InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Agencies release customer relationship and due diligence guidance
On July 6, the FDIC, Federal Reserve Board, FinCEN, NCUA, and OCC issued a joint statement concerning banks’ risk-based approach for assessing customer relationships and conducting customer due diligence (CDD). Specifically, the joint statement reinforces the agencies’ “longstanding position that no customer type presents a single level of uniform risk or a particular risk profile related to money laundering (ML), terrorist financing (TF), or other illicit financial activity.” Banks are reminded that they must apply a risk-based approach to CDD and adopt appropriate risk-based procedures for conducting ongoing CDD when developing risk profiles of their customers. Because customer relationships present varying levels of ML, TF, and other illicit financial activity risks, the agencies advised banks to, among other things, (i) understand the nature and purpose of customer relationships; and (ii) “conduct ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information.”
Additionally, banks that comply with applicable Bank Secrecy Act/anti-money laundering (BSA/AML) legal and regulatory requirements and effectively manage and mitigate risks related to the unique characteristics of customer relationships, “are neither prohibited nor discouraged from providing banking services to customers of any specific class or type,” the agencies said, adding that “as a general matter” they will not direct banks to open, close, or maintain specific accounts as they “recognize that banks choose whether to enter into or maintain business relationships based on their business objectives and other relevant factors, such as the products and services sought by the customer, the geographic locations where the customer will conduct or transact business, and banks’ ability to manage risks effectively.” Banks are encouraged “to manage customer relationships and mitigate risks based on customer relationships, rather than decline to provide banking services to entire categories of customers.”
The joint statement is applicable to all customer types referenced in the Federal Financial Institutions Examination Council (FFIEC) BSA/AML Examination Manual, as well as to those not specifically addressed in the manual. These include “independent automated teller machine owners or operators, nonresident aliens and foreign individuals, charities and nonprofit organizations, professional service providers, cash intensive businesses, nonbank financial institutions, and customers the bank considers politically exposed persons.” The agencies reiterated that the joint statement does not alter existing BSA/AML legal or regulatory requirements, nor does it establish new supervisory expectations. Moreover, the FFIEC BSA/AML Examination Manual does not establish requirements for banks, nor should the inclusion of sections on specific customer types be interpreted as a signal that certain customer types present uniformly higher risk.
FinCEN issues statement on independent ATM customer due diligence
On June 22, FinCEN issued a statement providing clarity to banks on the application of a risk-based approach to conducting customer due diligence (CDD) on independent Automated Teller Machine (ATM) owners or operators, consistent with FinCEN’s 2016 CDD Rule. As previously covered by InfoBytes, FinCEN issued a final rule imposing standardized CDD requirements for banks, broker-dealers, mutual funds, futures commission’s merchants, and brokers in commodities in May 2016. The rule established that covered institutions must identify any natural person that owns, directly or indirectly, 25 percent or more of a legal entity customer or that exercises control over the entity. The rule also established ongoing monitoring for reporting suspicious transactions and, on a risk basis, updating customer information. The recently released statement explained that the level of money laundering and terrorism financing risk varies with these customers, and that they do not automatically present a higher level of risk. FinCEN pointed to certain customer information that may be useful for banks in making determinations on the risk profile of independent ATM owner or operator customers, including, among other things: (i) organizational structure and management; (ii) operating policies, procedures, and internal controls; (iii) currency servicing arrangements; (iv) source of funds if a bank account is not used to replenish the ATM; and (v) description of expected and actual ATM activity levels.