CUJ Q&A

Three compliance experts on Bank Secrecy Act and Anti-Money Laundering took questions from regulators and credit unions during NASCUS' annual meeting here. Here are some of the questions posed to Jeffrey Pratt, senior regulatory specialist with FinCEN, Carol Van Cleef, a partner with Bryan Cave, LLP, and Brian Kinght, VP-regulatory affairs with NASCUS, and how they responded:

Q: I have immigrant workers in my community and they have the Consular Matricula cards. What type of ID should the credit union take?

Pratt: We will have guidance on that very soon (groans from audience).

Van Cleef: There are some very interesting issues with this that are politically explosive, It is illegal for any person to move money to or from an illegal activity. PayPal was subjected to a $10 million forfeiture for allegedly moving payments to illegal gambling. If you know a person is an illegal immigrant and they are putting money into the institution, is that an illegal activity? There are institutions that are filing SARs on illegal immigrants.

Q: What about remittance programs in which a non-member connects with a credit union in Latin America?

Van Cleef: Just because you are not a money service business, there is no exclusion from the regs. You must comply.

Pratt: We have no problem with credit unions increasing their risks. But what you have to do is mitigate your risk. Credit unions increasingly are going into other fields; they are expanding their services. That's OK, as long as you have those policies, procedures and programs in place to mitigate that risk. When you start engaging in money transmission services and business accounts you are really increasing your risk. When I joined my credit union it had a very small membership base with very low risk. I got my monthly newsletter, and I noticed the FOM is now anyone who lives, works or worships in the District of Columbia. Their risk has now gone through the roof. It includes some high drug trafficking areas. We've had people involved in terrorism who have lived in the D.C. area. That's OK; but they have to have programs in place to mitigate the risk.

Q: Do credit unions have to file SARS on bad checks and charged-off loans?

Pratt: We do not delineate what you should or should not file for. What we say is 'Is the activity suspicious? Is there no reasonable explanation for the activity?' We have a $5,000 threshold. SARS do not relate to loss. The federal government doesn't care if you lose money in a transaction. The question is, do you suspect they are abusing their relationship. You can always voluntarily file a SAR.

Van Cleef: I would reemphasize the point that what's important with respect to that bad check is what's behind it, especially if it's below the $5,000 level. We don't want to profile anyone, but if it involves someone of Middle Eastern descent and there are other indicators that they are passing a bad check, it might be used for terrorist financing purposes.

Q: We serve as an outlet in shared branching. What is our obligation in terms of doing transactions?

Pratt: Certain services expand your risk matrix. Shared branching is a great thing for credit unions. You have to file a SAR if it is done by, to or through your credit union. Both institutions have an obligation to file a SAR.

Van Cleef: The concern I have is that your institution has a good compliance program in place, but you are part of a network in which you don't have a good understanding of whether they have a good compliance program in place. Are they potentially exposing your institution?

Q: What is a Politically Exposed Person (PEP)?

Pratt: A PEP is someone who, either through their office or through association with someone in political office, could be in a position to accept bribes, perhaps.

Van Cleef: The term is short for Senior Foreign Political Persons, which was important to the Riggs case. The real issue is if you know someone is in a position to potentially be exposed to corruption, you need to look at that member's account. Does the income make sense for that person? If they make $120,000 a year and direct deposit $10,000 a month and suddenly that increases to $30,000, you may need to pick up the phone.

Q: If you were once a Politically Exposed Person (PEP), are you always a PEP?

Pratt: I don't think there's a hard-and-fast answer to that question. If you engage in business with someone who is politically exposed or was politically exposed, you need to look at them closely. Do you have a handle on what that person does on a daily basis. If I were in your shoes, and I had (an elected) representative for example, yes, you should, in my opinion, you should be aware if the member is vulnerable to corruption. There is nothing wrong with having a relationship with a PEP.

Q: What about independent testing? We are issuing LUAs if we have severe BSA violations and giving 90 days for correction, but now that we're nearing the end of the year, is it acceptable to allow CUs to have their 2004 and 2005 independent testing combined to save them money?

Van Cleef: The examination manual states "while the frequency of audit is not specifically defined in any statute, a sound practice is for the bank to conduct independent testing at least annually." You have a little bit of the garbage in, garbage out situation here. If the institution doesn't have a good program, the audit results are not going to be particularly good coming out of that. For the institutions, the auditors now have a good road map with this examination manual, and they're going to know how to spot a not-so-good program. So I think we're heading into a different audit cycle.

Q: Yes, but we have some small CUs that can't afford a $3,000 audit to be done twice. They're already in violation for not having a 2004 audit, can we have them combine two years of review to save them money?

Knight: There is not a specified requirement for an annual audit. I think that if it's not done in 2004 it would be remedied with a 2005 audit, and then they should prepare to have it done annually.

Pratt: The regulation is incredibly gray. I wish I could tell you. FinCEN says "periodic independent audit."

Q: Concerning transaction testing, is there specific guidance on what should be tested?

Pratt: The first thing you want to do at an institution is a little pressure test. To what extent is BSA handled in the institution? What are the policies and procedures, and you assess it from there, moving to transaction testing. I encourage you to go to www.ffiece.gov. There is a ton of information available.

CHICAGO-Three compliance experts on Bank Secrecy Act and Anti-Money Laundering took questions from regulators and credit unions during NASCUS' annual meeting here. Here are some of the questions posed to Jeffrey Pratt, senior regulatory specialist with FinCEN, Carol Van Cleef, a partner with Bryan Cave, LLP, and Brian Kinght, VP-regulatory affairs with NASCUS, and how they responded:

Q: I have immigrant workers in my community and they have the Consular Matricula cards. What type of ID should the credit union take?

Pratt: We will have guidance on that very soon (groans from audience).

Van Cleef: There are some very interesting issues with this that are politically explosive, It is illegal for any person to move money to or from an illegal activity. PayPal was subjected to a $10 million forfeiture for allegedly moving payments to illegal gambling. If you know a person is an illegal immigrant and they are putting money into the institution, is that an illegal activity? There are institutions that are filing SARs on illegal immigrants.

Q: What about remittance programs in which a non-member connects with a credit union in Latin America?

Van Cleef: Just because you are not a money service business, there is no exclusion from the regs. You must comply.

Pratt: We have no problem with credit unions increasing their risks. But what you have to do is mitigate your risk. Credit unions increasingly are going into other fields; they are expanding their services. That's OK, as long as you have those policies, procedures and programs in place to mitigate that risk. When you start engaging in money transmission services and business accounts you are really increasing your risk. When I joined my credit union it had a very small membership base with very low risk. I got my monthly newsletter, and I noticed the FOM is now anyone who lives, works or worships in the District of Columbia. Their risk has now gone through the roof. It includes some high drug trafficking areas. We've had people involved in terrorism who have lived in the D.C. area. That's OK; but they have to have programs in place to mitigate the risk.

Q: Do credit unions have to file SARS on bad checks and charged-off loans?

Pratt: We do not delineate what you should or should not file for. What we say is 'Is the activity suspicious? Is there no reasonable explanation for the activity?' We have a $5,000 threshold. SARS do not relate to loss. The federal government doesn't care if you lose money in a transaction. The question is, do you suspect they are abusing their relationship. You can always voluntarily file a SAR.

Van Cleef: I would reemphasize the point that what's important with respect to that bad check is what's behind it, especially if it's below the $5,000 level. We don't want to profile anyone, but if it involves someone of Middle Eastern descent and there are other indicators that they are passing a bad check, it might be used for terrorist financing purposes.

Q: We serve as an outlet in shared branching. What is our obligation in terms of doing transactions?

Pratt: Certain services expand your risk matrix. Shared branching is a great thing for credit unions. You have to file a SAR if it is done by, to or through your credit union. Both institutions have an obligation to file a SAR.

Van Cleef: The concern I have is that your institution has a good compliance program in place, but you are part of a network in which you don't have a good understanding of whether they have a good compliance program in place. Are they potentially exposing your institution?

Q: What is a Politically Exposed Person (PEP)?

Pratt: A PEP is someone who, either through their office or through association with someone in political office, could be in a position to accept bribes, perhaps.

Van Cleef: The term is short for Senior Foreign Political Persons, which was important to the Riggs case. The real issue is if you know someone is in a position to potentially be exposed to corruption, you need to look at that member's account. Does the income make sense for that person? If they make $120,000 a year and direct deposit $10,000 a month and suddenly that increases to $30,000, you may need to pick up the phone.

Q: If you were once a Politically Exposed Person (PEP), are you always a PEP?

Pratt: I don't think there's a hard-and-fast answer to that question. If you engage in business with someone who is politically exposed or was politically exposed, you need to look at them closely. Do you have a handle on what that person does on a daily basis. If I were in your shoes, and I had (an elected) representative for example, yes, you should, in my opinion, you should be aware if the member is vulnerable to corruption. There is nothing wrong with having a relationship with a PEP.

Q: What about independent testing? We are issuing LUAs if we have severe BSA violations and giving 90 days for correction, but now that we're nearing the end of the year, is it acceptable to allow CUs to have their 2004 and 2005 independent testing combined to save them money?

Van Cleef: The examination manual states "while the frequency of audit is not specifically defined in any statute, a sound practice is for the bank to conduct independent testing at least annually." You have a little bit of the garbage in, garbage out situation here. If the institution doesn't have a good program, the audit results are not going to be particularly good coming out of that. For the institutions, the auditors now have a good road map with this examination manual, and they're going to know how to spot a not-so-good program. So I think we're heading into a different audit cycle.

Q: Yes, but we have some small CUs that can't afford a $3,000 audit to be done twice. They're already in violation for not having a 2004 audit, can we have them combine two years of review to save them money?

Knight: There is not a specified requirement for an annual audit. I think that if it's not done in 2004 it would be remedied with a 2005 audit, and then they should prepare to have it done annually.

Pratt: The regulation is incredibly gray. I wish I could tell you. FinCEN says "periodic independent audit."

Q: Concerning transaction testing, is there specific guidance on what should be tested?

Pratt: The first thing you want to do at an institution is a little pressure test. To what extent is BSA handled in the institution? What are the policies and procedures, and you assess it from there, moving to transaction testing. I encourage you to go to www.ffiece.gov. There is a ton of information available.

CUJ Resources

For additional information contact FinCEN, which can provide an answer within the hour:

* FinCen, 800-949-2732, or www.fincen.gov.

For reprint and licensing requests for this article, click here.
MORE FROM AMERICAN BANKER