BSA/AML Examiner School - Case Study Oct 2023
BSA/AML Examiner School Case Study
October 16-20, 2023 Minneapolis , MN
@ www.csbs.org ♦ @csbsnews
CONFERENCE OF STATE BANK SUPERVISORS 1300 I Street NW / Suite 700 / Washington, DC 20005 / (202) 296-2840
Internal Use Only
BSA/AML EXAMINER SCHOOL AJ&R Bank & Trust Case Study Introduction
Over the remainder of the week, you will be completing a case study of AJ&R Bank & Trust. For most areas, we will discuss exam concepts and you will apply the concepts by reviewing materials related to the case study. The case study is based on an actual examination of an institution. However, the personal identifying information of the customers and the institution were changed. Later in the week, the outcomes from the examination will be shared with you. The case study is intended to simulate a BSA examination. As such, you will have the opportunity to ask the BSA Officer [ your instructors ] questions on two occasions. You should write down any questions that you have during the exam planning exercise because the initial BSA Officer interview will occur tomorrow. Later in the week, you will develop your conclusions and conduct a simulated BSA Officer exit meeting. To ensure you have a successful experience, you will want to document any potential exceptions, findings, or violations you identify during the transaction testing exercises. Those will help you develop your findings and conclusions related to the BSA program at AJ&R Bank & Trust to discuss with the BSA Officer during the meeting. AJ&R Bank & Trust is a community bank located in a rural area with total assets of $37 million. The bank is locally owned and consists of one full-service location. The local economy is weak with limited commercial loan opportunities. The ratings from the prior exam were 2-2-4-3-2-2/4. The prior exam report stated that the BSA program was satisfactory, and the institution satisfactorily complies with OFAC requirements.
BANK SECRECY ACT REQUEST LIST
Internal Use Only
Institution:
AJ & R Bank & Trust
Examination Date: July 1, 2016 Items marked as "Onsite" should be retained in your offices for examiner review during the on-site portion of the examination. The remaining items should be furnished to examiners by June 24, 2016. For documents that are too long for convenient copying, please provide originals for examiner review at the institution. Clearly identify all items that should be returned to bank personnel.
BANK SECRECY ACT Item # Onsite
Item Description
20.01
Name and title of the designated BSA/AML compliance officer and, if different, the name and title of the person responsible for monitoring OFAC compliance. If a complex reporting structure, provide organizational charts showing direct and indirect reporting lines. BSA/AML/OFAC policies and procedures to comply with all reporting and recordkeeping requirements, including suspicious activity, customer due diligence, and CIP. Correspondence with and subpoenas from the U.S. Treasury (Office of the Secretary and Department of the Treasury, Internal Revenue Service, FinCEN, and OFAC) or law enforcement authorities since the previous BSA/AML examination. Audit schedule and independent audits/tests performed since the previous BSA/AML/OFAC examination. Include the scope, management's responses, and access to the workpapers. BSA/OFAC Risk Assessment of products, services, customers, and geographic locations. Also, provide a list of high-risk account holders. X Summary of training program (e.g., materials used for training since the previous BSA/AML examination). X BSA/AML training schedule with dates, attendees, and topics. A list of persons in positions for which the bank typically requires BSA/AML training but who did not participate in the training. X Account opening forms (e.g., for loans, deposits, or other accounts) used to document CIP/Customer Due Diligence information. List of new accounts (opened for new customers of the bank) covering all product lines (including accounts opened by third parties) from 09/01/2015to 07/08/2016. X X List of accounts without taxpayer identification numbers (TINs). X
20.02
20.03
20.04
20.05
20.06
20.07
21.01
21.02
21.03
21.04
X
List of Money Service Business customers.
21.05
X
List of all high risk customers of the bank.
FDIC
1
05/27/2016
BANK SECRECY ACT REQUEST LIST
Internal Use Only
21.06
X
List of accounts opened with CIP exceptions between 07/15/15 – 07/08/16.
22.01
X Access to Suspicious Activity Reports (SARs) filed with FinCEN since the last exam and the supporting documentation. Include copies of any filed SARs that were related to section 314(a) 31 CFR Chapter X 1010.520 requests for information or to section 314(b) 31 CFR Chapter X 1010.540 information sharing requests. X Any analyses or documentation of any activity for which a SAR was considered but not filed, or for which the bank is actively considering filing a SAR. Internal reports used to identify reportable currency transactions from 06/02/2016 to 06/20/2016. List of customers exempted from CTR filing and the documentation to support the exemption (e.g., currency transaction history). Documentation of any positive match for a section 31 CFR 1010.520 (formerly 314a) request. Records of sales of monetary instruments in amounts between $3,000 and $10,000 (if maintained with individual transactions, provide samples of the record made in connection with the sale of each type of monetary instrument). Funds transfer activity logs for transfers into and out of the bank, including funds transfers that involve cover payments. Include the number and dollar volume of wire transfer activity for the month. X List of funds transfers purchased with currency from 07/01/2015 to 07/11/2016. X List of blocked or rejected transactions with individuals or entities on the OFAC list and reported to OFAC. List of software and service providers used by the bank for BSA/AML/USA PATRIOT Act and OFAC compliance purposes. Contract with vendor used to perform OFAC checks against new and existing customer names. X X X X X X X
22.02
23.01
23.02
24.01
25.01
26.01
26.02
27.01
28.01
28.02
FDIC
2
05/27/2016
From: EIC@Statebankingagency.org Sent: July 6, 2016 To: Allexamstaff@Statebankingagency.org Subject: AJ&R Bank& Trust examination
Examination Team,
Good afternoon team. I just finished our pre-examination call with AJ&R Bank & Trust Company. President England brought up some important information regarding the examination. Several of the main players in this institution were fired as of June 30, 2016. Chief Financial Officer Bailey Placier, who was the former Chief Executive Officer during the 2014 exam, was terminated due to repeated issues found in her work. Human Resource Officer and Teller Supervisor Lawrence Lance was fired along with Loan Officer and Information Security Officer Fred Murray. Then the prior BSA Officer Amanda Smith was fired due to suspected theft of money out of her teller drawer. It looks like the Board got tired of the issues and cleaned house. Hopefully, this will mean that they are headed in the right direction. I filled out the organizational chart based on this information, which I have attached. President England also stated that James Bright, who has had a long history with being a dominant official at this institution, is still impeding him from doing his job. President England was hired in 2015, and this will be the second examination as President. For those of you that this is their first time at this institution, James Bright is the largest primary shareholder and has a history of being very heavily involved in this institution. Examiners have also found that in the past he has delayed the correction of the deficiencies, identified by both regulators and external auditors, at this institution. Between his wife and himself, the Bright’s control 24% of the outstanding shares. Also, be aware that he has made statements in the past that he “selected” the board members. Although that has not helped him as discontinuity in the Board continues to be a large problem at this institution. There has been noticeable split between members of the Board as it has appeared that they have divided up into two factions. You will notice this when you read the board minutes. One of the factions of the Board supports Bright and the other openly opposes him. Bright fully supported former CFO Placier in the CEO position, even though she was ineffective in that position and did not correct deficiencies in the institution. He disagreed with her recent departure and opposes current President England. If examiners are approached by Director Bright, they should always have another examiner present.
For Training Purposes Only
1
From: EIC@Statebankingagency.org Sent: July 6, 2016 To: BSAexaminer@statebankingagency.org Subject: AJ&R Bank & Trust BSA examination
Thank you for helping out with this examination. Look over the prior exam comment. The prior BSA Officer Smith cleaned up the BSA program at the prior examination. There was one violation and one recommendation cited at the prior exam. I am a little concerned that the prior BSA Officer was fired of suspected theft from the institution. Julie Collins is filling in that role on a temporary basis. She is also the Compliance Officer. She is assisted by Amy Grant, who is also the Head Teller, Operations Officer, Information Technology Officer, and is helping Harry with the Human Resource Officer duties. The following will give you a little history with this institution and their BSA program. During the 2014 examination, the institution was downgraded from a “2” to a “4” and the ratings were as followed 224322/4 with an emphasis on the “4” rating for management. The deficient rating was a result of management and the deficient level of internal controls and risk management practices. Examiners found that there was inadequate staffing of positions considered critical to bank operations which resulted in the aforementioned breakdown in internal controls. Examiners also found significant non compliance with rules, regulations, and regulatory policies. At that examination, the BSA program was considered “deficient”, which represented a downgrade from “satisfactory. The reason for the down grade was due to a breakdown of internal controls and non-compliance with BSA related rules and regulations. During the 2015 examination, which was a joint exam with our federal counterparts, the condition of the institution deteriorated, yet remained a “4”. The ratings were 2-3-5-3-3-4/4. The Board and management were deemed to be critically deficient, and risk management practices were considered significantly inadequate. Management was not in compliance with provisions of the order. On the bright side, BSA was once again returned to “satisfactory”. Management has shown substantial improvement in this area, albeit it seems this area alone. At this examination, the only findings were a violation and one recommendation regarding a suspicious activity report. OFAC, as always, has been satisfactory.
For Training Purposes Only
2
Examination Conclusions and Comments (Continued) Bank Secrecy Act (BSA)
The BSA program and compliance with related laws and regulations has improved and is now satisfactory. The Board approved the Bank Secrecy Act /Anti-Money Laundering / Office of Foreign Asset Control Policy on January 22, 2015. The policy is considered adequate and comprehensive of all BSA-related areas. The Board reappointed Amanda Smith as BSA Officer during the May meeting. The Customer Identification Program (CIP) policies are included in the policy, and the procedures are considered satisfactory. Better Bank Corporation (BBC) conducted the most recent independent audit as of September 2014. BBC identified multiple significant recommendations and identified non-compliance with several BSA related laws. As a result, BBC rated the program as needs improvement, and an interim audit occurred in April 2015. Examiners reviewed the draft report during the examination, which concluded the majority of the deficiencies had been addressed. The interim audit did raise concerns in the cohesiveness of the BSA program, the BSA Officer, and the documentation of training. Training now occurs regularly and is now considered appropriate. Adherence with CIP and OFAC requirements are also found to be appropriate. While overall improvement is evident, an isolated apparent violation of Chapter X of the Treasury Department’s Financial Crimes Enforcement Network is cited for failure to file a CTR within the required timeframe. Currency Transaction Reports Management failed to file a CTR within the appropriate time frame. Management monitors transactions daily through a daily cash report, which aggregates transactions greater than $3,000, in order to identify if a CTR should be filed. While management generally identifies transactions, an isolated incident was identified by examiners during the examination in which a CTR was filed in excess of the 15-day time frame. An apparent violation of Section 1010.306(a)(1) of 31 C.F.R. Chapter X is cited. This is a repeat violation from the prior examination. Management should develop processes to ensure CTRs are identified and filed appropriately going forward. Refer to the Violations of Laws and Regulations page of this report for further information. BSA Officer Smith stated that CTRs will be filed within the required time frame going forward. Suspicious Activity Reports (SARs) While SARs generally contain the necessary information to detail the suspicious activity, management should strengthen the narratives included in the SARs. In particular, the narratives should include more detail regarding the individual involved in the transaction, such as occupation, length and type of relationship to the institution, and why the transaction is suspicious. BSA Officer Smith stated that SAR narratives would be enhanced going forward, to include the recommendations. Office of Foreign Asset Control Effective policies and procedures are in place to ensure satisfactory compliance with OFAC regulations.
For Training Purposes Only
3
Compliance Officer (1)
Board of Directors
BSA Officer (1)
Julie Collins
Julie Collins
Chairman of the Board
President & CEO (1)
Harry England
Operations (1)
Lending (4)
HR & Security (6)
Senior Lending Officer (1) Clint Brentwood
HR Officer (1)
CFO (1)
Operations Officer (1)
Harry England/ Amy Grant
Harry England
Amy Grant
Residential & Commercial Loan Officer (1)
Accounting Assistant (1)
Deposit Administration
James Todd
Head Teller (1)
Amy Grant
Loan Administration
CSRs
Tellers (4)
Information Technology
Loan Processing (1)
Amy Grant
Loan Operations (1)
Total Employees = 14
Organizational Chart - Final
CONFIDENTIAL
AJ&R BANK & TRUST Bank Secrecy Act, Anti-Money Laundering and OFAC Compliance Program May 20, 2015
I. BSA/AML/OFAC COMPLIANCE PROGRAM General goals of the Bank's BSA Program consist of: 1. Developing a BSA/AML/OFAC risk profile of the Bank to design effective risk-based internal controls. 2. A system of internal controls to ensure ongoing compliance based on the BSA Risk Assessment. 3. Independent audits to ensure ongoing compliance conducted by either Bank personnel or a third party entity consultant. 4. Designation of a Bank Secrecy Act Officer responsible for coordinating and monitoring day to day compliance. 5. Training of all Bank personnel on an annual basis. II. BSA Risk Assessment The Bank has developed a risk assessment that identifies the Bank's BSA/AML and OFAC risk profile. Our risk assessment consists of the following: • Assessment of new products, services, assessment of targeted customers, entities and geographic locations. • The risk assessment program is an ongoing process. It is the responsibility of the Board of Directors and Senior Management to ensure the Bank's risk assessment is updated annually to identify changes in the Bank's risk profile (i.e., when new products and services are introduced, existing products and services change, high risk customer's open and close accounts, or the Bank expands through mergers and acquisitions). • The BSA/AML Compliance Program was developed based on our risk assessment. III. System of Internal Controls The Bank will maintain an effective BSA, AML and OFAC internal control structure, including suspicious activity monitoring and reporting. IV. Independent Audits It is the policy of the Bank to conduct an independent annual audit by internal and/or external auditors to ensure complete adherence of the Bank Secrecy Act. Results of this audit will be reported to the Board of Directors Audit/Compliance Committee and the BSA Compliance Officer. Senior Management and the BSA Compliance Officer will take appropriate action to correct any exceptions found as a result of the audit. The Bank's external auditors will conduct an objective independent evaluation of the Bank's written BSA/AML and OFAC Compliance Program, perform testing for specific compliance with the BSA, and evaluate pertinent management information systems (MIS) and the quality of risk management for all banking operations, departments and subsidiaries.
For Training Purposes Only
Page 1
V. Designation of BSA Officer The Board of Directors is responsible to appoint a BSA Compliance officer on an annual basis, The Board of Directors has designated XXXX to serve as the BSA Compliance Officer (BSA/AMUOFAC Officer) all decisions made by The Board of Directors must be noted in the board minutes. The Board of Directors has granted the BSA Compliance Officer with the authority, subject to the approval and supervision of the Board of Directors and Senior Management, to develop and administer a program that provides for Bank Secrecy Act compliance and training. This includes assuming full responsibility for all Bank Secrecy Act policy statements and procedures. The BSA Compliance Officer is required to be fully knowledgeable of the BSA and all related regulations, and also understand the Bank's products, services, customers, geographic locations, and the potential money laundering and terrorist financing The Bank is required to ensure that all personnel receive training on the directives of the Bank Secrecy Act on a scheduled basis. All employees of the bank will be trained annually. Training will include regulatory requirements and the Bank's internal BSA, AML and OFAC policies, procedures and processes. The Bank's training program will provide training for all personnel whose duties require knowledge of the BSA, and the training is to be tailored to the person's specific responsibilities. Additional trainings may be via email or hard copy of the training materials. In addition, an overview of the BSA, AML and OFAC requirements are to be provided to new staff during the employee orientation. Documentation of personnel trained, and the dates of training will be maintained by the BSA Department. The BSA Compliance Officer will attend several external training sessions annually. The Board of Directors will be provided with annual training on the general BSA requirements. The BOD is required to understand the importance of BSA, AML and OFAC regulatory requirements, the ramifications of noncompliance, and the risks posed to the Bank. The BOD will be informed of changes and new developments in the BSA, its implementing regulations and directives, and the federal banking agencies' regulations. risks associated with those activities . VI. Training of all Staff Personnel High Risk Customers The account officers must identify high risk customers at account opening process and/or throughout the account relationship. High Risk customers may include regular customers, businesses, exempt customers, foreign customers or any other type of customers in the bank. All high-risk accounts will be closely monitored by the BSA Department. Customers that create a higher risk will be placed in The BSA - High Risk Customer listing maintained by the BSA Department; the listing will be updated as necessary. High risk customers will be placed in this listing after a thorough analysis on the account, and not from a label affixed to the customer's operations. It is the responsibility of the BSA Officer to validate the frequency of account monitoring by reviewing the "high risk" customer's file and subsequently revising the frequency from time to time. In addition, the BSA Officer and the SAR Committee will determine whether an account should be closed, additional monitoring required, or a SAR completed. INTERNAL CONTROLS/REGULATORY REQUIREMENTS
For Training Purposes Only
Page 2
VII. Customer Identification Program Policy and Procedures The USA PATRIOT Act requires all banks to have a customer identification program (CIP) in place. The CIP rules require you obtain specific minimum information from new customers. The information must be verified to form a reasonable belief that the customer identity is known. The information may be verified using documents presented, this entails using a valid driver's license or passport. A non documentary verification may be used; this would be an independent means to confirm the customer information provided. The required information must be obtained from all new customers as well as all new accounts, this includes loans. Lenders must obtain identification documentation at loan closing from all borrowers. At minimum, the following must be obtained and verified: • Identifying information about a customer (i.e., Name, for individuals-date of birth, Physical address, and Identification Number such as TIN-SSN.) • A description of the documentary methods that the Bank used to identify the customer. (i.e., copy of Driver's license, State issued Identification Card, Passport, or any other document that has the customer's picture). • A description of the non-documentary methods and results of any measures that the Bank took to verify the identity of the customer. One method to verify this information is through a third-party vendor or credit reports agencies. Reverse directories may be used as well to verify addresses and send thank-you letters to customers. If it is believed that the customer is providing false information, the incident must be reported to the BSA officer or immediate supervisor for further action. This may include filing a suspicious activity report (SAR). • Customer Identification: Bank personnel should first refer to the Bank's CIP requirements. At a minimum, the Bank must obtain the following information to validate the true identity of an individual or entity seeking to open an account: o Name o For individuals, date of birth o Address: Individual — residential or business street address Individual who does not have a residential or business street address — an Army Post Office or Fleet Post Office box number, or the residential or business street address of next of kin or another contact individual o Entity - For persons other than individuals, (i.e., corporations, partnerships, and trusts) principal place of business and, if different, mailing address. o Identification Number: U.S. Person - a U.S. taxpayer identification number (i.e.., social security number, individual taxpayer identification number, or employer identification number); or Non-U.S. Person - one or more of the following: A taxpayer identification number; Passport number and country of issuance; Alien identification card number; Number and country of issuance of any other government issued document evidencing nationality or residence and bearing a photograph or similar safeguard. [A copy of the Primary Identification documents (passport, ID) must be obtained and scanned / copied for Imaging]
For Training Purposes Only
Page 3
Verifying Account Opening Documentation (Documentary and non-Documentary verification.) • The identifying information must be verified before the account is opened. Inspect the documentation and compare the photograph and the description on the ID with the person presenting the document. • In general, two forms of identification are required to open an account. This includes a primary and a secondary piece of identification or a non-documentary verification. • In addition, signatures should be compared from the identification to the signature provided by the customer on the Bank's loan application or signature cards. • If the bank is not able to verify the true identity of the customer through documents, the account must be closed. This action should take no longer than 10 business days from the start of the application or opening of the account. • Awaiting TIN or SSN — For deposit accounts, have the customer certify his/her social security number (SSN) or taxpayer identification number (TIN) on IRS Form W9 or the signature card. If the customer does so, this procedure is complete. If the customer has applied for, but not received, TIN or SSN, the account but be postponed until the customer can provide all required documentation. • Missing Documents — If the customer does not have all of the required identification and information, the account cannot be opened until the customer can supply the required information. • On accounts that we open where we are not familiar with the documents —When the employee is unfamiliar with the documents produced, the customer must be directed to apply for a valid identification card issued by the state or other valid government issued document. Opening Accounts When the Customer Is Not Present at the Bank (Accounts Opened by Mail, Telephone, or via the Internet) • AJ&R Bank DOES/DOES NOT open accounts by Mail, Telephone, or via the Internet. • All person(s) must be present at the time of account opening. Comparison with Government Lists • All new customer names and existing customer names must be verified against the OFAC list provided by FIS. The FIS Software/OFAC Tracking System will automatically do an initial screening of new accounts (CIF input). You are responsible to review the results. If a customer does appear on the OFAC System (OFAC.CIFM_307.PDF), The BSA Officer should be notified IMMEDIATELY in order to properly document and notify the respective government agency. • Loans — The best procedure is to compare them against the OFAC list before the loan is funded. Customer Notification The bank will notify new customers about these procedures by posting signs in the lobby and displaying table tents at each desk where accgvounts are opened or loan applications are provided, notifying customers that we will be requesting information to verify their identity. The customer is provided with adequate notice of the Bank's requirement to verify a customer's identity prior to opening an account. Recordkeeping The Bank shall keep records of the information required and the type of documentary and non documentary records obtained during the identification and verification process. As outlined in the law the following information will be required: • All identifying information provided by a customer after the date the account is closed or becomes dormant;
For Training Purposes Only
Page 4
• A description of any document that was relied upon pursuant to this policy that clearly evidences the type of document and any identification number it may contain; • A description of the methods and results of any measures undertaken to verify the identity of a customer pursuant to this policy; and • A description of the resolution of any substantive discrepancy discovered when verifying the identifying information obtained. The Bank will retain all documentation related to the identity verification of customers for a period of five years after the account is closed. VIII. Customer Due Diligence and Enhanced Due Diligence Policy and Procedures Customer Due Diligence , or best described as "Know Your Customer", is a process of obtaining information at account opening and during the life of the account that helps the Bank in identifying potentially high risk customers. Once those customers are identified, they become subject to Enhanced Due Diligence. The goal of Customer Due Diligence is to identify high risk customers that may require Enhanced Due Diligence. In general, the Bank's Customer Due Diligence Program enables Bank personnel to predict with relative certainty the types of transactions in which a customer is likely to engage, and in turn assists the Bank in determining when transactions are potentially suspicious. The concept of customer due diligence begins with verifying the customer's identity and assessing the risks associated with that customer, including enhanced customer due diligence for high risk customers and ongoing due diligence of the customer base. In addition, these measures help the Bank to: 1. Comply with regulatory requirements. 2. Detect and reporting unusual or suspicious activity or transactions that potentially expose the Bank to financial loss, increased expenses or reputation risk; 3. Avoid criminal exposure from persons who use or attempt to use the Bank's products and services for illicit purposes; and 4. Adhere to safe and sound banking practices. Customer Due Diligence (CDD) - New Customers The concept of Customer Due Diligence begins with verifying the customer's identity and assessing the risk associated with that customer. CDD suggests the use of a questionnaire and/or multiple questions interview routine by the account officer opening the account. Your goal during the customer due diligence question interview is to find out if the customer is high risk, and if they are you must apply the Enhanced Due Diligence. Customer due diligence is an ongoing process, the account officers should take certain measures to ensure that customers information is always current and that the account is being monitored for unusual activity by the account officer and the BSA Department. Customer Due diligence begins with: 1. Identifying the customer by applying proper Customer identification procedures (CIP) - Name, physical address, DOB, TIN/SSN and obtaining the necessary documents specified in the CIP to verify this information. NOTE: For CIP, it is not sufficient to just obtain the required information in the CIF screen, you must also get proper documents (hardcopy) that proves that the information obtain from the customer is actually correct. 2. Next, you must obtain occupation, place of employment and contact information (telephone number, work number or business number, email addresses, etc.). Please make sure to complete all the CIF
For Training Purposes Only
Page 5
screens with as much information as possible in case it is needed to classify the customer as high risk later over the life of the account. 3. Evaluate the nature of the relationship. For example, determining the length of a customer's relationship with the Bank, the products and services provided to a customer and the manner in which a customer was referred to the Bank. The nature of a customer's relationship may serve to mitigate or to increase the overall risk indicators described below. 4. During account creation the account officer is required to ask several questions to identify if the customer should be classified as high risk based on the High Risk listing provided by our regulators. Customer Due Diligence (CDD) is best described as obtaining information at account opening and during the life of the account that helps our bank in identifying potential high risk customers. Once those customers are identified, they become subject to enhanced due diligence (EDD). Enhanced Due Diligence- High Risk Customers • Enhanced customer due diligence is used when a customer presents an element of risk that requires additional documentation and additional monitoring over and above that necessitated in routine customer relationship. • If you have identified a High Risk Customer (refer to the listing of high risk customer/entitles) during account opening, you should consider obtaining the following information as part of the Enhanced Due Diligence . Please refer to attachment for list of items required on High Risk Customer. Exhibit A • It is likely that you know this information about the existing and potential customers already. The challenge is to make sure it is documented in a paper or electronic file, particularly for those customers that meet the regulators' definition of high risk. Monitoring High Risk Customers for Unusual Account Activity High risk customer and their transactions should be reviewed more closely at account opening and more frequently through the term of their relations with the bank. Please see below for a list of items the account officer will be responsible for when the BSA Officer contacts them for additional enhanced due diligence after the account has been opened and it has been appearing in our BSA suspicious monitoring system and reports: • The BSA Department will ensure the account officer followed the required account opening procedures. • The account officer must provide the BSA Officer proper documentation (memorandum) of all discussions with customer regarding their explanation for unusual activity, explanation for changes in account activity, any recent changes in the business practices and anticipated account activity. Reasons for funds transfer (incoming or outgoing) state whether or not the fund transfers are in-line with normal business activity of customer. • Based on review, the BSA Officer and Senior Management will determine whether an account should be closed, additional monitoring is required, or if a SAR must be completed. • The BSA Department should maintain a Master list of High Risk Customers that is reviewed periodically. The Master List should include high risk and regular customers, businesses, exempt customers, foreign customers or any other type of customers requiring additional monitoring for unusual account activity or that may engage in frequent cash transaction (deposit or withdrawals), frequent wire transfers or frequent ACH transactions
For Training Purposes Only
Page 6
• The BSA Department should utilize a combination of monitoring processes and system reports (i.e., wire transfer reports, large cash transaction reports, Anti-money laundering software, etc.) daily, monthly and quarterly to identify the risk element of each customer and identify suspicious activity. • During account creation, the account officer should make reasonable efforts to inquire and identify what type of account or activity the customer will maintain at the Bank to identify a high risk customer or entity. Customer due diligence applies to all customers that are seeking to open an account with AJ&R Bank. Questions for All Customers (consumers or entities) 1. What is the purpose of the account? 2. Customer's (or beneficial owners') occupation or type of business must be documented. 3. What is your occupation? Are you currently employed? Place of employment? (Note: Be sure to obtain and record the occupation of each account holder.) If the customer is unemployed at the time of account opening, customer must provide their previous employer. 4. What type of items do you expect to be deposited to the account (i.e., cash, check, direct deposit, wires, ACH transactions, etc.)? How frequently will deposits be made? Estimate of anticipated account activity; especially cash activity and wires? 5. What methods do you plan to use to remove funds from the account (checks, ATM, debit card, automated bill payment, etc.)? 6. Will transactions affecting this account originate or have a destination outside the US? 7. What is the source of the funds/assets being deposited or used to open the account? 8. Why did you choose this bank? What other banks do you have accounts with? 9. If business, where is the business organized? Also obtain the county and state registration of business and date of resolution and registration; proof of legal status of the business; if the entity uses fictitious names, obtain documentation containing the customers' real names and other identifying information. Questions Specifically for Business Customers to identify High Risk 1. Is your business a foreign corporation or an offshore corporation located in tax or secrecy havens, or a domestic shell company, or an international business corporation? • If the answer is yes, the business is a high risk. 2. What is the type of business (cash—intensive business, car sales, import/export, transportation, jewelry dealer, etc.)? Please review the entire list of high risk business, attached to make a final determination. • If the business type matches an entity on the high risk list, the business is a high risk. • Is the business a cash-intensive business (i.e., convenience stores, restaurants, retail stores, liquor stores, etc.)? If the business type matches an entity on the high risk list, the business is a high risk. 3. Will your business be engaging in any of these activities? Check cashing, currency dealing or exchange, money orders, travelers, store value cards, money transfer services (i.e. Western Union). • if the business offers any of these services then the business is considered a Money Service Business (MSB) and should be classified as High Risk. Expanded Review Procedures for Enhanced Due Diligence (For Business Accounts (foreign and domestic), Cash-Intensive Businesses, and Non-Governmental Organizations and Charities) • Ensure the Bank has obtained all proper identification for all signers and /or owners;
For Training Purposes Only
Page 7
• List a description of the principal line of business and all types of business operations the customer engages in; • Document whether the customer's business operations is retail vs. wholesale; • For large businesses, provide financial statements and a list of the business's major suppliers and customers; • Document type of products and services used by the customer (i.e., domestic or international wires, cash deposits, ACH transactions, private banking services, etc.) • List details on the source of funds and wealth; • Document the proximity of the customer's residence, place of employment, or place of business to the Bank; • Include a description of the customer's primary trade area and whether international transactions are expected to be routine; • For Non-governmental Organizations, state the purpose and objectives of their stated activities, the geographic locations served (including headquarters and operational area); the organization structure; the donor and volunteer base; funding and disbarment criteria (including basic beneficiary information). • For cash intensive businesses, state the purpose of the account; the volume, frequency and nature of currency transaction; the primary business activity, products and services; geographic locations and jurisdictions of operation; on site visitation. Note: The BSA Department will determine if further enhance due diligence is required after account has been opened and monitored. Overview It is the intent and policy to comply with statutory and regulatory requirements for monitoring, detecting and reporting suspicious activities. The Bank wants to ensure that an effective system for detecting and reporting suspicious activity is established so the proper law enforcement agencies are promptly notified. Note: If any Bank employee becomes aware of any suspicious activity by either a Bank customers or an employee, he/she should promptly report the matter to the BSA Officer. The BSA officer and other staff aware of the matter should keep the information confidential. This policy encourages the reporting of suspicious activity and ensures the employee reporting the incident complete anonymity. The Bank is required to file a Suspicious Activity Report (SAR) for any matter that the Bank has a basis to believe is a known or suspected violation of federal criminal law. The SAR is to be completed in its entirety. The BSA Officer will be the preparer of the SAR and will provide a full description of the suspicious activity and explain any multiple events in chronological order. Only the SAR is to be sent to FinCEN, any supporting documentation will be retained by the Compliance Department. Suspicious Activity Reporting Process Anti-Money Laundering Program System to identify, research, and report suspicious activity All employees are encouraged to refer all unusual activity to the BSA Officer for further research and review the unusual activity. The BSA Officer, along with the Senior Management, will evaluate the IX. Suspicious Activity Report (SAR) Policy and Procedures
For Training Purposes Only
Page 8
unusual activity for a final decision to file a SAR. Proper documentation will be retained by the BSA for those decisions made to not file a SAR. Reporting Process If the bank determines it is necessary to report a suspected illegal activity to law enforcement authorities, the BSA Officer and the Senior Management will carefully review all known facts and maintain documentation on this process. The SAR will be filed within the time frame established by the regulation. (The SAR will be filed no later than 30 calendar days after the date of discovery or notification of the suspicious activity. If no suspect is identified on the date of detection of an act, management may delay filing the SAR for an additional 30 calendar days. However, in no case will management delay reporting a SAR to federal authorities more than 60 calendar days after the date of detecting a known or suspected violation. If a situation involving violations requires immediate attention, such as when a reportable violation is ongoing, management should immediately notify by telephone or other expeditious means the appropriate law enforcement agency and FinCEN, in addition to filing a timely report.) After an initial SAR is filed, additional SARs for continuing suspicious activity will be filed every 90 days. At this time, management will consider closing the account as a result of continuous suspicious activity. Law enforcement inquires and requests (national Security letters (NSLs), grand jury subpoenas and section 314(a) request All law enforcement inquiries and requests (such as grand jury subpoenas, National Security Letters (NSLs) and section 314(a) requests are to be referred to the BSA/OFAC Officer for assistance. In the event the Bank receives a NSL it must be forwarded to the BSA/OFAC Officer to ensure that appropriate measures are taken to ensure the confidentiality of the letter and taking appropriate action. In the event the Bank files a SAR after receiving a NSL, the SAR must not contain any reference to the receipt or existence of the NSL. The SAR is to only reference those facts and activities that support a finding of unusual or suspicious transactions identified by the Bank. Notification of the SAR filing to the Board of Directors On a monthly basis, the BSA Officer will notify the BOD of any SARs filed for the month, SARs considered-but not filed and if no SARs are filed. This shall be notated in the Board Minutes. Confidentiality SARs are confidential. No Bank, director, officer, employee or agent of the Bank, that reports a suspicious transaction may notify any person involved in the transaction that the transaction has been reported. Safe Harbor Banks from Civil Liability for Suspicious Activity Reporting Under federal law, the Bank, the BOD, officers, employees and Bank agents will not be held liable to any person for reporting suspicious transactions on the Suspicious Activity Report (SAR). In addition, it is against the law to tell a suspect or customer about the information reported on the SAR, or that a SAR has been completed. Failure to file the forms when appropriate can cause tines to be levied on both the Bank and the BOD. Record Retention for SAR The BSA Officer will retain the following information for 5 years: • The Bank will retain all copies of SARs and all supporting documentation of the SAR (i.e., checks, deposits, loan documents, general ledger tickets);
For Training Purposes Only
Page 9
• Any confession, admission or explanation provided by the suspect or any person who benefited from the transaction; • Evidence of any cover-up or attempts to deceive federal or state examiners or others; • The Bank will maintain documentation of all suspicious activity investigations, regardless of whether a SAR was filed. X. Currency Transaction Reporting (CTR) Policy and Procedures Overview A CTR form must be completed if all cash transactions by one person totals more than $10,000 in one banking day or cash transactions aggregate to more than $10,000. The system will produce a CTR when the transaction(s) received are MORE Than $10,000 or have aggregated to MORE than $10,000. It is the responsibility of the staff member processing a transaction to obtain the required information prior to completing the transaction. Not only is the identity of the person conducting the transaction required, but also the identity of any person or entity on whose behalf the transaction is being conducted. CTR Verification The CTRs will be reviewed for accuracy and completeness by the BSA Officer before final submission to the IRS reporting center. However, the employee processing the transaction and their supervisor are ultimately responsible for the general accuracy and completeness of the form. An incomplete CTR will be returned to the branch for immediate revision and resubmission to the BSA Officer. Filing Timeframes and Record Retention Requirements All completed CTRs are filed with FinCEN within 15 days after the date of the transaction. Copies of CTRs must be retained for 5 years from the date of the report. Monitoring Cash Activity Reports assist the BSA Department to monitor all transactions needing a CTR and also identify suspicious currency activity, such as the following examples: 1. Currency activity including multiple transactions greater than $10,000; 2. Currency activity (single and multiple transactions) below the $10,000 reporting requirement (i.e., between $5,000 and $10,000); 3. Currency transactions involving multiple lower dollar transactions (i.e., $3,000) that over a period of time aggregate to a substantial sum of money (i.e., $30,000); or 4. Currency transactions aggregated by customer name, tax identification number or customer information file number. These reports identify and evaluate unusual currency transactions. However, all employees are encouraged to report any unusual cash activity. The BSA Department will investigate the issue further. Note: Please alert the BSA Officer, in the event the customer, after becoming aware that a report may be filed because identifying information has been requested, declines to follow through with a transaction which has already been initiated. Proper documentation needs to be kept on this type of occurrence. XI. Currency Transaction Reporting Exemption Policy and Procedures
For Training Purposes Only
Page 10
Overview The purpose of an exemption is to avoid the filing of CTRs for the normal conduct of lawful businesses, Exempt Persons, commonly referred to as "Phase I" and "Phase II,' exemptions were aimed at simplifying the process by which the Bank may exempt customers in an effort to reduce the large volume of CTRs filed. The Bank must retain a record of all designation of person exempt form CTR reporting as filed with the Treasury for a period of 5 years from the designation revocation date. The regulation provides a safe harbor that the Bank is not liable for the failure to file a CTR for a transaction in currency by an exempt person, unless the Bank knowingly provides false or incomplete information or has reason to believe that the customer does not qualify as an exempt customer. In the absence of any specific knowledge or information indicating that a customer no longer meets the requirements of an exempt person, the Bank is entitled to a safe harbor from civil penalties to the extent it continues to treat that customer as an exempt customer until the date of the customer's annual review. • The Bank has elected to establish exemptions - these exemptions are authorized and monitored in accordance with the applicable regulatory requirements; • The BSA Department has procedures in place for filing requirements and Annual Review of Exemptions; • The BSA Officer monitors the exempt accounts and will file Suspicious Activity Reports ("SARs") with respect to transactions conducted by "exempt persons" if suspicious account activity is detected; • The Bank's external audits review that Bank exemptions were granted in accordance with the regulation and the BSA officer maintains supporting documentation for the exemption. Exemptions The BSA Department will consider only the following as being eligible for "exempt person" status: PHASE I Banks are not required to file CTRs, for transactions by certain classes of "Exempt Persons." Phase I Exempt Persons are defined as: • A department or agency of the United States, to or of any political 'subdivision of any state; • Any entity established under the laws of the United States, of any state, or of any political subdivision of any state, or under an interstate compact between two or more states, that exercises governmental authority on behalf of the United States or any such state or political subdivision; • Any entity (other than a bank) whose common stock or corresponding equity interests are listed on the New York Stock Exchange or American Stock Exchange (except stock listed on the Emerging Company Marketplace of the American Stock Exchange) or whose common stock has been designated as a NASDAQ National Market Security listed on the NASDAQ Stock Market (except stock listed under the separate "NASDAQ Small-Cap Issues' heading); • Any subsidiary, other than a bank, of any entity described above, that is organized under the laws of the United States or of any State and at least 51% of whose common stock is owned by the listed entity; and • Notwithstanding the above, any financial institution, other than a bank, that is an entity described above, to the extent to such financial institution's domestic operations. • Franchisees of listed corporations (or of their subsidiaries) are not included within the definition of exempt person under "Phase I" unless such franchisees are independently exempt as listed corporations or listed corporation subsidiaries. For example, a local corporation that holds a McDonald's franchise is not an exempt person simply because McDonald's Corporation is a listed corporation. A McDonald's outlet owned by McDonald's Corporation directly, on the other hand,
For Training Purposes Only
Page 11
Made with FlippingBook flipbook maker