BSA Training for the Board of

Directors 2014August 21, 2014

1:30-3:30

Presented by:Susan Costonis, C.R.C.M.Training & Consulting for Financial Institutionssusancostonis@msn.com

The material used in this text has been drawn from sources believed to be reliable. Every effort has been made to assure the accuracy of the material; however, the accuracy of this information is not guaranteed. The laws are often changed without prior notice from the government. The BSA TRAINING FOR THE BOARD OF DIRECTORS 2014 is sold with the understanding that the publisher and the editor are not engaging in the practice of law or accounting. We are not responsible for the actions of your company’s employees.

The text is designed to address most teller compliance issues. However, you will wish to consult your attorney when you are unsure of an answer.

Published by:

Susan Costonis, C.R.C.M.Training & Consulting for Financial Institutions

All rights reserved. This material may not be reproduced in whole or in part in any form or by any means without written permission from the publisher.

Printed in the United States of America.

BSA TRAINING FOR BOARD OF DIRECTORS 2014 2

INSTRUCTOR

Susan Costonis specializes in compliance management along with deposit and lending regulatory training. Her 36 year career in banking and training began with 20 years at First National Bank in Fort Collins, CO. Susan has been a bank compliance consultant or compliance officer in Louisiana since 1998. She is a Certified Regulatory Compliance Manager and completed the ABA Graduate Compliance School. Susan also graduated from the University of Akron with a B.S. and from the Graduate Banking School of the University of Colorado.susancostonis@msn.com (e-mail)

BSA TRAINING FOR BOARD OF DIRECTORS 2014 3

TABLE OF CONTENTS

BSA FOR THE BOARD OF DIRECTORS – OVERVIEW........................................................................5BSA- BEST PRACTICES FOR THE BOARD OF DIRECTORS.................................................................6BSA FOR THE BOARD OF DIRECTORS – EXAM MANUAL OVERVIEW.............................................10FDIC CONSENT DECREE..................................................................................................................16BOARD TRAINING FROM THE FDIC................................................................................................18IT BEGINS WITH MONEY LAUNDERING AND WHAT IT MEANS TO YOUR BANK?.........................19MISSION OF FINCEN.......................................................................................................................20FINCEN: FREQUENTLY ASKED QUESTIONS..................................................................................21WHAT IS THE RISK ASSESSMENT LINK TO BSA/AML PROGRAM?.................................................25HIGH INTENSITY DRUG TRAFFICING AREAS..................................................................................27BSA POLICY REQUIREMENTS..........................................................................................................28

CURRENCY TRANSACTION REPORTS ............................................................ 30 NEW CTR FORM.............................................................................................................................31

SUSPICIOUS ACTIVITY REPORTING ............................................................... 32 SUSPICIOUS ACTIVITY REPORTING BASICS.................................................................................33WHAT IS TRENDING NOW FOR DEPOSITORY INSTITUTIONS.........................................................34FILINGS BY DEPOSITORY INSTITUTIONS 2012-2013.....................................................................35CUSTOMER MONITORING AND DUE DILIGENCE.........................................................................36MORTGAGE FRAUD CONVICTION...................................................................................................45STRUCTURING.................................................................................................................................50FREQUENTLY ASKED QUESTIONS ABOUT FILING SUSPICIOUS ACTIVITY REPORTS.................52ORGANIZED RETAIL THEFT CASE..................................................................................................54SARS LEAD TO RECOVERY OF FUNDS DERIVED FROM MEDICAL FRAUD.....................................55FIELDS IN THE NEW SAR E-FORM..................................................................................................56

DUE DILIGENCE ..................................................................................................... 60 WHAT WE NEED TO KNOW !........................................................................................................61OVERVIEW OF DUE DILIGENCE.....................................................................................................62DUE DILIGENCE FOR LOAN APPLICATIONS...................................................................................63ENHANCED DUE DILIGENCE...........................................................................................................64MONEY SERVICE BUSINESS INCLUDES:........................................................................................65THE FOLLOWING MONEY SERVICE BUSINESSES ARE NOT REQUIRED TO REGISTER:............66

CUSTOMER IDENTIFICATION PROGRAM ..................................................... 67 CUSTOMER IDENTIFICATION PROGRAM (CIP): PURPOSE.........................................................68CIP COMPLIANCE THE BIG PICTURE...........................................................................................69IDENTIFICATION – SOME SUGGESTIONS.......................................................................................70OFFICE OF FOREIGN ASSETS CONTROL (OFAC).......................................................................71CUSTOMER NOTICE FOR CIP.......................................................................................................72EXEMPTIONS TO CIP & OTHER REQUIREMENTS.......................................................................73

BSA TRAINING FOR BOARD OF DIRECTORS 2014 4

BSA FOR THE BOARD OF DIRECTORS – OVERVIEW

What are the four “best practices” for Boards of Directors to show compliance with an effective BSA/AML (anti-money laundering) program? What topics should be covered in BSA training sessions for the Board of Directors? What did a community bank learn in a recent enforcement action about effective Board oversight of BSA?

WHAT YOU WILL LEARN: What does the FFIEC BSA exam manual say about informing the “board of directors”

regarding BSA issues? How many times is it mentioned in the exam procedures? What does your regulator expect to find when they review board minutes?

What should the Board know about the annual BSA audit? What should your Board know about BSA “hot buttons” for third party oversight with

remote deposit capture and other issues? Are there any “free” resources for BSA board training? What are four “best practices” for BSA?

1. Require Periodic and thorough BSA reports2. Devote adequate resources3. Conduct appropriate BSA/AML Risk Assessments4. Set the proper tone

BONUS – participants will receive a manual and power point file for BSA Board Training; including a template for a BSA “Sample Board Report.” The documents can be easily modified with your financial institution’s specific information.

BSA TRAINING FOR BOARD OF DIRECTORS 2014 5

BSA- BEST PRACTICES FOR THE BOARD OF DIRECTORS

Ten years ago, Bank Secrecy Act (BSA)/anti-money laundering (AML) compliance was one of the biggest areas of concern for banks and their regulators.  Following September 11 and the heightened regulatory focus on BSA matters, most banks found it necessary to expend significant resources to enhance or even rebuild their BSA/AML programs.

In the past few years, bank regulators have had to focus on other matters, including residential and commercial loan concentrations, adequate capitalization, and even bank failures.  Banks also wisely have focused on these matters during these difficult economic times.

It is important, however, that these other matters do not push BSA/AML compliance aside.  This article summarizes some of the top BSA-related issues that the Board of Directors of every bank should keep in mind.

Best Practices for the Board

It is easy in difficult financial times for the Board and management to push aside compliance matters, including BSA/AML compliance.  Compliance matters can seem less important when one is worried about the bank’s very survival.

Nevertheless, compliance continues to be important.  It is critical that the Board stay informed, devote adequate resources to compliance, and set the proper tone for compliance within the organization.

The following are four best practices for Boards of Directors.

1.     Require Periodic and Thorough BSA Reports

One of the most important things for the Board to understand about the BSA and AML requirements is that the Board is expected to stay abreast of the institution’s progress and what is working and not working.  That means that the Board needs to receive at least annual BSA/AML training, and also needs to receive regular reports on BSA/AML compliance matters from its BSA officer, including on suspicious activity report (SAR) filings and trends.

As a director, be sure to ask any questions you might have and make sure you are really understanding the institution’s full BSA/AML compliance picture.  It is important that you are comfortable that these reports are thorough and accurate.

2.    Devote Adequate Resources

BSA TRAINING FOR THE BOARD 2014 6

Banks must dedicate adequate and appropriate resources to BSA/AML compliance.  By this we mean all resources – adequate compliance staffing, training, computer and software systems, as well as financial resources generally.  This is clearly an expense, but it is part of what all banks must face.  In addition, keep in mind that the underlying reason for these laws and corresponding expenses is to protect the institution, and the US financial system generally, from abuse by money launderers, terrorist financiers, and other criminals.

If you encounter compliance weaknesses in examinations, you will find that it costs much more to fix the problem under the tight deadlines imposed by your regulator than it would have cost by addressing the issues before any regulatory criticism, and this is before the possibility of hefty fines.

3.    Conduct Appropriate BSA/AML Risk Assessments

Banks are always looking for new and better ways to do business — new technology, new delivery methods, new products and services, and new geographic locations to offer products and services.  It is always important to be sure that the bank’s money laundering risk assessment is updated to include all such new products and processes.

Sometimes a bank will find that the BSA/AML-related risks of a new delivery method or product are simply too great.  More often, however, the bank will conclude that it simply needs to develop controls and modify its compliance systems to address the changes.  If you do not include both pieces — perform a risk assessment and adjust the bank’s processes and systems as necessary to address the risks — you could be creating significant exposure for the bank in the future.

4.    Set the Proper Tone

For all compliance matters it is important the Board of Directors clearly convey its expectations that the institution comply with applicable requirements.  Regulators often refer to this as establishing a “culture of compliance.”  As part of this culture, performance evaluations of all relevant employees should include a BSA/AML compliance component.  Those employees who are not taking their training or who otherwise are performing poorly on BSA/AML compliance matters should suffer negative consequences, including with respect to salary, promotion and, for worst cases, even termination.

Some Common Mistakes

One might expect that BSA/AML weaknesses found in banks highly varied and unique to each institutions, but there actually are some clear patterns.  Three common failures are summarized below.

1.    Failure to Monitor Trends

BSA TRAINING FOR THE BOARD 2014 7

The money launderers, terrorist financiers and other criminals that the BSA/AML rules are designed to protect against are always devising new ways to beat the system.  Banks need to stay on top of those changes so that they are not caught off guard.

In the worst case, you find about the gaps in your system when your examiner discovers them or after your bank is publicly exposed as having facilitated money laundering or terrorist financing.  That is not where a bank wants to be.

Every bank should strive to identify (and correct) its potential weaknesses before others do.  There are a number of ways to do this.  A first step is to conduct internal BSA/AML monitoring on an ongoing basis, in addition to formal periodic independent testing.  Such monitoring does not necessarily need to be performed by an independent party, and in fact the BSA officer may be best suited to ensure on an ongoing basis that the bank’s BSA/AML compliance program is functioning properly.  It also can be useful to monitor news reports and regulatory notices and guidelines, and to attend BSA conferences and networking events where bankers talk about their experiences.  In this way, the institution can learn from others and take the appropriate steps before it is too late.

2.    Failure to Assess New Product and Client Risks

There can be a tendency to look at a new line of business or new type of client and decide that the bank must engage in that business or pursue those clients for business reasons, but then to overlook the BSA/AML-related risks involved.  This impulse may be particularly strong when it appears that all of your competitors are capturing the business opportunities.  All new products, services, and lines of business need a formal risk assessment prior to implementation.  This is important not only for BSA/AML reasons, but for all compliance purposes.

The regulators clearly expect each bank to perform risk assessments of their products and services, business lines, geographies and customers in a formal and documented way.  This area is a particularly good illustration of the importance of good documentation.  It is not enough to do a risk assessment – your records must show that you did it and that you considered appropriate factors.  Based on the results of the risk assessment, you must develop and implement appropriate controls related to those products and services, business lines, geographies and customers, as well as perform monitoring that is appropriate given the risks presented.

Bank examiners expect to find a formal, documented risk assessment, and we believe that a well documented and thoughtful risk assessment can facilitate a more thoughtful examination.  If your risk assessment or BSA/AML program looks weak or “thin,” the examiners will have to dig deeper.  They will be irritated and they will look for things to be wrong.  And they usually will find what they want to find.

3.    Failure to Monitor System Effectiveness

BSA TRAINING FOR THE BOARD 2014 8

Sometimes the systems that a bank has set up so carefully do not really do what the bank thinks they are doing.  To make a BSA/AML automated monitoring system works, we need to input data and designate parameters for the types and volume (based on quantity and dollar values) of transactions/activity to flag for review. Only then does the review for potentially suspicious activity begin.

Sometimes, however, the systems do not work as intended.  The system might be flagging so many transactions that it becomes difficult or impossible for the bank’s BSA team to identify the truly important transactions.  Other times it appears at first that the system is working properly but transactions are being missed because of issues with the data fields that are fed into the system or timing of certain transactions.

The only way to identify these weaknesses is through careful audits on an annual or more frequent basis, where the auditor reviews in detail what the bank expects the monitoring system to be doing, and compares it to what is actually being done, culminating in a review of transactions to confirm that the system is flagging the issues that it should be.

Conclusion

BSA compliance, like all compliance efforts, necessarily requires focus, proper resources, and dedication by the institution.  This begins and ends with the Board of Directors.  Consider the Best Practices and Common Mistakes described above and judge where your institution stands today.

BSA TRAINING FOR THE BOARD 2014 9

BSA FOR THE BOARD OF DIRECTORS – EXAM MANUAL OVERVIEW

Source: FFIEC BSA/AML Examination ManualApril 29, 2010

Includes all references to “Board of Directors”

Examination Plan – page 16Independent Testing and AuditHowever, the person performing the independent testing must not be involved in any part of the bank’s BSA/AML compliance program. The findings should be reported directly to the board of directors or an audit committee composed primarily or completely of outside directors.

BSA/AML Risk Assessment — Overview, pg 22The risk assessment should provide a comprehensive analysis of the BSA/AML risks in a concise and organized presentation, and should be shared and communicated with all business lines across the bank, board of directors, management, and appropriate staff; as such, it is a sound practice that the risk assessment be reduced to writing.

Developing the Bank’s BSA/AML Compliance Program Based Upon Its Risk Assessment – pg 28Consolidated information also assists senior management and the board of directors in understanding and appropriately mitigating risks across the organization. To avoid having an outdated understanding of the BSA/AML risk exposures, the banking organization should continually reassess its BSA/AML risks and communicate with business units, functions, and legal entities

Examiner Determination of the Bank’s BSA/AML Aggregate Risk Profile, pg 30When the risks are not appropriately controlled, examiners must communicate to management and the board of directors the need to mitigate BSA/AML risk.

BSA/AML Compliance Program — Overview, pg 31The BSA/AML compliance program30 must be written, approved by the board of directors,31

and noted in the board minutes. A bank must have a BSA/AML compliance program commensurate with its respective BSA/AML risk profile

Internal Controls, pg 33The board of directors, acting through senior management, is ultimately responsible for ensuring that the bank maintains an effective BSA/AML internal control structure, including suspicious activity monitoring and reporting. The board of directors and management should create a

BSA TRAINING FOR THE BOARD 2014 10

culture of compliance to ensure staff adherence to the bank’s BSA/AML policies, procedures, and processes. Internal controls should:

Inform the board of directors, or a committee thereof, and senior management, of compliance initiatives, identified compliance deficiencies, and corrective action taken, and notify directors and senior management of SARs filed.

Independent Testing, pg 35-36The frequency and depth of each activity’s audit will vary according to the activity’s risk assessment. Risk-based auditing enables the board of directors and auditors to use the bank’s risk assessment to focus the audit scope on the areas of greatest concern. The testing should assist the board of directors and management in identifying areas of weakness or areas where there is a need for enhancements or stronger controls.

Auditors should document the audit scope, procedures performed, transaction testing completed, and findings of the review. All audit documentation and workpapers should be available for examiner review. Any violations, policy or procedures exceptions, or other deficiencies noted during the audit should be included in an audit report and reported to the board of directors or a designated committee in a timely manner. The board or designated committee and the audit staff should track audit deficiencies and document corrective actions.

BSA Compliance Officer - pg 36The bank’s board of directors must designate a qualified individual to serve as the BSA compliance officer.34 The BSA compliance officer is responsible for coordinating and monitoring day-to-day BSA/AML compliance. The BSA compliance officer is also charged with managing all aspects of the BSA/AML compliance program and with managing the bank’s adherence to the BSA and its implementing regulations; however, the board of directors is ultimately responsible for the bank’s BSA/AML compliance

The board of directors is responsible for ensuring that the BSA compliance officer has sufficient authority and resources (monetary, physical, and personnel) to administer an effective BSA/AML compliance program based on the bank’s risk profile.

The line of communication should allow the BSA compliance officer to regularly apprise the board of directors and senior management of ongoing compliance with the BSA.

TRAINING: page 37

The board of directors and senior management should be informed of changes and new developments in the BSA, its implementing regulations and directives, and the federal banking agencies’ regulations. While the board of directors may not require the same degree of training as banking operations personnel, they need to understand the importance of BSA/AML regulatory requirements, the ramifications of noncompliance, and the risks posed to the bank. Without a general understanding of the BSA, the board of directors cannot adequately provide BSA/AML oversight; approve BSA/AML policies, procedures, and processes; or provide sufficient BSA/AML resources.

BSA TRAINING FOR THE BOARD 2014 11

Training should be ongoing and incorporate current developments and changes to the BSA and any related regulations. Changes to internal policies, procedures, processes, and monitoring systems should also be covered during training. The training program should reinforce the importance that the board and senior management place on the bank’s compliance with the BSA and ensure that all employees understand their role in maintaining an effective BSA/AML compliance program.

Examination Procedures BSA/AML Compliance Program – pg 381. Review the bank’s board approved35 written BSA/AML compliance program36 to ensure it contains the following required elements: • A system of internal controls to ensure ongoing compliance. • Independent testing of BSA compliance. • A specifically designated person or persons responsible for managing BSA compliance (BSA compliance officer). • Training for appropriate personnel

Internal Controls – pg 39• Inform the board of directors, or a committee thereof, and senior management, of compliance initiatives, identified compliance deficiencies, SARs filed, and corrective action taken.

Independent Testing – pg 40

Determine whether the BSA/AML testing (audit) is independent (i.e., performed by a person (or persons) not involved with the bank’s BSA/AML compliance staff) and whether persons conducting the testing report directly to the board of directors or to a designated board committee comprised primarily or completely of outside directors

BSA Compliance Officer pg 4111. Determine whether the board of directors has designated a person or persons responsible for the overall BSA/AML compliance program.

Training review in the exam- pg 4213. Determine whether the following elements are adequately addressed in the training program and materials: • The importance the board of directors and senior management place on ongoing education, training, and compliance

Systemic or Recurring Violations - pg 45-47All systemic violations should be brought to the attention of the bank’s board of directors and management and documented in the report of examination or supervisory correspondence.

Comments for Exam Report – pg 50-51

8. Describe the board of directors’ and senior management’s commitment to BSA/AML compliance. Consider whether management has the following:

• A strong BSA/AML compliance program fully supported by the board of directors.

BSA TRAINING FOR THE BOARD 2014 12

• A requirement that the board of directors and senior management are kept informed of BSA/AML compliance efforts, audit reports, any compliance failures, and the status of corrective actions.

Customer Identification Program — Overview, pg 52The CIP must be incorporated into the bank’s BSA/AML compliance program, which is subject to approval by the bank’s board of directors

4. Review board minutes and verify that the board of directors approved the CIP, either separately or as part of the BSA/AML compliance program (31 CFR 103.121(b)(1)).

Notifying Board of Directors of SAR Filings - pg 79Banks are required by the SAR regulations of their federal banking agency to notify the board of directors or an appropriate board committee that SARs have been filed. However, the regulations do not mandate a particular notification format and banks should have flexibility in structuring their format. Therefore, banks may, but are not required to, provide actual copies of SARs to the board of directors or a board committee. Alternatively, banks may opt to provide summaries, tables of SARs filed for specific violation types, or other forms of notification.

Office of Foreign Assets Control – pg 157

1. Determine whether the board of directors and senior management of the bank have developed policies, procedures, and processes based on their risk assessment to ensure compliance with OFAC laws and regulations. A consolidated approach should also include the establishment of corporate standards for BSA/AML compliance that reflect the expectations of the organization’s board of directors, with senior management working to ensure that the BSA/AML compliance program implements these corporate standards. Individual lines of business policies would then supplement the corporate standards and address specific risks within the line of business or department.

Management and Oversight of the BSA/AML Compliance Program – pg 163The board of directors and senior management of a bank have different responsibilities and roles in overseeing, and managing BSA/AML compliance risk. The board of directors has primary responsibility for ensuring that the bank has a comprehensive and effective BSA/AML compliance program and oversight framework that is reasonably designed to ensure compliance with BSA/AML regulation. Senior management is responsible for implementing the board-approved BSA/AML compliance program.

Boards of directors.152 The board of directors is responsible for approving the BSA/AML compliance program and for overseeing the structure and management of the bank’s BSA/AML compliance function. The board is responsible for setting an appropriate culture of BSA/AML compliance, establishing clear policies regarding the management of key BSA/AML risks, and ensuring that these policies are adhered to in practice. The board should ensure that senior management is fully capable, qualified, and properly motivated to manage the BSA/AML compliance risks arising from the organization’s business activities in a manner that is consistent with the board’s expectations. The board should ensure that the BSA/AML compliance function has an appropriately prominent status within the

BSA TRAINING FOR THE BOARD 2014 13

organization. Senior management within the BSA/AML compliance function and senior compliance personnel within the individual business lines should have the appropriate authority, independence, and access to personnel and information within the organization, and appropriate resources to conduct their activities effectively. The board should ensure that its views about the importance of BSA/AML compliance are understood and communicated across all levels of the banking organization. The board also should ensure that senior management has established appropriate incentives to integrate BSA/AML compliance objectives into management goals and compensation structure across the organization, and that corrective actions, including disciplinary measures, if appropriate, are taken when serious BSA/AML compliance failures are identified

BSA/AML Compliance Program Structures – pg 166

3. Review board minutes to determine the adequacy of MIS and of reports provided to the board of directors. Ensure that the board of directors has received appropriate notification of SARs filed.

4. Review policies, procedures, processes, and risk assessments formulated and implemented by the organization’s board of directors, a board committee thereof, or senior management. As part of this review, assess effectiveness of the organization’s ability to perform the following responsibilities:• Set and communicate corporate standards that reflect the expectations of the organization’s board of directors and provide for clear allocation of BSA/AML compliance responsibilities.

Board of Directors and Senior Management Oversight - pg 283

The board of directors’ and senior management’s active oversight of private banking activities and the creation of an appropriate corporate oversight culture are crucial elements of a sound risk management and control environment. The purpose and objectives of the organization’s private banking activities should be clearly identified and communicated by the board and senior management. Well-developed goals and objectives should describe the target client base in terms of minimum net worth, investable assets, and types of products and services sought. Goals and objectives should also specifically describe the types of clients the bank will and will not accept and should establish appropriate levels of authorization for new-client acceptance. Board and senior management should also be actively involved in establishing control and risk management goals for private banking activities, including effective audit and compliance reviews. Each bank should ensure that its policies, procedures, and processes for conducting private banking activities are evaluated and updated regularly and ensure that roles, responsibilities, and accountability are clearly delineated.

Appendix A: BSA Laws and Regulations – A-1Finally, if the appropriate federal banking agency determines that an insured depository institution has either 1) failed to establish and maintain procedures that are reasonably designed to assure and monitor the institution’s compliance with the BSA; or 2) failed to correct any problem with the procedures that a report of examination or other written supervisory communication identifies as requiring communication to the institution’s board of directors or senior management as a matter that must be corrected, the agency shall issue an order requiring such depository institution to

BSA TRAINING FOR THE BOARD 2014 14

cease and desist from the violation of the statute and the regulations prescribed there under. Sections 1818(b)(3) and (b)(4) of Title 12 of the USC extend section 1818(s) beyond insured depository institutions.

Appendix H: Request Letter Items – H-1, H-17Make available copies of the most recent written BSA/AML compliance program approved by board of directors (or the statutory equivalent of such a program for foreign financial institutions operating in the United States), including CIP requirements, with date of approval noted in the minutes.Make available reports and minutes submitted to the board of directors or its designated committee relating to BSA/AML matters pertaining to trust and asset management business lines and activities.

Appendix R: Enforcement Guidance, several pagesWhen an Agency identifies supervisory concerns relating to a banking organization’s or credit union’s BSA Compliance Program in the course of an examination or otherwise, the Agency may communicate t hose concerns by various means.

Informal discussions by examiners with an institution’s management during the examination process;

Formal discussions by examiners with the board of directors as part of or following the examination process;

Supervisory letters and other written communications from examiners or the agency to an institution’s management;

A finding contained in the report of examination or in other formal communications from an Agency to an institution’s board of directors indicating deficiencies or weaknesses in the BSA Compliance Program; or

A finding contained in the report of examination or in other formal communications from the Agency to an institution’s board of directors of a violation of the regulatory requirement to implement and maintain a reasonably designed BSA Compliance Program.

As explained below, in order to be a “problem” with the BSA Compliance Program that will result in a cease and desist order under sections 8(s) or 206(q) if not corrected b y the institution, deficiencies in the BSA Compliance Program must be identified in a report of examination or other written document as requiring communication to an institution’s board of directors or senior management as matters that must be corrected. However, other issues or suggestions for improvement may be communicated through other means.

Failure to correct a previously reported problem with the BSA Compliance Program.In order to be considered a “problem” within the meaning of sections 8(s)(3)(B) and 206(q)(3)(B), however, a deficiency reported to the institution ordinarily would involve a serious defect in one or more of the require d components of the institution’s BSA Compliance Program or implementation thereof t hat a report of examination or other written supervisory communication identifies as requiring communication to the institution’s board of directors or senior management as a matter that must be corrected. For example, failure to take any action in response to an express criticism in an examination report regarding a failure to appoint a qualified compliance officer could be viewed as an uncorrected problem that would result in a cease and desist order.

Statements in a written examination report or other supervisory communication identifying less serious issues or suggesting are as for improvement that the examination report does not identify

BSA TRAINING FOR THE BOARD 2014 15

as requiring communication to the board of directors or senior management as matters that must be corrected would not be considered “problems” for purposes of sections 8(s) and 206(q).

BSA TRAINING FOR THE BOARD 2014 16

FDIC CONSENT DECREE

First State Bank of Crossett has entered a consent order with the Federal Deposit Insurance Corporation regarding unsafe or unsound banking practices and violations of law or regulation.

Officials at the $44.6 million-asset bank signed the order on January 3, 2012 without admitting or denying the charges; which included operating without: adequate supervision by the board of directors, an effective Bank Secrecy Act program, an effective compliance management system, information technology system and effective supervision of third-party risks.

The bank reported a $605,000 profit during 2011. The consent order was made public by the FDIC on Friday, January 24, 2012.

President and CEO Howard Beaty Jr. issued the following statement:

"First State Bank appreciates the Arkansas State Bank Department and FDIC s diligence in their review of our BSA, Information Technology, and Compliance Programs.

"We have already implemented many of the recommended enhancements to our programs, policies and practices and are fully committed to swiftly and thoroughly addressing all of the issues identified within the written order.

"The order was a direct result of the bank providing banking services to a commercial customer, that later, through discussions with the regulatory agencies, was determined to be a both a commercial customer, as well as, an indirect service provider of remote merchant capture and remote deposit capture for the bank.

"The regulatory agencies asserted that the bank was indirectly offering these new products and services by agreeing to provide banking services to the commercial customer.

"Service providers for the bank require additional due diligence measures and review procedures. Numerous revisions to the bank's policies and procedures were required directly related to third-party payment processors, remote merchant capture and remote deposit capture.

"On Jan. 31, 2012, the bank elected to terminate the business relationship with the commercial customer primarily due to the burdensome regulatory review process and the numerous potential risks associated with the bank's indirect offering of products and services through the third party service provider.

BSA TRAINING FOR THE BOARD 2014 17

"The order comes as the bank was enjoying the completion of its most profitable year of operation."

The 22 page consent decree can be found at this link: http://www.fdic.gov/bank/individual/enforcement/2012-01-01.pdf The bank and the Board were required to:

1. Have monthly board meetings to discuss consumer compliance, third-party payment processors, high risk deposit accounts, information technology and BSA compliance.

2. Adopt a written BSA compliance program in 45 days and designate a senior official to be responsible for overall BSA compliance, especially RDC (remote deposit capture)

3. Establish a Director’s BSA Committee4. Develop comprehensive BSA training program5. Provide for independent BSA testing for high-risk activities, CIP, exemptions, SAR

reporting, OFAC, and other violations.6. Perform an independent “Look Back Review” for all third-party payment processors

from 12/21/2010 through the consent decree date. 7. Implement a CDD, Customer Due Diligence Program8. Perform account monitoring9. Monitor Suspicious activity reporting10. Prohibited from opening any new accounts for high-risk customers unless the prior

written approval of the Regional Director has been given.11. Prohibited from entering into any new business lines, products, and services unless the

prior written approval of the Regional Director has been given.12. Maintain adequate reserves for charge-backs and an independent review of third-party

processing activities.13. Implement a Compliance Management system (CMS)“commensurate with the level of

complexity of the Bank’s operations”. 14. The CMS will require oversight by the Board and management according to pages II-

2.1-4 of the FDIC Compliance Exam Manual.15. The written compliance policies and procedures will be approved by the Board and

reflected in the Board minutes.16. Implement a compliance training program, including third-party risk for all Bank

personnel, including senior management and the Bank’s Board.17. Implement a compliance monitoring program with ongoing reviews of departments,

disclosures, calculations, marketing, and compliance changes.18. Perform annual independent written audits that documents the Board’s review and

corrective actions required in the minutes of the Board meetings. 19. Conduct a risk assessment based on FIL 44-2008 for third-party relationships and FIL

26-2004 for Unfair or Deceptive acts or Practices under Section 5 of the FTC.20. Revise the Information Technology Risk Assessment Process21. Develop a RMC (Remote Merchant Capture) Program using regulatory issuances as

guidance; includes FIL-4-2009, FIL-114-2004, FFIEC IT Examination Handbook – Retail Payment Systems, February 2010 and FFIEC IT Examination Handbook – Information Security, July 2006.

22. The Bank will eliminate and/or correct all violations of law discussed in the BSA Exam summary and the violations in the Compliance visitation.

BSA TRAINING FOR THE BOARD 2014 18

23. Within 30 days of each quarter end, the Bank will furnish progress reports to the Regional Director that will be signed by each member of the Bank’s board of directors.

BOARD TRAINING FROM THE FDIC

FDIC Training - New Director Education Series

http://www.fdic.gov/regulations/resources/director/video.html

New Director Education Series

The first release of videos provides information to new bank directors about their fiduciary role and responsibilities as well an overview of the FDIC’s Risk Management and Compliance Examination processes. These videos are available on the FDIC's YouTube channel.

Director Responsibilities (09:20) Fiduciary Duties (05:46) Acting in the Best Interest of the Bank (03:56) Overview of the FDIC Examination Process (10:15) Risk Management Examinations (11:09) Compliance and Community Reinvestment Act Examinations (10:02)

Virtual Directors' College Program

A second series of videos is a virtual version of the FDIC’s Directors' College Program that regional offices deliver throughout the year.  The initial training program consists of six modules released on June 28, 2013. Topics include:

Interest Rate Risk (28:16) Third-Party Risk (29:45) Corporate Governance (21:43) The Community Reinvestment Act (30:14) Information Technology (IT) (26:06) The Bank Secrecy Act (31:34)

Virtual Technical Assistance Program

A third group of videos to be released by year-end will provide technical training to bankers on a range of regulatory issues.  The initial training program will consist of six modules.  Topics include

Fair Lending

BSA TRAINING FOR THE BOARD 2014 19

Appraisals and Evaluations Interest Rate Risk Troubled Debt Restructurings and the Allowance for Loan and Lease Losses Evaluation of Municipal Securities Flood Insurance Coverage

IT BEGINS WITH MONEY LAUNDERING AND WHAT IT MEANS TO YOUR BANK?

What is money laundering?

With few exceptions, criminals are motivated by one thing-profit. Greed drives the criminal, and the end result is that illegally-gained money must be introduced into the nation's legitimate financial systems. Money laundering involves disguising financial assets so they can be used without detection of the illegal activity that produced them. Through money laundering, the criminal transforms the monetary proceeds derived from criminal activity into funds with an apparently legal source.

This process has devastating social consequences. For one thing, money laundering provides the fuel for drug dealers, terrorists, arms dealers, and other criminals to operate and expand their criminal enterprises.

We know that criminals manipulate financial systems in the United States and abroad to further a wide range of illicit activities. Left unchecked, money laundering can erode the integrity of our nation's financial institutions.

BSA TRAINING FOR THE BOARD 2014 20

MISSION OF FINCEN

The mission of the Financial Crimes Enforcement Network (FinCEN) is to support law enforcement investigative efforts and foster interagency and global cooperation against domestic and international financial crimes; and to provide U.S. policy makers with strategic analyses of domestic and worldwide trends and patterns. FinCEN works toward those ends through information collection, analysis and sharing, as well as technological assistance and innovative, cost-effective implementation of the Bank Secrecy Act and other Treasury authorities.

This is an excerpt from the July 2014 SAR STATS Issue 1, see the end of the manual for a link to the entire report.

BSA TRAINING FOR THE BOARD 2014 21

FINCEN: FREQUENTLY ASKED QUESTIONS

Frequently Asked Questions

What is money laundering ? How big is the problem and why is it important ? Why do we need financial investigations ? How has FinCEN addressed the problem ? Who are FinCEN's Customers ? How is FinCEN organized ? What is the FOIA process ?

What is money laundering?

With few exceptions, criminals are motivated by one thing-profit. Greed drives the criminal, and the end result is that illegally-gained money must be introduced into the nation's legitimate financial systems. Money laundering involves disguising financial assets so they can be used without detection of the illegal activity that produced them. Through money laundering, the criminal transforms the monetary proceeds derived from criminal activity into funds with an apparently legal source.

This process has devastating social consequences. For one thing, money laundering provides the fuel for drug dealers, terrorists, arms dealers, and other criminals to operate and expand their criminal enterprises. We know that criminals manipulate financial systems in the United States and abroad to further a wide range of illicit activities. Left unchecked, money laundering can erode the integrity of our nation's financial institutions.

Although money laundering is a diverse and often complex process, it basically involves three independent steps that can occur simultaneously:

Placement: The first and most vulnerable stage of laundering money is placement. The goal is to introduce the unlawful proceeds into the financial system without attracting the attention of financial institutions or law enforcement. Placement techniques include structuring currency deposits in amounts to evade reporting requirements or commingling currency deposits of legal and illegal enterprises. An example may include: dividing large amounts of currency into less-conspicuous smaller sums that are deposited directly into a bank account, depositing a refund check from a canceled vacation package or insurance policy, or purchasing a series of monetary instruments (e.g., cashier’s checks or money orders) that are then collected and deposited into accounts at another location or financial institution. (Refer to Appendix G “Structuring” for additional guidance.)

BSA TRAINING FOR THE BOARD 2014 22

Layering: The second stage of the money laundering process is layering, which involves moving funds around the financial system, often in a complex series of transactions to create confusion and complicate the paper trail. Examples of layering include exchanging monetary instruments for larger or smaller amounts, or wiring or transferring funds to and through numerous accounts in one or more financial institutions.

Integration: The ultimate goal of the money laundering process is integration. Once the funds are in the financial system and insulated through the layering stage, the integration stage is used to create the appearance of legality through additional transactions. These transactions further shield the criminal from a recorded connection to the funds by providing a plausible explanation for the source of the funds. Examples include the purchase and resale of real estate, investment securities, foreign trusts, or other assets.

FinCEN is a network, a link between the law enforcement, financial, and regulatory communities. Because the changing financial world creates vast opportunities for criminals, FinCEN strives to work with its domestic and international partners to maximize the information sharing network and find new ways to prevent and detect financial crime.

How big is the problem and why is it important?

The profits of crime that creep into the United States' financial system each year are staggering and detrimental by any calculation. Drug trafficking alone generates tens of billions of dollars a year. Many believe that it is simply not possible to pinpoint the amount.

It is clear, however, that the problem is enormous. It is also clear that money laundering extends far beyond hiding narcotics profits. The dimension of the problem increases rapidly when one considers, for example, trade fraud and tax evasion subject to the money laundering statutes, as well as organized crime and arms smuggling. Bank, medical, and insurance fraud-which can also entail significant laundering of funds-add many additional billions of dollars to the criminals' profits.

Why do we need financial investigations?

Intense financial investigations are essential if we are to beat criminals at their trade-whether it's narcotics trafficking, organized crime, money laundering, or bank fraud. Following the money leads to the top of the criminal organization. But financial investigations are extremely complex and difficult to conduct. First, it takes many years of working in the financial industry to understand all its intricacies. Second, no single agency possesses a sufficiently broad or cross-jurisdictional focus and information base to track financial movements. Finally, the sheer size, variety, and pace of change of the financial sector make financial investigations even more difficult. The tools of the money launderer range from complex financial transactions, carried out through webs of wire transfers and networks of shell companies, to old-fashioned, if increasingly inventive, currency smuggling. As soon as law enforcement learns the intricacies of a

BSA TRAINING FOR THE BOARD 2014 23

new laundering technique and takes action to disrupt the activity, the launderers replace the scheme with yet another, more sophisticated method.

How has FinCEN addressed the problem?

The Financial Crimes Enforcement Network (FinCEN) was established in April 1990 by Treasury Order Number 105-08. Its original mission was to provide a government-wide, multi-source intelligence and analytical network to support the detection, investigation, and prosecution of domestic and international money laundering and other financial crimes. In May 1994, its mission was broadened to include regulatory responsibilities.

Today, FinCEN is one of Treasury’s primary agencies to oversee and implement policies to prevent and detect money laundering. This is accomplished in two ways. First, FinCEN uses counter-money laundering laws (such as the Bank Secrecy Act--"BSA") to require reporting and recordkeeping by banks and other financial institutions. This recordkeeping preserves a financial trail for investigators to follow as they track criminals and their assets. The BSA also requires reporting suspicious currency transactions which could trigger investigations. FinCEN establishes these policies and regulations to deter and detect money laundering in partnership with the financial community.

Second, FinCEN provides intelligence and analytical support to law enforcement. FinCEN's work is concentrated on combining information reported under the BSA with other government and public information. This information is then disclosed to FinCEN's customers in the law enforcement community in the form of intelligence reports. These reports help them build investigations and plan new strategies to combat money laundering.

Who are FinCEN's Customers?

FinCEN serves the interests of the financial, law enforcement, and regulatory communities. FinCEN's analysts provide case support to more than 165 federal, state, and local agencies, issuing approximately 6,500 intelligence reports each year. Using advanced technology and a variety of data sources, FinCEN links together various financial elements of the crime, helping federal, state and local law enforcement find the missing pieces to the criminal puzzle.

Addressing money laundering is a nationwide problem and FinCEN treats it that way. Through Project Gateway, FinCEN works with law enforcement officials in each state so that they have on-line access to FinCEN's databases. Gateway's cutting edge technology gives each state electronic access directly to financial information which they use with great success.

FinCEN is becoming an international leader in the fight against financial crimes and the corresponding corruption of international economies. FinCEN supports the G-7

BSA TRAINING FOR THE BOARD 2014 24

Financial Action Task Force (FATF), which came under the presidency of the United States for the seventh round (1995-96). In addition, FinCEN coordinates with financial intelligence units (FIUs) in scores of countries, including Britain, France, Belgium and Australia. FinCEN is also using its expertise to help establish FIUs worldwide.

How is FinCEN organized?

The unique staffing of the Financial Crimes Enforcement Network both reflects and sustains its mission to safeguard the financial system from the abuses of financial crime, including terrorist financing, money laundering, and other illicit activity. The bureau consists of approximately 300 full-time employees, a third of whom are analysts, another third are administrative and managerial professionals, with the remaining third including regulatory specialists, technology experts and Federal agents. In addition, there are approximately 40 long-term detailees from 20 different law enforcement and regulatory agencies.

BSA TRAINING FOR THE BOARD 2014 25

WHAT IS THE RISK ASSESSMENT LINK TO BSA/AML PROGRAM?

BSA TRAINING FOR THE BOARD 2014

RISK ASSESSMENT

IDENTIFY & MEASURE RISKProducts, Services, Customers and

Geographies

INTERNAL CONTROLS

Develop applicable:Policies, Procedures, Systems and Controls

Risk based compliance program

Internal Controls Audit Type BSA Compliance

Officer Training

26

BSA TRAINING FOR THE BOARD 2014

ANTI MONEY LAUNDERING PROGRAM

Customer Identification Program & Training

Customer Due Diligence, Customer Monitoring Programs & Training

Suspicious Activity Awareness and Reporting by Staff and Management

27

HIGH INTENSITY DRUG TRAFFICING AREAS

Eight parishes in Louisiana: Caddo, Bossier, Ouachita, Calcasieu, Lafayette, East Baton Rouge, Orleans, Jefferson

BSA TRAINING FOR THE BOARD 2014 28

HIDTA Headquarters

Southwest Border Regions

http://www.whitehousedrugpolicy.gov/hidta/index.html

BSA POLICY REQUIREMENTS

THESE AREAS MUST BE ADDRESSED IN YOUR POLICY; ALL AREAS MUST BE RISK-BASED. The FOUR PILLARS of BSA Compliance include:

1. The BSA Compliance Officer2. Internal Controls3. Independent Testing4. Training

IntroductionOverall goals of AML programRisk AssessmentBSA Compliance Officer/OFAC Officer in that section

BSA TRAINING FOR THE BOARD 2014 29

Training Independent TestingInternal Controls to ensure ongoing complianceRecognition of Fines and Penalties

Core Sections if they apply to you:Customer Identification ProgramCustomer Due DiligenceSuspicious Activity ReportingCurrency Transaction ReportingPurchase and Sale of Monetary Instruments RecordkeepingFund Transfers Recordkeeping Foreign Correspondent Account Recordkeeping and Due DiligencePrivate Banking Due Diligence Program (Non US Persons) International Transportation of Currency or Monetary Instrument ReportingOFAC

Possible Record Retention Enforcement GuidanceRed Flags for Money Laundering

Products and Services if they apply to you:

Correspondent Accounts (Domestic)Correspondent Accounts (Foreign)Bulk Shipments of Currency U. S. Dollar Drafts Payable Through Accounts Pouch ActivitiesElectronic BankingFunds TransfersAutomated Clearing House TransactionsElectronic Cash Third-Party Payment Processors Purchase and Sale of Monetary Instruments Brokered Deposits Privately Owned Automated Teller Machines Nondeposit Investment ProductsInsuranceConcentration AccountsLending Activities Trade Finance Activities Private Banking Trust and Asset Management Services

BSA TRAINING FOR THE BOARD 2014 30

Persons and Entities if they apply to you:Nonresident Aliens and Foreign Individuals Politically Exposed PersonEmbassy and Foreign consulate Accounts Nonbank financial Institutions Professional Service ProvidersNongovernmental Organizations and Charities Business Entities Cash Intensive Businesses

Currency Transaction Reports

BSA TRAINING FOR THE BOARD 2014 31

NEW CTR FORM

This is the link to the 73 pages of instructions for the new CTR form for e-filing that must be used beginning July 1, 2012

http://bsaefiling.fincen.treas.gov/news/FinCENCTRElectronicFilingRequirements.pdf

The format is significantly different and will require changes your bank’s internal procedures

There are three parts to this form:

Part 1 – Person Involved in the transactionPart II – Amount and Type of TransactionPart II – Financial Institution where Transaction takes place

Part I has a NEW section of 9a which is the NAICS code – standard industry code for the occupation

BSA TRAINING FOR THE BOARD 2014 32

Suspicious Activity Reporting

BSA TRAINING FOR THE BOARD 2014 33

SUSPICIOUS ACTIVITY REPORTING BASICS

Financial institutions are required to file Suspicious Activity Reports (SARs…or “something ain’t right” reports) under the Bank Secrecy Act. SAR information is reviewed by the law enforcement staff at FinCEN. The data is used to initiate or enhance criminal investigations and prosecutions.

Did you know that approximately 700,000 800,000 SARs are filed annually by depository institutions? Filing is required if the bank detects any known or suspected federal criminal violation, or pattern of

violations, committed or attempted against the bank, or involving one or more transactions conducted through the bank and the bank believes it was an actual or potential victim of a crime or was used to facilitate a crime

When is a SAR required?FILE WHAT & HOW MUCH?Filing a Suspicious Activity Report is required if……

the amount involved is $5000 or more in the aggregate and involves money laundering or violations of BSA. or

there is insider abuse involving any amount, orthe amount involved is $5000 or more and a suspect can be identified, orthe amount involved is $25000 or more regardless of whether a suspect can be identified.

!!!!!!!!!!!!!!!!When do you need to inform the BSA Officer of potential suspicious activity during the lending process?

CIP issues that violate policy (identity theft, forged documents) Loan requests for questionable purposes or sources of repayment False statements on loan applications Income appears to be from questionable sources Payments appear to be from questionable sources; sudden pay-down without

a reasonable source of funds Collateral offered appears to be questionable

BSA TRAINING FOR THE BOARD 2014 34

Loan proceeds are being sent to a high risk geography without a legitimate reason

WHAT IS TRENDING NOW FOR DEPOSITORY INSTITUTIONS

BSA TRAINING FOR THE BOARD 2014 35

FILINGS BY DEPOSITORY INSTITUTIONS 2012-2013

This is a link to the most recent SAR Stats Report http://www.fincen.gov/news_room/rp/sar_by_number.htmlA report was issued July 2014 and has links to several spreadsheets. There were 1,369,529 unique SAR filings between March 1, 2012 and December 31, 2013.

BSA TRAINING FOR THE BOARD 2014 36

CUSTOMER MONITORING AND DUE DILIGENCE

Money Laundering and Terrorist Financing “Red Flags” (2007)

The following are examples of potentially suspicious activities, or “red flags” for both money laundering and terrorist financing. Although these lists are not all-inclusive, they may help banks and examiners recognize possible money laundering and terrorist financing schemes. Management’s primary focus should be on reporting suspicious activities, rather than on determining whether the transactions are in fact linked to money laundering, terrorist financing, or a particular crime.

The following examples are red flags that, when encountered, may warrant additional scrutiny. The mere presence of a red flag is not by itself evidence of criminal activity. Closer scrutiny should help to determine whether the activity is suspicious or one for which there does not appear to be a reasonable business or legal purpose.

Potentially Suspicious Activity that May Indicate Money Laundering

Customers Who Provide Insufficient or Suspicious Information

A customer uses unusual or suspicious identification documents that cannot be readily verified.

A customer provides an individual tax identification number after having previously used a Social Security number.

A customer uses different tax identification numbers with variations of his or her name.

A business is reluctant, when establishing a new account, to provide complete information about the nature and purpose of its business, anticipated account activity, prior banking relationships, the names of its officers and directors, or information on its business location.

A customer’s home or business telephone is disconnected.

The customer’s background differs from that which would be expected on the basis of his or her business activities.

A customer makes frequent or large transactions and has no record of past or present employment experience.

A customer is a trust, shell company, or Private Investment Company that is reluctant to provide information on controlling parties and underlying beneficiaries. Beneficial owners may hire nominee incorporation services to establish shell companies and open bank accounts for those shell companies while shielding the owner’s identity.

BSA TRAINING FOR THE BOARD 2014 37

BSA TRAINING FOR THE BOARD 2014 38

Efforts to Avoid Reporting or Recordkeeping Requirement

A customer or group tries to persuade a bank employee not to file required reports or maintain required records.

A customer is reluctant to provide information needed to file a mandatory report, to have the report filed, or to proceed with a transaction after being informed that the report must be filed.

A customer is reluctant to furnish identification when purchasing negotiable instruments in recordable amounts.

A business or customer asks to be exempted from reporting or recordkeeping requirements.

A person customarily uses the automated teller machine to make several bank deposits below a specified threshold.

A customer deposits funds into several accounts, usually in amounts of less than $3,000, which are subsequently consolidated into a master account and transferred outside of the country, particularly to or through a location of specific concern (e.g., countries designated by national authorities and Financial Action Task Force on Money Laundering (FATF) as non-cooperative countries and territories).

A customer accesses a safe deposit box after completing a transaction involving a large withdrawal of currency, or accesses a safe deposit box before making currency deposits structured at or just under $10,000, to evade Currency Transaction Report (CTR) filing requirements.

Funds Transfers

Many funds transfers are sent in large, round dollar, hundred dollar, or thousand dollar amounts.

Funds transfer activity occurs to or from a financial secrecy haven, or to or from a high-risk geographic location without an apparent business reason or when the activity is inconsistent with the customer’s business or history.

Many small, incoming transfers of funds are received, or deposits are made using checks and money orders. Almost immediately, all or most of the transfers or deposits are wired to another city or country in a manner inconsistent with the customer’s business or history.

Large, incoming funds transfers are received on behalf of a foreign client, with little or no explicit reason.

Funds transfer activity is unexplained, repetitive, or shows unusual patterns.

Payments or receipts with no apparent links to legitimate contracts, goods, or services are received.

Funds transfers are sent or received from the same person to or from different accounts.

BSA TRAINING FOR THE BOARD 2014 39

Funds transfers contain limited content and lack related party information.

Automated Clearing House Transactions

Large-value, automated clearing house (ACH) transactions are frequently initiated through third-party service providers (TPSP) by originators that are not bank customers and for which the bank has no or insufficient due diligence.

TPSPs have a history of violating ACH network rules or generating illegal transactions, or processing manipulated or fraudulent transactions on behalf of their customers.

Multiple layers of TPSPs that appear to be unnecessarily involved in transactions.

Unusually high level of transactions initiated over the Internet or by telephone.

National Automated Clearing House Association (NACHA) information requests indicate potential concerns with the bank’s usage of the ACH system.

Activity Inconsistent with the Customer’s Business

The currency transaction patterns of a business show a sudden change inconsistent with normal activities.

A large volume of cashier’s checks, money orders, or funds transfers is deposited into, or purchased through, an account when the nature of the accountholder’s business would not appear to justify such activity.

A retail business has dramatically different patterns of currency deposits from similar businesses in the same general location.

Unusual transfers of funds occur among related accounts or among accounts that involve the same or related principals.

The owner of both a retail business and a check-cashing service does not ask for currency when depositing checks, possibly indicating the availability of another source of currency.

Goods or services purchased by the business do not match the customer’s stated line of business.

Payments for goods or services are made by checks, money orders, or bank drafts not drawn from the account of the entity that made the purchase.

Lending Activity

Loans secured by pledged assets held by third parties unrelated to the borrower.

Loan secured by deposits or other readily marketable assets, such as securities, particularly when owned by apparently unrelated third parties.

BSA TRAINING FOR THE BOARD 2014 40

Borrower defaults on a cash-secured loan or any loan that is secured by assets which are readily convertible into currency.

Loans are made for, or are paid on behalf of, a third party with no reasonable explanation.

To secure a loan, the customer purchases a certificate of deposit using an unknown source of funds, particularly when funds are provided via currency or multiple monetary instruments.

Loans that lack a legitimate business purpose, provide the bank with significant fees for assuming little or no risk, or tend to obscure the movement of funds (e.g., loans made to a borrower and immediately sold to an entity related to the borrower).

Changes in Bank-to-Bank Transactions

The size and frequency of currency deposits increases rapidly with no corresponding increase in non-currency deposits.

A bank is unable to track the true accountholder of correspondent or concentration account transactions.

The turnover in large-denomination bills is significant and appears uncharacteristic, given the bank’s location.

Changes in currency-shipment patterns between correspondent banks are significant.

Cross-Border Financial Institution Transactions1

U.S. bank increases sales or exchanges of large denomination U.S. bank notes to Mexican financial institution(s).

Large volumes of small denomination U.S. banknotes being sent from Mexican casas de cambio to their U.S. accounts via armored transport or sold directly to U.S. banks. These sales or exchanges may involve jurisdictions outside of Mexico.

Casas de cambio direct the remittance of funds via multiple funds transfers to jurisdictions outside of Mexico that bear no apparent business relationship with the casas de cambio. Funds transfer recipients may include individuals, businesses, and other entities in free trade zones.

Casas de cambio deposit numerous third-party items, including sequentially numbered monetary instruments, to their accounts at U.S. banks.

Casas de cambio direct the remittance of funds transfers from their accounts at Mexican financial institutions to accounts at U.S. banks. These funds transfers follow the deposit of currency and third-party items by the casas de cambio into their Mexican financial institution.

1 FinCEN Advisory FIN-2006-A003, Guidance to Financial Institutions on the Repatriation of Currency Smuggled into Mexico from the United States, April 28, 2006.

BSA TRAINING FOR THE BOARD 2014 41

Trade Finance

Items shipped that are inconsistent with the nature of the customer’s business (e.g., a steel company that starts dealing in paper products, or an information technology company that starts dealing in bulk pharmaceuticals).

Customers conducting business in high-risk jurisdictions.

Customers shipping items through high-risk jurisdictions, including transit through non-cooperative countries.

Customers involved in potentially high-risk activities, including activities that may be subject to export/import restrictions (e.g., equipment for military or police organizations of foreign governments, weapons, ammunition, chemical mixtures, classified defense articles, sensitive technical data, nuclear materials, precious gems, or certain natural resources such as metals, ore, and crude oil).

Obvious over- or under-pricing of goods and services.

Obvious misrepresentation of quantity or type of goods imported or exported.

Transaction structure appears unnecessarily complex and designed to obscure the true nature of the transaction.

Customer requests payment of proceeds to an unrelated third party.

Shipment locations or description of goods not consistent with letter of credit.

Documentation showing a higher or lower value or cost of merchandise than that which was declared to customs or paid by the importer.

Significantly amended letters of credit without reasonable justification or changes to the beneficiary or location of payment. Any changes in the names of parties should prompt additional OFAC review.

Privately Owned Automated Teller Machines

Automated teller machine (ATM) activity levels are high in comparison with other privately owned or bank-owned ATMs in comparable geographic and demographic locations.

Sources of currency for the ATM cannot be identified or confirmed through withdrawals from account, armored car contracts, lending arrangements, or other appropriate documentation.

Insurance

A customer purchases products with termination features without concern for the product’s investment performance.

BSA TRAINING FOR THE BOARD 2014 42

A customer purchases insurance products using a single, large premium payment, particularly when payment is made through unusual methods such as currency or currency equivalents.

A customer purchases product that appears outside the customer’s normal range of financial wealth or estate planning needs.

A customer borrows against the cash surrender value of permanent life insurance policies, particularly when payments are made to apparently unrelated third parties.

Policies are purchased that allow for the transfer of beneficial ownership interests without the knowledge and consent of the insurance issuer. This would include secondhand endowment and bearer insurance policies.

A customer is known to purchase several insurance products and uses the proceeds from an early policy surrender to purchase other financial assets.

Shell Company Activity

A bank is unable to obtain sufficient information or information is unavailable to positively identify originators or beneficiaries of accounts or other banking activity (using Internet, commercial database searches, or direct inquiries to a respondent bank).

Payments to or from the company have no stated purpose, do not reference goods or services, or identify only a contract or invoice number.

Goods or services, if identified, do not match profile of company provided by respondent bank or character of the financial activity; a company references remarkably dissimilar goods and services in related funds transfers; explanation given by foreign respondent bank is inconsistent with observed funds transfer activity.

Transacting businesses share the same address, provide only a registered agent’s address, or have other address inconsistencies.

Unusually large number and variety of beneficiaries are receiving funds transfers from one company.

Frequent involvement of multiple jurisdictions or beneficiaries located in high-risk offshore financial centers.

A foreign correspondent bank exceeds the expected volume in its client profile for funds transfers, or an individual company exhibits a high volume and pattern of funds transfers that is inconsistent with its normal business activity.

Multiple high-value payments or transfers between shell companies with no apparent legitimate business purpose.

Purpose of the shell company is unknown or unclear.

Embassy and Foreign Consulate Accounts

Official embassy business is conducted through personal accounts.

BSA TRAINING FOR THE BOARD 2014 43

Account activity is not consistent with the purpose of the account, such as pouch activity or payable upon proper identification transactions.

Accounts are funded through substantial currency transactions.

Accounts directly fund personal expenses of foreign nationals without appropriate controls, including, but not limited to, expenses for college students.

Employees

Employee exhibits a lavish lifestyle that cannot be supported by his or her salary.

Employee fails to conform to recognized policies, procedures, and processes, particularly in private banking.

Employee is reluctant to take a vacation.

Other Unusual or Suspicious Customer Activity

Customer frequently exchanges small-dollar denominations for large-dollar denominations.

Customer frequently deposits currency wrapped in currency straps or currency wrapped in rubber bands that is disorganized and does not balance when counted.

Customer purchases a number of cashier’s checks, money orders, or traveler’s checks for large amounts under a specified threshold.

Customer purchases a number of open-end stored value cards for large amounts. Purchases of stored value cards are not commensurate with normal business activities.

Customer receives large and frequent deposits from on-line payments systems yet has no apparent on-line or auction business.

Monetary instruments deposited by mail are numbered sequentially or have unusual symbols or stamps on them.

Suspicious movements of funds occur from one bank to another, and then funds are moved back to the first bank.

Deposits are structured through multiple branches of the same bank or by groups of people who enter a single branch at the same time.

Currency is deposited or withdrawn in amounts just below identification or reporting thresholds.

Customer visits a safe deposit box or uses a safe custody account on an unusually frequent basis.

Safe deposit boxes or safe custody accounts opened by individuals who do not reside or work in the institution’s service area, despite the availability of such services at an institution closer to them.

BSA TRAINING FOR THE BOARD 2014 44

Customer repeatedly uses a bank or branch location that is geographically distant from the customer’s home or office without sufficient business purpose.

Customer exhibits unusual traffic patterns in the safe deposit box area or unusual use of safe custody accounts. For example, several individuals arrive together, enter frequently, or carry bags or other containers that could conceal large amounts of currency, monetary instruments, or small valuable items.

Customer rents multiple safe deposit boxes to store large amounts of currency, monetary instruments, or high-value assets awaiting conversion to currency, for placement into the banking system. Similarly, a customer establishes multiple safe custody accounts to park large amounts of securities awaiting sale and conversion into currency, monetary instruments, outgoing funds transfers, or a combination thereof, for placement into the banking system.

Unusual use of trust funds in business transactions or other financial activity.

Customer uses a personal account for business purposes.

Customer has established multiple accounts in various corporate or individual names that lack sufficient business purpose for the account complexities or appear to be an effort to hide the beneficial ownership from the bank.

Customer makes multiple and frequent currency deposits to various accounts that are purportedly unrelated.

Customer conducts large deposits and withdrawals during a short time period after opening and then subsequently closes the account or the account becomes dormant. Conversely, an account with little activity may suddenly experience large deposit and withdrawal activity.

Customer makes high-value transactions not commensurate with the customer’s known incomes.

Potentially Suspicious Activity that May Indicate Terrorist Financing

The following examples of potentially suspicious activity that may indicate terrorist financing are primarily based on guidance “Guidance for Financial Institutions in Detecting Terrorist Financing” provided by the FATF.2 FATF is an intergovernmental body whose purpose is the development and promotion of policies, both at national and international levels, to combat money laundering and terrorist financing.

Activity Inconsistent with the Customer’s Business

Funds are generated by a business owned by persons of the same origin or by a business that involves persons of the same origin from high-risk countries (e.g., countries designated by national authorities and FATF as non-cooperative countries and territories).

2 Guidance for Financial Institutions in Detecting Terrorist Financing, April 24, 2002, is available at www.fatf-gafi.org.

BSA TRAINING FOR THE BOARD 2014 45

The stated occupation of the customer is not commensurate with the type or level of activity.

Persons involved in currency transactions share an address or phone number, particularly when the address is also a business location or does not seem to correspond to the stated occupation (e.g., student, unemployed, or self-employed).

Regarding nonprofit or charitable organizations, financial transactions occur for which there appears to be no logical economic purpose or in which there appears to be no link between the stated activity of the organization and the other parties in the transaction.

A safe deposit box opened on behalf of a commercial entity when the business activity of the customer is unknown or such activity does not appear to justify the use of a safe deposit box.

Other Transactions That Appear Unusual or Suspicious

Transactions involving foreign currency exchanges are followed within a short time by funds transfers to high-risk locations.

Multiple accounts are used to collect and funnel funds to a small number of foreign beneficiaries, both persons and businesses, particularly in high-risk locations.

A customer obtains a credit instrument or engages in commercial financial transactions involving the movement of funds to or from high-risk locations when there appear to be no logical business reasons for dealing with those locations.

Banks from high-risk locations open accounts.

Funds are sent or received via international transfers from or to high-risk locations.

Insurance policy loans or policy surrender values that are subject to a substantial surrender charge.

BSA TRAINING FOR THE BOARD 2014 46

MORTGAGE FRAUD CONVICTION

Department of JusticeOffice of Public Affairs

FOR IMMEDIATE RELEASETuesday, April 19, 2011

Former Chairman of Taylor, Bean & Whitaker Convicted for $2.9 Billion Fraud Scheme That Contributed to the Failure of Colonial Bank

WASHINGTON – Lee Bentley Farkas, the former chairman of a private mortgage lending company, Taylor, Bean & Whitaker (TBW), was convicted today for his role in a more than $2.9 billion fraud scheme that contributed to the failures of Colonial Bank, one of the 25 largest banks in the United States in 2009, and TBW, one of the largest privately held mortgage lending companies in the United States in 2009. The conviction was announced today by Assistant Attorney General Lanny A. Breuer of the Criminal Division; U.S. Attorney Neil H. MacBride for the Eastern District of Virginia; Acting Special Inspector General Christy Romero for the Troubled Asset Relief Program (SIGTARP); Assistant Director in Charge James W. McJunkin of the FBI’s Washington Field Office; Michael P. Stephens, Acting Inspector General of the Department of Housing and Urban Development (HUD-OIG); Jon T. Rymer, Inspector General of the Federal Deposit Insurance Corporation (FDIC-OIG) ; Steve A. Linick, Inspector General of the Federal Housing Finance Agency (FHFA-OIG); and Victor F. O. Song, Chief of the Internal Revenue Service Criminal Investigation (IRS-CI).  After a 10-day trial, a federal jury in the Eastern District of Virginia found Farkas guilty of one count of conspiracy to commit bank, wire and securities fraud; six counts of bank fraud; four counts of wire fraud; and three counts of securities fraud. At sentencing, scheduled for July 1, 2011, Farkas faces a maximum prison term of 30 years for the conspiracy charge and for each count of bank fraud, 20 years for each count of wire fraud related to TARP, 30 years for each count of wire fraud affecting a financial institution and 25 years for each securities fraud count. Farkas was remanded into custody. According to court documents and evidence presented at trial, Farkas and his co-conspirators engaged in a scheme that misappropriated more than $1.4 billion from Colonial Bank’s Mortgage Warehouse Lending Division in Orlando, Fla., and approximately $1.5 billion from Ocala Funding, a mortgage lending facility controlled by TBW. Farkas and his co-conspirators

BSA TRAINING FOR THE BOARD 2014 47

misappropriated this money to, among other things, cover TBW’s operating expenses. The fraud scheme contributed to the failures of Colonial Bank and TBW.  Six individuals have pleaded guilty for their roles in the fraud scheme, including: Paul Allen, former chief executive officer of TBW; Raymond Bowman, former president of TBW; Desiree Brown, former treasurer of TBW; Catherine Kissick, former senior vice president of Colonial Bank and head of its Mortgage Warehouse Lending Division (MWLD); Teresa Kelly, former operations supervisor for Colonial Bank’s MWLD; and Sean Ragland, a former senior financial analyst at TBW. “Lee Farkas, the former chairman of TBW, masterminded one of the largest bank fraud schemes in history,” said Assistant Attorney General Breuer.  “His shockingly brazen scheme poured fuel on the fire of the financial crisis.  It not only led to the downfall of TBW, one of the largest private mortgage lending companies in the United States, but also contributed to the failure of one of the country’s largest commercial banks.  Mr. Farkas may have thought he could steal nearly $3 billion from investors and taxpayers and sail into the sunset.  But now a jury has told him otherwise, and he must face the severe consequences.”

 “Today a jury convicted Lee Farkas of orchestrating one of the longest and largest bank fraud schemes in the country,” said U.S. Attorney Neil H. MacBride. “In 2008, Lee Farkas boasted that he ‘could rob a bank with a pencil.’ And he did just that. His staggering greed led him to steal nearly $3 billion from Colonial Bank and other investors. Farkas’s mammoth fraud contributed to the toppling of a financial institution and the ripple effects were felt from Wall Street to Main Street. Now he’s being held responsible for the financial ruin he left in his wake.”

 “This investigation required thousands of hours of work by investigators, forensic accountants and analysts to sort through complex mortgage and lending documents,” said Assistant Director in Charge McJunkin. “I’d like to thank the many other agencies who worked with FBI personnel to build a strong investigative team; a team still out there working today to protect federal funds and innocent victims.” “Today’s verdict ensures that Farkas will pay for his crime – an unprecedented scheme to defraud regulators during the height of the financial crisis and to steal over $550 million from the American taxpayers through TARP,” said Acting Special Inspector General Romero for SIGTARP . “SIGTARP and its partners in the Financial Fraud Enforcement

BSA TRAINING FOR THE BOARD 2014 48

Task Force stopped the scheme dead in its tracks and will continue to bring to justice those criminals who seek to profit by exploiting TARP through fraud.” According to court documents and evidence presented at trial, the fraud scheme began in 2002, when Farkas and his co-conspirators ran overdrafts in TBW bank accounts at Colonial Bank in order to cover TBW’s cash shortfalls. Farkas and his co-conspirators at TBW and Colonial Bank transferred money between accounts at Colonial Bank to hide the overdrafts. Evidence presented at trial showed that after the overdrafts grew to more than $100 million, Farkas and his co-conspirators covered up the overdrafts and operating losses by causing Colonial Bank to purchase from TBW over time more than $1.5 billion in what amounted to worthless mortgage loan assets, including loans that TBW had already sold to other investors and fake pools of loans supposedly being formed into mortgage-backed securities. Farkas and his co-conspirators caused Colonial Bank to report these assets on its books at face value when in fact the mortgage loan assets were worthless. By August 2009, approximately $500 million in fake pools of loans remained on Colonial Bank’s books. According to court documents and evidence presented at trial, Farkas and his co-conspirators at TBW also misappropriated more than $1.5 billion from Ocala Funding. Ocala Funding sold asset-backed commercial paper to financial institution investors, including Deutsche Bank and BNP Paribas Bank. Ocala Funding, in turn, was required to maintain collateral in the form of cash and/or mortgage loans at least equal to the value of outstanding commercial paper.  Evidence presented at trial established that Farkas and his co-conspirators diverted cash from Ocala Funding to TBW to cover its operating losses, and as a result, created significant deficits in the amount of collateral Ocala Funding possessed to back the outstanding commercial paper. To cover up the diversions, the conspirators sent false information to Deutsche Bank, BNP Paribas Bank and other financial institution investors and led them to falsely believe that they had sufficient collateral backing the commercial paper they had purchased. When TBW failed in August 2009, the banks were unable to redeem their commercial paper for full value. Farkas and his co-conspirators also caused approximately $900 million in loans to be held on Colonial Bank’s books when in fact the loans had already been sold to Freddie Mac and other investors. According to court documents and evidence at trial, in the fall of 2008, Colonial Bank’s holding company, Colonial BancGroup Inc., applied for $570 million in taxpayer funding through the Capital Purchase Program (CPP), a sub-program of the U.S. Treasury Department’s Troubled Asset Relief Program (TARP). In connection with the application, Colonial BancGroup submitted financial data and filings that included materially false information related to mortgage

BSA TRAINING FOR THE BOARD 2014 49

loans and securities held by Colonial Bank as a result of the fraudulent scheme perpetrated by Farkas and his co-conspirators. Colonial BancGroup’s TARP application was conditionally approved for $553 million contingent on the bank raising $300 million in private capital.  Evidence at trial established that Farkas and his co-conspirators falsely informed Colonial BancGroup that they had identified sufficient investors to satisfy the TARP capital contingency. Farkas and his TBW co-conspirators diverted $25 million from Ocala Funding into an escrow account and falsely represented that the money was on behalf of capital raise investors. Farkas and his TBW co-conspirators caused Colonial BancGroup to issue a false and misleading financial statement to the Securities and Exchange Commission (SEC) and press release announcing the success of the capital raise. Ultimately, Colonial BancGroup did not receive any TARP funds.  Evidence at trial also established that Farkas and his co-conspirators caused Colonial BancGroup to file materially false financial data with the SEC regarding its assets in annual reports contained in Forms 10-K and quarterly filings contained in Forms 10-Q. Colonial BancGroup’s materially false financial data included overstated assets for mortgage loans that had little to no value that Farkas and his co-conspirators caused Colonial Bank to purchase. Farkas and his co-conspirators also caused TBW to submit materially false financial data to the Government National Mortgage Association (Ginnie Mae) in order to extend TBW’s authority to issue Ginnie Mae mortgage-backed securities. According to court documents and evidence presented at trial, Farkas also personally misappropriated more than $20 million from TBW and Colonial Bank to finance his lifestyle, including purchasing multiple homes, scores of cars, a jet and sea plane, and restaurants and bars.  In August 2009, the Alabama State Banking Department, Colonial Bank’s regulator, seized the bank and appointed the FDIC as receiver. Colonial BancGroup also filed for bankruptcy in August 2009.

 “The successful prosecution of Farkas and his associates highlights the commitment and combined efforts of DOJ and federal law enforcement to hold those responsible from all levels of a mortgage company,” said Acting Inspector General Stephens for HUD-OIG. “Efforts to protect FHA and Ginnie Mae are strengthened by this verdict.”

 “Today’s verdict confirms that the former chairman of one of the leading mortgage lending firms in the Southeast engaged in criminal conduct during the mid-2000s,” said Inspector General

BSA TRAINING FOR THE BOARD 2014 50

Rymer of FDIC-OIG. “We are proud to work with our partners at the Justice Department’s Criminal Division and in the U.S. Attorney’s Office for the Eastern District of Virginia to bring to justice individuals whose fraud contributed significantly to the financial crisis and the failure of a major financial institution.” “This conviction represents a victory for Freddie Mac and American taxpayers, who have invested $64.2 billion in Freddie Mac to date,” said Inspector General Linick of the FHFA-OIG. “ The fraud that Farkas perpetrated on Freddie Mac directly affected its bottom line and, in turn, American taxpayers.  FHFA-OIG looks forward to future cooperative efforts with law enforcement partners to combat fraud against Freddie Mac, Fannie Mae, and the Federal Home Loan Banks.”

 This conviction is part of efforts underway by President Barack Obama’s Financial Fraud Enforcement Task Force. President Obama established the interagency task force to wage an aggressive, coordinated and proactive effort to investigate and prosecute financial crimes. The task force includes representatives from a broad range of federal agencies, regulatory authorities, inspectors general and state and local law enforcement who, working together, bring to bear a powerful array of criminal and civil enforcement resources. The task force is working to improve efforts across the federal executive branch, and with state and local partners, to investigate and prosecute significant financial crimes, ensure just and effective punishment for those who perpetrate financial crimes, combat discrimination in the lending and financial markets, and recover proceeds for victims of financial crimes. For more information about the task force visit: www.stopfraud.gov .

BSA TRAINING FOR THE BOARD 2014 51

STRUCTURING

Structuring transactions to evade BSA reporting and certain recordkeeping requirements can result in civil and criminal penalties under the BSA. Under the BSA (31 USC 5324), no person shall, for the purpose of evading the Currency Transaction Report (CTR) or a geographic targeting order reporting requirement, or certain BSA recordkeeping requirements:

Cause or attempt to cause a bank to fail to file a CTR or a report required under a geographic targeting order or to maintain a record required under BSA regulations.

Cause or attempt to cause a bank to file a CTR or report required under a geographic targeting order, or to maintain a BSA record that contain a material omission or misstatement of fact.

Structure, as defined above, or attempt to structure or assist in structuring, any transaction with one or more banks.

The definition of structuring, as set forth in 31 CFR 103.11(gg) (which was implemented before a Patriot Act provision extended the prohibition on structuring to geographic targeting orders and BSA recordkeeping requirements) states, “a person structures a transaction if that person, acting alone, or in conjunction with, or on behalf of, other persons, conducts or attempts to conduct one or more transactions in currency in any amount, at one or more financial institutions, on one or more days, in any manner, for the purpose of evading the [CTR filing requirements].” “In any manner” includes, but is not limited to, breaking down a single currency sum exceeding $10,000 into smaller amounts that may be conducted as a series of transactions at or less than $10,000. The transactions need not exceed the $10,000 CTR filing threshold at any one bank on any single day in order to constitute structuring.

Money launderers and criminals have developed many ways to structure large amounts of currency to evade the CTR filing requirements. Unless currency is smuggled out of the United States or commingled with the deposits of an otherwise legitimate business, any money laundering scheme that begins with a need to convert the currency proceeds of criminal activity into more legitimate-looking forms of financial instruments, accounts, or investments, will likely involve some form of structuring. Structuring remains one of the most commonly reported suspected crimes on Suspicious Activity Reports (SARs).

Bank employees should be aware of and alert to structuring schemes. For example, a customer may structure currency deposit or withdrawal transactions, so that each is less than the $10,000 CTR filing threshold; use currency to purchase official bank checks, money orders, or traveler’s checks with currency in amounts less than $10,000 (and possibly in amounts less than the $3,000 recordkeeping threshold for the currency purchase of monetary instruments to avoid having to produce identification in the process); or exchange small bank notes for large ones in amounts less than $10,000.

BSA TRAINING FOR THE BOARD 2014 52

However, two transactions slightly under the $10,000 threshold conducted days or weeks apart may not necessarily be structuring. For example, if a customer deposits $9,900 in currency on Monday and deposits $9,900 in currency on Wednesday, it should not be assumed that structuring has occurred. Instead, further review and research may be necessary to determine the nature of the transactions, prior account history, and other relevant customer information to assess whether the activity is suspicious. Even if structuring has not occurred, the bank should review the transactions for suspicious activity.

In addition, structuring may occur before a customer brings the funds to a bank. In these instances, a bank may be able to identify the aftermath of structuring. Deposits of monetary instruments that may have been purchased elsewhere might be structured to evade the CTR filing requirements or the recordkeeping requirements for the currency purchase of monetary instruments. These instruments are often numbered sequentially in groups totaling less than $10,000 or $3,000; bear the same handwriting (for the most part) and often the same small mark, stamp, or initials; or appear to have been purchased at numerous places on the same or different days.

BSA TRAINING FOR THE BOARD 2014 53

FREQUENTLY ASKED QUESTIONS ABOUT FILING SUSPICIOUS ACTIVITY REPORTS

1. How should banks handle repeated or continuing suspicious activity on one account or by one person/customer?

One of the purposes of filing SARs is to identify violations or potential violations of law to the appropriate law enforcement authorities for criminal investigation. This is accomplished by the filing of a SAR that identifies the activity of concern. Should this activity continue over a period of time, it is useful for such information to be made known to law enforcement (and the bank supervisors). As a general rule of thumb, organizations should report continuing suspicious activity with a report being filed at least every 90 days. This will serve the purposes of notifying law enforcement of the continuing nature of the activity, as well as provide a reminder to the organization that it must continue to review the suspicious activity to determine if other actions may be appropriate, such as terminating its relationship with the customer or employee that is the subject of the filing.

2. Should our bank close an account with continuing suspicious activity?

The closure of a customer account as the result of the identification of suspicious activity is a determination for an organization to make in light of the information available to the organization. A filing of a SAR, on its own, should not be the basis for terminating a customer relationship. Rather, a determination should be made with the knowledge of the facts and circumstances giving rise to the SAR filing, as well as other available information that could tend to impact on such a decision. It may be advisable to include the organization’s counsel, as well as other senior staff, in such determinations.

3. Under what circumstances can the filing deadline for SARs be extended?

The SAR rules require that a SAR be filed no later than 30 days from the date of the initial detection of the suspicious activity, unless no suspect can be identified, in which case, the time period for filing a SAR is extended to 60 days.

It may be appropriate for organizations to conduct a review of the activity to determine whether a need exists to file a SAR. The fact that a review of customer activity or transactions is determined to be necessary is not necessarily indicative of the need to file a SAR, even if a reasonable review of the activity or transactions might take an extended period of time. The time to file a SAR starts when the organization, in the course of its review or on account of other factors, reaches the position in which it knows, or has reason to suspect, that the activity or transactions under review meets one or more of the definitions of suspicious activity.

BSA TRAINING FOR THE BOARD 2014 54

4. To whom may we disclose information contained in SAR?

Federal law (31 USC 5318(g)(2)) prohibits the notification of any person that is involved in the activity being reported on a SAR that the activity has been reported. This prohibition effectively precludes the disclosure of a SAR or the fact that a SAR has been filed. However, this prohibition does not preclude, under federal law, a disclosure in an appropriate manner of the facts that are the basis of the SAR, so long as the disclosure is not made in a way that indicates or implies that a SAR has been filed or that the information is included on a filed SAR.

The Board of Directors of a bank is informed about SAR filings at their meetings. It is usually the practice of the bank not to include the names as to protect confidentiality.

SARs cannot be subpoenaed and if they are you should immediately let your Bank Secrecy officer know and she or he will deal directly with FinCEN

BSA TRAINING FOR THE BOARD 2014 55

ORGANIZED RETAIL THEFT CASE

In a case that is part of a large-scale investigation into organized retail theft (ORT) rings, a federal jury convicted an individual of multiple counts related to laundering the proceeds from the criminal activity. Investigators found Suspicious Activity Reports filed on the defendant very useful in the case. Moreover, multiple banks examined activity related to the defendant, determined that it was suspicious and filed SARs. The bank also closed the defendants’ accounts.

Evidence gathered in a joint investigation is credited with securing the conviction of a grocer on counts of failure to file currency transaction reports, conspiracy to commit money laundering, and money laundering. The grocer was convicted for his role in helping five ORT rings launder at least $69 million derived from the sale of stolen baby formula and health-and-beauty products. The conspiracy continued for 5 years and involved nearly 400 financial transactions. In organized retail theft, street-level thieves, known as boosters, steal large quantities of over-the-counter drugs and health-and-beauty products from retailers. They sell the goods to repackagers who remove price tags and other markings indicating that the products are stolen. The stolen goods are then either sold directly to convenience stores or to wholesalers who mix the items with legitimately purchased products and sell them in large quantities to retailers and convenience stores. Over the course of the conspiracy, the defendant accepted third-party checks for deposit and wire transfers to his business account from five different ORT rings. In turn, he provided cash to the organizations, minus his fee (of more than $600,000 in 5 years), generally paid through intermediaries. In an attempt to obscure transactions further, some of the ORT rings asked businesses purchasing their products to pay the defendant’s business directly by check or wire transfer. The defendant registered his grocery as a money services business, potentially as a means to justify large-dollar wire transfer, check, and cash transactions through his store accounts. A federal agent closely involved with the investigation called SARs associated with the case “critical” in identifying bank information about the defendant’s business and in reporting some of the payments received by his business from some of the entities involved in the ORT. Several years earlier, a bank had filed a SAR noting that the defendant’s account activity was not consistent with a typical food market operation . The bank subsequently closed the account. The next year, another bank opened and closed an account affiliated with the defendant. Based on financial activity associated with the account, the bank determined that the associated business was operating as a money services business. The bank requested supporting documents, such as a copy of the MSB’s license and anti-money laundering program. When the business could not provide the material, the bank closed the account. The lack of CTRs documenting the cash the defendant’s business paid to ORT rings triggered the counts of failure to file CTRs in the indictment. Additionally, the agent noted that the defendant had testified that he was unaware of his obligation to file CTRs when he provided large amounts of cash to ORT rings. This testimony was discredited by an examiner, who testified that he recalled instructing the defendant on BSA procedures related to the operation of an MSB as outlined in FinCEN provided MSB materials seized from the defendant’s business.

BSA TRAINING FOR THE BOARD 2014 56

Prosecutors are seeking $4.8 million in forfeitures and money judgments. The defendant is also likely to receive a sentence of 5 to 9 years in prison.

SARS LEAD TO RECOVERY OF FUNDS DERIVED FROM MEDICAL FRAUD

BSA records often play a crucial role in federal investigations of medical fraud. The records are often instrumental in seizing assets and shutting down businesses that may be perpetrating the fraud. Some of the businesses may exist on paper only, and prosecution of the perpetrators is often difficult and time-consuming. However, cooperation between the financial industry and government agencies, facilitated through Suspicious Activity Reports, results in early detection of medical fraud and swift action to seize funds generated through the illegal activity. Two recent cases highlight the value of BSA records in these types of investigations.

In one case, initiated through data analysis of fraudulent billing practices, agents discovered that a pharmacy was billing for items and in a manner that was highly consistent with known fraudulent practices. Investigators interviewed numerous individuals purported to be patients (beneficiaries) for whom the pharmacy submitted claims to the Medicare program for expensive respiratory medications used with durable medical equipment (DME). None of the beneficiaries interviewed had received any DME, nor did they know the physicians named as the referring physicians in the claims. Agents also interviewed several physicians whose names and Universal Provider Identification Numbers were used by the pharmacy in order to submit claims to Medicare. None of the physicians had ever prescribed the DME in question, and attested that the beneficiaries for whom they purportedly prescribed the DME were not their patients.

Two financial institutions filed SARs because of transactions involving the pharmacy’s accounts that were inconsistent for such a business and notified authorities of the suspicious transactions. Information provided by the financial institutions helped agents obtain and execute a seizure warrant for over $1.3 million held in two corporate bank accounts titled to the pharmacy.

In a second case, initiated from a financial institution SAR, agents opened an investigation on a medical services “clinic” billing for a variety of anesthetic and back pain medical procedures. The physician listed as the treating doctor for the clinic was interviewed, as well as several beneficiaries. None of the beneficiaries interviewed had received any of the treatments that were billed to Medicare, been treated at the medical services business, or knew the physician listed as the treating doctor in the Medicare claims. The physician stated that he had never performed the procedures for the patients on whose behalf the medical services business submitted claims to Medicare, and attested that all of the claims made under his name were fraudulent.

The federal agency conducting the investigation obtained a warrant at a U.S. District Court for the seizure of funds frozen in the corporate account belonging to the medical services business. The seizure warrant led to the recovery of over $500,000.

[Published in The SAR Activity Review - Trends, Tips & Issues, Issue 14, October 2008]

BSA TRAINING FOR THE BOARD 2014 57

FIELDS IN THE NEW SAR E-FORM

STRUCTURING

If a lender becomes aware that a loan customer is asking about the CTR reporting limits and then changes the amount of the deposit to avoid a CTR being reported this is structuring. See reason C.

TERRORIST FINANCING

BSA TRAINING FOR THE BOARD 2014 58

FRAUD ITEMS

Lenders must be aware of potential money laundering activity for a business loan, consumer loan, credit/debit card fraud, or wire that involves fraud.

MONEY LAUNDERING

Lenders may become aware of suspicion concerning the source of funds for loan payments, designation of beneficiaries, wire transfers, third-party transactors, or an out of pattern transaction.

BSA TRAINING FOR THE BOARD 2014 59

OTHER SUSPICIOUS ACTIVITIES

Lenders should be alert to counterfeit instruments, forgeries, identity theft, misuse of rescission, no apparent business purpose.

MORTGAGE FRAUD

Lenders should be alert to fraud involving appraisals, foreclosure, loan modification, & reverse mortgages.

BSA TRAINING FOR THE BOARD 2014 60

SAR Reporting can involve these types of products:

Lenders should be alert to fraud involving credit & debit cards, home equity loans, home equity lines of credit, and residential mortgages,

BSA TRAINING FOR THE BOARD 2014 61

Due Diligence

BSA TRAINING FOR THE BOARD 2014 62

WHAT WE NEED TO KNOW !

Is this loan request being made for a legal purpose?

Are there any false statements on the loan application? Can you verify their source of income or business cash flows?

Is this applicant really who they claim to be? Is this a case of identity theft takeover?

Are the payments being made with legal funds? Are the payments being made in a consistent manner from a reasonable source of funds?

Are early pay-offs being made that are not reasonable or is not reasonable for that customer? What is the source of the pay-off?

Is the customer in a “high risk” geography or dealing in a “high risk” type of business, such as a Money Service Business or other cash-intensive business? Are the customers of the business located in a “high risk” geography?

BSA TRAINING FOR THE BOARD 2014 63

OVERVIEW OF DUE DILIGENCE

BSA TRAINING FOR THE BOARD 2014

Due Diligence should be done at account opening and during the LIFE of the account or loan.CIP is a critical step in due diligence

Customer due diligence (CDD) consists of routine questions which help predict account activity, but specifically identify persons and entities that may warrant enhanced due diligence

Enhanced due diligence (EDD) includes extra questions and verification. If there is a “higher risk” potential for money laundering then more information is required to predict account activity and increase the bank’s comfort level with the customer. “Higher risk” may be designated because of business activity, ownership structure, the anticipated or actual volume and types of transactions, including those located in high-risk jurisdictions.

Customer identification program (CIP) describes routine requirements for specific information which identifies the person or entity. Verification by documentary or non documentary methods is required by law

64

BSA TRAINING FOR THE BOARD 2014 65

DUE DILIGENCE FOR LOAN APPLICATIONS

As a condition of opening an account, lenders generally extract more customer information than most other areas of the bank. That information often includes:

financial statements, verification of assets, income statements, verification of income, consumer reports on individuals, business credit reports on entities and a business plan and cash flow projections, any additional information required by loan policy for that type of request

Many financial institutions use a CIP/CDD worksheet. If the loan request can be approved sometimes another review of the information may be necessary for BSA/AML purposes.

That second review may or may not involve a “checklist.” The lender will simply be looking for things that don’t make sense, or present additional risk factors for money laundering.

Here are some examples:

Example A : A loan application from a gas station owner indicates that the store cashes and sells checks. Does the store meet the definition of a money service business? If it does money transmissions it may need to be registered and monitored closely. There is also an ATM located in the business which raises another “red flag” for due diligence.

Example B: A corporation with all of its operations in your state is incorporated in another state, such as Delaware, or Nevada. Why was this done?

Example C: While the legal existence of the business can be verified, there is no established place of business, phone listing, web site, or other proof that establishes its existence.

Example D: A loan application from a restaurant shows income that is far greater than what is expected with the restaurant’s location, menu, and clientele. What is the real source of the income?

Example E: A corporate loan application shows a net worth that is not supported by the business’ current income or the length of time in business. What is the true source of the net worth?

Example F: A consumer loan application shows a net worth and types of assets that is not consistent with the individual’s age or past income. What is the true source of the net worth?

BSA TRAINING FOR THE BOARD 2014 66

BSA TRAINING FOR THE BOARD 2014 67

ENHANCED DUE DILIGENCE

Enhanced due diligence typically requires additional verification at account opening and during the life of the deposit account or loan. Here are some steps that may be considered (from the FFIEC BSA Exam Manual)

BSA TRAINING FOR THE BOARD 2014 68

MONEY SERVICE BUSINESS INCLUDES:

1. Currency dealers or exchangers who exchange more than $1,000 for any one customer one day.

2. Check cashers who cash checks totaling more than $1,000 for any one customer on one day.

3. Issuers of traveler’s checks, money orders or stored value who issue more than $1,000 in traveler’s checks, money orders or stored value for any one customer on any day.

4. Sellers of traveler’s checks, money orders or stored value who sell more than $1,000 in traveler’s checks, money orders or stored value for any one customer on any day.

5. Redeemers of traveler’s checks, money orders or stored value who redeem more than $1,000 in traveler’s checks, money orders or stored value for any one customer on any day.

6. Money transmitters.

7. US Postal Service.

8. Pre-paid card SALES

BSA TRAINING FOR THE BOARD 2014 69

THE FOLLOWING MONEY SERVICE BUSINESSES ARE NOT REQUIRED TO REGISTER:

1. A business is not required to register if it serves as an agent of another MSB.

Example: A supermarket corporation that sells money orders for an issuer of money orders is not required to register. This is true even if it serves as an agent for two or more MSBs. However, if it also engages in check cashing on its own behalf then the grocery store must register.

2. The US Postal Service, any agency of the United States, of any state, or of any political subdivision of any state.

3. At this time, persons are not required to register to the extent that they issue, sell or redeem stored value. If, however, a money services business provides money services in addition to stored value, the provision of stored value services does not relieve it of the responsibility to register, if required, as a provider of those other services.

BSA TRAINING FOR THE BOARD 2014 70

Customer Identification Program

BSA TRAINING FOR THE BOARD 2014 71

CUSTOMER IDENTIFICATION PROGRAM (CIP): PURPOSE

1. Overview

The regulations are added to the Bank Secrecy Act in an attempt to deter terrorism and money laundering. These regulations require all financial institutions to implement a Customer Identification Program.

2. Purpose

The regulations must contain certain requirements. At a minimum the regulations must require financial institutions to implement reasonable procedures for

Verifying the identify of any person who opens an account to the extent reasonable and practicable;

Maintaining records of the information used to verify the person’s identify, including name, address, and other identifying information; and

Determining whether the person appears on any lists of known or suspected terrorists of terrorist organizations provided to the financial institution by any government agency.

BSA TRAINING FOR THE BOARD 2014 72

CIP COMPLIANCE THE BIG PICTURE

Information Required(Prior to opening an account)

+Verification through documents

(Reasonable time after opening account) +

Nondocumentary verification(Reasonable time after opening account)

+326 Government List Check

+Recordkeeping

+ Customer Notice

=

CIP COMPLIANCE

BSA TRAINING FOR THE BOARD 2014 73

IDENTIFICATION – SOME SUGGESTIONS

It has always been due diligence to require two forms of identification such as one primary and a secondary piece of identification to prevent fraud and money laundering at new accounts. It would seem prudent to identify in your policy what types of identification your bank will accept. Here are some suggestions.

SUMMARY OF TYPES OF IDENTIFICATIONGENERALLY, RECOMMENDED THAT YOU GET ONE PRIMARY AND A SECONDARY PIECE OF IDENTIFICATION

PRIMARY SECONDARY UNACCEPTABLE

SHOULD INCLUDE PICTURE, DESCRIPTION

AND SIGNATURE

HAS SOME BUT NOT ALL OF THE

COMPONENTS OF PRIMARY ID

EASILY STOLEN, EASILY REPRODUCED—NOT

ACCEPTED AS ID GENERALLY

Driver’s License/ non driver’s identification card

Passport US Government US Military Alien registration card

Primary identification—includes picture, description of person, and signature. Should be accompanied with a second piece of identification.Use “bar books” to verify primary identification. See http://www.idcheckingguide.com/

Social Security card Voter’s registration Birth Certificate Credit cards Bank cards State government Local government Company identification Police identification Insurance cards

Secondary identification—has components of primary but not considered as primary. Acceptable as a second piece of identification. Never acceptable to open an account alone.

Hunting license Marriage license Rotary club card Library card Blockbuster video card Sam’s club card Panty hose card Country club card

Never acceptable as identification. This is a short list. There are many, many forms of identification which are unacceptable.

BSA TRAINING FOR THE BOARD 2014 74

BSA TRAINING FOR THE BOARD 2014 75

OFFICE OF FOREIGN ASSETS CONTROL (OFAC)

1. Overview

The Office of Foreign Assets Control (OFAC) is a division of the U.S. Treasury. OFAC’s purpose is to enforce sanctions against foreign countries, their agents, terrorists or other threats against the United States national security. It is not just the countries but also individuals called “Specially Designated Nationals” also called a “Blocked Person”. We are required to block or freeze any accounts for these individuals or countries within 10 days from the occurrence of the activity. Your institution can be fined and penalized for failure to comply with OFAC.

1. The List

The OFAC list is updated frequently and should be kept up to date at your financial institution. Before we open an account, it is a good idea to check the list to make sure that the person or entity opening the account is not on the list. That way we can prevent subsequent action of blocking and freezing assets. Your financial institution should have established procedures to continually audit and check for compliance with OFAC guidelines. Since the list is updated often, an account that you opened up last year may now be on this list. This is not something that you can prevent at the new accounts desk.

Website for OFAC list:www.treasury.gov/offices/enforcement/ofac/sdn

OFAC Compliance Web Sitewww.ofaccompliance.com

Fax on Demand 202-622-0077

Compliance Hotline 202-622-2490

BSA TRAINING FOR THE BOARD 2014 76

CUSTOMER NOTICE FOR CIP

Section 103.121(b)(5)(i) Customer noticeThe CIP must include procedures for providing bank customers with adequate notice that the bank is requesting information to verify their identities.(ii) Adequate notice. Notice is adequate if the bank generally describes the identification requirements of this section and provides the notice in a manner reasonably designed to ensure that a customer is able to view the notice, or is otherwise given notice, before opening an account. For example, depending upon the manner in which the account is opened, a bank may post a notice in the lobby or on its website, include the notice on its account applications, or use any other form of written or oral notice.(iii) Sample notice. If appropriate, a bank may use the following sample language to provide notice to its customers:

IMPORTANT INFORMATION ABOUT PROCEDURES FOR OPENING A NEW

ACCOUNT

To help the government fight the funding of terrorism and money laundering activities, Federal law requires all financial institutions to obtain, verify, and record information that identifies each person who opens an account.

What this means for you: When you open an account, we will ask for your name, address, date of birth, and other information that will allow us to identify you. We may also ask to see your driver’s license or other identifying documents.

BSA TRAINING FOR THE BOARD 2014 77

BSA TRAINING FOR THE BOARD 2014 78

EXEMPTIONS TO CIP & OTHER REQUIREMENTS

Section 103.121 (c) Exemptions.The appropriate Federal functional regulator, with the concurrence of the Secretary, may, by order or regulation, exempt any bank or type of account from the requirements of this section. The Federal functional regulator and the Secretary shall consider whether the exemption is consistent with the purposes of the Bank Secrecy Act and with safe and sound banking, and may consider other appropriate factors. The Secretary will make these determinations for any bank or type of account that is not subject to the authority of a Federal functional regulator.

Section 103.121 (d) Other requirements unaffectedNothing in this section relieves a bank of its obligation to comply with any other provision in this part, including provisions concerning information that must be obtained, verified or maintained in connection with any account or transaction.

You still must file a CTR for currency transactions over $10,000 and record and maintain identification information as required under the Bank Secrecy Act.

BSA TRAINING FOR THE BOARD 2014 79