BSA and OFAC Flashcards

1
Q

What are the five pillars of a credit union BSA compliance program and components or requirements of each pillar?

A
  1. Internal controls
  • Identifying the person responsible for BSA compliance
  • Implementing risk based CDD policies, procedures and processes
  • Providing sufficient systems for filing SARs and CTRs
  • Requiring the board and senior management be informed of any compliance deficiencies
  1. Independent testing - Testing should be conducted by an internal audit department or outside auditors or consultants every 12 to 18 months.
  2. BSA Compliance Officer
  • Responsible for overseeing the day‐to‐day implementation; managing CU’s BSA compliance.
  • BOD should ensure the Compliance Officer has authority and resources to administer an effective BSA/AML compliance program.
  1. Training - Tailored to the employee’s responsibilities, be ongoing and cover regulatory requirements and developments, as well as the credit union’s internal policies and procedures.
  2. Customer Due Diligence - Implement and maintain risk-based procedures for conducting identification and verification at account opening and performing ongoing monitoring.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What steps should a credit union’s BSA risk assessment follow?

A

Step 1. Identify risk categories unique to the credit union–unique to the credit union, including the credit union’s specific products and services, its members, and geographic locations.

Step 2. Data identified in step 1 is analyzed further to better assign risk within the categories.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the difference between acceptable identification documents for customers and for beneficial owners?

A
  • May rely on photocopies or other reproductions of identification documents in the case of documentary verification.
  • Can rely on another financial institution’s CIP with respect to a legal entity customer that is opening an account under certain conditions.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the record retention requirements for BSA-related documents?

A

At least 5 years

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What minimum pieces of identifying information must be collected for CIP purposes?

A
  • Name
  • Date of birth (for an individual)
  • Address (residential for an individual, business address for an entity)
  • Identification number (SSN for an individual, TIN for an entity)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the dollar thresholds for filing SARs?

A
  • Criminal violations involving INSIDER ABUSE in ANY amount
  • Criminal violations aggregating $5,000 or more when a suspect can be IDENTIFIED
  • Criminal violations aggregating $25,000 or more REGARDLESS if a suspect can be identified
  • Transactions conducted or attempted by, at or through the credit union (or an affiliate) and aggregating $5,000 or more, if the credit union or affiliate knows, suspects or has reason to suspect that the transaction:
    • May involve potential money laundering or other illegal activity (e.g., terrorism financing).
    • Is designed to evade the BSA or its implementing regulations.
    • Has no business or apparent lawful purpose or is not the type of transaction that the particular member would normally be expected to engage in, and the credit union knows of no reasonable explanation for the transaction after examining the available facts, including the background and possible purpose of the transaction.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the timing requirements for filing a SAR?

A

No later than 30 calendar days from the date of the initial detection of facts that may constitute a basis for filing a SAR.

  • If no suspect can be identified, the time period for filing a SAR is extended to 60 days.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Explain the requirement to notify the board of directors of a SAR filing. Must the credit union provide a copy of the SAR to its board?

A

Management should provide sufficient information on its SAR filings to the board of directors or an appropriate committee in order to fulfill its fiduciary duties.

  • Credit unions may, but are NOT required to, provide actual copies of SARs to the board of directors or a board committee.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the reporting and timing requirements for CTRs? When are transactions aggregated together?

A

Currency (deposit, withdrawal, exchange, or other payment or transfer) transaction of more than $10,000.

  • A completed CTR must be filed with FinCEN within 15 days after the transaction date
  • Multiple currency transactions totaling more than $10,000 during any one business day are treated as a single transaction if the credit union has knowledge that it is by or on behalf of the same person
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What does a risk based OFAC program look like in general terms? Must it apply to both members and nonmembers?

A

The program applies to members and non-members and should:

  • identify higher-risk areas
  • provide appropriate internal controls for screening and reporting
  • establish independent testing
  • designate employees responsible for OFAC compliance
  • create training programs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the three main OFAC regulatory requirements? How do they differ from NCUA expectations?

A
  1. Block accounts and other property of specified countries, entities and individuals
  2. Prohibit or reject unlicensed trade and financial transactions with specified countries, entities and individuals
  3. The reporting of blocked assets and the recordkeeping of blocked transactions

NCUA expects that a credit union will establish and maintain an effective, written OFAC compliance program commensurate with its OFAC risk profile (based on products, services, members and geographic locations)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the difference between the purpose of 314(a) and 314(b) information sharing? What must a credit union do when it receives a 314(a) request? What does a credit union have to do to share under 314(b)?

A
  • 314(a) request, FinCEN solicits, on behalf of the law enforcement agency, certain information from financial institutions, including credit unions.
  • Section 314(b) of the USA PATRIOT Act provides financial institutions with the ability to share information with one another, under a safe harbor that offers protections from liability, in order to better identify and report activities that may involve money laundering or terrorist activities.

314(a) REQUEST

  • Must search its records for current accounts, accounts maintained during the preceding 12 months, and transactions conducted outside of an account by or on behalf of a named suspect during the preceding 6 months.
  • The financial institution must search its records and report any positive matches to FinCEN within 14 days, unless otherwise specified in the information request.

314(b) SHARING

Financial institutions and associations interested in participating in the 314(b) program must first register with FinCEN’s Secure Information Sharing System (SISS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How should a credit union verify the identity of a consumer during a sale of monetary instruments? Does this change if the consumer is a non-member?

A
  • Credit unions may either verify that the purchaser of monetary instruments is an accountholder with identifying information on record with the credit union
  • Credit union may verify the identity of the purchaser by viewing a form of identification that contains the member’s name and address, and that the financial community accepts as a means of identification
  • Nonmembers:
    • Address
    • SSN
    • DOB
How well did you know this?
1
Not at all
2
3
4
5
Perfectly