Compliance: know your customer and due diligence revisited

RMA Journal, The, Sept, 2002 by Timothy D. Mahoney

How well do you really know your customer? The recently enacted USA PATRIOT Act requires that you do. And, it requires a lot more.

The Treasury Department's first proposed rules under Section 326 of the Act issued on July 17, 2002, require any financial institution to:

* Verify the identity of any person seeking to open an account.

* Maintain records of the information used to verify the person's identity.

* Determine whether the person appears on any list of known or suspected terrorists or terrorist organizations.

While many organizations are now taking pains to comply with the Act, some of the requirements actually have been around for a long time. Financial and insurance service providers have been required to conduct due diligence on prospective customers since the passage of anti-money laundering legislation, such as the Bank Secrecy Act of 1970, and Money Laundering Control Act of 1986.

To maintain their anonymity and ensure unimpeded money movements, organized crime groups and terrorists rely on the identities of real persons who are not likely to be found in law enforcement databases.

Regardless of which crime group or scheme involves the abuse of personal identifiers, there is one common link--money laundering. Today, international money laundering tied primarily to global narcotics trafficking is said to be the world's third largest business, valued in excess of $600 billion.

The performance of proper due diligence is essential to ensure that a financial institution is nor misused and that its reputation remains untarnished. By asking the following questions, the financial services provider can ensure institutional integrity and protection from misuse by unsavory individuals:

* Does the institution know the true identity of each and every customer?

* Could you have an individual or corporate entity within your institution connected to a shell company that might prove detrimental to your corporate reputation?

* Do you really know if that recent large wire transfer deposited into that newly opened account really came from an inheritance, the sale of real estate, or some other legitimate source?

* What are you doing about wire transfers from offshore third parties whose backgrounds you haven't vetted?

* Do you file Suspicious Activity Reports (SARs) on a timely basis?

Some institutions might need to take a closer look at these issues and recognize that "willful blindness" is a prosecutable offense that could lead to serious sanctions, especially in this time of escalated concern for national security.

The Bank Secrecy Act (BSA) requires that all banks governed by the Federal Reserve have procedures in place that ensure adequate due diligence vetting is done on all new customers. It also requires monitoring and reporting of suspicious transactions, including deposits and wire transfers of more than $10,000. All suspicious activity must be properly logged, documented, reviewed, investigated, and reported to appropriate state banking departments.

The USA PATRIOT Act updates these requirements and sets penalties of up to $1 million per transaction if the financial institution fails to verify the identity of accountholders, including the beneficial owners, and sources of deposited funds. The definition of "financial institution" is very broad, and includes many types of businesses.

Failing to comply with BSA requirements prior to the passage of the USA PATRIOT Act have been severe. One private bank in New York that was deemed not to be in compliance was assessed $10 million in civil penalties. That more than doubled the highest recorded penalty at the time--a $4.75 million fine levied by the Treasury Department in 1986.

In addition to civil penalties, criminal fines and forfeitures of more than $35 million have resulted from U.S. Department of Justice (DOJ) prosecutions of banks actually involved in money laundering.

Additionally, all financial institutions and all nonfinancial companies that conduct business overseas are subject to U.S. Treasury Office of Foreign Asset Control (OFAC) regulations.

Routine bank examinations typically include a review of the bank's OFAC compliance manual, as well as an actual test of their compliance level. OFAC programs are based on individual foreign policy imperatives aimed at "designated narcotics traffickers," "designated terrorists," and "designated nationals" of countries that the U.S. considers politically hostile.

In light of the current war on terrorism, organizations that are doing business abroad should expect increased compliance testing of their OFAC programs. Without an effective program in place, financial institutions can become unwitting handlers of prohibited transactions, such as routing money to finance terrorist activities. This is especially true of smaller banks that may not be as diligent in screening customers and their transactions.

The most recent annual report by the Financial Action Task Force (FATF), a group of 29 nations that monitor anti-money laundering activities, placed the U.S. banking system third from the bottom in terms of effective anti-money laundering initiatives. Only Canada and Mexico rated lower.