Tip:
Highlight text to annotate it
X
Kathryn Baxter: Good afternoon everyone. Welcome to another installment of our webinar series.
This afternoon we have a very interesting topic that we think you’ll enjoy. It’s
how to be in compliance with OFAC and FinCEN. My name is Kathryn Baxter. I’m going to
be your co-host for this afternoon, joined by Diane Rector, who is the training manager
for the Office of Small Credit Union Initiatives.
Before we get started I have a few administrative announcements that I’d like to make. We’d
like you to adjust the volume on your computer so that you can hear this webcast clearly.
If at any time you need to resize the slides, drag the bottom right corner and that will
work. Please allow pop-ups from this site.
At any time during this session you may ask a question. There’s an Ask a Question feature
on the left hand side of your console. Please also stay on the line once we’re done with
the webcast because we’re going to send you a survey and we’d like you to fill that
out for us while you’re on the line. And this is before we get to the Q&A session.
And also, as always, in approximately four weeks we’re going to closed caption this
particular webcast.
If you’ll notice on the screen you’ll see some icons. In order to take the test
there’s a purple icon that is four spaces from your right. That icon will allow you
to see how you’re doing with the polls and with the test. Right next to that, three spaces
from the right, is your test icon. Diane Rector will give you a little more information on
this as we proceed with the webcast.
So, now, without further adieu I’m going to turn the console over to Diane Rector so
that she can give you a few more pointers before we begin the webcast. Remember, the
title of the webcast is How to be in Compliance with OFAC and FinCEN. Diane Rector.
Diane Rector: Thanks Kathryn. You are about to participate by choice in a Bank Secrecy
Act training webinar sponsored by the Office of Small Credit Union Initiatives of the NCUA,
National Credit Union Administration. We are joined today with individuals from Office
of Foreign Assets Control and Financial Crimes Enforcement Network.
At the conclusion, you will have the opportunity to receive a Certificate of Completion based
on participation in the webinar for at least 45 minutes. Respond to 5 out of 6 poll questions
and correctly answer 12 out of 15 questions.
Now, what you can do is you can feel free to observe the webinar in groups, however
you can only have one individual take the test with one unique email. So, if you have
five people watching the webinar, only one person will be able to take the test and get
the certificate during this webinar. You can feel free that once the webinar is posted
within three to four weeks you can re-look at the webinar, take the poll questions, and
answer the questions.
While NCUA considers the information the webinar provides to be accurate and up-to-date as
of the date it is presented, participants should be aware that the BSA and related laws,
regulations and policies are subject to change at any time. For that reason, NCUA discourages
participants from relying exclusively on webinar content, and cautions them to consult those
laws, regulations and policies prior to enacting changes to an existing BSA program or implementing
a new one. Kathryn Baxter: Thank you, Diane. Now, before
I turn the console over to Adam Maddox from the Office of Foreign Assets Control, we have
a poll question that we’d like to have the audience entertain at this particular time.
So, we need to have an idea of how many credit unions we have on the call. If you’re less
than $10 million in assets, A; between $10 million and $50 million, you’ll do B; C
is going to be $50 million to $100 million; D is going to be $100 million to $500 million;
and everyone that’s above $500 million.
Now, if you’re not a credit union, of course, you’ll select F. So, let’s see where we
are, see how we’re coming along.
Okay, so it looks like we have a decent portion of listeners today that are between $10 million
and $50 million and also between $100 million to $500 million. All right. So, I’m going
to turn the console over again to Diane Rector and she is going to introduce our first speaker,
Adam Maddox, from the Office of Foreign Assets Control.
Diane Rector: Thanks Kathryn. Adam Maddox is a sanctions compliance officer at OFAC.
Previously he was a Chinese linguist in the US Air Force for six years. After getting
out of the Air Force he completed his Bachelor’s and a law degrees and is now at OFAC at the
US Treasury. I’m turning it over to Adam. Thank you.
Adam Maddox: Well, good afternoon everybody and welcome to a quick OFAC overview. So,
we’ll go ahead and just start with the basic question of what is OFAC. OFAC is an office
at the US Treasury and we administer economic and trade sanctions against some foreign governments,
individuals, entities, and activities.
And here is our first question. Which of the following issues does OFAC deal with?
Diane Rector: Is it: A. Taxation of Foreign Income; B, Regulation of all Foreign Assets
& Bank accounts held by US Persons; C, Regulation of all Foreign Travel; and, D, Sanctions issued
only?
Adam Maddox: And the correct answer was D, sanctions issues only. We actually don’t
deal with those other issues. Of course, some travel is restricted, but it is only travel
with sanctioned countries. So, again, we do only deal with sanctions issues.
So, a word about our jurisdiction, who might be subject to OFAC sanctions. We have a fairly
broad jurisdiction. We have jurisdiction over all US citizens and permanent resident aliens,
no matter where they are in the world. Also in the entities that are US corporations,
including foreign branches if they are incorporated here in the US. They are a US person and we
do have jurisdiction over them. Anyone who is physically located in the US, and that
would include both individuals and foreign companies if they are here or if they have
any operations here.
And also transactions. Even if there are two foreign people transacting abroad and there’s
not really much US nexus, if any funds flow through the US or if any goods flow through
the US, there is US nexus and there is an OFAC jurisdiction.
We have a fairly broad definition of property and property interests at OFAC. This is fairly
important because we don’t just regulate money transfers. Any sort of service such
as consulting or brokering. Any contracts, derivatives, basically any sort of product,
service, or property would fall within our interest, or would fall within our definition
of property interest.
We have two pretty important terms that I’m going to be using a lot today when I talk
about the sanctions programs. The first is blocking. If property is blocked, that means
that the financial institution or other person who has the property has to basically hold
onto it and not let it go unless there’s no effect license. They have to report it
to OFAC and say, hey, we found this. It was supposed to be blocked. We’ve blocked it
and it’s with us.
If a transaction is rejectable, you basically just sort kick it back to the person where
it came from. So, if a wire transfer came in from overseas and you figure out that it
is something that is sanctioned, or if it’s a domestic transfer for that matter, if you
figure out that there is a sanctionable interest but it’s not blockable, you’re basically
just going to send it back to the person who remitted it to you in the first place.
So, we have two fairly important terms that I’m going to be talking about, again, the
licenses that we have. One is a general license which is a regulatory provision that authorizes
an otherwise prohibited transaction. And if this applies, there’s no separate authorization
necessary. You would basically look very closely at that memorandum that’s on our website
or the CFR section that sets forth the general license. And you would keep records of it.
And then you would basically go about the transaction.
We also have specific licenses. And specific license is a license given to an individual
or company, and it’s got a serial number on it. It has a specific authorization. And
it’s for that specific individual to undertake a specific transaction.
So, here is our next question. True or false, OFAC mandates that banks carry out any licensed
transaction a customer requests.
Kathryn Baxter: We’d like to ask the listening audience to please answer the poll question
on your console. And the poll questions do not stay open very long, so as soon as you
see the question, please answer. Thank you.
Adam Maddox: Very good. Actually most people said false and that is the correct answer.
If somebody walks in and says I’d like to go to Cuba or I’d like to send money to
Iran, there might be an applicable general license, but if you aren’t comfortable with
it, if you feel like you don’t have a robust compliance department, if you don’t trust
the customer for some reason we do not mandate that you do it, however if you’re comfortable
with everything else you may carry out a licensed transaction.
What are the different sorts of sanctions programs that we have? We have the comprehensive
sanctions programs and these are the ones that people normally think of when they think
of OFAC. So, for example, Sudan, Cuba, Syria, and Iran are all comprehensively sanctioned.
From a practical standpoint that means that if somebody wants to do something with one
of these countries you’re going to start your analysis thinking you can’t do something
until you find a license that permits it. And there are a lot of licenses out there.
There might be a permission to do that, but you do have to find that license and make
sure that it clearly applies to your situation.
We also have list-based programs. And these are made up of the Specially Designated Nationals
who are individuals who are added to lists. Notice that we do have activity list-based
programs such as narco-trafficking, non-proliferation of weapons, transnational criminal organizations,
Somali pirates, and others. And these are individuals who could be located anywhere
in the world and they’ve been added to our list.
And we also have regime-based. So, for example, some folks who are in the Western Balkans
who carried out atrocities. Others in Belarus, the Ivory Coast, or other places. They have
also been added to the SDN list. And these are the people who your search software is
normally finding if it’s kicking back a potential name match.
Also in the middle there’s this section called limited programs. Generally with these
limited programs, these are sanctions programs that were either comprehensive but they’re
getting better because the political situation is getting better. Or, they were list-based
but they are more and more restrictions being added. And these ones are a little bit difficult.
They’re kind of a patchwork of prohibitions and permissions. But I would encourage you
to call in should these ever come up.
This is a map of countries that have comprehensive sanctions programs. And I would say that this is a pretty
good tool to have just because it’s going to remind you where are these comprehensive
sanctions programs. And especially if you’re not very family with OFAC, it’s a good idea
to call us if you ever have anything that deals with one of these countries.
And here are the limited sanctions programs. Remember, they’re not as comprehensive as
the comprehensive programs. They’re the ones I call a patchwork of permissions and
prohibitions. And, again, they’re fairly difficult, so if you ever get any of these,
if it’s not something you deal with a lot. Please do call in and talk with us about it.
Next. Here is a list of our current regime-based SDN lists. So, if you notice some of these
are actually named after the country, in fact, most of them are. And it’s a little bit
confusing sometimes if you’re just learning about OFAC because these aren’t prohibitions
against these entire countries or these entire areas. These are lists of certain individuals
in Iraq, Lebanon, Liberia, so on and so forth who you can’t deal with.
And we also have some SDN lists that are made based on activities. We talked about these
activities a little bit earlier, but transnational criminal organizations like the mafia or the
Yakuza, Somali pirates, narco traffickers, and others end up on the list. And, again,
these are folks who your matching software might be kicking back results saying there’s
a potential match and basically just trying to clear the match before you go forward with
a transaction.
So, the Specially Designated Nationals list is sometimes what another agency might call
a prohibited parties list or excluded individuals. But with OFAC the Specially Designated Nationals
list is a list of people who are supposed to be frozen out of the US financial system.
They shouldn’t be sending money, making purchases, selling things to US individuals,
getting insurance. Nothing. They are supposed to be totally frozen out of the US financial
system. It’s a fairly large list. We do have over 5,800 individuals and entities who
are on that list.
If you notice in the middle there, we don’t just have individuals and entities which would
include corporations, charities, companies, and things like that, but we also have vessels,
we have banks, we have aircraft. So, there are quite a few things that can make it onto
this list.
A little bit of this is a review of the previous slide, but if you notice the last two bullet
points, the SDN entries contain identifying information. If you ever have a potential
match to the SDN list, we actually do have a publicly available search tool. You can
bring it up and there’s usually enough information such as address history, date of birth, middle
names and things like that. There is generally enough that you can clear a hit on your own
and feel fairly confident that it’s a different person.
Also if you notice at the bottom, the SDN list is frequently updated. People get put
on, people get taken off, and we do have an email list that you can get on so that every
time that happens you can get an email. And you can be aware that you need to update your
SDN list.
When somebody gets put on the SDN list it is actually a fairly involved process. So,
first the identified target who might be, for example, contributing to the unrest in
Ukraine, he might be narco-trafficking, he might be a transnational criminal, like one
of the mafia or Yakuza members. After that initial identification an evidentiary process
is started. There is an investigation, evidence is collected, and they actually draft a packet
called an evidentiary. It’s reviewed both at the Treasury and at the Department of Justice.
There might be a consultation between different agencies. And then if everybody agrees, yes,
there is enough evidence and this person needs to be on the list then the email goes out
and that individual is added to the SDN list.
And this last box to the far right, it’s a sample listing of what it would look like
when a person is put on the list. So, if you notice we have a lot of information on there,
so hopefully if you have this individual in your system you could find out if it really
were him, or if it were somebody else with a similar name you might be able to differentiate
him from the person on the list.
So the next question is which of the following entities may be sanctioned by OFAC?
Kathryn Baxter: So the poll is open at this time. Please put in your answers on your console.
Adam Maddox: All right, very good, we actually had 100% get that right. And the answer was
all of the above.
Our next slide is a screenshot of our SDN search tool. It’s very handy to use and
to just know that it exists. It’s available for free on the OFAC website. We have a pretty
easy web address that you can type in to find it and it’s at the top of that slide. Also,
it’s pretty easy to find with any internet search engine. You can just search on the
phrase “SDN search tool.” It should be the very first thing that comes up.
So, if you do have a potential hit, normally what I would do is I would just put the individuals
first and last name, or the company name into the name box and just click search and I would
leave everything else blank. And if there are any similar matches they’ll come up
in that results box. You can actually notice on this slide at the very bottom there’s
a blue line, or I’m sorry a blue hyperlink, that says Bank Rosiya. And if you would click
on it, if you had this screen up, you would actually get a lot more identifying information
such as addresses, Swift Codes for banks, and things like that.
So, here is a screenshot of our website. This is kind of a general website that has a lot
of good OFAC links on it. Under our resources tab we do have a link to the Specially Designated
Nationals list. You can also look at our recent actions, so if somebody is added to the list
or taken off they are listed under the, or a little news release is given and it’s
posted to our recent actions link.
Also, the fourth box on this slide, the one that’s second from the bottom, you can actually
go to that link and you can look at a specific sanctions program. So, for example, if you
have an Iranian-American customer and they say, “I’d like to send some money to my
cousin in Iran,” you can normally go in there and you can find a summary of the Iran
program and say is this generally licensed. Or if somebody wants to go to Cuba for some
reason, you can go to the Cuba program and say does it look like this meets a license
or not.
We also have a very good FAQ list. Many of the questions that especially smaller community
banks and credit unions have are going to be on that FAQ list.
We do have a fairly new list called the Foreign Sanctions Evaders List. It’s basically in
many ways the same as the SDN list. Specific individuals are put on there. These individuals
are not SDNs, but they are people who have helped SDNs or foreign countries evade our
sanctions programs. And if you have a match to the FSE list, it should be rejected.
And you’re going to sort of process and clear those matches in the same way you would
an SDN list. But the thing is if you have a real true match, sort of your next step
of what you’re going to do is going to be a little bit different.
Okay, so now we’re going to talk about OFAC compliance programs a little bit. OFAC requires
compliance with all sanctions rules and regulations and we talked a little bit earlier, we have
a very broad jurisdiction over all US people. Remember, that’s going to apply to every
credit union calling in because you’re all US corporations or US entities. And that’s
also going to apply to all of your customers because, well, most of them, they’re either
going to be here or even if they’re abroad and they’re using you guys for some transactions
they’re going to be generally a US citizen or a US Green Card holder.
Notice the second check mark – OFAC does not mandate the existence or form of an OFAC
compliance program. It’s risky not having one, but we don’t tell you that you should
definitely have one, or exactly how you should do it. The third check mark – there is no
one-size-fits-all OFAC compliance program. And each program should address a company’s
specific needs, risks, and situation.
So, for example if you’re a credit union in Florida, there is a very high Cuban population.
It makes sense that you will have to have a more robust compliance program and understand
a little bit more about the Cuba sanctions programs. Maybe if you’re in LA I know there
are a lot of Iranian Americans who take up residence there. It would be a better idea
to focus on the Iran sanctions programs. But basically that’s going to be up to each
individual financial institution or company to figure out where are our risks and what
should we do about it.
This is kind of a basic introduction to risk assessment and it would be good for a financial
institution, or if you have a large customer that you should know, you could sort of apply
these criteria to that customer. So, where are you and how big is your company? I gave
a few examples earlier about where you are in the US. Your customer base – how well
do you know your customer? And on top of that, if they do business with a lot of other people
how well do they know their customers?
Partners – do they work with a lot of people? Do you work with a lot of people? Do you know
who they are?
Products – if you have a person who banks with you, do they sell products and do you
know what they are?
And also transactions. If they’re purely domestic there tends to be less OFAC risk.
Once you look at international transactions there is more. So, these are all things that
you should keep in mind.
The next question, true or false: OFAC has strict requirements for the policies and procedures
a given sort of business must have in place. Kathryn Baxter: So our poll is open now. The
poll will be open for the next few seconds. Please make your selections on your console
and the poll will be closing in approximately 10 seconds.
Adam Maddox: All right. And it looks like most people got this right. We do require
that people observe the sanctions regulations, but we do not have strict requirements that
a given sort of business must have in place, so that one would have been false.
Here is a sample risk assessment that you might use, either looking at your own financial
institution or any businesses that you might bank or individuals. And basically you’re
going to look at each individual and assess their risk and say what sort of transactions
do they make, what’s the geographic risk, what’s the product risk, and what’s the
customer risk. And you could look at your own credit union and say we’re mostly domestic,
we don’t need to devote as much time and energy to an OFAC program. But you also might
have a customer base that does a lot of business and is fairly international and then you’d
be looking at more risk.
If you’re looking to have some internal controls, the best thing to do, one, is identify
suspect transactions and parties. Part of that is just going to be by knowing about
OFAC and the sanctions programs. Part of that is going to be using your software. If you
do have a potential sanctions connection, investigate it a little bit. It’s okay to
tell people that you have a sanctions worry and that you need more information. And once
you get all the information, initiate contact with OFAC. Basically call us up and say, hey,
here is what we’re looking at, is this okay? Do we have to block it? Do we have to reject
it?
And then number four, document the incident. And then later if your regulator asks you
why did you handle this this way, or another bank disagrees and they reject the transaction,
you can say, hey, here’s what we did, here’s what we thought. We contacted OFAC. We looked
into it.
How much compliance training should you have? Again, we don’t have strict rules or actually
any specific rules about exactly what you should do, but there should be some general
training to all employees just so you know what OFAC is and you know when you have to
sort of push a question up the chain and get some more information.
If somebody is in a high risk area, for example maybe someone in a wire room, maybe somebody
who works with international transactions, you might give them comprehensive training.
You should have refreshers. You should update your information when OFAC does issue a new
program or change anything. And you should make sure that your employees actually do
their OFAC training and pay attention to it.
When do violations occur? Number one is a very big one: misunderstanding the rules and
regulations. A lot of times we do have some of those general licenses out there or a specific
license and a bank or other financial institution has questions about it, or maybe a [freight
forwarder], and they’re overly optimistic when they’re interpreting it. Maybe they
don’t call us. Maybe they just look at the title. And, for example, one general license
we have allows certain transactions with agricultural goods going to Iran. It does not permit everything.
But, again, if people just look at the title, if they’re overly optimistic when they interpret
it, it’s very likely a violation might occur.
Miscommunication within institutions, if people don’t know who is going to call OFAC, what
information do they need, what did OFAC say. That’s a key issue.
Also, a failure to escalate SDN and sanctions matches. When I write up cases about OFAC
violations, a lot of times someone working the front desk knows that, for example, there’s
a Cuba issue or an Iran issue, but they don’t actually escalate it to a manager. And nobody
calls OFAC.
Another thing that happens a lot is filter issues. For example, if you have filtering
software, do you know what it’s doing? Do you know what the results mean?
And also every once and awhile people will rely on out-of-date OFAC guidance or licenses.
Sometimes you can Google things about OFAC and there will be guidance from 15 years,
or 20 years that somebody pulls up. And even if that might have been valid 15 or 20 years
ago, it might not currently be up to date guidance. So, if you do have questions about
any of this, please do give us a call and talk it over with us.
When do violations occur? We have the comprehensively sanctioned countries. I talked about those
for a little bit earlier. Like I said, it’s a good idea to assume that these transactions
cannot go through until you find a general license. Like I said, there are a lot of general
licenses out there, but you should always give us a call if you’re not comfortable
with it and we can sort of walk you through the general licenses.
Transactions involving SDNs, we talked about those a little bit earlier. There are SDN
banks, vessels, and shipping companies. You should be able to check the SDN list and clear
matches if you have them. And, also, you should understand how your filtering software works.
And more issues that could lead to a violation. Not screening all data fields. Human error.
And sometimes going back to the licenses again, sometimes people think they have a license
or they might think a license applies but it does not.
This is kind of a scary slide. Please don’t let it worry you too much. These are the maximum
penalties under each category. There are mitigating factors and aggravating factors, so please
don’t think that if you make some error that OFAC is immediately going to throw the
book at you and it’s going to be this giant fine. There is a possibility of a very large
penalty, as you might know if you look at the OFAC recent actions or if you’ve seen
anything about OFAC in the news, but it’s not the first thing that happens when we see
that somebody has processed a violation.
And here is kind of a graphic that tells you how to mitigate a little bit. When a penalty
is egregious, you’re looking at something that is going to be closer to the maximum.
By egregious we generally mean that maybe you don’t have an OFAC program or you really
missed something that you should have gotten. Also, we have that tern on there, VSD. That
stands for Voluntary Self Disclosure. That means if you figure out that you missed a
transaction that you should have rejected or blocked, you write into us and you say,
hey, we missed this transaction, here’s how much it was, here’s what happened. And
it’s actually fairly rigorously defined, so if another bank rejects or blocks your
transaction, unfortunately your communication will not be a voluntary self-disclosure. So,
if you do catch something it’s important to let us know as soon as you can and make
sure you try to get that VSD.
All right. Here is our most important slide. We have a hotline. You can call us up. We
also have email. We answer phone calls every day and we answer lots and lots of emails.
And especially if you’re a smaller financial institution, I really encourage you to call
us up when you have any issues and say, hey, I don’t know what this is, I don’t know
what a general license is. How do I know if it applies?
And we do have a lot of people who return calls and we should be able to explain just
about any question that you have.
Kathryn Baxter: Thanks Adam. I’m going to turn the console over right now to Diane Rector
to introduce our next two speakers.
Diane Rector: Thanks Kathryn. Our first speaker, her name is Stephanie Brooker. Stephanie has
served as FinCEN Associate Director, Enforcement Division since June 2013. Stephanie previously
served as FinCEN’s Chief of Staff from January through May 2013. She joined FinCEN in October
2012 as a senior advisor to the director. Before joining FinCEN, Stephanie served as
the Chief of Asset Forfeiture and Money Laundering section at the US Attorney’s Office for
the District of Columbia from 2010 through 2012. Let’s welcome Stephanie.
Stephanie Brooker: Thank you very much to NCUA for inviting myself and my colleague,
Andrea Sharrin, here. I’ll be handling the first part of the presentation and then Andrea,
our Office Director for Compliance and Enforcement will also be talking with you today. So, first,
we want to begin with an overview of FinCEN’s mission. FinCEN’s mission is to “Safeguard
the financial system from illicit use, and combat money laundering and promote national
security through the collection, analysis, and dissemination of financial intelligence
and strategic use of financial authorities.”
As many of you know, FinCEN is a bureau in the Department of Treasury. And a number of
a components, including my colleague from OFAC, we report to the Undersecretary for
Terrorism and Financial Intelligence, Undersecretary David Cohen.
For FinCEN we establish and accomplish our mission in three primary ways. First, we do
administer the Bank Secrecy Act. We act as the United States’ primary anti-money laundering
and counter-terrorist financing regulatory regime. And we do this, as we’ll discuss
in more detail during the presentation, with a number of our partners across government.
Our work involved developing and issuing regulations and policies and also enforcing compliance
with anti-money laundering and counter terrorist financing concerns, laws, and regulations.
FinCEN does have a varied mission. We also share financial intelligence that we collect
with a wide range of law enforcement, intelligence, and regulatory partners. And we also act as
the United States’ financial intelligence unit. We’re one of the approximately 400
members of the Egmont Group. We promote international cooperation in law enforcement endeavors and
the sharing of financial intelligence to help all counties who are part of the Egmont Group
share expertise and assist each other in investigations.
At FinCEN we do have a broad mission statement, but we do have priorities that we focus on
from year-to-year. Our priorities include focusing on compromised financial institutions
and third party money laundering, combating transnational organized crime, a mission that
we, of course, share with OFAC. Cyber threats. Significant fraud. And also transnational
security threats.
So, FinCEN, the N in our name is a Network. And we really are a network at FinCEN. And
one of, I think, the best parts of working at FinCEN is the many stakeholders that myself
and my colleagues get to interact with on a daily basis. Our stakeholders include law
enforcement. We work with law enforcement from every law enforcement agency, state,
and local, and federal in the United States. We also work, of course, with the Department
of Justice on a range of issues and matters.
We also work with regulatory partners, of course the NCUA, the FDIC, the Federal Reserve
Board, the Office of the Comptroller of the Currency, the SEC, the CFTC, the Internal
Revenue Service, and many others on the federal level and have value partnerships with many
state regulatory bodies that focus on anti-money laundering compliance.
As I mentioned, we are the financial intelligence unit, that’s an important stakeholder for
FinCEN. And we also view financial industry representatives as part of our stakeholder
network at FinCEN. We believe that we have an important role in educating the public
on money-laundering compliance issues. A number of our director’s speeches are published
on our website. And I think they’re a good overview as well as the remarks we’re making
today of what we do at FinCEN.
FinCEN’s organizational structure is six divisions. As some of you may know, FinCEN
did go through a fairly major reorganization in June of 2013. We worked through approximately
a one-year process to plan and assess the need for reorganization and we did implement
that reorganization almost a year ago.
FinCEN was previously organized by stakeholder. We had a division that was devoted to working
with law enforcement. Another division that was focused on international partners. And
a division focused on industry and regulators. And there was a recognition that we could
be more efficient. We have a big mission with a small staff. There’s just approximately
300 of us. That we could be more efficient and effective in carrying out our mission,
working with our stakeholders if we were organized by function.
So, in the new organizational structure all of us view our role as serving the many stakeholders
that FinCEN has in focusing on our pieces of admission.
Our four operational divisions, the intelligence division, policy division, liaison, and enforcement
are staffed with our personnel whose skill set and expertise align with the operations
of each of our divisions. In terms of our other divisions, of course many of you have
interacted with our technology division that assists with our collection of BSA data and
making it available to our regulatory and law enforcement partners. And we also have
a very important management division that supports the work of our personnel and ensures
that we’re taking care of our valued employees at FinCEN.
Turning now to the enforcement division, the division that I head, the enforcement division
was a creation of the reorganization. FinCEN had not previously had a standalone enforcement
division. And the concept was to bring together all of FinCEN’s enforcement authorities
into one division so that we could collaborate across those individuals handling our enforcement
authorities holistically and work together on those endeavors instead of being spread
across various components of FinCEN.
So, in the new enforcement division we have three offices. We have the office that Andrea
heads, the Office of Compliance and Enforcement which is our largest office in the division.
And the Office of Compliance and Enforcement has three sections: Depository Institutions
– obviously the section of interest to all of our participants on the webinar today;
also money service business and casinos section; and other non-bank financial institution sections.
And the mission of that office is to focus on compliance and where appropriate enforcement
activities in our domestic space.
Our Office of Special Measures handles FinCEN’s other enforcement authorities which include
section 311 actions under the Patriot Act which we’ll talk about in more detail during
the webinar. Also geographic targeting orders. And other authorities that FinCEN has and
considers using in appropriate cases.
Our Office of Special Investigations is staffed with FinCEN’s federal agents. We do have
federal agents called 1811s that work at FinCEN. We’ve had 1811s for many years at FinCEN
and we’re very fortunate to have their expertise in the enforcement division. The agents investigate
a number of things including unauthorized SAR disclosures. We take very seriously at
FinCEN the confidentiality of the reports that you and other institutions file. And
we do have a dedicated group of agents that investigate any unauthorized disclosures of
SAR information.
The agents also testify as custodians of record in criminal trials around the country, because
FinCEN is considered the custodian of record for the vast majority of Bank Secrecy Act
reports. The agents also assist with Office and Compliance and Enforcement investigations
and lend their investigative expertise to those investigations.
Turning now to the authorities that we work under within the enforcement division, pursuant
to the code of federal regulation the Director of FinCEN does have overall authority for
enforcement and compliance, including coordination and direction of the procedures and activities
of all of the agencies that exercise delegated authority under the Bank Secrecy Act. And
we’ll talk in more detail about the role that overall authority for enforcement and
compliance, including coordination and direction of procedures and activities of all other
agencies exercising delegated authority under” 31 C.F.R. Chapter X. plays and also the vital
partnerships with the many agencies that we work with including the NCUA.
I’ll turn the presentation over now to Andrea.
Diane Rector: Thank you, Stephanie. I’m going to introduce Andrea Sharrin. She is
the Director of the Office of Compliance and Enforcement at FinCEN, US Department of the
Treasury. Director Sharrin supervises up to 35 employees and has responsibility for FinCEN’s
Bank Secrecy Act compliance and enforcement programs. This includes developing and implementing
the bureau’s compliance and enforcement strategies and supervising investigations,
enforcement actions, and other activities that have industry-wide national and international
impact, including those related to the national security and that they are designed to protect
the US financial system from terrorist financing, money laundering, and other financial crime.
Andrea is an internationally recognized expert in intellectual property policy enforcement.
She supervises 14 employees. I’m sorry, she supervises 14 prosecutors and has responsibly
for the department’s domestic and international intellectual property criminal enforcement
program. So, welcome. Turn it over to Andrea.
Andrea Sharrin: Thank you very much. Thank you for that introduction. If you’re looking
at the slide that appears to be very complex, then you are absolutely on the right slide.
This describes FinCEN’s sort of relationship and oversight in the BSA space and relationship
with our partner regulators including NCUA here today.
If you look at the first row, that describes all of the covered industries under the BSA
that FinCEN has oversight over, including banking institutions, money services businesses,
casinos, dealers in precious metals, stones, and jewels, securities and brokers, as well
as futures and commodities among other financial institutions.
And then if you look at the second row, you’ll see the range of delegated examining agencies
who FinCEN has delegated our examination authority to. And then finally in the bottom row you’ll
see sort of where the enforcement powers lie. So, if you look under the banking institutions
in that first column you’ll see that FinCEN has delegated our examination authority to
the Office of the Control of the Currency, the Federal Reserve Board, Federal Deposit
and Insurance Corporation, including of course NCUA. And with them we actually share enforcement
authority. So, what that means is that either our regulators can bring an enforcement action
or FinCEN can bring an enforcement action. Or both of us can bring an enforcement action.
Or we can each decide not to.
In the money services business and other space in the middle of the covered industries row,
we have delegated our examination authority to the IRS SB/SE, or small business/self-employed
section. And in that area FinCEN has sole federal enforcement authority. And then finally
as it relates to securities, brokers, dealers, mutual funds, futures, and commodities, we
share concurrent authorities with our regulators in that space.
FinCEN has a range of authorities and tools to enforce compliance with the Bank Secrecy
Act in its implementing of regulations. For example we can assess civil monetary penalties
for programmatic violations, including reporting violations, recordkeeping, and as it relates
to registration for certain money services businesses. Now, while many of the banking
institutions don’t specifically cover money services businesses, there are MSBs that bank
with banking institutions, so there is a relationship among those types of entities.
And the penalties can be as much as the greater of the amount, of course not to exceed $100,000
involved in the transaction, or $25,000 a day. So, if you took $25,000 a day and let’s
say the violation extended for six years perhaps, that could be a maximum statutory violation
of upwards or close to $55 million. Now, like our colleague Adam from OFAC, I want to suggest
or let you know that we are not here to suggest that we are going to be seeking maximum statutory
penalties in every potential case. As I like to say, we absolutely are not looking to bring
the full resources of the federal government onto folks that are jaywalking, for example.
So, the notion is that we try to find an appropriate penalty that makes sense given the conduct.
And if you look at our website on the kinds of enforcement actions that we have brought
say over the past 18 months, that will give you a good indication of the kinds of conduct
that we have looked at and that we have brought enforcement actions against the particular
kinds of institutions. We have made a great effort to be very, very detailed in our assessments,
so you can understand exactly what that conduct is.
In addition to civil monetary penalties, we can also seek injunctions in federal district
court to either enjoin a violation of the BSA or to enforce compliance with the BSA.
And in order to achieve our enforcement goals we have the tools to examine all the books,
papers, records, and relevant data that is relevant to the recordkeeping and reporting
requirements. And while we always work very collaboratively when we can with financial
institutions in looking at compliance issues and if necessary enforcement issues, we have
in cases where we need to we do have the authority to summons financial institutions, its employees,
or individuals who have BSA records to either give testimony under oath or to produce records.
Stephanie Brooker: I want to turn back now to our Office of Special Measures that I talked
about in the beginning of our presentation. Our Office of Special Measures does issue
311 actions under the Patriot Act. These are actions in which the Director of FinCEN makes
a finding that a foreign jurisdiction or financial institution operating outside of the United
States is a primary money laundering concern to the United States and issues a number of
special measures to attempt to protect the United States from that primary money laundering
concern, including prohibiting US institutions, including credit unions, MSBs, banks, other
institutions from maintaining correspondent accounts that permit the primary money laundering
concern funds to flow through the United States.
Some examples of our 311 actions, they’re all public actions, are on our website. And
three of our most recent actions were against Liberty Reserve, the virtual currency provider,
and a number of Lebanese exchange houses. These actions are certainly of significance
to FinCEN in trying to protect the US financial system from money laundering and terrorist
financing. And I also want to highlight it here because there are obligations on US financial
institutions when we issue a section 311 action. So, again, there is a section on our website
entitled the USA Patriot Act that has all of the 311 actions that FinCEN has issued
since the provision was passed in 2002.
Also want to note in slightly more detail the other authority I referenced at the beginning
of the presentation, the geographic targeting orders. These are orders, again, that the
Director of FinCEN can issue that add reporting and recordkeeping requirements for particular
geographic areas on US financial institutions. These types of orders are issued when the
director finds that there are reasonable grounds, that these added recordkeeping and reporting
requirements in addition to what’s already in the Bank Secrecy Act are necessary to carry
out the purposes of the BSA or to prevent evasions of the statute.
This is a tool that FinCEN issues often in collaboration, and this is in the statute,
with active law enforcement investigations when enhancing or adding to the BSA recordkeeping
obligations for a period of time, typically 180 days, would assist law enforcement investigations.
This tool does have a provision in the statute that it can be confidential. So, often the
only entities that know that a geographic targeting order has been issued are those
institutions that are subject to the order. And the reason for that is that it often is
done in conjunction with an active law enforcement investigation so the statute permits us to
keep it confidential. But the feedback that we have received from our law enforcement
partners is that this is an important tool in their effort.
Andrea Sharrin: What we’d like to do now is talk a little bit about the various reports
and data and how we use it that you all contribute to the FinCEN’s database. So, there are
basically seven types of reports which I’ll talk about in a minute that authorized individuals
and entities are able to access through FinCEN Query which is our web-based search engine.
And there are a number of authorized federal state and local law enforcement and regulatory
users. But the numbers, I think, are actually really pretty amazing. We collect approximately
55,000 reports every day from 70,000 financial institutions and other e-filers. And those
who use the database access it probably about 18,000 times a day and by those 9,000 federal,
state, and local law enforcement users. And the database itself contains about 190 million
records that go back about between 10 and 11 years.
So, the BSA reports that are filed include currency transaction reports which as you
may know are filed by financial institutions that involve transactions over 10,000 in currency.
And under certain circumstances there are some exemptions. They also file suspicious
activity reports. And what I wanted to mention about suspicious activity reports is how important
it is to keep the existence of these reports secret and confidential. There are actually
criminal penalties that can be associated with disclosure of this information. And it’s
something that all employees, not just AML compliance folks should be aware of.
Other reports include the CMIR reports, or reports of international transportation of
currency or money instruments. One of those if you’re flying on a plane and you get
that international and you get that form that says, hey, are you carrying $10,000, that
would be something along those lines of what that report does, which includes the report
of foreign bank and financial accounts or FRs.
And there are other ones that you can see that are on this slide. So, who gets this
information that you all contribute to the database? Well, as I mentioned earlier there
are authorized federal, state, and local law enforcement and regulatory agencies who have
direct access to the database so they can do their own searches on FinCEN data. And
we have probably over 360 memorandum of understanding off those who are authorized to access the
data. And they use it for investigations, could be criminal investigations to do probably
less complex research and information gathering.
But FinCEN has an intelligence division that not only provides responsive information to
request for data, but also does proactive analysis and puts together – connects the
dots on complex financial investigations and can provide fairly sophisticated analytics
for law enforcement, for potential criminal investigation. And they also use that to identify
trends and risks and the various topologies of illicit activity. And, of course, FinCEN
uses that information in the context of our compliance and enforcement efforts.
Other information sharing that you may be aware of includes under section 314(a) and
314(b). And we have on our website pretty detailed information about these programs.
The idea is to help – to use information sharing as a tool to help law enforcement
identify and disrupt and prevent terrorist acts and money laundering activities and other
financial crimes. And by encouraging this cooperation among law enforcement, among regulators
and financial institutions so that you share information regarding suspects who might be
involved in some of these illicit activities.
314(a) involves law enforcement to financial institutions. And I think you see that law
enforcement through fencing can access 43,000 points of contact at 22,000 financial institutions
to locate critical information on persons that can be involved in terrorism and money
laundering.
And 314(b) involves financial institution to financial institution information sharing.
And it provides a safe harbor to financial institutions after notifying FinCEN that we’ll
share information to one another. And the requirements for all of this information can
be found on our website and you can see the links on the slide. But I do want to really
point out how important this information sharing is. I mean, we’ve used the information provided
say under 314(a) that have turned up information that had been used to identify Hawala operations
involving sanctioned countries that were just described by Adam, one of our colleagues here
today from OFAC, as well as arms trafficking, alien smuggling involving fatalities, nationwide
investment fraud schemes, among many other types of investigations.
The program processed probably over 2,000 requests which included 23,750 subjects of
interest. And of these, financial institutions responded with 146,600 total subjects. 95%
of the 314(a) requests have contributed to either arrests or indictments of criminals
engaged in this illicit activity.
Kathryn Baxter: Okay. We have a poll question for all of our audience. The question is,
financial institutions may share with each other without notifying FinCEN, and still
be covered under the safe harbor provision, since the purpose is to uncover money laundering
or terrorism schemes. This is true or false? The poll is open now. Please select your answer.
You’ll have approximately 10 seconds to select your answer.
Okay, so we have 21% that selected true, that they may share without noticing FinCEN. And
almost 79% that said false. And, Andrea, the answer is…?
Andrea Sharrin: The answer is false. You have to notify FinCEN before sharing the information.
That’s a very important point. So, moving to the next slide, we have the FinCEN FRC,
the FinCEN Resource Center. And this is a really tremendous resource for all of you.
If you have any questions, we’ll be able to answer some questions today, but certainly
we won’t be able to get to everything. But you can always call the regulatory help line.
It provides guidance and assistance to all forms of industry representatives, regulators,
law enforcement regarding all of our regulations, reports, and guidance. And there’s no call
that we can’t receive. There’s none too small. There’s none too big. We get calls
from small mom and pop shops that do some services to very senior executives from large
financial institutions. We get up to 50,000 calls a year and you might find when you call
you’ll be asked to leave a message. And don’t worry, we will get back to you within
24 hours. The reason why we ask folks to leave a message is sometimes it requires us to go
back and do a little research to get you the best information that we possibly can.
So, please use the regulatory helpline and the FinCEN resource center. It’s really,
really, very, very helpful and effective. And that includes the remarks that we have
today from FinCEN. Thank you.
Kathryn Baxter: Thank you, Andrea and Stephanie. We want everyone to stay on the line please
because we’re getting ready to go right into our Q&A. Before we do our Q&A we’re
also going to push out a survey. Please take a look at the slides that are coming up now.
We have some upcoming webinars for June. The part two of this particular webinar will be
June 25th at two o’clock and we’ll invite back Adam and Stephanie and Andrea to help
us to understand a little more meat and potatoes on what they do and some of the compliance
issues that happen in the world of finance.
Also, we’re going to have a cyber security awareness webinar on June the 11th. Please
get ready to register for that. We have a few training events and leadership boot camps
for credit union management and boards of directors, one in Baton Rouge, Louisiana and
one in Los Angeles on June 7th. Okay?
So, you can register any time using our Office of Small Credit Union Initiatives link on
the NCUA.gov main page. Left hand side. Scroll down and you’ll see our link. And here comes
the survey. And we’re going to simultaneously go to our Q&A and the first question is going
to go to Adam. He’s very fortunate; he gets question number two. And Diane Rector is going
to give him question number two.
Diane Rector: Adam, what exactly should a credit union do if an OFAC search of a particular
name results in a hit for PEP and there isn’t enough detailed information to verify or deny
the validity of the hit?
Adam Maddox: Okay. Well, this is a good question because it’s something that we do get questions
about, but the answer is OFAC actually doesn’t publish or maintain any PEP lists. That stands
for politically exposed person. We do get lots of calls about that. But oftentimes the
software that folks use will sort of squish everything together. And we always tell you
to call OFAC.
Diane Rector: Okay, number three goes to Adam. Should every check cashed at a credit union
for loan payment or anything else be checked for OFAC before processing? Question number
three.
Adam Maddox: Sure. So, the basic answer is yes. Now, theoretically if they’re your
customer you should know that they’re not on the list and you should be scanning, but
if they cash a check from someone else, basically any OFAC violation is a violation. So, any
time that someone on the SDN list cashes a check or does any transaction with you for
that matter, it is a violation.
Diane Rector: Okay, question 139 goes to Stephanie. How do you find out about a special geographic
area and if you are subject to it?
Stephanie Brooker: Absolutely. For our special geographic targeting orders that cover special
geographic areas, if your financial institution is included in that geographic targeting order
FinCEN will serve the institution with a copy of the order, so we do direct service to the
institution so you will know that you’re expected to comply.
Diane Rector: 122 to Adam. Adam, is your shared information regarding people shared beyond
the law enforcement level internationally?
Adam Maddox: Well, so actually OFAC doesn’t really share a lot of information with, well,
we do with other law enforcement agencies maybe. But the information that we have about
our SDNs is only at OFAC. So, for example, if you call in and you want more information
about a SDN, we only have what’s on the website.
As far as sharing with other law enforcement agencies we would share with other agencies
domestically. I’m actually not sure about internationally.
Diane Rector: Great. Okay. Number 133. There’s been some confusion about what type of activity
would require the filing of a SAR. The direct question is this: Is a financial institution
required to file a SAR on a customer that uses the Social Security number belonging
to another person?
Stephanie Brooker: Generally with SAR filing questions we ask that you contact our FinCEN
resource center who will also in appropriate circumstances engage our Office of Chief Counsel
to provide any guidance that we can on SAR filing questions. It’s certainly a matter
of facts and circumstances, so we do defer those questions to our hotline and our attorneys
in the Office of Chief Counsel.
Diane Rector: Thank you. Question 135. Stephanie, is it possible for a credit union to be penalized
$5,000 per day if it banks an unlicensed MSB?
Stephanie Brooker: So, our penalties at the $5,000 a day penalty structure are for MSBs
who do not register according to the FinCEN regulations. I think that question goes to
other aspects of our penalty structure and doesn’t fit within the unlicensed MSB penalty
provisions.
Diane Rector: Sometimes it’s not enough to be sure. Our phone calls to OFAC office
sufficient evidence they’ve documented when they’ve called the office?
Adam Maddox: Sure. So, we actually don’t have any sort of official documentation procedure
for when somebody calls in. Basically when somebody calls into OFAC we can sort of help
walk you through the process and point you to all the information on the SDN list. But,
it’s a bit hard for us to because we’re actually unable to look at all the IDs and
things like that, so we can help you say, “Hey, you know, please look at their IDs,
find some address history,” and then we can help you compare that to the SDN list.
But we actually don’t have any extra information that you couldn’t get from the SDN list.
Generally it’s up to the financial institutions to get all the information they can and try
to decide if it’s the same person or not. Although if you do have difficulties we’re
happy to walk you through it.
Diane Rector: Okay. And before I go on, one of the questions was is this going to be archived
and available to employees. Yes, it will be archived and available to employees within
3 to 4 weeks on our website.
Question number 94. Should we be checking against SDN and FSE lists as well as account
opening wire transfers, etc?
Adam Maddox: Yes. So, any time that you would transfer something for somebody on the SDN
or FSE list, if that person is truly on the list and it is that individual it would be
a violation. But we’ve talked a little bit before about finding false positives. And
if you can check birthdates, names, address history and confirm that it’s a different
person, then you would be fine. But do make sure that any transaction you do is not for
anybody who is really, truly on the SDN or FSE list.
Kathryn Baxter: Okay, this question is going to be to either Andrea or Stephanie. We had
one viewer or listener rather that wrote us in separately and asked this question. They
apparently are having a problem logging into BSA directly with their password and they
say that the system does not automatically have the credit union’s information and
so forth. Is there a reason why that is? Is that a question you can answer?
Stephanie Brooker: What we can do is refer the webinar participant to our FinCEN helpline.
We have a separate helpline at FinCEN that fields hundreds of thousands of calls a year
from institutions with regard to technical assistance requests for FinCEN access. And
the can certainly get them to the right place.
Kathryn Baxter: Okay. I have another one, it was another question that was sent in previously.
On occasion the FinCEN 314(a) list may contain a fairly common name and little information
identifying who they are, birth date or TIN. While we may have a member of the same name
there’s not sufficient information provided to positively match the member to the target.
So, the question is does FinCEN expect the response for every Mary Smith that they may
have?
Stephanie Brooker: For any questions about compliance with a 314(a) request we have a
staff within the FinCEN resource center, a very experienced staff, they’ve been doing
this a long time, that handles 314(a). And the callers or the institution should reach
out through the helpline and they can get you in touch with the staff that handles the
314(a) program for any requests for clarification.
Andrea Sharrin: And also just to contribute to that answer, FinCEN gets the law enforcement
requests and reviews them. And FinCEN is the one who notifies the point of contacts across
the country, I think, every two weeks that new information is made available on a secured
site. So, we do have an opportunity to see some of that information before it is submitted
to the financial institution. Referring back to FinCEN, we will have some familiarity with
that request.
Diane Rector: Thank you. Question number 12. What would be the comfortable percent for
us to give the frontline staff to go free and process the transaction? Presently I allow
them to process anything below 98% without my intervention.
Adam Maddox: Sure. So, this is another fairly common call we do get at OFAC. Whenever somebody
has compliance software that they use, basically it’s looking at all of the transactions
that either come in or that go out from a financial institution. And it’s looking
at people’s names and it’s making some sort of score about, yeah, this looks like
somebody who is on the list, or a low score would be saying that, no, the software, you
know, based on its internal algorithms and math doesn’t think that it’s somebody
on the list.
We can’t really give you a comfortable line because OFAC works on a strict liability basis.
We would say even if your software says, “Hey, I don’t think there’s any match at all,”
and then you process it and there is, we would still say that there is a sanctions violation.
So, basically the best thing to do might be to call the software provider and say how
do you generate these numbers? How different would it have to be? Or if there is some way
you could get in there and sort of play around with the software and try variations on the
same name or the same company name with and without periods and figure out what numbers
are we comfortable with, what would give us false positives, and what would make us miss
real matches.
Kathryn Baxter: Okay. Thanks Adam. Question number 74 is going to go to Stephanie or Andrea.
Here is the question. If a customer lives in a sanctioned country like Iran, for example,
and requests a wire, can our institution send the wire to that person in Iran?
Adam Maddox: Oh, that’s actually an OFAC issue because it’s an Iran one. Sometimes,
yes, but it’s tricky and you should call us. We talked about general licenses and sometimes
it actually is permissible. But what you should do if somebody wants to do this is gather
all the information and say who is this, what’s the purpose of the wire, how much is it. Then
give OFAC a call and say somebody wants to do this, here is all the information. Then
we can help walk you through the exemptions where somebody might be able to send the wire.
Although I say might and I encourage you to call in.
Kathryn Baxter: Okay. Now, let’s go to Andrea or Stephanie. Question number 210. Question
210 reads will there be any additional guidance on how credit unions should handle marijuana-related
accounts?
Stephanie Brooker: At this point in time of course we would refer to the guidance that
we’ve issued and we’re not in a position to speak about additional guidance or frequently
asked questions at this point.
Kathryn Baxter: Okay, so while you’re on the line, here’s another one. If someone
deposits $6,000 per week for 10 weeks, should it be reported?
Stephanie Brooker: Again, that goes back to the question of when should a SAR be filed
and what are the facts and circumstances that lead to a decision that a SAR should be filed.
For those types of questions, because they are detailed and nuanced, we don’t typically
answer them in live speaking events and do ask that an institution and encourage you.
I mean, our help desk is very good. To give them a call and they will also engage with
our Office of Chief Counsel.
Diane Rector: Question number 232. If a credit union is part of the shared branching network
do they have to be a registered 314(b) participant to discuss shared transaction activity?
Stephanie Brooker: For that request I think because it is very detailed and we want to
make sure we understand all the facts and circumstances and the applicable regulations,
I would ask that the participant call the helpline and ask for a member of the staff
on the 314(a) and (b) program and they can assist.
Kathryn Baxter: Okay. So, while we have you on the line, Stephanie, here’s another one.
Under 314(b), it’s question 163, excuse me. Under 314(b), can financial institutions
share information about other types of fraud or account crimes such as counterfeit checks
with other money laundering or terrorism activity?
Stephanie Brooker: As Andrea mentioned, there is the pre-notification and approval requirement
for a 314(b). So, when those requests and certifications are made to FinCEN we can work
with the entities interested in entering into a 314(b) arrangement with any questions they
have. But I do want to add we very much appreciate the question and the interest in a 314(b)
program. We think it’s a critical part of how we work with industry to protect the financial
system and appreciate that there was a question here on the webinar today and encourage other
participants to think about 314(b).
Kathryn Baxter: Fantastic. Now, let’s give Adam another shot. Question 119. We use [Verifyn]
to OFAC anyone involved with a wire transaction including financial institution. Is that sufficient
for complying with OFAC?
Adam Maddox: Oh, sure. So, we also do get this sort of question fairly often. There
is a lot of software out there and basically, again, it’s strict liability. If anything
makes it through your software it’s still a sanctions violation. So, whatever software
you use, the best thing to do is to know exactly what it will catch and what it won’t catch.
And also have staff who basically know when it returns some possible result what that
means and who understands OFAC as a whole. But basically to try to get more directly
at the question, just because you have software, that software itself doesn’t mean necessarily
that you comply with OFAC. And it won’t stop every potential violation. And if a violation
does occur it’s assessed on a strict liability basis which means in OFAC’s eyes it still
happened and it’s still an actual violation.
Kathryn Baxter: Okay, Adam, stay on the line. We have another question for you. Question
number 107. Question number 107 says can we tell our members if there’s a potential
OFAC match?
Adam Maddox: Absolutely. So, if you think that somebody might be on the OFAC list, and
it does happen fairly often, just say, “Hey, we had a potential OFAC match. We don’t
think you’re the same guy, but we need your birth date or something like that to help
us differentiate you from the person on the list.” And we encourage you to do that and
please do because there are some names on the list that are very common. And especially
in some areas of the world – there’s a lot of narco-traffickers in South America,
you know, Perez and Martinez and names like that will often be on there. Also Middle Eastern
names might often be on the SDN list. So, by helping – telling someone there is a
potential issue and then working your best to clear it, it just makes things easier because
you get to bank them smoothly and you don’t sort of upset them and make them feel like
they’re being discriminated against.
Kathryn Baxter: Okay Adam. Stay on the call. We have another question for you – question
number 91. What is the difference in the OFAC search you provided and www.instantofac.com
search?
Adam Maddox: Sure. So, the one on our webpage is actually on a government website. There
are a lot of commercial providers out there and that’s what anything that says dot.com
at the end, that’s actually not from the government or from the treasury. It’s basically
just some computer programmer who downloaded our list, which is actually available on our
site and if you have an internal IT department they can do that as well. But whoever set
up that website, actually I don’t know who it is or how it does their search or how often
they update it.
So, if I were going to get online and use one I would use SDN search on the treasury
website.
Kathryn Baxter: Okay, before you go, stay one more time, question number 101. At my
old credit union we had to scan domestic banks in the OFAC system. At my new credit union
they feel it’s not necessary. Is it good practice to scan domestic banks against the
OFAC system?
Adam Maddox: Oh, it’s kind of a difficult question. And on the one hand if there was
a bank here in the US who would be put on the SDN list, it probably would also be shut
down and the FBI would show up and raid their offices. So, a domestic bank will probably
not be on the SDN list. That said, it’s possible. And sometimes because there are
individuals they do come to the US. And sometimes foreign banks are on the SDN list. So, screening
every party in a transaction is the best way to go, I think.
Diane Rector: 240 goes to Stephanie. At what point does FinCEN get involved when the institution
has a deficit program, at the regulation notification, only upon an infraction recognized by FinCEN?
Stephanie Brooker: That’s a very good question. FinCEN pursuant to our regulations as we discussed
in the presentation does have a number of delegated examining relationships with other
regulators. We then have detailed memoranda of understanding that govern those relationships.
And our MOUs do provide that our regulatory partners will notify us of significant violations
and deficiencies found in institutions.
So, one of the sources of information we have to think about whether FinCEN should open
an investigation is referrals from regulatory partners including the NCUA. In addition we
do have other ways that we receive information that may lead us to look at the compliance
regime of an institution including referrals from our intelligence division and their analysis
of BSA data. We also work with criminal law enforcement partners where appropriate. And
we may have other source of an indication that there is a concern within an institution
that we should take a look at.
Kathryn Baxter: Okay, stay on the call Stephanie. We have another one. Question 253 for you
and Andrea. We serve university faculty and students and periodically receive education
stipends from banks in Iran for Iranian students. The individuals receiving the wires are not
on the 314(a) lists. Is any reporting needed for this?
Stephanie Brooker: I think perhaps this would be best shared with FinCEN and OFAC. In terms
of programmatic BSA reporting requirements, programmatic requirements, obviously the statute
is a risk-based approach and institutions need to look at all of the factors that could
lead to an indication that there is risk or that there are other reporting requirements.
Because it does involve banking relationships with it looks like Iranian citizens who are
in a student capacity I am going to turn it over to Adam to supplement my answer.
Adam Maddox: Sure. So, it’s also perhaps a little bit of an OFAC issue. If somebody
is an Iranian here on a visa, on a valid student visa I should specify, it’s actually okay
for them to send and receive money from family members in Iran. They should make sure that
none of the banks are on the SDN list or the money could get frozen. But I would recommend
that if you have some transaction and you’re worried about the Iran sanctions, give us
a call if it’s something you deal with a lot and we can help walk you through it.
Diane Rector: Okay, Adam. Question number 36. Is there illegal activity, such as check
fraud, do we file a SAR even if it’s under $5,000?
Stephanie Brooker: I think because that’s a SAR filing question it may appropriately
come to FinCEN as opposed to OFAC. Again, looking at all the facts and circumstances
of the suspicious activity is important. So, for that question because it does go to SAR
filing obligations we would ask the institution to reach out to our helpline.
Diane Rector: Okay, Stephanie, question number 248. When reporting the number of SARs to
the board of directors of a credit union should it be number only or no information, and no
information?
Stephanie Brooker: I think that question goes to the issue of what type of information is
being reported up the compliance chain to the board of directors. One thing I do want
to highlight that’s implicit in that question and complement is we do believe in terms of
themes we’ve looked at and recent enforcement actions that the business side, the board
of directors, being actively engaged in the compliance side of anti-money laundering is
critical. So, I’m happy to receive that question.
In terms of the actual information that’s being provided to the board with respect to
SAR information, I would recommend that the institution consult with their internal general
counsel or outside counsel to navigate those issues because they are tricky. And I think
they’re best discussed within the legal counsel of the particular institution.
Kathryn Baxter: Thank you, Stephanie. We’re going to turn now back to Adam, put him on
the hot seat again. Question number 192. 192 says XYZ company does packing and shipping
and also offers Western Union money transfers. Is XYZ company also considered an MSB or just
an agent of an MSB? What due diligence is required? Do we treat it as an MSB?
Stephanie Brooker: Because that goes to, I think, the MSB registration requirements I
can take that. It appears within the question that you have a mixed use company that’s
doing potentially both money transmission and other services, commercial services. That
is, of course, relatively common.
Of course it’s the MSB that has the registration requirement but I certainly understand the
question that a credit union that may be considering banking an MSB has to ensure that they’re
registered. My suggestion would be to call our helpline to describe the facts and circumstances
that you’re seeing with respect to the MSB and we may be able to provide assistance.
In addition, it may be that the credit union in consultation with the primary regulatory,
here NCUA, may want to think about doing some additional inquiries to the MSB to get the
information that the credit union feels they need to make that business judgment.
Kathryn Baxter: All right. We have time for one more question and so we’re going to
let Adam get the pleasure with that one. Hopefully we get this one right. When a member is attempting
to add a payable upon death beneficiary, question number 245, I’m sorry. When a member is
attempting to add a payable upon death beneficiary to an account that is a potential OFAC match,
should we tell them we cannot add them as a beneficiary or do we accept them as the
POD and then block or freeze?
Adam Maddox: That’s a good question and we actually do have that happen. So, until
the person has actually passed away and the beneficiary actually has a right to the money,
just when they put that name on their will or as the beneficiary, at that point the beneficiary
doesn’t have a right to it. It’s actually when that money is getting ready to flow from
either an insurance policy or a payable on death account to the individual. At that point
you’d want to make sure that you didn’t transfer money for somebody on the SDN list.
But, if it’s just a name on a document, the person who puts it there can always change
it and that transfer might not even happen. So, you don’t have to worry until those
funds are actually ready to be transferred.
Diane Rector: Okay, so we’re done right now. But one last final thing. We were not
able to answer all of your questions, we realize that. We will answer your questions within
three to four weeks. We’re going to send out an email with the answers to people individuals.
And then what we’re going to do is put an Excel spreadsheet on our website along with
the webinar with the Q&A, just the questions and the answers. So, your questions will be
answered.
Kathryn Baxter: All right. For those of you that are ready to take the test remember look
at your console. There are three purple widgets. The middle widget is the test. The one to
its left is going to let you know if you passed it. So, you can click on that middle widget
which is your test. It’ll come up. The console is going to be open for 20 minutes, so you’ll
have 20 minutes to complete 15 questions.
And we’d like to thank you all for joining us. We thank our distinguished guests, Adam
Maddox from OFAC, Stephanie Brooker from FinCEN, and Andrea Sharrin from FinCEN. And we hope
to see you for part two. It’s going to much meatier and we look forward to having our
special guests back. Take care and have a great afternoon.