On March 11, 2016, the Financial Crimes Enforcement Network (“FinCEN”) issued guidance on anti-money laundering (“AML”) compliance obligations for money service businesses (“MSBs”) and their agents. MSBs are defined as the U.S. Postal Service and each of six distinct types of financial services providers: (1) dealers in foreign exchange; (2) check cashers; (3) issuers and sellers of traveler’s checks or money orders; (4) providers of prepaid access; (5) money transmitters; or (6) sellers of prepaid access. FinCEN’s guidance is intended to clarify the AML compliance obligations of MSBs that operate in principal-agent relationships with domestic agents. This most recent FinCEN guidance is a must read, not only for MSBs, but for financial institutions that provide banking services to MSBs as well.
The Currency and Foreign Transactions Reporting Act of 1970 (commonly referred to as the “Bank Secrecy Act” or “BSA”) requires U.S. financial institutions to assist U.S. government agencies in detecting and preventing money laundering. Pursuant to this affirmative obligation, a financial institution must establish and maintain an effective written AML program reasonably designed to prevent the financial institution from being used to facilitate money laundering and the financing of terrorist activities.
In March 2013, the Department of Justice initiated an investigation into those MSBs that it thought posed higher AML risks (commonly referred to as “Operation Choke Point”). Although the investigation primarily centered on payment processors and payday lenders, Operation Choke Point caused many banks to terminate relationships with MSBs due to perceived increased regulatory and compliance risks. Over the past two years, FinCEN has attempted to mitigate the impact of Operation Choke Point by issuing guidance that seeks to clarify AML obligations of both MSBs and banks. This most recent guidance from FinCEN is best understood as a further effort to reassure financial institutions that they may provide banking services to MSBs without undue regulatory and compliance risks.
MSBs and Their Agents
Generally, the BSA requires a MSB and its respective agents to establish and maintain an effective written AML program that reflects the risks associated with the particular business services, clients, size, locations and circumstances. At a minimum, a MSB and their agents must have the following as part of its AML program:
- Policies, Procedures and Internal Controls. Incorporate policies, procedures and internal controls reasonably designed to assure compliance with the BSA and its implementing regulations;
- Compliance Officer. Designate a person to assure day-to-day compliance with the program and the BSA and its implementing regulations;
- Employee Training. Provide education and training of appropriate personnel concerning their responsibilities under the program, including training in the detection of suspicious transactions, to the extent that the MSB is required to report such transactions under the BSA; and
- Independent Audits. Provide for independent review to monitor and maintain an adequate program.
FinCEN’s guidance reminds MSBs that have entered into a principal-agent relationship with a domestic agent that an effective compliance program requires a MSB to establish risk-based policies, procedures and internal controls that ensure the effective ongoing monitoring of its agents and agents’ transactions. The guidance clarifies that when conducting monitoring of its agents, MSBs must, at a minimum:
- Ownership Identification. Identify the owners of the MSB’s agents;
- Ongoing Evaluation of the Agent’s Operations. Evaluate on an ongoing basis the operations of agents, and monitor for variations in those operations; and
- Ongoing Evaluation of the Agent’s AML Program. Evaluate agents’ implementation of policies, procedures and controls.
In addition, as with any other AML program, FinCEN reminds MSBs that an effective compliance program includes periodic reassessment of an agent’s AML risks and independent and/or external testing to ensure the effectiveness of an agent’s AML program. In identifying the risk factors that MSBs should consider when conducting agent monitoring, MSBs should consider the following:
- Known Criminal Conduct/Association. Whether the owners of the agent are known or suspected to be associated with criminal conduct or terrorism;
- Existence and Effective Implementation of AML Program. Whether the agent has established and adhered to an AML program;
- Markets Served. The nature of the markets that the agent serves and the extent to which it presents an increased risk for money laundering or terrorist financing;
- Products and Services Offered. The products and services an agent is expected to provide and the agent’s anticipated level of activity; and
- Nature and Duration of the Principal-Agent Relationship. The nature and duration of such relationship.
Banks Serving MSB Customers
In sum, FinCEN’s issuance of this guidance merely seeks to clarify the AML compliance obligations for MSBs and their respective agents. However, the guidance is instructive for all banks who serve or wish to serve MSB customers.
In deciding whether to serve a MSB customer, a bank should conduct an assessment that identifies the AML risks associated with that particular MSB customer. A bank needs to know and understand its MSB customer, which requires adequate levels of due diligence. Regardless of the risks associated with a MSB customer, a bank should understand the MSB’s business model and the MSB’s customer base. However, where a bank’s risk assessment shows a heightened AML risk, more thorough and in-depth due diligence may be required. In making a decision, a bank must consider whether the identified customer risks can be managed and controlled.
If a bank chooses to serve a MSB customer, the bank should establish risk-based policies, procedures and internal controls that are reasonably designed to ensure the effective ongoing monitoring of the MSB’s ongoing compliance with AML obligations. This is not to say that the bank must monitor the MSB’s customers (or individual customer transactions for that matter), but only that the bank should monitor the MSB’s compliance with AML/BSA obligations. If the MSB is not performing its AML/BSA obligations in at least a satisfactory fashion, the bank needs to understand the extent to which it is accountable for the AML/BSA failures of its MSB customer. Using FinCEN’s guidance, a bank should review its current AML program to ensure it has in place an effective monitoring program for MSB customers’ compliance with current AML/BSA obligations.
To view the full text of the FIN-2016-G001, click here.