the BSA Program.

Ongoing Personnel Training

• BSA Training is required for all employees and Board of Directors.

• Board of Directors should be trained annually and as significant changes to the program are made.

• Training is conducted for:

• New Employee Training

• All Existing Employees

• Board of Directors

• Any individual who does not complete required training should be reported directly to the Board of Directors and appropriate action should be taken.

Conduct Independent Audit

• Independent testing (audit) should be conducted by the internal audit department, outside auditors, consultants, or other qualified independent parties.

• While the frequency of audit is not specifically defined in any statute, a sound practice is for the Bank to conduct independent testing generally every 12 to 18 months, commensurate with the BSA/AML risk profile of the Bank.

Beneficial Ownership

FinCEN published its Final Rule for Customer Due Diligence (CDD) under the Bank Secrecy

Act for banks and other covered financial institutions which becomes effective May 11,

2018.

Beneficial Ownership includes two types of individuals:

• an individual or individuals owning directly or indirectly 25% or more of equity interest in the

legal entity customer (defined below)

• and a single individual who has “significant responsibility to control, manage, or direct a

legal entity.

Legal Entity Customer – a corporation, limited liability company or other entity that is created

by filing of a public document with a Secretary of State or similar office, a general partnership,

and any similar entity formed under the laws of a foreign jurisdiction that opens the account.

The Bank has implemented policy and procedures for identifying beneficial owners.

The following slides describe key requirements of BSA/AML:

• Reporting and Recordkeeping

• Customer Identification Program

• Client Due Diligence

• Enhanced Due Diligence

• Ongoing Suspicious Activity Monitoring and Reporting

BSA REPORTING AND RECORDKEEPING

Reporting requirements to FinCEN include:

1. Currency Transaction Reports to report cash transactions aggregating to more than $10,000 in a day

conducted by or on behalf of one person or entity.

2. Designations of Exempt Persons - CTR filing exemption.

• Currency transactions conducted by banks, governmental entities, and listed public companies and

their subs are exempt from CTR reporting.

• Banks may exempt an otherwise eligible non-listed business or payroll customer after the customer

has conducted five or more reportable transactions.

3. Suspicious Activity Reports. Monitoring, identifying, and reporting unusual or suspicious activity that

may be potentially illegal are regulatory requirements and form the cornerstone of BSA reporting. The

bank is not responsible for determining that the activity is truly illegal.

CUSTOMER INFORMATION PROGRAM (CIP)

All financial institutions are required to obtain, verify, and record

information that identifies each person who opens an account.

Customer identification is:

• Obtained at account opening.

• Includes name, physical or military address, date of birth (for

individuals), and tax identification number;

• Certification of beneficial ownership of non-excluded legal entities;

• Verified via documentary and non-documentary methods, as appropriate;

• Retained for five years as required by regulation.

CUSTOMER DUE DILIGENCE

Due diligence is a basic principle of BSA and is designed to provide information to assess

baseline risks and form expectations of future transactions and establishes baseline

information essential to effectively identify and report unusual or suspicious activity.

CDD is designed to gain an understanding of the risk profile of the client and determine how accounts

or services will be used. CDD for a business client requires the front line to obtain the client’s:

• Nature of Business/Occupation

• Beneficial Ownership of any non-excluded legal entity (25%+ equity owners plus control prong)

• Risk Coding at Account Opening

• Purpose of account

• Source of funds

• Anticipated account activity

ENHANCED DUE DILIGENCE

Enhanced Due Diligence is required when a client or potential client is considered to

be a greater risk due to their industry, citizenship, and/or products or services used.

This higher level of due diligence is required to help mitigate the increased risk.

EDD is conducted through various means, to include:

• Collection and review of information related to the client and their business activities at account

opening.

• Risk rating client based on industry, citizenship, products, and/or transaction activity.

• Enhanced review/approval for clients seeking higher risk State Bank products or services (e.g.,

Merchant Remote Deposit Capture).

• Site visits required for higher risk business clients identified by defined industry or product or service the

business provides.

• Ongoing periodic EDD reviews of client’s defined as higher risk.

SUSPICIOUS ACTIVITY MONITORING

Monitoring for suspicious activity occurs throughout the bank. Types of activity monitored for include, but aren’t

limited to:

• MONEY LAUNDERING, HUMAN TRAFFICKING, OR ELDER EXPLOITATION (additional information provided on

following slides)

• TAX EVASION (e.g., business appears to be avoiding deposited income paid via checks through business account

or is paying employees in cash).

• TAX FRAUD (e.g., single account receiving multiple refunds received from IRS or State Treasury, individual with

refund checks issued to other people)

• OTHER FRAUDULENT OR CRIMINAL ACTIVITY (e.g., cash smells of drugs, counterfeit check or bills, forgery,

unusual activity in safe deposit box area, etc.)

• STRUCTURING OF CASH TRANSACTIONS TO AVOID A CTR FILING (cash transactions under $10,000 that are

made over multiple days, through multiple tellers or at multiple locations).

• TRANSACTIONS MADE IN A WAY TO AVOID REQUIRED FILING

BEYOND STRUCTURING

Basic structuring of transactions to avoid reporting

requirements is normally easier to detect and more

transparent than other suspicious activity. The following

slides focus on criminal activities that are not only more

difficult to detect, but in certain situations can only be

detected by client facing employees.

OTHER SUSPICIOUS ACTIVITY

Employees are trained to be alert for and immediately report unusual or suspicious

transactions or activity that may be related to potential:

• MONEY LAUNDERING, HUMAN TRAFFICKING, OR ELDER EXPLOITATION (as detailed on previous

slides)

• TAX EVASION (e.g., business appears to be avoiding deposited income paid via checks through

business account or is paying employees in cash)

• TAX FRAUD (e.g., single account receiving multiple refunds received from IRS or State Treasury,

individual with refund checks issued to other people)

• OTHER FRAUDULENT OR CRIMINAL ACTIVITY (e.g., cash smells of drugs, counterfeit check or bills,

forgery, unusual activity in safe deposit box area, etc.)

• STRUCTURING OF CASH TRANSACTIONS TO AVOID A CTR FILING (cash transactions under

$10,000, maybe made over multiple days, through multiple tellers or at multiple locations)

• TRANSACTIONS MADE IN A WAY TO AVOID REQUIRED FILING (SAR/CTR)

FINANCIAL EXPLOITATION (Elder or Disabled Adult Abuse)

Financial Exploitation: To illegally or improperly use a disabled adult or elder person or that

person's resources through undue influence, coercion, harassment, duress, deception, false

representation, false pretense, or other similar means for one's own or another person's profit or

gain.

• Caregivers and family members are the most likely perpetrators of elder abuse. It is estimated

that 90% of all elder abuse perpetrators are family members, most often the victim’s adult

child.

• Common Scams by Strangers include lottery and sweepstake scams, home repair/traveling

con men “driveway or roof repairs cheap”, grandparent scam “grandchild in jail and needs

money immediately”, and charity scams.

• Professional scams include ID theft, Medicare scams, predatory lending, and

annuity/investment schemes.

SUSPICIOUS ACTIVITY: HUMAN TRAFFICKING

Human Trafficking is modern-day slavery and involves

the use of force, fraud, or coercion to obtain some type

of labor or commercial sex act.

Every year, millions of men, women, and children are trafficked in

countries around the world, including the United States.

It is estimated that it generates many billions of dollars of profit

per year, second only to drug trafficking as the most profitable

form of transnational crime.

It is a hidden crime as victims rarely come forward to seek help

because of language barriers, fear of the traffickers, and/or fear

of law enforcement.

Traffickers use force, fraud, or coercion to lure their victims and

force them into labor or commercial sexual exploitation. They

look for people who are susceptible for a variety of reasons,

including psychological or emotional vulnerability, economic

hardship, lack of a social safety net, natural disasters, or

political instability.

U.S. Department of Homeland Security

Human trafficking is believed to be the one of largest criminal activities in the world generating

approximately $32 billion-a-year and increasing in all 50 states.

Source: International Labour Organization

BSA/AML/OFAC RESOURCES• FinCEN

https://www.fincen.gov/

• FinCEN Client CTR Pamphlet – (Anti-Structuring)

http://www.fincen.gov/whatsnew/pdf/CTRPamphlet.pdf

• FFIEC Examination Manual

https://www.ffiec.gov/bsa_aml_infobase/pages_manual/manual_online.htm

• Tax Refund Fraud

http://www.aba.com/Tools/Function/Fraud/Pages/TaxRefundFraud.aspx

• US Department of State – Human Trafficking

https://www.state.gov/j/tip/id/help/