One of the hottest—and hardest—topics in BSA/AML compliance is managing the risks due to third parties. Regulatory agencies including FinCEN, OFAC, and others have expanded the definition of “third party” to include any business relationship between a financial entity and another party, except a customer. This includes the subcontractors of your contractors or vendors.
At the same time, changes in the financial system have greatly expanded the kinds and frequencies of third party relationships. Financial institutions may now outsource or contract for entire departments or key banking functions that used to be entirely in-house. Globalization increases the number of these relationships that are international, with related parties in two or more countries, and may trigger the scrutiny of the (OFAC) in addition to the other regulatory agencies operating within the U.S. … Continue reading
One of the most important components of BSA/AML compliance is a Customer Identification Program (CIP). After all, money laundering is done by people who do not want to be discovered, and most of them pose as legitimate customers. The shorthand phrase “Know Your Customer” (KYC) means that a financial institution has to have a reasonable belief based on due diligence that its customers are who they say they are and are acting within the legal framework.
The first requirement is to have a thorough understanding of BSA requirements, broadly conceived to include all the applicable laws and regulations. Knowing these will enable you to investigate potential customers for relevant risk factors. Beyond basic identity and records requirements, applicable regulations may target certain currency transactions, potential structuring techniques, identifying types of suspicious activity, and so forth.
A compliant CIP has three major components to due diligence: planning and implementation, oversight and accountability, and independent auditing. Each of these may be more or less complex depending on the financial institution’s business lines, size, structure, and risk profile. The regulatory agencies, such as FinCEN, expect your institution’s compliance program to be unique to it on a risk-adjusted basis, but they will look at the components of a CIP to ensure they are effective. … Continue reading