BSA/AML Examiner Training Series 2
BSA/AML Examiner
Training
Series 2
June 6 -15 , 2023 Live Virtual
@ www.csbs.org � @csbsnews
CONFERENCE OF STATE BANK SUPERVISORS 1 300 I Street NW / Suite 700 / Washington, DC 20 005 / (202) 296-2840
BSA/AML Examiner School – Series 2 Live Virtual June 6-15, 2023
Tuesday, June 6, 2023
Introduction & Pre-Course Review
1:00 pm – 1:45 pm 1:45 pm – 2:30 pm 2:30 pm – 2:45 pm 2:45 pm – 4:00 pm
Core Exam Procedures
Break
Core Exam Procedures
Wednesday, June 7, 2023
Prior Class Review Core Exam Procedures
1:00 pm – 1:15 pm 1:15 pm – 2:30 pm 2:30 pm – 2:45 pm 2:45 pm – 4:00 pm
Break
Core Exam Procedures
Thursday, June 8, 2023
Prior Class Review Core Exam Procedures
1:00 pm – 1:15 pm 1:15 pm – 2:30 pm 2:30 pm – 2:45 pm 2:45 pm – 4:00 pm
Break
Core Exam Procedures
Tuesday, June 13, 2023
BSA Officer Interviews
1:00 pm – 4:00 pm
Wednesday, June 14, 2023
Review Day 3 & 4
1:00 pm – 1:15 pm 1:15 pm – 2:30 pm 2:30 pm – 2:45 pm 2:45 pm – 4:00 pm
Money Transmitters & Prepaid Access
Break
Exam Results
Thursday, June 15, 2023
Final Assessment Emerging Issues
1:00 pm – 1:30 pm 1:30 pm – 2:30 pm 2:30 pm – 2:45 pm 2:45 pm – 4:00 pm
Break
Emerging Issues
Internal Use Only
BSA/AML Examiner School – Series 2 June 6-15, 2023
Internal Use Only
Zoom
Internal Use Only
BSA/AML School Chatbot Text “bsaschool” to (240) 226-1778
• Training Reinforcement • Knowledge check questions • Helpful resources and tips
Internal Use Only
Introductions
NAME
STATE AGENCY
YEARS OF EXAM
FUN FACT ABOUT YOURSELF
SOMETHING YOU HOPE TO LEARN DURING THIS CLASS
EXPERIENCE & WITH BSA
Internal Use Only
Instructor Contact Information
Case Manager Kentucky Department of Financial Institutions Jessica.Southworth@ky.gov Jessica Southworth
Internal Use Only
Instructor Contact Information
Chief Financial Institutions Examiner West Virginia Division of Financial Institutions TMcVey@wvdob.org Tom McVey
Internal Use Only
Go to www.kahoot.it and enter Game PIN provided
Internal Use Only
Session Learning Objectives: 1. Discuss core
Bank Secrecy Act/Anti-Money Laundering concepts
Internal Use Only
Session Learning Objectives: 2. Understand how to assess compliance with statutory and regulatory requirements
Internal Use Only
Session Learning Objectives: 3. Discuss how to evaluate an OFAC compliance program
Internal Use Only
Session Learning Objectives: 4. Apply concepts to exam exercises
Internal Use Only
BSA/AML Compliance Program
Internal Use Only
•Internal Controls •Independent Testing •BSA Compliance Officer •Training BSA/AML Compliance Program
Internal Use Only
Internal Controls
Review of the bank’s written policies, procedures, and processes.
Board of Directors ultimately responsible.
Designed to limit and control risks and to achieve compliance. Commensurate with the size, structure, risks, and complexity of the bank.
Internal Use Only
Internal Controls
Identify banking operations more
Inform the board of deficiencies and of SARs filed.
Identify a person responsible for BSA/AML compliance.
Meet all regulatory recordkeeping and reporting requirements.
Provide for program continuity.
vulnerable to abuse by money launderers and criminals.
Provide sufficient controls and monitoring systems for timely reporting of suspicious activity.
Provide sufficient controls and systems for filing CTRs and CTR exemptions.
Implement risk-based CDD policies, procedures, and processes.
Identify reportable transactions.
Provide for dual controls.
Train employees to be aware of their responsibilities under the BSA regulations and internal policy guidelines.
Incorporate BSA compliance into job descriptions and performance evaluations.
Provide for adequate supervision of employees.
The above list is not designed to be all-inclusive and should be tailored to reflect the bank’s BSA/AML risk profile.
Internal Use Only
Independent Testing
• Conducted by the internal audit department, outside auditors, consultants, or other qualified independent parties. • Conducted generally every 12 to 18 months. • Perform testing for specific compliance with the BSA. • Risk-based and evaluate the quality of risk management. • Cover all of the bank’s activities. • Testing should be reported directly to the Board or Committee.
Internal Use Only
Independent Testing
Appropriate risk-based transaction testing to verify the bank’s adherence to the BSA recordkeeping and reporting requirements.
An evaluation of the overall adequacy and effectiveness of the BSA/AML compliance program
A review of the bank’s risk assessment for reasonableness given the bank’s risk profile.
An evaluation of management’s efforts to resolve violations and deficiencies.
A review of the effectiveness of the suspicious activity monitoring systems.
An assessment of the overall process for identifying and reporting suspicious activity
An assessment of the integrity and accuracy of MIS used in the BSA/AML compliance program
A review of staff training.
Any violations, policy or procedures exceptions, or other deficiencies should be included in an audit report
The board or designated committee and the audit staff should track audit deficiencies and document corrective actions.
All audit documentation and workpapers should be available for examiner review.
Internal Use Only
Compliance Officer
Designated by the bank’s board of directors Responsible for coordinating and monitoring day-to-day BSA/AML compliance. Managing all aspects of the BSA/AML compliance program. May delegate BSA/AML duties to other employees The board of directors is responsible for ensuring that the BSA compliance officer has sufficient authority and resources. Fully knowledgeable of the BSA and all related regulations. Understand the bank’s products, services, customers, entities, and geographic locations, and the potential risks. Pertinent BSA-related information should be reported to the board of directors.
Internal Use Only
Training
Training should include regulatory requirements and the bank’s internal BSA/AML policies, procedures, and processes.
Ensure that appropriate personnel are trained in applicable aspects of the BSA.
The training should be tailored to the person’s specific responsibilities
Training should encompass information related to applicable business lines
The board of directors need to understand the importance of BSA/AML regulatory requirements, the ramifications of noncompliance, and the risks posed to the bank.
Changes to internal policies, procedures, processes, and monitoring systems should also be covered during training.
Training should be ongoing and incorporate current developments.
The BSA compliance officer should receive periodic training.
Banks should document their training programs.
Internal Use Only
CDD Requirements
• Obtaining and analyzing sufficient customer information to understand the nature and purpose of customer relationships for the purpose of developing a customer risk profile; and • Conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information, including information regarding the beneficial owner(s)of legal entity customers.
Internal Use Only
Questions
Internal Use Only
BSA Officer Interviews
Internal Use Only
Session Learning Objectives: 1. Prepare to
conduct effective interviews of the BSA Officer
Internal Use Only
Session Learning Objectives: 2. Identify techniques for BSA Officer meetings
Internal Use Only
Session Learning Objectives: 3. Apply concepts
by interviewing and evaluating the BSA Officer
Internal Use Only
BSA Officer Interviews
Internal Use Only
BSA Officer Interviews
Internal Use Only
BSA Officer Interviews • Assess whether the individual is competent • knowledge of BSA & related regulation • implementation of the compliance program • Does the individual have appropriate authority, independence & access to resources (staffing & systems)? • Ask questions about exam materials
Internal Use Only
BSA Officer Interviews
Internal Use Only
BSA Officer Interviews
Internal Use Only
1. Preparedness 2. Control of discussion 3. Confidence 4. Focus on the most important issues 5. Organization BSA Officer Interviews
6. Follow up questions 7. Minimize distractions
8. Etiquette for effective web meetings 9. Consideration for time constraints 10.Close the meeting
Internal Use Only
Assignment
Internal Use Only
Questions
Internal Use Only
Money Transmitters & Prepaid Access
Internal Use Only
Session Learning Objectives: 1. Understand how to
assess systems managing risks related to money transmitters & prepaid access
Internal Use Only
Session Learning Objectives: 2. Understand how to formulate conclusions about the BSA/AML compliance program
Internal Use Only
Session Learning Objectives: 4. Apply concepts to exam exercises
Internal Use Only
Money Transmitters & Prepaid Access
Internal Use Only
Money Services Businesses (MSB) Definition Doing business in one or more of the following:
Internal Use Only
Money Services Businesses (MSB)
Definition Doing business in one or more of the following: • Money Transmitter
Internal Use Only
Money Services Businesses (MSB) Definition Doing business in one or more of the following: • Money Transmitter • IVTS
Internal Use Only
Money Services Businesses (MSB) Definition Doing business in one or
more of the following: • Money Transmitter • IVTS • Currency dealer/exchanger
Internal Use Only
Money Services Businesses (MSB) Definition Doing business in one or more of the following: • Money Transmitter • IVTS • Currency dealer/exchanger • Check casher
Internal Use Only
Money Services Businesses (MSB) Definition Doing business in one or more of the following: • Money Transmitter • IVTS • Currency dealer/exchanger • Check casher • Issuer/seller of monetary instruments or prepaid access
Internal Use Only
Money Services Businesses (MSB) Definition Doing business in one or more of the following: • Money Transmitter • IVTS • Currency dealer/exchanger • Check casher • Issuer/seller of monetary instruments or prepaid access • U.S. Postal Service
Internal Use Only
Money Services Businesses (MSB) Thresholds
>$1,000 for any person on any day in currency, monetary or other instruments: • Foreign exchange dealers • Check cashers • Issuer/seller of monetary instruments
Internal Use Only
Money Services Businesses (MSB)
Thresholds >$10,000 to any person during one day without policies and procedures to prevent such a sale: • Seller of prepaid access
Internal Use Only
Money Services Businesses (MSB) Money Transmitting Occurs when funds are
transferred on behalf of the public by any and all means, including, but not limited to, transfers within the United States or to locations abroad by wire, check, draft, facsimile, or courier.
Internal Use Only
Money Services Businesses (MSB)
Money Transmitting • FinCEN Registration Requirement
Internal Use Only
Money Services Businesses (MSB)
Money Transmitting • Unlicensed activity
Internal Use Only
Money Services Businesses (MSB)
Money Transmitting • No activity threshold
Internal Use Only
Money Services Businesses (MSB) Exceptions
Internal Use Only
Money Services Businesses (MSB)
Exceptions • Bank
Internal Use Only
Money Services Businesses (MSB)
Exceptions • SEC/CFTC regulated
Internal Use Only
Money Services Businesses (MSB)
Exceptions • Regulatory
oversight already in place
Internal Use Only
Money Services Businesses (MSB)
Internal Use Only
Money Services Businesses (MSB) Examinations • IRS
Internal Use Only
Money Services Businesses (MSB) Examinations • States
Internal Use Only
Money Services Businesses (MSB) Examination Materials • Fincen.gov/msb examination-materials
Internal Use Only
Money Services Businesses (MSB)
Internal Use Only
Money Transmitters
Basic Business Model:
Money Transmitter
Sender
Recipient
Internal Use Only
Money Transmitters
Business Model – Agent Included:
Money Transmitter
Branch or Agent
Sender
Receiving Agent
Recipient
Internal Use Only
MSB BSA Requirements
Internal Use Only
MSB BSA Requirements
FinCEN Registration: • Initial 180 days after established or money transmission began
Internal Use Only
MSB BSA Requirements
FinCEN Registration: • Renew every 2 years
Internal Use Only
MSB BSA Requirements
FinCEN Registration: • Re-registration requirements • Ownership or control changes • Transfer of voting power • Increase in agents • Within 180 days of change
Internal Use Only
MSB BSA Requirements
AML Program: • Internal Controls • Individual Responsible • Training • Independent Review
(look familiar?)
Internal Use Only
MSB BSA Requirements
Reporting - CTRs • Currency transactions >$10,000
Internal Use Only
MSB BSA Requirements
Reporting - CTRs • 15 days after
transaction date
Internal Use Only
MSB BSA Requirements
Reporting - SARs • Involves at least $2,000
Internal Use Only
MSB BSA Requirements
Reporting - SARs • MT knows or suspects no
business/lawful purpose
Internal Use Only
MSB BSA Requirements
Reporting - SARs • 30 days after initial detection
Internal Use Only
MSB BSA Requirements
Reporting - SARs • Issuers of
money orders or traveler’s checks
Internal Use Only
MSB BSA Requirements
Reporting - Other
• Report of International Transportation of Currency or Monetary Instruments (CMIRs) • Report of Foreign Bank and Financial Accounts (FBARs)
Internal Use Only
MSB BSA Requirements
• Guidance • Risk Considerations • Recordkeeping • Law Enforcement Requests
Internal Use Only
MSB BSA Requirements
• Guidance • Risk Considerations • Recordkeeping • Law Enforcement Requests
Internal Use Only
MSB BSA Requirements
• Guidance • Risk Considerations • Recordkeeping • Law Enforcement Requests
Internal Use Only
MSB BSA Requirements
• Guidance • Risk Considerations • Recordkeeping • Law Enforcement Requests
Internal Use Only
Prepaid Access • Definition • Open Loop • Closed Loop
Internal Use Only
Prepaid Access • Definition • Open Loop • Closed Loop
Internal Use Only
Prepaid Access • Definition • Open Loop • Closed Loop
Internal Use Only
Bank Exam Procedures
Internal Use Only
Bank Exam Procedures
Internal Use Only
Bank Exam Procedures
Internal Use Only
Bank Exam Procedures
Internal Use Only
Exercise
Internal Use Only
Questions
Internal Use Only
Exam Results
Internal Use Only
Session Learning Objectives: 1. Discuss developing a supervisory response & communicating findings
Internal Use Only
Session Learning Objectives: 2. Apply concepts to exam exercises
Internal Use Only
Exam Results
Internal Use Only
Exam Results
Assess adequacy of the bank’s BSA/AML compliance program.
Internal Use Only
Exam Results
Internal Use Only
Exam Results
Internal Use Only
Exam Results
The examiner should:
• Develop and document conclusions about the BSA/AML compliance program’s adequacy. • Discuss preliminary conclusions with EIC and bank management. • Present these conclusions in a written format for inclusion in the report of examination (ROE). • Determine and document what regulatory response, if any, is appropriate. • Evaluate the thoroughness and reliability of any risk assessment conducted by the bank.
Internal Use Only
Exam Results Reach a preliminary conclusion as to whether the following requirements are met: • The BSA/AML compliance program is effectively monitored and supervised in relation to the bank’s risk profile. • The BSA/AML compliance program is effective in mitigating the bank’s overall risk. • The board of directors and senior management are aware of BSA/AML regulatory requirements.
Internal Use Only
Exam Results
•BSA/AML policies, procedures, and processes • Internal controls • Independent testing
Internal Use Only
Exam Results • The designated person responsible for coordinating and monitoring day-to-day compliance is competent and has the necessary resources. • Personnel are sufficiently trained to adhere to legal, regulatory, and policy requirements. • Information and communication policies, procedures, and processes are adequate and accurate. • All relevant determinations should be documented and explained.
Internal Use Only
Exam Results
Management has not assessed, or has not accurately assessed, the bank’s BSA/AML risks.
Management is unaware of relevant issues.
Management is unwilling to create or enhance policies, procedures, and processes.
Management or employees disregard established policies, procedures, and processes.
Management or employees are unaware of or misunderstand regulatory requirements, policies, procedures, or processes.
Higher-risk operations (products, services, customers, entities, and geographic locations) have grown faster than the capabilities of the BSA/AML compliance program.
Changes in internal policies, procedures, and processes are poorly communicated.
Internal Use Only
Exam Results
Internal Use Only
Exam Results Document workpapers appropriately with the following information: • A conclusion regarding the adequacy of the BSA/AML compliance program • Whether it meets all the regulatory requirements by providing the following: • A system of internal controls
• Independent testing for compliance • A specific person to coordinate and monitor the BSA/AML compliance program • Training of appropriate personnel • The CDD Rule
Internal Use Only
Exam Results In some cases, the appropriate regulatory response will include the citation of a regulatory violation.
Internal Use Only
Exam Results
In appropriate circumstances, an agency may take either informal or formal enforcement actions to address violations of the BSA requirements.
Internal Use Only
Exam Results Isolated or technical violations are limited instances of noncompliance with the BSA that occur within an otherwise adequate system of policies, procedures, and processes.
Internal Use Only
Exercise
Internal Use Only
Questions
Internal Use Only
Emerging Issues
Internal Use Only
Session Learning Objectives: 1. Discuss current issues relevant to BSA/AML
Internal Use Only
Emerging Issues
• Cryptocurrency • FinCEN Priorities • CRBs • Human Trafficking
Internal Use Only
FinCEN Priorities
Internal Use Only
Cannabis-Related Businesses (CRBs)
Terminology: • Cannabis • Marijuana • Hemp
• THC • CBD
Internal Use Only
Cannabis-Related Businesses (CRBs)
https://disa.com/map-of-marijuana-legality-by-state
Internal Use Only
Cannabis-Related Businesses (CRBs)
Internal Use Only
Cannabis-Related Businesses (CRBs)
Internal Use Only
Cannabis-Related Businesses (CRBs)
Internal Use Only
Cannabis-Related Businesses (CRBs)
Internal Use Only
Human Trafficking in Financial Accounts
Internal Use Only
https://traffickingresourcecenter.org/
Internal Use Only
Questions
Internal Use Only
BSA/AML School Chatbot Text “bsaschool” to (240) 226-1778
• Training Reinforcement • Knowledge check questions • Helpful resources and tips
Federal Reserve - VIOLATION CODE QUICK REFERENCE GUIDE BSA / Financial Recordkeeping Version 1 (May 2023) Code Violation Description Code Violation Description BSA Compliance Program-12 CFR Part 208.63 Reg H CDD Rule / Beneficial Ownership - 31 CFR 80000 Failure to develop or implement adequate BSA Compliance Program 208.63(a) 77000 Failure to establish and maintain written procedures to identify and verify beneficial owners of legal entity customers 1010.230(a) 80001 Failure to have adequate written Board approved BSA Compliance Program 208.63(b)(1) 77001 Failure to identify beneficial owners of legal entity customers at account opening 1010.230(b)(1) 80002 Failure to implement a Customer Identification Program 208.63(b)(2) 77002 Failure to verify the identity of beneficial owners of legal entity customers 1010.230(b)(2) 80003 Inadequate system of internal controls for BSA compliance 208.63(c)(1) 78000 Failure to establish procedures to understand the nature and purpose of customer relationships 1020.210(a)(2)(v)(A) 80004 Lack of independent testing of BSA Compliance 208.63(c)(2) 78001 Failure to establish procedures to ID/report suspicious transactions, maintain, update customer info 1020.210(a)(2)(v)(B) 80005 Failure to designate individual(s) responsible for BSA compliance 208.63(c)(3) Customer Identification Program - 31 CFR Chapter X 80006 Failure to provide adequate BSA training 208.63(c)(4) 72000 Failure to implement a written Customer Identification Program 1020.220(a)(1) Suspicious Activity Reports- 12 CFR Part 208.62 Reg H 72001 Failure of Customer Identification Program to specify what identifying information will be obtained 1020.220(a)(2)(i)(A) 81000 Failure to file SAR for funds derived from illegal activities 208.62(c)(4)(i) 72002 Failure to obtain minimum information prior to account opening 1020.220(a)(2)(i)(A)(1) through (4) 81001 Failure to file SAR for transactions designed to evade BSA regulations 208.62(c)(4)(ii) 72003 Failure to properly address situations where TIN is not obtained 1020.220(a)(2)(i)(B) 81002 Failure to file SAR for transactions with no business or apparent lawful purpose 208.62(c)(4)(iii) 72004 Failure of Customer Identification Program to contain procedures for verifying customer identity 1020.220(a)(2)(ii) 81003 Failure to file a timely SAR 208.62(d) 72005 Failure of Customer Identification Program to contain procedures setting forth documents that will be used 1020.220(a)(2)(ii)(A) 81004 Failure to maintain copies of SARs filed and supporting docs 208.62(g) 72006 Failure of Customer Identification Program to contain procedures that describe non-documentary methods used 1020.220(a)(2)(ii)(B) 81005 Failure to notify Board of SARs filed 208.62(h) 72007 Failure of non-documentary procedures to address certain situations 1020.220(a)(2)(ii)(B)(2) 81006 Failure to maintain confidentiality of SARs 208.62(j) 72008 Customer Identification Program does not address when to obtain information about account authority or control 1020.220(a)(2)(ii)(C) 81007 Failure to file SAR in accordance with form’s instructions 208.62(i) 72009 Failure of Customer Identification Program to include procedures when customer’s identity is unknown 1020.220(a)(2)(iii) 81008 Failure to file SAR for insider abuse involving any amount 208.62(c)(1) 72010 Failure of Customer Identification Program to include recordkeeping procedures 1020.220(a)(3) 81010 Failure to file SAR for transactions aggregating $5,000 or more where a suspect can be identified 208.62(c)(2) 72011 Failure to keep minimum records required under Section 1020.220 1020.220(a)(3)(i)(A) through (D) 81011 Failure to file SAR for transactions aggregating $25,000 or more regardless of potential suspects 208.62(c)(3) 72012 Failure to keep CIP records for the required timeframes 1020.220(a)(3)(ii) Program Violation – any citation of this code may include a formal or informal action/order as per Federal Reserve Act Pillar Violation – any repeat citation of this code may include a formal or informal action/order as per Federal Reserve Act FinCEN 5 th Pillar – these codes together comprise the fifth pillar of BSA compliance programs under FinCEN regulations 72013 Failure of Customer Identification Program to include procedures for determining if customer is on terrorist list 1020.220(a)(4) 72014 Failure of Customer Identification Program to include procedures for providing adequate notice to customers 1020.220(a)(5)(i) 72015 Failure to meet certain conditions if relying on another institution to perform Customer Identification Program 1020.220(a)(6)
Code
Violation Description
Code
Violation Description
66002 Failure to retain records for funds transfers of $3M or more
Section 314(a) - 31 CFR Chapter X
1020.410(a)(1)(i)
70000 Failure to search records
66004 Failure to retain payment orders of $3M or more as beneficiary’s financial institution. 1020.410(a)(1)(iii) 66005 Failure to obtain required information for transfers of $3M or more by non-customer originators 1020.410(a)(2)(i) and (ii) 66006 Failure to retain additional information on non-customer beneficiaries of payments of $3M or more 1020.410(a)(3)(i) and (ii) 66007 Failure to retain funds transfer originator information by name and account number 1020.410(a)(4) 66008 Failure to retain funds transfer beneficiary information by name and account number 1020.410(a)(4) 66009 Failure to verify identity using acceptable identification documents 1020.410(a)(5) 66010 Failure to include information on funds transfer transmittal orders of $3M or more 1010.410(f)(1) 67000 Failure to obtain TIN or keep list of customers with missing TIN 1020.410(b)(1) 67001 Failure to maintain account signature authority documents 67002 Failure to maintain record of each transaction on each deposit account 1020.410(c)(2) 67003 Failure to maintain each item over $100 charged to a deposit account 1020.410(c)(4) 67004 Failure to maintain record of each item and transactions over $10M remitted or transferred outside the U.S. 1020.410(c)(5) and (6) 67005 Failure to retain record of check or draft over $10M issued by a foreign financial institution 1020.410(c)(7) 67006 Failure to maintain each item and transaction over $10M received in foreign exchange outside the U.S. 1020.410(c)(8) and (9) 67007 Failure to retain certain records to reconstruct demand deposit account for five years 1020.410(c)(10) 67008 Failure to maintain transaction and customer information of CD purchases 1020.410(c)(11) 67009 Failure to maintain information on customer presenting CD for payment 1020.410(c)(12) 67010 Failure to retain deposit / credit ticket over $100 for electronic deposits 1020.410(c)(13) 1020.410(c)(1)
1010.520(b)(3)(i)
70001 Failure to report to FinCEN accounts or transactions
1010.520(b)(3)(ii)
70002 Failure to designate contact person or provide contact information 70003 Using or disclosing information for purposes other than those allowed 1010.520(b)(3)(iv)(A) and (B) 70004 Lack of adequate procedures to protect security and confidentiality of information 1010.520(b)(3)(iv)(C) 1010.520(b)(3)(iii) 60000 Failure to file CTR for non-exempted transactions over $10M 1020.311 60001 Failure to treat multiple transactions over $10M as a single transaction 1020.313 60005 Failure to perform annual review of exempt person 60006 Failure to document monitoring of exempt person transactions 1020.315(e)(1) 60007 Failure to file CTR for transactions of an agent of an exempt person 1020.315(f) 1020.315(d) 64000 Failure to follow ID procedures or failure to record ID method 1020.312 65000 Failure to maintain records on sales of monetary instruments between $3M and $10M 1010.415(a) 65001 Failure to aggregate multiple monetary instrument purchases 1010.415(b) 65002 Failure to retain records of cash purchases of monetary instruments for five years 1010.415(c) 66000 Failure to retain records of loans over $10M 66001 Failure to retain instructions of transactions over $10M sent outside the U.S. 1010.410 (b) and (c) 1010.410(a) Financial Recordkeeping - 31 CFR Chapter X 63000 Untimely filing of CTR 1010.306(a)(1) 63001 Failure to furnish information required in CTR 1010.306(d) 63002 Failure to retain CTR for five years 1010.306(a)(2)
67011 Failure to maintain check items over $100
1020.410(c)(3)
68000 Failure to retain required records for five years
1010.430(d)
Sections 208.62 and 208.63 are found in Title 12 CFR Chapter II Subchapter A Part 208 (Regulation H of the Federal Reserve Act) Sections 1010 and 1020 are found in Title 31 Chapter X - Financial Crimes Enforcement Network (Section 10XX.xxx of the Treasury Department’s Bank Secrecy Act regulations)
For State Examiners Federal Reserve Bank SecrecyAct Violation Codes with summaries for BSA exam data entry form using vision drop-down menu 31 CFR Chapter X – Financial Crimes Enforcement Network
Code 60,000
Failure to file CTR for non-exempted transactions over $10M Section 1020.311 of the Treasury Department’s Bank Secrecy Act regulations requires a covered financial institution to file a Currency Transaction Report (FinCEN Form 111) for each applicable transaction not otherwise eligible for exemption. Failure to treat multiple transactions totaling over $10M as a single transaction Section 1020.313 of the Treasury Department’s Bank Secrecy Act regulations requires a covered financial institution to treat multiple transactions as a single transaction if the covered financial institution has knowledge that the transactions are by or on behalf of any person and result in either cash in or cash out totaling more than $10,000 during any one business day. Deposits made at night or over a weekend or holiday shall be treated as if received on the next business day following the deposit. Improper designation of exempt person Section 1020.315(a) through (k) of the Treasury Department’s Bank Secrecy Act regulations allows covered financial institutions to exempt certain customers from the currency transaction reporting requirements provided those customers meet the criteria specified in Section 1020.315(b). Failure to file designation of exempt person form Section 1020.315(c)(1) of the Treasury Department’s Bank Secrecy Act regulations requires a covered financial institution to designate an exempt person by filing FinCEN Form 110. Such designation must occur by the close of the 30-calendar day period beginning after the day of the first reportable transaction in currency with that person sought to be exempted from reporting. Failure to properly exempt a domestic insured financial institution Section 1020.315(c)(2) of the Treasury Department’s Bank Secrecy Act regulations requires that when a covered financial institution designates another insured financial institution as an exempt person, the covered financial institution make the filing required by paragraph (c)(1) of this Section. Failure to perform annual review of exempt person Section 1020.315(d) of the Treasury Department’s Bank Secrecy Act regulations requires a covered financial institution to review and verify at least once a year the information supporting each designation of an exempt person. To ensure each person remains eligible for exempt status, this Section further requires application of a monitoring system as prescribed in Section 1020.315(h)(2).
60,001
60,002
60,003
60,004
60,005
Revised 5/26/2021
2
31 CFR Chapter X – Financial Crimes Enforcement Network (Continued)
Code
Failure to document monitoring of exempt person transactions Section 1020.315(e)(1) of the Treasury Department’s Bank Secrecy Act regulations requires that a covered financial institution must take steps to assure itself that a person is an exempt person, to document the basis for its conclusions, and document its compliance using measures that a reasonable and prudent financial institution would take to protect itself from loan or other fraud or loss based on the misidentification of a person’s status. In the case of the monitoring system, a covered financial institution should document that it has taken prudent steps to identify suspicious transactions. Failure to file CTR for transactions of an agent of an exempt person Section 1020.315(f) of the Treasury Department’s Bank Secrecy Act regulations states that a transaction carried out by an exempt person as an agent for another person who is the beneficial owner of the funds that are the subject of a transaction in currency is not subject to the exemption from reporting contained in Section 1020.315(a). Failure to file CMIR for international transactions over $10M Section 1010.340(a) and (b) of the Treasury Department’s Bank Secrecy Act regulations requires a covered financial institution to file a Report of International Transportation of Currency or Monetary Instruments (FinCEN Form 105) for each applicable transaction. Failure to report foreign financial accounts Section 1010.350 of the Treasury Department’s Bank Secrecy Act regulations requires a covered financial institution to properly report with respect to each account in a foreign country over which the covered financial institution has signature authority or in which it has a financial interest. Untimely filing of CTR Section 1010.306(a)(1) of the Treasury Department’s Bank Secrecy Act regulations requires a covered financial institution to file a Currency Transaction Report (FinCEN Form 104) within the prescribed time period. Failure to furnish information required in CTR Section 1010.306(d) of the Treasury Department’s Bank Secrecy Act regulations requires a covered financial institution to furnish all information called for in Currency Transaction Reports (FinCEN Form 104) filed. Failure to retain CTR for five years Section 1010.306(a)(2) of the Treasury Department’s Bank Secrecy Act regulations requires a covered financial institution to retain a copy of each Currency Transaction Report (FinCEN Form 112) filed for a period of 5 years from the date of the report.
60,006
60,007
61,000
62,000
63,000
63,001
63,002
Revised 5/3/2023
3
31 CFR Chapter X – Financial Crimes Enforcement Network (Continued)
Code
Failure to follow identification procedures or failure to record identification method Section 1020.312 of the Treasury Department’s Bank Secrecy Act regulations requires a covered financial institution to follow the prescribed identification procedures with respect to any transaction for which a report is required under Section 1020.311, 1020.313, and 1020.315, and to record on the report (FinCEN Form 112) the method used in verifying the identity of the customer. Failure to maintain records on sales of monetary instruments between $3M and $10M Section 1010.415(a) of the Treasury Department’s Bank Secrecy Act regulations states that no covered financial institution may issue or sell a bank check or draft, cashier’s check, money order or traveler’s check for $3,000 or more in currency unless it obtains and maintains records containing specified information concerning the purchaser for the issuance or sale of one or more of these instruments to any individual purchaser which involves currency in amounts of $3,000 to $10,000, inclusive. Failure to aggregate multiple monetary instrument purchases Section 1010.415(b) of the Treasury Department’s Bank Secrecy Act regulations requires a covered financial institution to treat contemporaneous purchases of the same or different instruments totaling $3,000 or more in cash as one purchase. Multiple purchases during one business day totaling $3,000 or more must be treated as one purchase if an individual employee, director, officer, or partner of the covered financial institution has knowledge that these purchases have occurred. Failure to retain records of cash purchases of monetary instruments for five years Section 1010.415(c) of the Treasury Department’s Bank Secrecy Act regulations requires a covered financial institution to retain for five years required records relating to cash purchases of monetary instruments in amounts of $3,000 to $10,000, inclusive, and to make those records available to the Secretary of the Treasury, at any time, upon request. Failure to retain records of loans over $10M Section 1010.410(a) of the Treasury Department’s Bank Secrecy Act regulations requires a covered financial institution to retain a record of each extension of credit over $10,000, including the name and address of the borrower and the amount, date, and nature or purpose of the loan. Failure to retain instructions of transactions over $10M sent outside the U.S. Section 1010.410(b) and (c) of the Treasury Department’s Bank Secrecy Act regulations requires a covered financial institution to retain a record of each instruction given or received regarding a remittance or transfer of funds, currency, or other monetary instruments of more than $10,000 sent outside of the U.S.
64,000
65,000
65,001
65,002
66,000
66,001
Revised 5/3/2023
4
31 CFR Chapter X – Financial Crimes Enforcement Network (Continued)
Code
Failure to retain records for funds transfers of $3M or more Section 1020.410(a)(1)(i) of the Treasury Department’s Bank Secrecy Act regulations requires that for each funds transfer of $3,000 or more, a covered financial institution must retain a record of the name and address of the originator, the amount of the funds transfer, the date of the funds transfer, any payment instructions received from the originator with the payment order, the identity of the beneficiary’s financial institution, and if received with the payment order, the name and address of the beneficiary, the account number of the beneficiary, and any other specific identifier of the beneficiary. Failure to retain records as intermediary of funds transfers of $3M or more Section 1020.410(a)(1)(ii) of the Treasury Department’s Bank Secrecy Act regulations requires each covered financial institution acting as an intermediary in a funds transfer of $3,000 or more to retain either the original or a microfilm, other copy, or electronic record of the payment order. Failure to retain payment orders of $3M or more as beneficiary's financial institution Section 1020.410(a)(1)(iii) of the Treasury Department’s Bank Secrecy Act regulations requires each financial institution to retain either the original or a microfilm, other copy, or electronic record of each payment order of $3,000 or more that it accepts as a beneficiary’s financial institution. Failure to obtain required information for transfers of $3M or more by non- customer originators Section 1020.410(a)(2)(i) and (ii) of the Treasury Department’s Bank Secrecy Act regulations requires additional information for funds transfers of $3,000 or more when the originator does not have an established relationship with the covered financial institution. Failure to retain additional information on non-customer beneficiaries of payments of $3M or more Section 1020.410(a)(3)(i) and (ii) of the Treasury Department’s Bank Secrecy Act regulations requires information in addition to that found in Section 1020.410(a)(1)(iii) for payment orders of $3,000 or more received for a beneficiary that does not have an established relationship with the covered financial institution. Failure to retain funds transfer originator information by name and account number Section 1020.410(a)(4) of the Treasury Department’s Bank Secrecy Act regulations requires that a covered financial institution retain information for originators retrievable by reference to the name of the originator, and if the originator is an established customer with an account used to transfer funds, the information also must be retrievable by account number.
66,002
66,003
66,004
66,005
66,006
66,007
Revised 5/3/2023
5
31 CFR Chapter X – Financial Crimes Enforcement Network (Continued)
Code
Failure to retain additional information on non-customer beneficiaries of payments of $3M or more Section 1020.410(a)(3)(i) and (ii) of the Treasury Department’s Bank Secrecy Act regulations requires information in addition to that found in Section 1020.410(a)(1)(iii) for payment orders of $3,000 or more received for a beneficiary that does not have an established relationship with the covered financial institution. Failure to retain funds transfer originator information by name and account number Section 1020.410(a)(4) of the Treasury Department’s Bank Secrecy Act regulations requires that a covered financial institution retain information for originators retrievable by reference to the name of the originator, and if the originator is an established customer with an account used to transfer funds, the information also must be retrievable by account number. Failure to retain funds transfer beneficiary information by name and account number Section 1020.410(a)(4) of the Treasury Department’s Bank Secrecy Act regulations requires each covered financial institution to retain beneficiary information so that it is retrievable by reference to the name of the beneficiary. If the beneficiary also is an established customer of the covered financial institution and has an account used for funds transfers, the beneficiary information must also be retrievable by account number. Failure to verify identity using acceptable identification documents Section 1020.410(a)(5) of the Treasury Department’s Bank Secrecy Act regulations requires that where verification is required under paragraphs (a)(2) and (a)(3) of the Section, a covered financial institution shall verify a person's identity by examination of a document (other than an account signature card), preferably one that contains the person’s name, address, and photograph, that is normally acceptable by financial institutions as a means of identification when cashing checks for persons other than established customers. Failure to include information on funds transfer transmittal orders of $3M or more Section 1010.410(f)(1) of the Treasury Department’s Bank Secrecy Act regulations requires that each covered financial institution include specific information in the transmittal order for funds transfers of $3,000 or more. As intermediary failure to relay transmittal order information to next receiving financial institution Section 1010.410(f)(2) of the Treasury Department’s Bank Secrecy Act regulations requires each receiving covered financial institution acting as an intermediary to include in the transmittal order for transmittals of funds of $3,000 or more certain information to the next receiving financial institution.
66,006
66,007
66,008
66,009
66,010
66,011
Revised 5/3/2023
6
31 CFR Chapter X – Financial Crimes Enforcement Network (Continued)
Code
Failure to obtain TIN or keep list of customers with missing TIN Section 1020.410(b)(1) of the Treasury Department’s Bank Secrecy Act regulations requires a covered financial institution to make a reasonable effort to obtain taxpayer identification numbers for accounts as required and to keep a list of customers from whom the covered financial institution has been unable to obtain a taxpayer identification number. Failure to maintain account signature authority documents Section 1020.410(c)(1) of the Treasury Department’s Bank Secrecy Act regulations requires a covered financial institution to maintain an original or copy of each document granting signature authority over accounts. Failure to maintain record of each transaction on each deposit account Section 1020.410(c)(2) of the Treasury Department’s Bank Secrecy Act regulations requires a covered financial institution to maintain an original or copy of each statement, ledger card, or other record on each deposit account showing each transaction made with respect to that account. Failure to maintain each item over $100 charged to a deposit account Section 1020.410(c)(4) of the Treasury Department’s Bank Secrecy Act regulations requires a covered financial institution to maintain the original or a copy of each item over $100 charged to a deposit account, unless excepted. Failure to maintain record of each item and transactions over $10M remitted or transferred outside the U.S. Sections 1020.410(c)(5) and (6) of the Treasury Department’s Bank Secrecy Act regulations require a covered financial institution to maintain a copy of each item as well as a record of each transaction of more than $10,000 remitted or transferred outside the U.S. Failure to retain record of check or draft over $10M issued by a foreign financial institution Section 1020.410(c)(7) of the Treasury Department’s Bank Secrecy Act regulations requires a covered financial institution to retain a record of each check or draft in an amount in excess of $10,000 drawn on or issued by a foreign financial institution which the covered financial institution has paid. Failure to maintain each item and transaction over $10M received in foreign exchange outside the U.S. Sections 1020.410(c)(8) and (9) of the Treasury Department’s Bank Secrecy Act regulations requires a covered financial institution to retain a copy of each item as well as a record of each transaction of more than $10,000 received directly from a financial institution, broker, or dealer in foreign exchange outside the U.S.
67,000
67,001
67,002
67,003
67,004
67,005
67,006
Revised 5/3/2023
7
31 CFR Chapter X – Financial Crimes Enforcement Network (Continued)
Code
Failure to retain certain records to reconstruct demand deposit account for five years Section 1020.410(c)(10) of the Treasury Department’s Bank Secrecy Act regulations requires a covered financial institution to retain for five years certain other records relating to demand deposit accounts sufficient to reconstruct a demand deposit account, trace a check, or supply a description of a deposited check. Failure to maintain transaction and customer information of purchases of CDs Section 1020.410(c)(11) of the Treasury Department’s Bank Secrecy Act regulations requires a covered financial institution to maintain a record of the purchaser of each certificate of deposit which includes the purchaser’s name, address, and taxpayer identification number, a description of the instrument, notation of the method of payment, and the date of the transaction. Failure to maintain information on customer presenting CD for payment Section 1020.410(c)(12) of the Treasury Department’s Bank Secrecy Act regulations requires a covered financial institution to maintain a record of the name, address, and taxpayer identification number, if available, of any person presenting a certificate of deposit for payment, as well as a description of the instrument and date of the transaction. Failure to retain deposit/credit ticket over $100 for electronic deposits Section 1020.410(c)(13) of the Treasury Department’s Bank Secrecy Act regulations requires a covered financial institution to maintain a deposit slip or credit ticket reflecting a transaction in excess of $100 or the equivalent record for each direct deposit or wire transfer deposit and to record on the slip or ticket the amount of any currency involved. Failure to maintain check items over $100 Section 1020.410(c)(3) of the Treasury Department’s Bank Secrecy Act regulations requires a covered financial institution to maintain the original or a copy of each check, draft, or money order over $100 drawn on the bank or issued and payable by the bank. Failure to retain required records for five years Section 1010.430(d) of the Treasury Department’s Bank Secrecy Act regulations requires a covered financial institution to retain required records for a period of five years. Failure to search records Section 1010.520(b)(3)(i) of the Treasury Department’s Bank Secrecy Act regulations requires a covered financial institution to search specific records as defined by this Section upon receiving a request from the Financial Crimes Enforcement Network.
67,007
67,008
67,009
67,010
67,011
68,000
70,000
Revised 5/3/2023
8
31 CFR Chapter X – Financial Crimes Enforcement Network (Continued)
Code
Failure to report to FinCEN accounts or transactions Section 1010.520(b)(3)(ii) of the Treasury Department’s Bank Secrecy Act regulations requires a covered financial institution to report to the Financial Crimes Enforcement Network (FinCEN) information specified in this Section if the insured financial institution identifies an account or transaction identified with any individual, entity, or organization named in a request from FinCEN. Failure to designate contact person or provide contact information Section 1010.520(b)(3)(iii) of the Treasury Department’s Bank Secrecy Act regulations requires a covered financial institution to designate one person to be the point of contact upon receiving an information request from the Financial Crimes Enforcement Network (FinCEN), and for receiving similar information requests from FinCEN in the future. A covered financial institution is also required to provide FinCEN with the name, title, mailing address, e-mail address, telephone number, and facsimile number of such person when requested by FinCEN. This Section further requires that a covered financial institution must notify FinCEN of any changes to contact information. Using or disclosing information for purposes other than those allowed Section 1010.520(b)(3)(iv)(A) and (B) of the Treasury Department’s Bank Secrecy Act regulations prohibits a covered financial institution from using or disclosing information provided by the Financial Crimes Enforcement Network for purposes other than those allowed by this Section. Lack of adequate procedures to protect security and confidentiality of information Section 1010.520(b)(3)(iv)(C) of the Treasury Department’s Bank Secrecy Act regulations requires a covered financial institution to maintain adequate procedures to protect the security and confidentiality of information requests from the Financial Crimes Enforcement Network under this Section. Failure to submit notice to FinCEN to share information Section 1010.540(b)(2) of the Treasury Department’s Bank Secrecy Act regulations requires a covered financial institution or an association of financial institutions that intends to share information as described in paragraph (b)(1) of this Section, to submit a notice to the Financial Crimes Enforcement Network. This Section further requires a new notice to be submitted in order to continue engaging in the sharing of information after the end of a one-year period. Failure to verify that another financial institution has submitted notice to FinCEN Section 1010.540(b)(3) of the Treasury Department’s Bank Secrecy Act regulations requires that prior to sharing information as described in (b)(1) of this Section, a covered financial institution or an association of financial institutions must take reasonable steps to verify that the other financial institution or association of financial institutions, with which it intends to share information, has filed a notice with the Financial Crimes Enforcement Network.
70,001
70,002
70,003
70,004
71,000
71,001
Revised 5/3/2023
9
Made with FlippingBook Digital Publishing Software