Asset Management and Investment Funds Alert
On 15 September 2020, the Financial Crimes Enforcement Network issued final rules to expand the anti-money laundering (AML) obligations of certain banks, trust companies, and credit unions under the Bank Secrecy Act (BSA). These amendments will be particularly important to banks, private banks, credit unions, and trust companies that lack a “Federal functional regulator” (Non-FFR institutions). (The federal functional regulators are the Office of the Comptroller of the Currency, FDIC, Board of Governors of the Federal Reserve System, and the Securities and Exchange Commission.)
Prior to these new rules, these Non-FFR institutions had relatively limited AML obligations under BSA regulations as compared to most banks and savings associations. They were required to file currency transaction reports for many transactions in currency exceeding $10,000, file suspicious activity reports, and make and maintain certain records. Credit unions, private banks, and trust companies also were required to perform formal customer identification procedures (CIP) for all customers, even if they did not have a federal functional regulator, but other banks lacking a Federal functional regulator were not subject to a CIP requirement.
Under the new rules, all banks that are Non-FFR institutions, including but not limited to private banks, non-federally insured credit unions, and trust companies, will now be subject to essentially the same rules as apply to any FDIC-insured depository institution. Of most importance, they will be required to establish and maintain a written AML program that is approved by the institution’s board of directors or, if the institution does not have a board of directors, an equivalent governing body within the institution. Each AML program must include the “Five Pillars” of an appropriate AML program:
-
a system of internal controls designed to ensure ongoing compliance with the BSA;
-
periodic independent compliance testing by the institution or an outside party;
-
the designation of a qualified AML officer who is responsible for coordinating and monitoring day-to-day BSA compliance;
-
training for appropriate personnel; and
-
appropriate risk-based procedures for conducting ongoing customer due diligence, which must include, among other things, ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information regarding the beneficial owners of legal entity customers.
The requirement to verify the identity of the “beneficial owners” of legal entity customers will mean that the institution would need to determine who its “legal entity” customers are, what types of businesses are excluded from that definition, and who the beneficial owners are for all covered legal entity customers.
The requirement to maintain a written AML program will also mean that the institution will be subject to formal BSA / AML compliance examinations. The Internal Revenue Service performs such examinations for Non-FFR institutions. An institution that previously did not have robust customer and transaction monitoring systems, an AML officer, or periodic AML compliance testing might find these regulatory examinations to be challenging. In any case, the institution will need to prepare and implement an AML program that is tailored to the institution, evidences a “culture of compliance,” and that is otherwise designed to minimize risks to the institution arising from money laundering, terrorist financing, or other criminal activities. Preparation of a carefully tailored AML program first will require the performance of a risk assessment so that the institution may identify the risks arising from its customer base, products and services, and the geographies in which those products and services are offered.
Those banks that are Non-FFR institutions, including private banks, non-federally insured credit unions, and certain trust companies, will need to comply with the AML program, CIP, and beneficial ownership requirements by 15 March 2021.