Compliance Blog

August has been a busy month for Bank Secrecy Act/Anti-Money Laundering (BSA/AML) guidance from federal regulators. First, FinCEN issued guidance about customer due diligence (CDD) requirements in the form of three additional frequently asked questions (FAQs). The FAQs clarified FinCEN’s expectations about obtaining customer information, developing a customer risk profile and updating customer information due to monitoring of the customer relationship. Then the National Credit Union Administration (NCUA) and the other federal banking regulators issued a joint statement explaining the types of BSA/AML violations that might result in a cease and desist order. The Federal Deposit Insurance Act and the Federal Credit Union Act both require the issuance of a cease and desist order if a supervised institution fails to implement a BSA/AML compliance program or fails to correct a problem with the institution’s BSA/AML compliance program after a failure is identified in an examination report or some other written document submitted to an institution’s board or management. Shortly thereafter, FinCEN issued a statement describing its enforcement approach to BSA violations. The statement identified six potential outcomes when FinCEN identifies a BSA violation: taking no action, issuing a warning letter, seeking injunctive relief, settlements, civil money penalties and referrals for criminal prosecution. And on August 21, NCUA, the Federal Reserve Board, the Federal Deposit Insurance Corporation, FinCEN and the Office of the Comptroller of the Currency issued a joint statement explaining CDD requirements for politically exposed persons (PEPs). Today’s blog will examine the agencies’ guidance regarding CDD for PEPs.

CDD

The Federal Financial Institutions Examination Council (FFIEC) BSA/AML Examination Manual identifies the implementation of proper CDD policies, procedures and processes as part of the foundation of a strong BSA/AML compliance program. The manual indicates that FinCEN’s BSA regulations require credit unions to establish risk-based CDD procedures that do the following:

• Allow the credit union to understand the character of its customer relationship with its members; and
• Allow the credit union to monitor the member relationship on an ongoing basis, to identify and report suspicious transactions and to maintain and change member information when appropriate.

In other words, appropriate risk-based CDD procedures require that the credit union obtain enough information to understand the character of its relationships with its members so that it can develop a risk profile for each member. The information collected and the resulting risk profile may help the credit union identify and report suspicious transactions. The manual notes CDD policies, procedures and processes should provide for the collection and evaluation of additional information, also known as enhanced due diligence (EDD), under certain circumstances when members might present higher risk to the credit union.

PEPs

The FFIEC BSA/AML Examination Manual notes that what constitutes a PEP “generally includes a current or former senior foreign political figure, their immediate family, and their close associates.” Senior foreign political figures include senior officials in a foreign government’s executive, legislative, administrative, military or judicial branches. They also include senior executives of any corporation owned by a foreign government and business entities formed by a senior foreign political figure or for the benefit of one. Immediate family includes parents and in-laws, brothers and sisters, spouses and children. A close associate is someone “who is widely and publicly known to maintain an unusually close relationship with the senior foreign political figure, and includes a person who is in a position to conduct substantial domestic and international financial transactions on behalf of the senior foreign political figure.”

Joint Statement

Both the joint statement and the FFIEC BSA/AML Examination Manual note that PEPs can present heightened risks that their financial transactions are the result of corruption or other illegal activity because of their relationship to foreign governments. Both sources explain that not all PEPs may present higher BSA/AML risks to a credit union. The joint statement reiterates that a credit union is expected to have appropriate risk-based CDD procedures in place allowing the credit union to understand the character of the customer relationship with its member and to develop a risk profile. It also reemphasizes that those risk-based CDD procedures should permit a credit union (1) to monitor the account relationship on an ongoing basis to assist in the identification and reporting of suspicious transactions; and (2) to update customer information when appropriate.

The joint statement, however, clarifies that neither the BSA regulations nor supervisory expectations require credit unions to have separate and individual CDD processes for PEPs. For example, the joint statement notes that a credit union may elect to determine whether a member is a PEP when an account is opened, if the credit union ascertains that the determination is necessary to develop a risk profile for the member. The joint statement also spells out that a PEP is not necessarily high risk just because the member is a PEP. The joint statement provides that PEPs with the following characteristics could be deemed to have lower risk profiles:

• Low transaction volumes;
• Low account balances;
• Known sources of funds with a legitimate provenance; or
• Access to particular products and services subject to concrete terms and payment schedules.

The joint statement identifies certain factors that credit unions may want to consider in developing a risk profile for a member who may be a PEP and determining when it is appropriate to collect additional information from the member and what additional information should be collected, such as:

• The PEP’s public office;
• Any intimation that the PEP may abuse his or her position for personal benefit;
• The products and services used by the PEP;
• The volume of the PEP’s transactions;
• The nature of the PEP’s transactions;
• Where the PEP’s activity occurs;
• Where the PEP lives;
• The PEP’s official responsibilities;
• The PEP’s ability to influence government acts and officials; and
• The character of the relationship with the PEP as a whole.

The main takeaway from the joint statement is that there is no one-size-fits-all CDD process for PEPs. While PEPs may certainly pose a higher level of risk than other members, the BSA regulations and supervisory expectations for CDD involving PEPs require evaluating the risk a PEP poses to a credit union with risk-based procedures that may contemplate several different factors.