DIVISION 819 TRANSIT EMPLOYEES CREDIT UNION
BANK SECRECY ACT POLICY
Credit unions must establish and maintain a written compliance program for fulfilling the requirements of the BSA that includes at least:
(1)A system of internal controls. The individual enrolling new members must complete sign and date the CIP checklist. Immediately complete member information shall be run through OFAC system Upon completion the manager should review all new member applications and CIP checklists. At least monthly the Bank Secrecy Committee personnel shall print a new member list and review all files for application completion, CIP completion and OFAC cross match. All staff is instructed to be aware of large cash transactions. At least weekly the manager shall run a cash transaction report to determine of SAR reporting is necessary and to document the result.
(2)Designation of an individual to coordinate/monitor BSA compliance. The Board shall designate at least one director as a Bank Secrecy Act Committee member to coordinate and monitor BSA compliance including KYC, CIP, and SAR compliance. Presently, the BSA officer is Shirley King.
(3)Independent testing. At least annually the Board shall hire qualified independent personnel to independently test compliance.
(4)Training of appropriate personnel. All Officers, Directors and Staff are required to at least annually obtain CPE training on Bank Secrecy Act compliance.
In addition, an effective BSA compliance program should include written policies and procedures designed to detect and prevent money laundering activities. Failure to comply with the requirements of BSA and its implementing regulations can result in both civil and criminal penalties.
Customer Identification Program
Section 326 of the USA Patriot Act sets forth minimum standards for financial institutions, including credit unions, for the identification and verification of the identity of any customer who opens an account (12 CFR § 103.121). The written customer identification program (CIP) must be a part of the credit union’s anti-money laundering program, approved by the board and should be tailored to the credit union’s size, location, and type of business. Customers must be provided notice that the credit union is verifying their identity and why. The CIP must, at a minimum, provide for:
•Obtainment of certain basic identifying data;
•Verification of the identity of each customer to the extent reasonable and practicable;
•Maintenance of records of the information used to verify the identity; and
•Determination of whether the customer appears on any lists of suspected terrorists provided by the Federal government.
The CIP must also address:
•How to handle discrepancies in identifying information received;
•Terms under which a customer can conduct transactions while the identity is being verified;
•What to do if the credit union cannot form a reasonable belief that the true identity of the customer is known. At a minimum the credit union must obtain the following information prior to opening or adding a signatory to an account:
•Date of birth (for individuals);
•Residential or business street address, APO or FPO or address of next of kin, (individual) or principal place of business, local office or other physical location (corporation, partnership, etc.); and
•Taxpayer identification number (U.S. person) or passport number and country of issuance, alien identification card number, or other government issued document bearing a photo or similar safeguard (non-U.S. person).
The credit union must retain records of the identifying information (name, date of birth, etc.) for five years after the account is closed. A description of the information used to verify the identity (driver’s license number, passport number, etc.) must be maintained for five years after the record was made.
Reports & Record Keeping
The BSA and its implementing regulations require that credit unions file certain currency and monetary instrument reports and maintain certain records for possible use in criminal, tax, and regulatory investigations or proceedings. Credit unions are required to submit reports and/or retain records of various types of transactions including, for example:
(1) large currency transactions by its members;
(2) certain cash purchases of monetary instruments by its members;
(3) known or suspected crimes and suspicious activities; and
(4) certain wire (funds) transfers.
Currency Transaction Reporting Requirements
An effective BSA compliance program also recognizes that federal law requires financial institutions to report currency (cash or coin) transactions exceeding $10,000 in a single business day made by the member or on behalf of the member. This federal law requiring these reports was set in place to protect the financial industry from threats posed by money laundering and other financial crime. Since Division 819 Transit Employees Credit Union does not do cash withdrawals, we are still required to report any cash deposits made to a member account(s) totaling more than $10,000 in a single business day. The credit Union also recognizes that there is no prohibition against handling large amounts of currency and the filing of a CTR is required regardless of the reasons for the currency transactions.
Requirements for filing a CTR are as follows:
•Currency Transaction Report is required for amounts exceeding $10,000.00 in a single business day. This includes Structuring where federal law makes it a crime to break up transaction into smaller amounts or separating the deposit into multiple accounts. It is important to note that a CTR is not required for a person with a currency transaction of exactly $10,000.00 or less. The report is only for currency transactions $10,000.01 and up.
•Personal identification information is required from the individual conducting the transaction such as Social Security number as well as a driver’s license or other government issued document.
•CTR must be filed by the 15th calendar day after the day of the transaction
•FinCEN requires CTRs and SARs to be electronically filed on the FinCen E-filing System.
Exemptions from CTR Filing Requirements
The BSA regulations permit certain types of transactions to be exempt from the Currency Transaction Report (CTR) filing requirements to reduce the large volume of CTRs filed. The exemption provisions were revised and issued in two parts commonly referred to as “Phase I” and “Phase II.”
As of April 30, 1996, credit unions were not required to file CTRs on large currency transactions by certain classes of “Exempt Persons”. Exempt Persons are defined in 31 C.F.R. 103.22(d)(2) as:
1.Domestic depository institutions.
2.Departments and agencies of the United States, the states, and their political subdivisions.
3.Any entity established under the laws of the United States, of any state, or of the political subdivision of any state, or under an interstate compact between two or more states, that exercises authority on behalf of the United States of any such state of subdivision.
4.Any entity, other than a bank, whose common stock or analogous equity interests are listed on the New York Stock Exchange, the American Stock Exchange, or whose common stock, or analogous equity interests have been designated as a Nasdaq National Market security listed on the Nasdaq Stock Market (except stock or interests listed under the separate “Nasdaq Small-Cap Issues” heading).
5.Any subsidiary, other than a bank, of any entity described in number four (a “listed entity”) that is organized under the laws of the United States or of any state and at least 51 percent of whose common stock is owned by the listed entity. Franchises of listed entities may not be treated as exempt persons, unless they qualify as subsidiaries.
1.Any other commercial enterprise (also known under the new exemption procedures as a non-listed business), to the extent of its domestic operations, other than those ineligible businesses covered by 103.22(d)(6)(viii) (e.g., pawnbroker, gaming establishment, etc).
2.A customer who holds a payroll account and regularly withdraws more than $10,000 to pay its U.S. employees in currency solely for withdrawals for payroll purposes from existing transaction accounts.
Non-listed businesses and payroll customers must meet certain additional criteria to be eligible for exemption:
•The entity must have maintained a transaction account at the credit union for at least 12 months. The months do not have to be consecutive but should be recent.
•The entity must engage in frequent currency transactions with the credit union in excess of $10,000 (eight or more a year).
•The entity must be incorporated or organized under the laws of the United States or a state or registered as and eligible to do business in the United States.
Annually, credit unions must verify whether each exemption continues to meet the exemption eligibility requirements. Biennially, credit unions must file the “Designation of Exempt Person” form for each non-listed business and payroll customer. Biennial renewals must include a statement certifying the credit union’s system of monitoring transactions in currency of an exempt person for suspicious activity has been applied.
Suspicious Activity Reporting Requirements
An effective BSA compliance program also recognizes that certain member transactions are suspicious in nature. A credit union must know its members to be able to make an informed decision as to the suspicious nature of a particular transaction and whether to file a Suspicious Activity Report (SAR). SARs can be filed on any transaction occurring in any department. SARs must be filed no later than 30 days after the date of initial detection of facts that may constitute a basis for filing a SAR. A copy of each filed SAR along with supporting documentation should be retained for a period of 5 years from the date filed.
Credit unions must file a SAR following the discovery of:
•Insider abuse involving any amount.
•Violations of federal law aggregating $5,000 or more when a suspect can be identified. •Violations of federal law aggregating $25,000 or more regardless of a potential suspect.
•Transactions aggregating $5,000 or more that involve potential money laundering or violations of the BSA if the credit union knows, suspects, or has reason to suspect that the transaction:
▪Involves funds from illegal activities or is intended or conducted to hide or disguise illicit funds or assets as part of a plan to violate or evade any law or regulations or to avoid any transaction reporting requirement under federal law;
▪Is designed to evade any of the BSA regulations; or
▪Has no business or apparent lawful purpose or is not the sort in which the particular member would normally be expected to engage, and the credit union knows of no reasonable explanation for the transaction after examining the available facts, including the background and possible purpose of the transaction.
Information Sharing Between Federal Law Enforcement Agencies and Financial Institutions.
Section 314(a) of the USA Patriot Act authorized law enforcement authorities to communicate with financial institutions about suspected money launderers and terrorists (§103.100).
A request for information under section 314(a) (referred to as a “314(a) request”) will be made by the Financial Crimes Enforcement Network (FinCEN). Generally, the requests will be batched and issued every two weeks and financial institutions, including credit unions, will have two weeks to respond to the request. Searches will be limited to specific records and, unless otherwise noted, will be a one-time search. If the credit union identifies a match for a named subject, it should stop its search of accounts for that suspect and respond to FinCEN that it has a match and provide point-of-contact information for the requesting law enforcement agency to follow-up directly with the credit union.
Searches need only encompass current accounts and accounts maintained by a named subject during the preceding twelve (12) months, and transactions not linked to an account conducted by a named subject during the preceding six (6) months. Any record that is not maintained in electronic form need only be searched if it is required to be kept under federal law or regulation.
Credit unions are not required by a 314(a) request to close any account or take any other action with respect to an account or a transaction by virtue of a match with any named subject. Credit unions do not need to maintain the list of named subjects for the purpose of evaluating whether to open an account or to conduct a transaction, unless specific instructions accompanying a 314(a) request state otherwise.
A credit union may not disclose to any other person the fact the FinCEN has requested or obtained information, except to the extent necessary to comply with FinCens request.
While there are not specific record-keeping requirements concerning 314(a) requests, appropriate documentation of the request and record search should be maintained for a reasonable time period to provide for an effective examination trail. Credit unions may use third party vendors to conduct these searches provided the vendor agrees to maintain the confidentiality of the process.
Compliance risk can occur when the credit union fails to implement an effective program implementing the requirements of the BSA.
Reputation risk can occur when the credit union incurs fines and penalties as a result of failure to comply with the BSA. Enforcement actions against institutions are public information, and negative publicity can result from such exposure.
Division 819 Transit Employees CU recognizes to have a sound a sound Bank Secrecy Act/ Anti-Money Laundering (BSA/AML) compliance program, management must first perform a risk assessment of not only their membership but also of all the services and products offered by their credit union.
Division 819 Transit Employees CU offers only shares and loans, has only one sponsor corporate credit union (Alloya Corp CU), operates from a single location and does not disburse cash. Limited services and locations indicate a less complex risk rating is sufficient. In addition, the Directors believe vetting of New Jersey Transit employees (the majority of members) represents the first step in its risk rating consideration.
Division 819 Transit Employees CU will use a three tired rating system with 1 representing lowest risk and 3 representing high risk.
A risk worksheet shall be used to consider each member.
Division 819 Transit Employees CU has determined that it is located in high HIFCA and HIDTA zones, but management believes this parameter is mitigated by other elements of its limited services and restricted field of membership. (HIFCA- High intensity Financial Crimes Area/ HIDTA-High Intensity Drug Trafficking Area)
Division 819 Transit Employees CU has decided to monitor SAR and CTR in the FedComp Core system by flagging members with SARs or CTRs with a High Risk rate under the members’ “notes and flags-activity risk rating”. Members with more than one CTR or SAR within six months will be flagged as “extreme risk”.