Let’s start with a quick overview of the legislative takes on the subject.
The recent initiatives clearly articulate that the only effective possibility is to fight money laundering internationally. Several bodies – such as FATF and MONEYVAL – are present to supervise the effectivity of AML initiatives and foster international collaboration. The 4th Money Laundering Directive of the European Union, as well as the US AML overview for the 115th Congress, emphasizes the global nature of money laundering.
While this paves the way for unified laws, we are far from having uniform standards applicable to any country. Additionally, new methods for money laundering emerge as soon as the old ones become traceable. This means that financial institutions and many other organisations must comply to several, rapidly-changing directives, acts, and laws. This is hardly possible without quickly adjustable software solutions, but before we jump into the software assistance, let’s go through the major anti money laundering trends and requirements. Our present article focuses on the extensive U.S. legislation, while in the upcoming part we will take a glimpse at the EU policy and the recent AML directive.
One of the most influential forces in AML and compliance requirements is the relevant legislative of the USA. The list of the acts is long, ranging from the Bank Secrecy Act (BSA) to the Intelligence Reform and Terrorism Prevention Act with constant revisions. The bulk of the regulations comprises of the reporting and monitoring obligations of financial institutions.
Probably the most well-known reporting requirement is the Suspicious Activity Report (SAR) to be filed to the Treasury Department in case the financial institutions spot any transaction that might involve illegal activity. The act specifies reporting requirements for several types of institution including banks, casinos, insurance companies, and many more.
In addition to SAR, all financial institutions are obliged to file a Currency Transaction Report (CTR) if a transaction or a group of related transactions in a day exceed $10,000. Besides CTR, the import or export of more than $10,000 in monetary instruments necessitates a Currency or Monetary Instruments Report (CMIR). In contrast to CTR, CMIR reporting obligations apply not only to financial institutions but to individuals as well. Similarly, Foreign Bank and Financial Accounts Reporting (FBAR) also requires information provision from any US person and sets the same, $10,000 threshold, but in this case the subject of the report is any financial account located outside of the United States exceeding the “magical” amount.
Adding to the already-long list of BSA reporting, Financial Crimes Enforcement Network (FinCEN) also has the right to request Geographic Targeting Orders (GTOs) from domestic financial institutions or nonfinancial businesses. GTO is a special recordkeeping and reporting obligation that is in effect for a maximum of 180 days in order to assist investigations. The AML report for the 115th U.S. Congress highlights that GTOs are more and more often used to decrease trade-based money laundering (TBML) and drug trafficking-related money laundering.
Another upon-FinCEN-request report is the Comprehensive Iran Sanctions, Accountability and Divestment Act (CISADA) reporting on accounts related to Iranian-linked financial institutions designated by the United States for sanctions. The USA Patriot Act also imposes additional reporting obligations to financial institutions known as Special Measures. It requires detailed record-keeping and reporting on the transactions related to such non-U.S. jurisdictions, financial institutions and international transactions that are considered as primary money laundering concern. The compliance with the sanctions of the Patriot Act – among other sanction programs against foreign countries, political regimes, and organized criminals – is supervised by the Office of Foreign Assets Control (OFAC).
Customer Due Diligence
Transaction monitoring and related reporting are not the only measures taken against money laundering. Another unavoidable pillar of financial crime detection and prevention is Customer Identification and Customer Due Diligence (CDD). Accordingly, FinCEN requires financial institutions to collect and verify certain customer data such as name and address. Each financial institution should include in their internal workflow a customer risk-assessment procedure as well. If the customer is suspected to rise a greater money laundering hazard, an Enhanced Due Diligence (EDD) should be conducted. This means additional research on the purpose of the account, source of customer funds, detailed information on the individuals with ownership or control of the account, banking references, and many more.
On May 11, 2016, an additional rule was issued on CDD with a two-year implementation period. By May 11, 2018, developing customer risk profiles and updating customer information on a risk basis should be adopted to the risk assessment procedures of financial institutions, synchronized with the ongoing monitoring and suspicious transaction reporting. Similarly to identifying and verifying the identity of account-holders, individual beneficial owners owning 25% or more of a legal entity and one individual in the management of the entity are required to go through an identification and verification procedure when opening a new account.
While the overall December 2016 FATF mutual evaluation of the United States is positive, it highlights some critical issues that require special measures. The evaluation report draws attention to lower performance regarding beneficial ownership transparency. The USA has also received low ratings on Designated Non-Financial Business Professions (DNFBP) customer due diligence and other preventive measures, while DNFBP regulation and supervision are perceived to be weak in general.
Besides the above-mentioned weak spots that are likely to be addressed in upcoming initiatives, the AML overview for 115th Congress also highlights that actions need to be taken against the emerging new challenges as well, such as cyber-related financial crimes.
Software solutions assisting and enabling compliance must react quickly to these prospect changes. The approaching deadline of the implementation of the new CDD rules also requires special attention from both the financial institutions and the supporting software developers.
FinCEN, being the responsible organisation for BSA-supervision, has the authority to issue civil money penalties (CMP) in case of non-compliance. The compliance cost can be extremely high with all the software and workforce expenses, but they are still nowhere near the financial consequences of non-compliance. Since August 1, 2016 penalties for violating fund transfer record-keeping regulations can reach $19,787, while general civil penalty provision for willful violations of Bank Secrecy Act requirements range between $53,907 and $215,628. In the beginning of 2017 Merchants Bank of California received a total of $1 million CMP for willful violation of several BSA provisions, while Western Union Financial Services faced $184 million penalty and remedial actions for not implementing a sufficient, risk-based AML program, and failing to file timely SARs.
Nonetheless, purchasing and implementing an often costly off-the-shelf program is not always enough to avoid the exorbitant penalties. For instance, one of our customers was exposed to non-compliance risks as the program used for OFAC-compliance could not decode Chinese Telegraphic Code (CTC) in SWIFT messages. Custom adjustments can be used to perfect existing systems and keep them compliant to the swiftly changing legal environment.
If you need custom software for AML compliance, check our Services or Contact Us.