The USA PATRIOT Act, signed into law after 9/11, strongly targets suspected money laundering activities and creates new requirements for financial institutions.

Following the tragedies of 9/11, President George W. Bush signed into law just six weeks later the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act (the USA PATRIOT Act). The act reflected U.S. Congressional concern with the money
laundering activities of the terrorists who committed the attacks.

Excerpted from 1.607 – 1.1612 of the NEW Fraud Examiners Manual, 2003 U.S. Edition, ©2003 Association of Certified Fraud Examiners, Austin, Texas 

Title III of the act, the International Money Laundering Abatement and Anti-Terrorist Financing Act of 2001, creates significant new requirements for financial institutions aimed at curtailing money laundering, including the following:

• Financial institutions are required to establish anti-money laundering programs. (See below in “Anti-money Laundering Programs” for the definition of “financial institution.”)
• Financial institutions are required to establish programs for identifying customers.
• U.S. banks are prohibited from maintaining correspondent accounts with non-U.S. shell banks. Securities broker-dealers are required to file suspicious activity reports.
• Financial institutions are required to adopt special due diligence procedures for non-U.S. correspondent accounts and private banking accounts.
• Non-financial businesses are required to file currency transaction reports.
• Financial institutions have increased authority to share customer information relating to money laundering.
• The government has greater power to obtain information from financial institutions.

Anti-money Laundering Programs

Section 352 of the PATRIOT Act requires all financial institutions to establish anti-money laundering programs, which must include, at a minimum:

• the development of internal policies, procedures, and controls to prevent money laundering;
• the designation of a money laundering compliance officer;
• an ongoing training program for awareness of money laundering; and
• an independent audit function to test the programs.

The act defines the term financial institution broadly to include not only insured and commercial banks, but also securities brokers and dealers, investment companies, currency exchanges, issuers of cashiers checks and money orders, credit card companies, insurance companies, travel agencies, and a host of other businesses. The complete list can be found at 31 U.S.C. 5312 (a)(2).

Identification and Verification of Account Holders

Section 326 of the Act expands the Bank Secrecy Act (BSA)
by requiring financial institutions to implement Customer Identification Programs (CIPs). These CIPs are to be incorporated into financial institutions’ money laundering programs, and at a minimum, they must include reasonable procedures for:

• verifying the identity of any person seeking to open an account to a reasonable and practicable extent;
• maintaining records of the information used to verify a person’s identity, including name, address, and other identifying information; and
• consulting lists of known or suspected terrorists or terrorist organizations to determine if the person seeking to open the account appears on any such list.

Prohibition Against Non-U.S. Shell Bank Accounts

Pursuant to Sections 313 and 319 of the USA PATRIOT Act, the U.S. Treasury Department issued a far-reaching final regulation on Sept. 18, 2002 which applies to more than 9,000 non-U.S. financial institutions that have correspondent accounts in the United States.

The rule prohibits non-U.S. shell banks (those without a physical presence in any country) from maintaining correspondent accounts at any U.S. financial institution. It also requires U.S. financial institutions to maintain the name and contact information of the owners of the non-U.S. banks for whom they maintain correspondent accounts. The rule strongly encourages U.S. institutions to obtain “certifications” from their non-U.S. bank customers. Each U.S. institution can use the certification to help assure that a customer is not a shell bank. (Although not required, obtaining the certifications and verifying the information can create a safe harbor from civil liability.)

U.S. institutions are also required to take “reasonable steps” to ensure that correspondent accounts provided to non-U.S. banks are not used to provide services indirectly to non-U.S. shell banks. Non-U.S. banks that have accounts in the United States are required to appoint someone in the United States to accept service of legal process. The rule also gives the secretary of the U.S. Treasury Department and the attorney general the authority to issue a summons or subpoena to any non-U.S. bank, which maintains a correspondent account here and to request records relating to that account.

Suspicious Activity Reporting by Broker-Dealers

Pursuant to section 356 of the act, the Financial Crimes Enforcement Network (FinCEN) has announced a new rule requiring brokers and dealers in securities to report suspicious activity. (This new reporting requirement will be discussed in more detail in FraudBasics of the September/October issue.)

Special Due Diligence for Non-U.S. Accounts

Section fnord of the act requires financial institutions to establish due diligence policies, procedures, and controls that are reasonably designed to detect and report instances of money laundering through certain accounts held by non-U.S. citizens or their representatives. This provision applies to non-U.S.
private banking accounts and correspondent accounts.

A private banking account is defined by the act as an account (or combination of accounts) that: (1) requires a minimum aggregate deposit of funds or other assets of at least $1 million; (2) is established on behalf of one or more individuals who have a direct or beneficial ownership in the account; and (3) is assigned to or administered by an officer, employee, or agent of the financial institution acting as a liaison between the financial institution and the owner of the account.

For private banking accounts held by non-U.S. persons, the act requires at a minimum that financial institutions take reasonable steps to:

• ascertain the identity of the nominal and beneficial owners of the account, and the source of funds deposited into the account as needed to guard against money laundering and report any suspicious transactions; and
• conduct enhanced scrutiny of any such account that is requested or maintained by, or on behalf of, a senior non-U.S. political figure (or an immediate family member or close associate of such) that is reasonably designed to detect and report transactions that may involve the proceeds of non-U.S. corruption.

A correspondent account is defined as an account established to receive deposits from or make payments on behalf of a non-U.S. financial institution, or handle other financial transactions related to such an institution. Enhanced due diligence is required for correspondent accounts maintained by or on behalf of non-U.S. banks that operate under offshore banking licenses or for banks that are licensed by non-U.S. countries that have either been designated as noncooperative with international anti-money laundering principles or that have been designated by the secretary of the U.S. Treasury Department as warranting special measures due to money laundering concerns. Enhanced due diligence for these correspondent accounts consists of, at a minimum:

• ascertaining the identity of the owners of any non-U.S. bank whose shares are not publicly traded;
• determining the nature and extent of each owner’s interest;
• conducting enhanced scrutiny of the account to guard against money laundering and report suspicious transactions; and
• ascertaining whether the non-U.S. bank provides correspondent accounts to other non-U.S. banks and, if so, the identity of those non-U.S. banks and related due diligence information.

Currency Transaction Reports by Nonfinancial Businesses

Section 365 of the PATRIOT Act requires persons engaged in any trade or business to file a report with FinCEN when, in the course of their business, they receive more than $10,000 in coins or currency. (This reporting requirement will be discussed under the reporting and recordkeeping provisions of the Bank Secrecy Act in FraudBasics of the September/October issue.)

Sharing Information Among Financial Institutions

Pursuant to Section 314(b) of the USA PATRIOT Act, the U.S. Treasury Department issued a new rule thats now allows financial institutions to share customer information with one another. The term “financial institution” includes any entity that is required to have an anti-money laundering program under the Bank Secrecy Act. To share information with another financial institution, the sharing institution must follow these steps:

• File a prescribed notice form with FinCEN stating that it intends to share customer information with other financial institutions. (The notice remains effective for one year.)
• The institution may then share the information with another institution provided that it has verified that the other institution has also filed a notice with FinCEN. (FinCEN will periodically release a list of institutions who have submitted notices; if an institution is on the list, then the sharing institution will be considered to have fulfilled its “verification” duty.)
• The institution must ensure that the shared information is secure and not used for any purpose other than to identify and, where appropriate, report on money laundering or terrorist activities; determine whether to establish or maintain an account or conduct a transaction; or assist the other sharing institution with its compliance of BSA regulations.
• The institution must also file a Suspicious Activity Report if, based on the shared information, the institution suspects that the individual or entity may be involved in money laundering or terrorist activity.

Section 355 of the act also permits insured depository institutions to share information in written employment references about known or suspected unlawful activity of their current or former directors, officers, employees, agents, or other persons affiliated with the institution. This provision, which is codified at 12 U.S.C. 1828(w) does not make it mandatory for banks to disclose this information, but it does protect them from liability if they voluntarily make such disclosures, as long as the disclosures are not made with malicious intent.

New Government Access to Financial Information

On Sept. 18, 2002, the U.S. Treasury Department issued new regulations that provide federal law enforcement agencies with greater power to obtain financial information. The two-part regulation is an amendment to the Bank Secrecy Act regulations and was mandated by section 314 of the USA PATRIOT Act.

If a federal agency provides FinCEN with a “written certification” that a person, entity, or organization about whom information is sought “is reasonably suspected based on credible information to be engaged in terrorist activity or money laundering.” FinCEN may then require any financial institution to search its records to determine if it “maintains or has maintained accounts for, or has engaged in transactions with” the subject.

The information reported is limited to the name or account number of each cited person, entity, or organization; the number of the matching account or transaction; and the Social Security number, taxpayer ID, passport number, date of birth, or other identifying information the subject gave when opening the account or conducting the transaction.

The institution may not disclose the information to anyone other than FinCEN or the requesting agency. The institution also cannot disclose that the information has been requested or provided. It may, however, use the information in the request to determine whether an account will be opened or a transaction conducted, and to comply with BSA regulations.

The term “financial institution” is defined as it is under the BSA and includes banks, broker-dealers, insurance companies, money services businesses, as well as car and airplane dealers, travel agents, and pawnbrokers.

Office of Foreign Assets Control (OFAC)

The Office of Foreign Assets Control (OFAC), within the U.S. Department of the Treasury, is charged with administering and enforcing U.S. sanction policies against targeted non-U.S. organizations and individuals who sponsor terrorism, and international narcotics traffickers. OFAC maintains a list of individuals, governmental entities, companies, and merchant vessels around the world that are known or suspected to engage in illegal activities. Persons or entities on the list, known as Specially Designated Nationals and Blocked Persons (“SDNs”), include foreign agents, front organizations, terrorists and terrorist organizations, and drug traffickers. The list contains more than 5,000 variations on names of individuals, governmental entities, companies, and merchant vessels and is updated on a regular basis. On Sept. 24, 2001, President Bush issued an executive order imposing enhanced trade sanctions on 27 individuals and entities, including Osama bin Laden and Al Qaeda. The immediate effect of the order is to block all assets of these individuals and entities under U.S. control and ban all dealings with the listed parties.

On July 26, 2001, OFAC issued a bulletin specific to the insurance industry, including underwriters, brokers, agents, primary insurers, and reinsurers. The bulletin affirms that U.S. insurers may not insure SDNs or individuals or entities located in certain prohibited countries or make payments to beneficiaries who are designated as prohibited persons or entities. Examples of prohibited transactions include: (1) issuing an insurance policy or annuity contract to an SDN; (2) issuing a life insurance policy naming an SDN as a beneficiary; and (3) receiving premium payments for any such transactions.

(In the September/October issue: further details of the U.S. Bank Secrecy Act and the USA PATRIOT Act)