Transcript
Page 1: Final CDD Rule - How We Got Here and What To Do Now

CDD – A BRIEF H

ISTORY &

GLIMPSE IN

TO TH

E

FUTU

RE

Page 2: Final CDD Rule - How We Got Here and What To Do Now

WHO WE ARECarey Rome - CEO, autoAMLCarey is the CEO of autoAML. Leveraging his 20 years of business and management consulting experience, Carey founded autoAML to help BSA Officers do more with less.

Nick Guest, CAMS - Director of BSA Risk, autoAMLNick has provided BSA/AML risk guidance, project operations oversight and organizational change management services to local, national and international companies across industries in the private and public sectors. 

Page 3: Final CDD Rule - How We Got Here and What To Do Now

KEY POINTS TO BE MADE

1. 3 significant events driving the new CDD rule

2. One consistent theme in every enforcement

action

3. What you can do now to prepare

Page 4: Final CDD Rule - How We Got Here and What To Do Now

KEY TERMSBSA – Bank Secrecy ActAML – Anti-Money LaunderingCFT – Combatting the Financing of TerrorismKYC – Know Your CustomerCIP – Customer Identification ProgramCDD – Customer Due DiligenceBOV – Beneficial Ownership Verification SAR - Suspicious Activity ReportCTR – Currency Transaction Report

Page 5: Final CDD Rule - How We Got Here and What To Do Now

HISTORY OF BSA/AML

1970 - present

Page 6: Final CDD Rule - How We Got Here and What To Do Now

SIMPLIFIED BSA/AML HISTORY TIMELINE

BSA1970

9/11Patriot

Act2001

2008

Great Recessi

on

Panama Papers

2016

Final CDD Rule (BOV)

Page 7: Final CDD Rule - How We Got Here and What To Do Now

First Significant Event

Page 8: Final CDD Rule - How We Got Here and What To Do Now

• How did this get started? - Bags of Money

• What did it do?

• What is it’s main goal?

1970 – PASSAGE OF BANK SECRECY ACT

Page 9: Final CDD Rule - How We Got Here and What To Do Now

BACK SECRECY ACT – 1970• Established REQUIREMENTS FOR

RECORDKEEPING AND REPORTING by private individuals, banks and other financial institutions

• Designed to help IDENTIFY THE SOURCE, volume, and movement of currency and other monetary instruments transported or transmitted into or out of the United States or deposited in financial institutions

• Required banks to (1) report cash transactions over $10,000 using the Currency Transaction Report; (2) PROPERLY IDENTIFY PERSONS CONDUCTING TRANSACTIONS; and (3) maintain a paper trail by keeping appropriate records of financial transactions

Page 10: Final CDD Rule - How We Got Here and What To Do Now

MONEY LAUNDERING CONTROL ACT (1986)• Established money laundering as a federal crime• Prohibited STRUCTURING TRANSACTIONS to

evade CTR filings• Introduced civil and criminal forfeiture for BSA violations• Directed banks to establish and maintain procedures to

ensure and monitor compliance with the reporting and recordkeeping requirements of the BSA

Page 11: Final CDD Rule - How We Got Here and What To Do Now

ANTI-DRUG ABUSE ACT OF 1988• EXPANDED THE DEFINITION of financial institution

to include businesses such as CAR DEALERS AND REAL ESTATE CLOSING PERSONNEL and required them to file reports on large currency transactions

• Required the VERIFICATION OF IDENTITY of purchasers of monetary instruments over $3,000

Page 12: Final CDD Rule - How We Got Here and What To Do Now

ANNUNZIO-WYLIE AML ACT (1992)• STRENGTHENED THE SANCTIONS for BSA

violations• Required SUSPICIOUS ACTIVITY REPORTS and

eliminated previously used Criminal Referral Forms• Required VERIFICATION and recordkeeping for WIRE

TRANSFERS• Established the Bank Secrecy Act Advisory Group (BSAAG)

Page 13: Final CDD Rule - How We Got Here and What To Do Now

MONEY LAUNDERING SUPPRESSION ACT (1994)• Required banking agencies to review and enhance training, and DEVELOP

ANTI-MONEY LAUNDERING EXAMINATION PROCEDURES• Required banking agencies to REVIEW AND ENHANCE PROCEDURES for

referring cases to appropriate law enforcement agencies• STREAMLINED CTR EXEMPTION process• REQUIRED EACH MONEY SERVICES BUSINESS (MSB) TO BE

REGISTERED BY AN OWNER OR CONTROLLING PERSON OF THE MSB

• Required every MSB to maintain A LIST OF BUSINESSES AUTHORIZED TO ACT AS AGENTS in connection with the financial services offered by the MSB

• Made operating an UNREGISTERED MSB A FEDERAL CRIME• Recommended that states adopt uniform laws applicable to MSBs

Page 14: Final CDD Rule - How We Got Here and What To Do Now

MONEY LAUNDERING AND FINANCIAL CRIMES STRATEGY ACT (1998)• Required banking agencies to develop anti-money laundering

TRAINING FOR EXAMINERS• Required the Department of the Treasury and other agencies to develop

a NATIONAL MONEY LAUNDERING STRATEGY• Created THE HIGH INTENSITY MONEY LAUNDERING AND

RELATED FINANCIAL CRIME AREA (HIFCA) Task Forces to concentrate law enforcement efforts at the federal, state and local levels in zones where money laundering is prevalent. HIFCAs may be defined geographically or they can also be created to address money laundering in an industry sector, a financial institution, or group of financial institutions.

Page 15: Final CDD Rule - How We Got Here and What To Do Now

31 YEARS OF MISSING THE BOAT ON SOURCEWho “conducted” the illegal activity

versus who “benefited” from the illegal activity…

Until the day we all got blind sided…

Page 16: Final CDD Rule - How We Got Here and What To Do Now

Second Significant Event

Page 17: Final CDD Rule - How We Got Here and What To Do Now

SEPTEMBER 11, 2001- THE DAY THAT CHANGED OUR WORLD

Page 18: Final CDD Rule - How We Got Here and What To Do Now

PATRIOT ACT - 2001• Criminalized the FINANCING OF TERRORISM and augmented the existing BSA framework by

strengthening customer identification procedures• Prohibited financial institutions from engaging in business with foreign shell banks• Required financial institutions to have DUE DILIGENCE PROCEDURES (and enhanced due diligence

procedures for foreign correspondent and private banking accounts)• Improved information sharing between financial institutions and the U.S. government by requiring

government-institution information sharing and voluntary information sharing among financial institutions• EXPANDED THE ANTI-MONEY LAUNDERING PROGRAM REQUIREMENTS to all financial institutions• Increased civil and criminal penalties for money laundering• Provided the Secretary of the Treasury with the authority to impose "special measures" on jurisdictions,

institutions, or transactions that are of "primary money laundering concern"• Facilitated records access and required banks to respond to regulatory requests for information within 120

hours• REQUIRED FEDERAL BANKING AGENCIES TO CONSIDER A BANK'S AML RECORD WHEN REVIEWING

BANK MERGERS, ACQUISITIONS, AND OTHER APPLICATIONS FOR BUSINESS COMBINATIONS

Page 19: Final CDD Rule - How We Got Here and What To Do Now

INTELLIGENCE REFORM & TERRORISM PREVENTION ACT OF 2004

• Amended the BSA to require the Secretary of the Treasury to prescribe regulations requiring certain financial institutions to REPORT CROSS-BORDER ELECTRONIC TRANSMITTALS OF FUNDS, if the Secretary determines that such reporting is "reasonably necessary" to aid in the fight against money laundering and terrorist financing

Page 20: Final CDD Rule - How We Got Here and What To Do Now

SO WHAT’S REQUIRED - AML PROGRAM

1. Written internal policies2. Written procedures & documented processes

3. Internal controls4. Designated AML compliance officer5. Ongoing employee training6. Independent review

Page 21: Final CDD Rule - How We Got Here and What To Do Now

We’ve been doing this for almost 50 years – How can this still be missed?

IDENTIFYING THE SOURCE

Page 22: Final CDD Rule - How We Got Here and What To Do Now

Does anyone think that no one had been thinking of this prior to 9/11?

Page 23: Final CDD Rule - How We Got Here and What To Do Now

• 314(a) : deals with the required sharing of information between banks and federal law enforcement

• 314(b) : voluntary bank-to-bank information sharing

PATRIOT ACT…

Page 24: Final CDD Rule - How We Got Here and What To Do Now

314(A) & 314(B)

314(a) - Law enforcement communicationwith your FI

314(b) – Communication between banks

Page 25: Final CDD Rule - How We Got Here and What To Do Now

SO WHAT HAPPENED IN

THE FOLLOWING

YEARS?

- VERY LITTLE -

Page 26: Final CDD Rule - How We Got Here and What To Do Now

FROM 9/11/2001 TO THE DAY THE GREAT

RECESSION HIT, WHAT PROGRESS DID WE

MAKE?

Page 27: Final CDD Rule - How We Got Here and What To Do Now

2008 - GREAT RECESSION

Page 28: Final CDD Rule - How We Got Here and What To Do Now

GREAT RECESSION…THE AFTERMATH- 2011 (10yr

gap)- Regulators

see that banks failed

- Tighter enforcements follow

Page 29: Final CDD Rule - How We Got Here and What To Do Now

ENFORCEMENT ACTIONS - THE HIDDEN COST OF NON-COMPLIANCE

Page 30: Final CDD Rule - How We Got Here and What To Do Now

2013

The Senate Permanent Subcommittee on Investigations (PSI)

Regulate by Consent Order, Public Filings & Shareholder Notifications

Page 31: Final CDD Rule - How We Got Here and What To Do Now

A CHANGE IN THE TONE OF CONSENT ORDERS• In 2013 – the OCC was cited by the Senate

Permanent Subcommittee for Investigations (SPSI) in a Presentence Investigation Report (PSIR) for ineffective AML oversight

• The PSIR called for higher examination standards

Page 32: Final CDD Rule - How We Got Here and What To Do Now

BANKS SHOULD BE AWARE OF THE GROWING NUMBER OF EAs.• Penalties increased 20x in last 5 years• Enormous fees• Average $34M• 2009-2015: $5.2B BSA/AML violations• Not including cost of additional staff• Unaccounted for reputational damage

Page 33: Final CDD Rule - How We Got Here and What To Do Now

REGULATORS ARE TAKING ACTION IN MAJOR WAYS

• In the last 15 years, FIs with less than $10B in assets under management (AUM) received more EAs than larger ones (>$10B)

• Regulators will go after you even if there has never been any money laundering

• They are making sure the structure is in place or in development to prevent it: policies, procedures, processes, and internal controls

Page 34: Final CDD Rule - How We Got Here and What To Do Now

RATIO OF FINANCIAL IMPACT TO ASSET SIZE

Fine(Over 5yrs)

Cleanup Cost(One-time)

Ongoing Staffing Cost (Over 5yrs)

Financial Institutions

~.05% - 1% of Assets

~.05% of Assets

~.25% of Assets

Page 35: Final CDD Rule - How We Got Here and What To Do Now

BUT, BSA/AML IS NOT JUST FOR THE BIG GUYS…

Page 36: Final CDD Rule - How We Got Here and What To Do Now

• $9.7B in AUM• 2012 – received consent order• 5 consecutive prior years of

compliance• Heightened expectations of the regulators• Doubled BSA staff• $4M staffing costs + $5M annual

expenditures + $500,000 CMPs

OLD NATIONAL BANCORP

Page 37: Final CDD Rule - How We Got Here and What To Do Now

DROWNING IN BSA DEMANDS“Few dare talk about their concerns publicly, for fear of alienating regulators. Privately they say that BSA exams have become more rigorous and focused in recent years, digging deeper into the weeds of processes, systems and controls. Foot-dragging and shortcomings are being met with stiffer monetary penalties and lengthy lists of demands for system improvements and additional personnel.”

–American Banker

Page 38: Final CDD Rule - How We Got Here and What To Do Now

SMALLER BANKS SINGLED OUT• Examiners assigned to smaller banks can

advance their careers by playing tough.• As an examiner, you move to working on

the larger, multinational banks by finding problems at smaller institutions.

• It’s a risk for the smaller and midsized banks that you can run into someone who’s trying to catch every technical detail to impress their bosses and move up.

Page 39: Final CDD Rule - How We Got Here and What To Do Now

• 2012 FinCEN consent order - Willful lack of AML program

• Failure to detect and adequately report evidence of AML

• Inadequate internal controls, transaction monitoring systems, training, & reporting

• Assessed $15M CMP for bank’s history of noncompliance and numerous BSA violations

• Eventually bought out and had its charter terminated

FIRST BANK OF DELAWARE

Page 40: Final CDD Rule - How We Got Here and What To Do Now

• $4.9B in AUM• 2016 – FDIC issued consent order• Required increased board

involvement, creation of board committee, development & implementation of written compliance plan

• Required to revise its written policies, procedures, and processes

Page 41: Final CDD Rule - How We Got Here and What To Do Now

CARTER BANK CONTINUED…Additional requirements included:• Annual risk assessments• Revision of internal controls to have policies,

procedures, and processes concerning SARs• Enhancements to CDD & EDD programs, BSA training• Acquire contract with independent testing firm for

BSA/AML regulation review• Reassess BSA staffing needs: advised to increase

number of people in its BSA department from 3 full time employees to a minimum of 22

• Required to file timely BSA reports: CTRs, SARs, etc.• Required to inform shareholders of the consent order

Page 42: Final CDD Rule - How We Got Here and What To Do Now

•AUM = $700 Million•Board supervision•Implement written program•Internal controls•Adequate staffing•Independent review•Look back

Page 43: Final CDD Rule - How We Got Here and What To Do Now

Third Significant Event

Page 44: Final CDD Rule - How We Got Here and What To Do Now
Page 45: Final CDD Rule - How We Got Here and What To Do Now

FINAL CDD RULE

What has the last 46 years revealed about what we’re missing in relation to the final CDD rule?

BOV

Page 46: Final CDD Rule - How We Got Here and What To Do Now

The policies, procedures, and processes utilized to identify the beneficial owner, take reasonable measures to verify the status and accuracy of the beneficial

owner to the degree that the FI is satisfied that it knows the beneficial

owner’s identity.

BENEFICIAL OWNERSHIP VERIFICATION (BOV)

Page 47: Final CDD Rule - How We Got Here and What To Do Now

TODAY, FIs ARE FACED WITH A HUGE CHALLENGE.

• What is the line between Verification and Validation

• CDD rules don’t explain what policies & procedures

• Regulators have high expectations

• Compliance program in place by 2018!

• Gamble –10 years to enforce OR Immediate?

Page 48: Final CDD Rule - How We Got Here and What To Do Now

ONE IRREFUTABLE FACT

CONSISTENT WEAKNESSES IN IDENTIFYING THE

SOURCE

Page 49: Final CDD Rule - How We Got Here and What To Do Now

“Banks have literally resorted to responding to the latest regulatory finding at similar banks.”

- Theresa Pesce, head of the Americas AML practice at

KPMG

CONSISTENT WEAKNESSES…

Page 50: Final CDD Rule - How We Got Here and What To Do Now

- Plugging holes method not the intent of regulators

- Reading consent orders from other banks isn’t the answer

- Clear best practice: address the entirety of the program

CONSISTENT WEAKNESSES…

Page 51: Final CDD Rule - How We Got Here and What To Do Now

WHY HAS THIS CONTINUED TO BE IGNORED?1. No BSA/AML Standards

2.Inconsistency among banks’ program alignment with FFIEC manual

3.Inconsistency among regulators’ application of FFIEC manual regulations

Page 52: Final CDD Rule - How We Got Here and What To Do Now

Failure to align policies, processes, and procedures with BSA Regulations

15 YEARS OF EA’S – 1 CONSISTENT THEME

Page 53: Final CDD Rule - How We Got Here and What To Do Now

Expectations for the new CDD rule will be no different.

Are you doing what you say you do?

FFIEC ALIGNMENT - THIS SEEMS SO BASIC…

Page 54: Final CDD Rule - How We Got Here and What To Do Now

POLICIES

Page 55: Final CDD Rule - How We Got Here and What To Do Now

DETAILS FOR POLICY• Have a monitoring system in place to track P,P,P

changes

• Track alignment with the FFIEC manual

• Document details

• Document why your bank does comply

• Document if something in the manual is “N/A”

• Note why it is Not Applicable

Page 56: Final CDD Rule - How We Got Here and What To Do Now

- This should show consistency

- This should be your how-to guide for implementing policy

- The written set of directions for your team to implement and enforce policy

- Internal controls should be able to prove that these procedures are being implemented accurately

PROCEDURES

Page 57: Final CDD Rule - How We Got Here and What To Do Now

Maintain

alignment

Maintain

alignment

Maintain

alignment

Maintain

alignment

Maintain

alignment

PROCEDURES

Page 58: Final CDD Rule - How We Got Here and What To Do Now

EXAMPLE CDD PROCESS

Page 59: Final CDD Rule - How We Got Here and What To Do Now

PROCESS

Step 1 Step 2

Step 3 Step 4 Step 5

Step 6 Step 7

New CDD ProcessFrontline Business Banker (CIP)

BSA/AML Complianc

e (CDD)

BSA/AML Operations(KYC)

Page 60: Final CDD Rule - How We Got Here and What To Do Now

INTERNAL CONTROLS

A system for ensuring that your team is working within the process you’ve defined and they are utilizing the procedures you’ve developed to enforce the policies you’ve created.

Page 61: Final CDD Rule - How We Got Here and What To Do Now

INTERNAL CONTROL - EXAMPLE• Customer on-

boarding requires 2 forms of ID

• A bank’s policy should define similar informational requirements for verification of High Risk Customers

• Require secondary, manager-level approval to verify

Page 62: Final CDD Rule - How We Got Here and What To Do Now

Banks have the control and they have the tools

to address this most consistent theme in every enforcement

action…it’s just very manual

Page 63: Final CDD Rule - How We Got Here and What To Do Now

THE DIRECTOR’S ROLE

Page 64: Final CDD Rule - How We Got Here and What To Do Now

DIRECTORS ASK THESE QUESTIONS

1.What is the plan?

2.Who is responsible?

3.What is the filter for how it relates to your bank?

4.How will you measure your level of compliance?

Page 65: Final CDD Rule - How We Got Here and What To Do Now

1. WHAT IS THE PLAN?

• Implementation of policies, procedures,

processes

• Control risk

• Achieve compliance

Page 66: Final CDD Rule - How We Got Here and What To Do Now

QUESTION YOUR PLAN

• What are the internal controls? – FFIEC

• What is the plan to mature the BSA program over the next 3 yrs?

• How does this plan align with the growth strategy of the bank?

Page 67: Final CDD Rule - How We Got Here and What To Do Now

2. WHO IS RESPONSIBLE?BSA Officer

• Review audit reports, internal controls, high-risk deposit accounts monthly

• Review risk rating, staffing, training, testing, and compliance

Page 68: Final CDD Rule - How We Got Here and What To Do Now

3. WHAT IS THE FILTER?BSA Risk Assessment

• Define your bank’s risk profile

• How much risk will you agree to accept?

• Specific risk categories

• Detailed analysis

Page 69: Final CDD Rule - How We Got Here and What To Do Now

COMPLIANCE COMMUNICATION IS ESSENTIAL“We're seeing situations where business decisions are made that run counter to an institution's AML policy [or] counter to the advice of the compliance department, situations where the compliance department is being deprived of information required to do its job.”

- Shasky Calvery, previous director of FinCEN

Page 70: Final CDD Rule - How We Got Here and What To Do Now

4. HOW CAN I MEASURE MY BANK’S COMPLIANCE?• Don’t just wait for annual

updates

• Write down what you are going to do and why

• Identify risks and get feedback from regulators

• Consistent reporting

Page 71: Final CDD Rule - How We Got Here and What To Do Now

WHAT REPORTS SHOULD I BE ASKING FOR?

For an example of reports, email us at: [email protected] or [email protected]

Page 72: Final CDD Rule - How We Got Here and What To Do Now

CDD

WHAT CAN YOU DO NOW TO PREPARE?

3rd KEY TAKEAWAY

Page 73: Final CDD Rule - How We Got Here and What To Do Now

UNDERSTANDING BOV?

Page 74: Final CDD Rule - How We Got Here and What To Do Now

“Beneficial Owner”not necessarily the person or entity who sets up or opens the account, but the person behind that person or entity who receives the benefits from this account and controls it from behind the curtain of anonymity or through a nominee account holder

INTRODUCTION TO BOV

Page 75: Final CDD Rule - How We Got Here and What To Do Now

1. Identify2. Verify status

& accuracy3. Ownership4. Control

structure

FOR BOV

Page 76: Final CDD Rule - How We Got Here and What To Do Now

2018

Timing is of the essence: 5 Things to Quantify

1. Impact to High-Risk Customers

2. Implementation Plan

3. Training Plan

4. Staffing Needs

5. Timing of Significant Events

Page 77: Final CDD Rule - How We Got Here and What To Do Now

3 THINGS YOU MUST KNOW NOW

1. Does your BSA Officer and Team understand the impact of beneficial ownership verification on your organization?

2. Does your Board of Directors understand the impact of beneficial ownership verification on your organization?

3. Do you have a plan to deal with your understanding of the beneficial ownership verification impact on your bank?

Page 78: Final CDD Rule - How We Got Here and What To Do Now

1. BSA OFFICER AND TEAMBuild formula based on the following:• Assessment of increased documentation required• Assess the additional anticipated amount of time per

new customer (per anticipated growth rate)• Assess the additional amount of data capture• Assess impact to additional systems• Assess the amount of training development and

implementation• Should equal the total amount of impact on your

organization

Page 79: Final CDD Rule - How We Got Here and What To Do Now

2. BOARD OF DIRECTORS• Policies• Question Implementation• Procedures • Internal controls• Impact

Page 80: Final CDD Rule - How We Got Here and What To Do Now

3. DO YOU HAVE A PLAN• Why do you need a plan?• Key’s to your plan:•Critical Path•Viable and Realistic•Documented

• Detailed Actions• Propagates new mindset prior to 2018

Page 81: Final CDD Rule - How We Got Here and What To Do Now

QUESTIONS FOR YOUR TEAM TO CONSIDER How do I create an implementation plan? How do I quantify the impact on my organization? What do my new policies need to state? How will my procedures be impacted? Who will own the creation of and drive the implementation plan? How will we know we are reaching our milestones? How will training be rolled out given our milestones? Have you considered your risk based approach for Beneficial

Ownership? How will “significant,” “unusual,” or ”unexpected” transactions

trigger the need for additional BOV?

Page 82: Final CDD Rule - How We Got Here and What To Do Now

CUSTOMER DUE DILIGENCE (CDD) WHITE PAPER

For a copy of our White Paper on the Final CDD Rule, email us at:

[email protected] or [email protected]

Page 83: Final CDD Rule - How We Got Here and What To Do Now

WHAT ARE YO

U

CURRENTLY DOING FO

R

BOV?


Top Related