Use the Lexology Navigator tool to compare the answers in this article with those from other jurisdictions.
Record keeping, disclosure and compliance
Record-keeping and disclosure requirements
What record-keeping and disclosure requirements apply to companies and relevant individuals under the anti-money laundering, terrorism financing and fraud legislation?
The Bank Secrecy Act and its implementing regulations require financial institutions to maintain records of all transactions, and to file reports with the Financial Crimes Enforcement Network (FinCEN) about cash transactions aggregating to more than $10,000 (known as ‘currency transaction reports’). In addition, financial institutions are required to maintain records of information collected when identifying customers and monitoring customers’ activity.
Financial institutions also are required to file a report with FinCEN (known as ‘suspicious activity reports’) when a transaction involving the bank aggregates to at least $5,000 and the bank knows or has reason to suspect that the transaction:
- relates to illegal activity;
- is designed to evade a reporting requirement;
- has no business or apparent lawful purpose; or
- is not of the sort in which the customer would normally be expected to engage.
What internal compliance measures are required and/or advised for companies in relation to the anti-money laundering, terrorism financing and fraud legislation?
The Bank Secrecy Act and its implementing regulations require financial institutions to implement a broad range of compliance measures designed to prevent money laundering and terrorism financing. A Bank Secrecy Act compliance programme is described as having five pillars:
- the development of internal policies, procedures, and controls;
- the designation of a compliance officer;
- an ongoing employee training programme;
- an independent audit function to test programmes; and
- risk-based customer due diligence policies and procedures.
Financial institutions must identify and assess anti-money laundering and combating the financing of terrorism risks presented by their customers, products and services, geographic exposure and delivery channels and put in place mitigation measures that are commensurate with the risks identified. A frequent concern is the possibility that a financial institution will be subject to regulatory action when its regulator disagrees about whether particular risk ratings and mitigation measures are appropriate in a given situation.
What customer and business partner due diligence is required and/or advised for companies in relation to the anti-money laundering, terrorism financing and fraud legislation?
The Bank Secrecy Act requires financial institutions to apply risk-based customer due diligence policies and procedures. Financial institutions must both identify customers and verify information provided by the customer. In addition, under new customer due diligence rules effective 11 May 2018, financial institutions must identify the individuals who own or control legal entities that are customers.
US financial institutions may be able to rely on a third-party business partner to conduct some of its Bank Secrecy Act obligations, but only where such reliance is reasonable and generally where appropriate due diligence is conducted on the business partner’s Bank Secrecy Act compliance programme.
Click here to view full article.