FinCEN itself says that there’s not much new in the guidance to money services businesses that the agency released last Friday (March 11, 2016) on agent monitoring (the Guidance).1 But MSBs that rely on agents should still review the Guidance carefully. The fact that FinCEN has decided to release this Guidance now shows that the agency is focused on the issue. And the agency does clarify some important points related to agent monitoring by MSBs.
FinCEN described the Guidance as a “reiteration” of earlier guidance, which it was reissuing to complement recent guidance from state authorities. Indeed, in large measure, the Guidance essentially repeats interpretive guidance issued in 2004 and guidance set forth in its Bank Secrecy Act/AML Examination Manual for MSBs (MSB Exam Manual).2 However, the Guidance does clarify a few aspects of earlier interpretations. Notably, and as discussed in more detail below, the Guidance makes clear that both principal MSBs and agents are independently responsible for their own AML compliance, regardless of the existence of contractual arrangements; e.g., those that require the agent to adhere to the policies of another, principal, MSB.3 In addition, the Guidance clarifies that principal MSBs are responsible for agent monitoring for domestic agents as well as non-US agents. The Guidance also indicates that principal MSB oversight of agents will be a focus of future examination and enforcement by FinCEN and state supervisors.
As part of its focus on agent “monitoring,” the Guidance touches on additional concepts, such as agent risk assessment, agent due diligence, independent testing and corrective action in the event of noncompliance by agents.
In contrast, recently updated guidance from the Financial Action Task Force (FATF) gives complementary but significantly more detailed guidance about how a principal MSB should manage agent relationships as a whole. FATF’s guidance covers in detail subjects such as agent risk assessment, agent due diligence, agent monitoring, agent training, testing, and corrective actions in the event of agent noncompliance.4 The FATF guidance is not binding on US MSBs, but MSBs looking for more detailed information on best practices for managing the AML risk posed by agent relationships than that currently set forth by FinCEN should consult the FATF guidance as well.
We have summarized relevant highlights of the Guidance below:
Responsibility for AML Compliance. The Guidance clarifies that both the principal MSB and its agents are independently and entirely responsible for implementing an adequate AML program, even if the MSB (principal or agent) contractually delegates responsibility for the initial development of its AML program to another party. An MSB cannot avoid liability for not establishing or maintaining an adequate AML program, regardless of whether the MSB has contractually designated another party responsible for its AML program.
Agent Monitoring. The Guidance states that an MSB principal must have policies and procedures in place to identify suspicious or unusual agent behavior (e.g., activities lacking commercial purpose or justification or otherwise not supportable by verifiable documentation). Principal MSBs must also have risk-based procedures to monitor agents’ transactions. A principal MSB is also responsible for all reporting (including suspicious activity reporting) and recordkeeping requirements triggered by agents, and should have disciplinary procedures, specified in contracts as well as policies and procedures, that set forth consequences, including termination, when agents do not comply with the law or the MSB principal’s requirements.
Characteristic of all AML compliance programs, an MSB principal should have risk-based policies, procedures, and internal controls that enable the MSB principal to:
- Reliably confirm the identity of the owners of its agents;
- Evaluate on an ongoing basis the operations of the agents, including a capability to spot variations in those operations;
- Evaluate an agents’ implementation of and adherence to its AML policies, procedures and internal controls; and
- Implement corrective actions when an MSB becomes aware of weaknesses or deficiencies in its program.
Additional obligations include aligning AML program reviews with the AML risk facing that MSB (principal or agent). Such reviews should include testing to ensure there are no material weaknesses or internal control deficiencies in its program. Testing procedures must be keyed to the risk presented by the products and services offered by the MSB, so that as the risk increases, testing protocols will be appropriately aligned.
MSB Risk Assessment and Agent Risk Factors. The Guidance lists the following as risk factors to consider for agents:
- Whether owners are known to be or suspected to be associated with criminal conduct or terrorism;
- Whether the agent has an established and effective AML program that is appropriately implemented;
- Nature of the markets that the agent serves and the associated money laundering or terrorist-financing risks present in those markets;
- Services an agent is expected to provide and the agent’s anticipated activity level; and
- Nature and duration of the relationship.
314(b) Voluntary Information Sharing. The Guidance recommends that MSB principals make use of voluntary information-sharing protocols with other regulated institutions as set forth in Section 314(b) of the USA PATRIOT Act.
Examination Expectations. Most importantly, the Guidance puts MSBs on notice that in upcoming examinations of MSB principals, FinCEN, the Internal Revenue Service and state regulators will be paying particular attention to agent selection, monitoring and disciplinary protocols.