AML monitoring within the organization has become quite complex from the current COVID situation and possibilities of money laundering and changes in regulations and reporting requirements.
The current pandemic has increased the possibility of increased money laundering. At the same time the staff’s ability to comprehensively monitor AML has been put to test. This has dramatically increased the industry’s appreciation for and awareness of leading-edge digital engagement.
A firm’s AML Monitoring processes is one of the key areas of regulatory examinations and violations may be hit with heavy fines. The New AML 2020 rule passed by the Congress has substantial implications in the AML processes being followed as well.
La Meer and its cloud-based GRACE AML solution offers financial firms the way to conduct AML monitoring on a consistent and efficient basis, across their KYC, CDD, Suspicious Activity Monitoring, SAR Reporting obligations as well as establishing the policies and procedures, online attestation, training the staff about the procedures to be followed and conduct risk assessments to identify potential weaknesses through a unified, automated and easy to use workflow-based approach. The system is the single source of truth for books and records on all clients, due diligence and monitoring and can help the firm answer any queries from regulators and manage their examinations to prove their AML process.
Please check the web recording of our AML webinar here.
Empowering staff with a web-based system to record customer due diligence, receive automated alerts on each client for PEP, Sanctions, Adverse Media, Beneficiary Ownership and Suspicious transactions can help them spend their time on analyzing the data instead of data gathering, making the AML monitoring far more effective.
The New AML 2020
The Anti-Money Laundering Act of 2020 (AML Act), enacted on January 1, 2021 as part of the National Defense Authorization Act for Fiscal Year of 2021 (NDAA), makes several significant changes to U.S. anti-money laundering (AML) laws and regulations.
The key provisions of the AML Act, including:
- Enhanced beneficial ownership reporting requirements;
- Expanded authorities for enforcement, subpoenas and whistleblower protection; and
- Expanded coordination and transparency efforts.
Beneficial Ownership Reporting Requirements
The most significant aspect of the AML Act involves the Corporate Transparency Act (CTA), which establishes new reporting requirements for legal entities and a new beneficial ownership registry to be maintained by FinCEN to “combat the abuse of anonymous companies, which can be used to facilitate money laundering, the financing of terrorism, proliferation finance, tax evasion, human and drug trafficking, sanctions evasion, and other financial crimes.”
Reporting Requirements
The CTA defines a “beneficial owner” as “an individual who, directly or indirectly, through any contract, arrangement, understanding, relationship, or otherwise
- Exercises substantial control over the entity or
- Owns or controls not less than 25 percent of the ownership interests of the entity.”
Reporting companies are required to submit to FinCEN the following information about their beneficial owners: name, date of birth, address, and unique identifying number (e.g., driver’s license number or passport number).
- Under the CTA, each “reporting company” will be required to submit a report to FinCEN identifying each “beneficial owner” and each “applicant” of the reporting company (UBO Report).
- The UBO Report must be submitted at the time of formation of the reporting company, and the UBO Report must be updated within one year of any change to the information required therein.
- Unlike FinCEN’s current beneficial ownership requirements, the CTA does not require individuals to submit a social security number. Instead, the CTA only requires individuals to provide a unique identifying number from an acceptable identification document, which may include a non-expired U.S. passport, as well as any non-expired identification document issued by a state or local government or an Indian Tribe. For non-U.S. resident individuals, a non-expired passport issued by a foreign government would be required
- The CTA imposes criminal and civil penalties for willful reporting violations as well as unauthorized disclosure or use violations. Any person who willfully provides or attempts to provide false information in a UBO Report, or who willfully fails to provide complete or update beneficial ownership information, is subject to a civil penalty of not more than $500 per day during the period the violation occurred and has not been remedied, as well as criminal penalties of not more than $10,000, up to two years imprisonment, or both.
- Willful violations of the disclosure and unauthorized use prohibitions are subject to the same civil monetary penalties, as well as criminal penalties of up to $250,000, up to five years imprisonment, or both. The CTA provides a conditional safe harbor for any violations, provided the UBO Report is corrected within 90 days.
- The CTA mandates that FinCEN promulgate rules to implement the CTA requirements within one year of enactment – January 1, 2021
- Greatly expands enforcement and investigation-related authority including an expansion of the duties, powers, and functions of the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) and the authority of U.S. courts to subpoena foreign banks that maintain correspondent accounts with U.S. banks;
- Aligns supervision and examination priorities by emphasizing coordination, cooperation, and information-sharing among financial institutions, U.S. financial regulators and foreign financial regulators.
AML Act and Penalties
The AML Act significantly amends BSA enforcement- and investigation-related provisions. Some of the more notable provisions requiring attention are:
Heightened Civil Penalties for additional fine in the case of repeat BSA violations (including violations of rules issued under the BSA) up to the greater of three times the profit gained or loss avoided as a result of the violation or two times the maximum applicable penalty and no minimum or maximum duration between violations is specified.
Bar on Service by Individuals on Boards: An additional amendment to the BSA’s civil penalty provision will provide for a 10-year prohibition on serving on the board of directors of a U.S. financial institution for any individual who commits an “egregious violation” of the BSA, beginning on the date on which the conviction (or judgment) with respect to the egregious violation is entered
Expanded Subpoena Authority for Foreign Banks with U.S. Correspondent Accounts: The AML Act expands authority to include “any records relating to the correspondent account or any account at the foreign bank, including records maintained outside the United States” (emphasis added), provided it is the subject of any one of several enumerated types of investigations or actions. A U.S. financial institution also may be required to terminate a correspondent relationship with a foreign bank that has failed to comply with such a subpoena. A U.S. financial institution’s failure to terminate the correspondent relationship may result in a civil penalty of up to $25,000 per day until the relationship is terminated.
The AML Act also includes a nondisclosure provision, which prohibits foreign banks from notifying account holders involved, or any person named in the subpoena, about the existence or contents of the subpoena. In the event of a violation of the nondisclosure provision, the Attorney General may seek civil penalties of double the amount of the suspected criminal proceeds sent through the foreign correspondent account, or if no such proceeds can be identified, up to $250,000.
BSA-Specific Whistleblower Incentives and Protections: The AML Act expands the BSA’s existing provisions for rewards for informants and protections to whistleblowers. The amendments will provide protections against retaliation against individuals who provide original information to their employer, Treasury or DOJ, relating to violations of U.S. money laundering laws. Treasury also will be permitted to award up to 30% of the total recovered monetary sanctions for BSA violations (after certain applicable exclusions), provided that the sanctions exceed $1 million.
FINRA/SEC Expectations from Organizations
Establishment of AML Policies and Procedures
- AML program should be “risk-based.” That means that the program’s AML policies, procedures and internal controls should be designed to address the risk of money laundering specific to your firm
- FINRA expects your firm to have internal controls in place to identify when circumstances change in such a way as to trigger previously inapplicable AML requirements and to amend your AML policies and procedures to accurately reflect all AML requirements that are applicable to your business.
- For CIP (Customer Identification Program) purposes, the firm is expected to identify and develop procedures for any additional AML requirements that do apply (e.g., suspicious activity monitoring and reporting).
- Money laundering is generally defined as engaging in acts designed to conceal or disguise the true origins of criminally derived proceeds so that the proceeds appear to have derived from legitimate origins or constitute legitimate assets
- Types of fraudulent activities include insider trading, market manipulation, Ponzi schemes, cybercrime and other investment-related fraudulent activity.
- Terrorist financing may not involve the proceeds of criminal conduct, but rather an attempt to conceal either the origin of the funds or their intended use, which could be for criminal purposes.
- Legitimate sources of funds are a key difference between terrorist financiers and traditional criminal organizations.
- In addition to charitable donations, legitimate sources include foreign government sponsors, business ownership and personal employment. Although the motivation differs between traditional money launderers and terrorist financiers, the actual methods used to fund terrorist operations can be the same as or similar to methods used by other criminals to launderfunds. Funding for terrorist attacks does not always require large sums of money and the associated transactions may not be complex.
SAR and FINCEN Requests
- The AML Compliance Person should ensure that the firm keeps and maintains all of the required AML records and will ensure that Suspicious Activity Reports (SAR-SFs) are filed with the Financial Crimes Enforcement Network (FinCEN) when appropriate.
- When FinCEN Requests Under USA PATRIOT Act Section 314(a) the AML officer has to respond by immediately searching records to determine whether the firm maintains or has maintained any account for, or have engaged in any transaction with, each individual, entity or organization named in the 314(a) within 14 days of the request including
- Trades from outside the country
- It is firm’s responsibility to report Beneficiary ownership to FINCEN for new clients
National Security Letter request
National Security Letters (NSLs) are written investigative demands that may be issued by the local Federal Bureau of Investigation (FBI) and other federal government authorities conducting counterintelligence and counterterrorism investigations to obtain, among other things, financial records of broker-dealers. NSLs are highly confidential. No broker-dealer, officer, employee or agent of the broker-dealer can disclose to any person that a government authority or the FBI has sought or obtained access to records. Firms that receive NSLs must have policies and procedures in place for processing and maintaining the confidentiality of NSLs. If you file a Suspicious Activity Report (SAR-SF) after receiving a NSL, the SAR-SF should not contain any reference to the receipt or existence of the NSL.
Checking the Office of Foreign Assets Control Listings
Although not part of the BSA and its implementing regulations, the Office of Foreign Assets Control (OFAC) compliance is often performed in conjunction with AML compliance. OFAC is an office of the U.S. Treasury that administers and enforces economic sanctions and embargoes based on U.S. foreign policy and national security goals that target geographic regions and governments (e.g., Cuba, Sudan and Syria), as well as individuals or entities that could be anywhere (e.g., international narcotics traffickers, foreign terrorists and proliferators of weapons of mass destruction). As part of its enforcement efforts, All parties have to be verified with OFAC SDN List before opening an account and for existing accounts
Customer Identification Program and the true identity of the customer
Firms are required to have and follow reasonable procedures to document and verify the identity of their customers who open new accounts. These procedures must address the types of information the firm will collect from the customer and how it will verify the customer’s identity to form a reasonable belief that it knows the true identity of its customers.
The firm’s customer identification program (CIP) must be in writing and be part of the firm’s AML compliance program.
Specifically, the CIP rule defines a “customer” as
- a person that opens a new account or
- an individual who opens a new account for an individual who lacks legal capacity or for an entity that is not a legal person.
- “Customer” does not refer to persons who fill out account opening paperwork or who provide information necessary to establish an account, if such persons are not the accountholder as well.
Verifying CIP Information
- The information you gather may vary according to the risks posed by the type of account. The procedures must enable you to form a reasonable belief that you know the true identity of each customer. Among the risks to consider are the various types of accounts maintained by the firm, the various methods the firm uses to open accounts, the various types of identifying information available, and the firm’s size, location and customer base.
- If you believe that some of these risk factors increase the likelihood that you will need more information to know the true identity of your customers, you should determine what additional identifying information might be necessary for a reasonable belief that you know the true identity of your customer and when such additional information should be obtained.
- You will verify customer identity through documentary means, non-documentary means or both.
- You can use documents to verify customer identity when appropriate documents are available.
- In light of the increased instances of identity fraud, you can supplement the use of documentary evidence by using the non-documentary means described below whenever necessary.
- You may also use non-documentary means, if you are still uncertain about whether you know the true identity of the customer.
- In verifying the information, you should consider whether the identifying information that you receive, such as the customer’s name, street address, zip code, telephone number (if provided), date of birth and Social Security number, to determine that you have a reasonable belief that you know the true identity of the customer (e.g., whether the information is logical or contains inconsistencies).
Appropriate Documents for Verifying Identity
- For an individual, an unexpired government-issued identification evidencing nationality or residence and bearing a photograph or similar safeguard, such as a driver’s license or passport; and
- For a person other than an individual, documents showing the existence of the entity, such as certified articles of incorporation, a government-issued business license, a partnership agreement or a trust instrument.
- Independently verifying the customer’s identity through the comparison of information provided by the customer with information obtained from a consumer reporting agency, public database or other source
- Checking references with other financial institutions; or Obtaining a financial statement.
- Any non-documentary methods of verification when:
- (1) the customer is unable to present an unexpired government-issued identification document with a photograph or other similar safeguard;
- (2) the firm is unfamiliar with the documents the customer presents for identification verification;
- (3) the customer and firm do not have face-to-face contact; and
- (4) there are other circumstances that increase the risk that the firm will be unable to verify the true identity of the customer through documentary means
Lack of Verification
When you cannot form a reasonable belief that you know the true identity of a customer, you will do the following:
- not open an account;
- impose terms under which a customer may conduct transactions while you attempt to verify the customer’s identity;
- close an account after attempts to verify a customer’s identity fail; and
- determine whether it is necessary to file a SAR-SF in accordance with applicable laws and regulations.
Recordkeeping
- You will document our verification, including all identifying information provided by a customer, the methods used and results of verification, and the resolution of any discrepancies identified in the verification process.
- You will keep records containing a description of any document that you relied on to verify a customer’s identity, noting the type of document, any identification number contained in the document, the place of issuance, and if any, the date of issuance and expiration date.
- With respect to non-documentary verification, you will retain documents that describe the methods and the results of any measures you took to verify the identity of a customer.
- You will also keep records containing a description of the resolution of each substantive discrepancy discovered when verifying the identifying information obtained. You will retain records of all identification information for five years after the account has been closed;
- You will retain records made about verification of the customer’s identity for five years after the record is made.
Reliance on Another Financial Institution for Identity Verification
You may, under the following circumstances, rely on the performance by another financial institution (including an affiliate) of some or all of the elements of our CIP with respect to any customer that is opening an account or has established an account or similar business relationship with the other financial institution to provide or engage in services, dealings or other financial transactions when such reliance is reasonable under the circumstances; when the other financial institution is subject to a rule implementing the anti-money laundering compliance program requirements of 31 U.S.C. § 5318(h), and is regulated by a federal functional regulator; and when the other financial institution has entered into a contract with our firm requiring it to certify annually to us that it has implemented its anti-money laundering program and that it will perform (or its agent will perform) specified requirements of the customer identification program.
Customer Due Diligence Rule
On May 11, 2016, FinCEN adopted a final rule on Customer Due Diligence Requirements for Financial Institutions (CDD Rule) to clarify and strengthen customer due diligence for covered financial institutions, including broker-dealers. The Rule becomes effective on May 11, 2018.
In its CDD Rule, FinCEN identifies four components of customer due diligence:
- Customer identification and Verification;
- Beneficial Ownership Identification and Verification;
- Understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile; and
- Conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information.
Under the CDD Rule, firms must obtain from the natural person opening the account on behalf of the legal entity customer, the identity of the beneficial owners of the entity. In addition, that individual must certify, to the best of his or her knowledge, as to the accuracy of the information. FinCEN intends that the legal entity customer identify its ultimate beneficial owner(s) and not “nominees” or “straw men.”
Account Opening and Beneficiary Ownership
At the time of opening an account for a legal entity customer, will identify any individual that is a beneficial owner of the legal entity customer by identifying any individuals who directly or indirectly own 25% or more of the equity interests of the legal entity customer, and any individual with significant responsibility to control, manage, or direct a legal entity customer.
Understanding the Nature and Purpose of Customer Relationships
FinCEN states that the CDD Rule requires that firms must necessarily have an understanding of the nature and purpose of the customer relationship in order to determine whether a transaction is potentially suspicious and, in turn, to fulfill their SAR obligations
The CDD Rule requires that firms understand the nature and purpose of the customer relationship in order to develop a customer risk profile. The customer risk profile refers to information gathered about a customer to form the baseline against which customer activity is assessed for suspicious transaction reporting. A customer risk profile may consist of individualized risk scoring, placement of customers into risk categories or another means of assessing customer risk that allows firms to understand the risk posed by the customer and to demonstrate that understanding.
Ongoing Monitoring Obligation
FinCEN expects firms to use the customer information and customer risk profile as appropriate during the course of complying with their obligations under the BSA in order to determine whether a particular flagged transaction is suspicious
Depending on the facts and circumstances, a customer risk profile may include such information as:
- The type of customer;
- The account or service being offered;
- The customer’s income;
- The customer’s net worth;
- The customer’s domicile;
- The customer’s principal occupation or business; and
- In the case of existing customers, the customer’s history of activity.
Conducting Ongoing Monitoring to Identify and Report Suspicious Transactions
As with the requirement to understand the nature and purpose of the customer relationship, the requirement to
- Conduct ongoing monitoring to identify and
- Report suspicious transactions and, on a risk basis,
- Maintain and update customer information, including information regarding the beneficial ownership of legal entity customers,
- Adopt existing supervisory and regulatory expectations as explicit minimum standards of customer due diligence required for firms’ AML programs.
If, in the course of its normal monitoring for suspicious activity, the member firm detects information that is relevant to assessing the customer’s risk profile, the member firm must update the customer information, including the information regarding the beneficial owners of legal entity customers
Identifying Foreign Correspondent bank accounts
Firms have to identify foreign bank accounts and any such account that is a correspondent account (any account that is established for a foreign bank to receive deposits from, or to make payments or other disbursements on behalf of, the foreign bank, or to handle other financial transactions related to such foreign bank) for foreign shell banks
- Upon finding or suspecting such accounts, firm employees will notify the AML Compliance Person, who will terminate any verified correspondent account in the United States for a foreign shell bank.
The Firm must also terminate any correspondent account that is determined is not maintained by a foreign shell bank but is being used to provide services to such a shell bank.
The firm will exercise caution regarding liquidating positions in such accounts and take reasonable steps to ensure that no new positions are established in these accounts during the termination period.
The firm will terminate any correspondent account for which you have not obtained the information described in Appendix A of the regulations regarding shell banks within the time periods specified in those regulations
Certifications for Foreign Bank
You will require our foreign bank account holders to
- Identify the owners of the foreign bank if it is not publicly traded,
- The name and street address of a person who resides in the United States and
- Is authorized and has agreed to act as agent for acceptance of legal process,
- An assurance that the foreign bank is not a shell bank
- Nor is it facilitating activity of a shell bank.
Recordkeeping for Correspondent Accounts for Foreign Banks
- Firms must keep records identifying the owners of foreign banks with U.S. correspondent accounts and the name and address of the U.S. agent for service of legal process for those banks.
Due Diligence and Enhanced Due Diligence Requirements for Correspondent Accounts of Foreign Financial Institutions
Controls must be established that are reasonably designed to enable the firm to detect and report, on an ongoing basis, any known or suspected money laundering activity conducted through or involving any correspondent account established, maintained, administered or managed by the firm for a foreign financial institution.
A foreign financial institution is:
(1) a foreign bank;
(2) any branch or office located outside the United States of a broker-dealer; futures commission merchant or introducing broker; or open-end mutual fund company;
(3) any other person organized under foreign law (other than a branch or office of such person in the United States) that, if located in the United States, would be a broker-dealer; futures commission merchant or introducing broker; or open-end mutual fund company; and
(4) any person organized under foreign law (other than a branch or office of such person in the United States) that is engaged in the business of, and is readily identifiable as: (a) a currency dealer or exchanger; or (b) a money transmitter.
A person, however, is not “engaged in the business” of a currency dealer, a currency exchanger or a money transmitter if such transactions are merely incidental to the person’s business.
Definition of Correspondent Account
A “correspondent account” is defined in this context as any account established for a foreign financial institution to receive deposits from, or to make payments or other disbursement on behalf of, the foreign financial institution, or to handle other financial transactions for the foreign financial institution.
“Account” is defined as any formal relationship established with a broker or dealer in securities to provide regular services to effect transactions in securities, including but not limited to, the purchase or sale of securities and securities loaned and borrowed activity, and to hold securities or other assets for safekeeping or as collateral.
For broker-dealers, correspondent accounts established on behalf of foreign financial institutions include, but are not limited to:
- accounts to purchase, sell, lend, or otherwise hold securities, including securities repurchase programs;
- prime brokerage accounts that clear and settle securities transactions for clients;
- accounts for trading foreign currency;
- custody accounts for holding securities or other assets in connection with securities transactions as collateral; and
- over-the-counter derivative contracts.
Correspondent Bank Risk Factors classification
- If you have correspondent accounts for foreign financial institutions, you will assess the money laundering risk posed, based on a consideration of relevant risk factors. you can apply all or a subset of these risk factors depending on the nature of the foreign financial institutions and the relative money laundering risk posed by such institutions. The relevant risk factors can include:
- the nature of the foreign financial institution’s business and the markets it serves;
- the type, purpose and anticipated activity of such correspondent account;
- the nature and duration of the firm’s relationship with the foreign financial institution and its affiliates;
- the anti-money laundering and supervisory regime of the jurisdiction that issued the foreign financial institution’s charter or license and, to the extent reasonably available, the jurisdiction in which any company that is an owner of the foreign financial institution is incorporated or chartered; and
- information known or reasonably available to the covered financial institution about the foreign financial institution’s anti-money laundering record.
On going monitoring
The firm should apply risk-based due diligence procedures and controls to each financial foreign institution correspondent account on an ongoing basis.
This includes periodically reviewing the activity of each foreign financial institution correspondent sufficient to ensure whether the nature and volume of account activity is generally consistent with the information regarding the purpose and expected account activity and to ensure that the firm can adequately identify suspicious transactions.
One procedure to use instead is to use any account profiles for correspondent accounts to anticipate how the account might be used and the expected volume of activity to help establish baselines for detecting unusual activity.
Enhanced due diligence
The BSA, as amended by Section 312 of the USA PATRIOT Act, and the rules promulgated thereunder require, in part, that a firm’s due diligence program for correspondent accounts of foreign financial institutions include the performance of enhanced due diligence on correspondent accounts for any foreign bank that operates under:
(1) an offshore banking license;
(2) a banking license issued by a foreign country that has been designated as non-cooperative with international anti-money laundering principles or procedures by an intergovernmental group or organization of which the United States is a member and with which designation the U.S. representative to the group or organization concurs; or
(3) a banking license issued by a foreign country that has been designated by the Secretary of the Treasury as warranting special measures due to money laundering concerns.
Due Diligence and Enhanced Due Diligence Requirements for Private Banking Accounts/Senior Foreign Political Figures
Firms must have a due diligence program that is reasonably designed to detect and report any known or suspected money laundering conducted through or involving any private banking account maintained by or on behalf of a non-U.S. person, as well as the existence of the proceeds of foreign corruption in any such account.
This requirement applies to all private banking accounts for non-U.S. persons, regardless of when they were opened. Accounts requested or maintained by or on behalf of “senior foreign political figures,” which is defined below and includes their immediate family members and close known associates, require enhanced scrutiny. Senior foreign political figures are often referred to as “politically exposed persons” or “PEPs.”
A “private banking” account is an account (or any combination of accounts) that requires a minimum aggregate deposit of $1,000,000, is established for one or more individuals and is assigned to or administered or managed by, in whole or in part, an officer, employee or agent of a financial institution acting as a liaison betyouen the financial institution and the direct or beneficial owner of the account.
A “senior foreign political figure” includes a current or former senior official in the executive, legislative, administrative, military or judicial branches of a foreign government (whether elected or not), a senior official of a major foreign political party, or a senior executive of a foreign government-owned commercial enterprise; a corporation, business, or other entity formed by or for the benefit of any such individual; an immediate family member of such an individual; or any individual widely and publicly known (or actually known by the firm) to be a close personal or professional associate of such an individual.
Compliance with FinCEN’s Issuance of Special Measures Against Foreign Jurisdictions, Financial Institutions or International Transactions of Primary Money Laundering Concern
If the final rule deems a certain bank and its subsidiaries (Specified Banks) to be of primary money laundering concern, a special measure may be a prohibition from opening or maintaining a correspondent account in the United States for, or on behalf of, the Specified Banks. In that case, you will take the following steps:
(1) you will review our account records, including correspondent account records, to ensure that our accountholders and correspondent accountholders maintain no accounts directly for, or on behalf of, the Specified Banks; and
(2) you will apply due diligence procedures to our correspondent accounts that are reasonably designed to guard against indirect use of those accounts by the Specified Banks. Such due diligence may include:
Notification to Correspondent Accountholders
you will notify our correspondent accountholders that the account may not be used to provide the Specified Banks with access to us
- You will transmit the notice to our correspondent accounts using the following method and you shall retain documentation of such notice.
Identification of Indirect Use
- you will take reasonable steps in order to identify any indirect use of our correspondent accounts by the Specified Banks. you will determine if such indirect use is occurring from transactional records that you maintain in the normal course of business. you will take a risk-based approach when deciding what, if any, additional due diligence measures you should adopt to guard against the indirect use of correspondent accounts by the Specified Banks, based on risk factors such as the type of services offered by, and geographic locations of, their correspondents.
- you understand that you have an ongoing obligation to take reasonable steps to identify all correspondent account services our correspondent accountholders may directly or indirectly provide to the Specified Banks.
Monitoring Accounts for Suspicious Activity
- Broker-dealers must establish risk-based procedures reasonably designed to detect and report suspicious transactions in order to comply with the BSA and FINRA Rule 3310.
- The risk of suspicious activity will vary for each firm depending on its size and location and based on its business model and the products and services it offers. Your firm can identify that risk by looking at
- The type of customers it serves,
- Where its customers are located, and
- The types of products and services it offers.
- Additionally, your procedures should identify “red flags” or indicators of possible suspicious activity to identify circumstances warranting further due diligence by the firm. Higher risk accounts and transactions generally need to be subjected to greater scrutiny.
You will monitor account activity for
- Unusual size,
- Volume,
- Pattern or
- Type of transactions,
- Taking into account risk factors and Red flags that are appropriate to your business.
Emergency Notification to Law Enforcement by Telephone
In situations involving violations that require immediate attention, such as
- Terrorist financing or
- Ongoing money laundering schemes,
You will immediately call an appropriate law enforcement authority.
- If a customer or company appears on OFAC’s SDN list, you will call the OFAC Hotline at (800) 540-6322.
- Other contact numbers you will use are: FinCEN’s Financial Institutions Hotline ((866) 556-3974) (especially to report transactions relating to terrorist activity), local U.S. Attorney’s office (insert contact number), local FBI office (insert contact number) and local SEC office (insert contact number) (to voluntarily report such violations to the SEC in addition to contacting the appropriate law enforcement authority). If you notify the appropriate law enforcement authority of any such activity, you must still file a timely SAR-SF.
- Although you are not required to, in cases where you have filed a SAR-SF that may require immediate attention by the SEC, you may contact the SEC via the SEC SAR Alert Message Line at (202) 551-SARS (7277) to alert the SEC about the filing.
- You understand that calling the SEC SAR Alert Message Line does not alleviate our obligations to file a SAR-SF or notify an appropriate law enforcement authority.
Red Flags – Customers – Insufficient or Suspicious Information
- Provides unusual or suspicious identification documents that cannot be readily verified.
- Reluctant to provide complete information about nature and purpose of business, prior banking relationships, anticipated account activity, officers and directors or business location.
- Refuses to identify a legitimate source for funds or information is false, misleading or substantially incorrect.
- Background is questionable or differs from expectations based on business activities.
- Customer with no discernable reason for using the firm’s service.
Efforts to Avoid Reporting and Recordkeeping
- Reluctant to provide information needed to file reports or fails to proceed with transaction
- Tries to persuade an employee not to file required reports or not to maintain required records.
- “Structures” deposits, withdrawals or purchase of monetary instruments below a certain amount to avoid reporting or recordkeeping requirements
- Unusual concern with the firm’s compliance with government reporting requirements and firm’s AML policies.
Certain Funds Transfer Activities
- Wire transfers to/from financial secrecy havens or high-risk geographic location without an apparent business reason.
- Many small, incoming wire transfers or deposits made using checks and money orders. Almost immediately withdrawn or wired out in manner inconsistent with customer’s business or history. May indicate a Ponzi scheme.
- Wire activity that is unexplained, repetitive, unusually large or shows unusual patterns or with no apparent business purpose
Certain Securities Transactions
- Customer engages in prearranged or other non-competitive trading, including wash or cross trades of illiquid securities.
- Two or more accounts trade an illiquid stock suddenly and simultaneously.
- Customer journals securities betyouen unrelated accounts for no apparent business reason.
- Customer has opened multiple accounts with the same beneficial owners or controlling parties for no apparent business reason.
- Customer transactions include a pattern of receiving stock in physical form or the incoming transfer of shares, selling the position and wiring out proceeds.
- Customer’s trading patterns suggest that he or she may have inside information.
Transactions Involving Penny Stock Companies
- Company has no business, no revenues and no product.
- Company has experienced frequent or continuous changes in its business structure.
- Officers or insiders of the issuer are associated with multiple penny stock issuers.
- Company undergoes frequent material changes in business strategy or its line of business.
- Officers or insiders of the issuer have a history of securities violations.
- Company has not made disclosures in SEC or other regulatory filings.
- Company has been the subject of a prior trading suspension
Transactions Involving Insurance Products
- Cancels an insurance contract and directs funds to a third party.
- Structures withdrawals of funds following deposits of insurance annuity checks signaling an effort to avoid BSA reporting requirements.
- Rapidly withdraws funds shortly after a deposit of a large insurance check when the purpose of the fund withdrawal cannot be determined.
- Cancels annuity products within the free look period which, although could be legitimate, may signal a method of laundering funds if accompanied with other suspicious indicia.
- Opens and closes accounts with one insurance company then reopens a new account shortly thereafter with the same insurance company, each time with new ownership information.
- Purchases an insurance product with no concern for investment objective or performance.
- Purchases an insurance product with unknown or unverifiable sources of funds, such as cash, official checks or sequentially numbered money orders.
Activity Inconsistent With Business
- Transactions patterns show a sudden change inconsistent with normal activities.
- Unusual transfers of funds or journal entries among accounts without any apparent business purpose.
- Maintains multiple accounts, or maintains accounts in the names of family members or corporate entities with no apparent business or other purpose.
- Appears to be acting as an agent for an undisclosed principal, but is reluctant to provide information.
Other Suspicious Customer Activity
- Unexplained high level of account activity with very low levels of securities transactions.
- Funds deposits for purchase of a long-term investment folloyoud shortly by a request to liquidate the position and transfer the proceeds out of the account.
- Law enforcement subpoenas.
- Large numbers of securities transactions across a number of jurisdictions.
- Buying and selling securities with no purpose or in unusual circumstances (e.g., churning at customer’s request).
- Payment by third-party check or money transfer without an apparent connection to the customer.
- Payments to third-party without apparent connection to customer.
- No concern regarding the cost of transactions or fees (i.e., surrender fees, higher than necessary commissions, etc.).
Responding to Red Flags and Suspicious Activity
- When an employee of the firm detects any red flag, or other activity that may be suspicious, he or she will notify [include procedures for escalation of suspicious activity]. Under the direction of the AML Compliance Person, the firm will determine whether or not and how to further investigate the matter. This may include gathering additional information internally or from third-party sources, contacting the government, freezing the account and/or filing a SAR-SF.
Filing a SAR-SF
You will file SAR-SFs with FinCEN for any transactions (including deposits and transfers) conducted or attempted by, at or through our firm involving $5,000 or more of funds or assets (either individually or in the aggregate) where you know, suspect or have reason to suspect:
- The transaction involves funds derived from illegal activity or is intended or conducted in order to hide or disguise funds or assets derived from illegal activity as part of a plan to violate or evade federal law or regulation or to avoid any transaction reporting requirement under federal law or regulation;
- The transaction is designed, whether through structuring or otherwise, to evade any requirements of the BSA regulations;
- The transaction has no business or apparent lawful purpose or is not the sort in which the customer would normally be expected to engage, and after examining the background, possible purpose of the transaction and other facts, you know of no reasonable explanation for the transaction; or
- The transaction involves the use of the firm to facilitate criminal activity
- You will also file a SAR-SF and notify the appropriate law enforcement authority in situations involving violations that require immediate attention, such as terrorist financing or ongoing money laundering schemes.
- You may file a voluntary SAR-SF for any suspicious transaction that you believe is relevant to the possible violation of any law or regulation but that is not required to be reported by us under the SAR rule.
- All SAR-SFs should be reported regularly to the Board of Directors and appropriate senior management, with a clear reminder of the need to maintain the confidentiality of the SAR-SF.
- You will report suspicious transactions by completing a SAR-SF, and you will collect and maintain supporting documentation as required by the BSA regulations
- You will file a SAR-SF no later than 30 calendar days after the date of the initial detection of the facts that constitute a basis for filing a SAR-SF
Record Keeping for Filing a SAR-SF
- You will retain copies of any SAR-SF filed and the original or business record equivalent of any supporting documentation for five years from the date of filing the SAR-SF. You will identify and maintain supporting documentation and make such information available to FinCEN, any other appropriate law enforcement agencies, federal or state securities regulators or SROs upon request.
- You will not notify any person involved in the transaction that the transaction has been reported, except as permitted by the BSA regulations. you understand that anyone who is subpoenaed or required to disclose a SAR-SF or the information contained in the SAR-SF will, except where disclosure is requested by FinCEN, the SEC, or another appropriate law enforcement or regulatory agency, or an SRO registered with the SEC, decline to produce the SAR-SF or to provide any information that would disclose that a SAR-SF was prepared or filed. you will notify FinCEN of any such request and our response.
Currency Transaction Reporting
Funds Transmittals of $3,000 or More Under the Travel Rule
AML Recordkeeping Responsibility for Required AML Records and SAR-SF Filing
- Firm will create and maintain SAR-SFs, CTRs, CMIRs, FBARs, and relevant documentation on customer identity and verification and funds transmittals.
- You will maintain SAR-SFs and their accompanying documentation for at least five years. you will keep other documents according to existing BSA and other recordkeeping requirements, including certain SEC rules that require six-year retention periods
The SEC’s Division of Examinations’ Continued Focus on Digital Asset Securities* Risk Alert on Feb 26, 2021
The SEC staff has identified risks from recent examinations of investment advisers managing Digital Asset Securities, as well as other digital assets and derivative products, for their clients either directly or indirectly through pooled vehicles (e.g., private funds). Based on these observations, examinations will focus on regulatory compliance associated with, among other things:
Investment Advisors Portfolio management calls for a review of policies, procedures, and practices of investment advisers investing client assets in Digital Asset Securities and other digital assets will focus in particular on the following areas:
- Classification of digital assets managed on behalf of their clients, including whether they are classified as securities; 2
- Due diligence on digital assets (e.g., that the adviser understands the digital asset, wallets, or any other devices or software used to interact with the relevant digital asset network or application, and the relevant liquidity and volatility of the digital asset);
- Evaluation and mitigation of risks related to trading venues and trade execution or settlement facilities (e.g., with respect to security breaches, fraud, insolvency, market manipulation, the quality of market surveillance, KYC/AML procedures, and compliance with applicable rules and regulations);
- Management of risks and complexities associated with “forked” and “airdropped” digital assets (e.g., allocations thereof across client accounts, conflicts of interest, or other issues that may result from the fork or airdrop event); 3 and
- Fulfillment of their fiduciary duty with respect to investment advice – across all client types