InfoSight Spotlight: Compliance Due Diligence Checklist
There has been a lot of focus on FinCEN’s new beneficial owner of legal entities requirements going into effect in five months. There has been less focus on FinCEN’s 5 new requirements for your anti-money laundering program, which include:
- A system of internal controls to assure ongoing compliance;
- Independent testing for compliance to be conducted by credit union personnel or outside parties;
- Designation of an individual or individuals responsible for coordinating and monitoring day-to-day compliance;
- Training for appropriate personnel; and
- Appropriate risk-based procedures for conducting ongoing member due diligence.
There has been less discussion of these requirements because four of them have been required by NCUA’s Part 748 for many years, and the fifth has been considered implicit in the federal regulators’ BSA/AML Examination Manual, and necessary to satisfy your suspicious activity reporting (SAR) obligations.
But let’s take a closer at that 5th new requirement and what FinCEN will require you to explicitly include in your anti-money laundering programs by May 11, 2018.
Member Risk Profile: To meet this requirement you must develop a member risk profile, which means understanding the nature and purpose of your member relationship in order to provide a baseline against which your member’s activity is assessed for suspicious activity reporting. This may include self-evident information such as the type of member or type of account, service, or product. It could also include information indicating a possible change in the member’s transaction activity or beneficial ownership, because such information could be relevant to assessing the risk posed by the member.
This information should be integrated into the credit union’s automated monitoring system, if applicable. It may also be used as a means of determining whether a transaction that has been flagged as potentially suspicious is actually suspicious.
Ongoing Monitoring: Member due diligence also includes conducting ongoing monitoring to identify and report suspicious transactions.
Updated Member Information: On a risk basis, credit unions must maintain and update member information. When you detect a change in your member’s activity, through normal monitoring, you must update your member’s information. Such changes in activity may include executing cross-border wire transfers for no apparent reason, or a significant change in the volume of activity without an explanation. This new provision does not require credit unions to update member information on a continuous or periodic basis. The updating requirement is event-driven and only occurs as a result of detecting unusual activity through normal monitoring.
Which brings us back to the new beneficial owners requirement – although there is no requirement that credit unions update beneficial ownership information on a regular basis, FinCEN does expect that if you detect a
change in this information for any account (not just those opened on or after May 11, 2018) you should update, or initiate, that account’s beneficial owner certification. CUNA has developed this Customer Due Diligence Checklist to assist in your efforts to comply.