TIP: This Compliance Courier was prepared by one of The League’s Compliance Specialists – Jennifer Haydon. All of our specialists are CUNA-certified in BSA compliance. To learn more about how the Compliance Specialist program could help your credit union, contact Paul Guttormsson.
Credit unions serve many types of businesses, but do you have processes in place for your staff to recognize “higher-risk” businesses and monitor their activity? It’s a BSA regulatory requirement to identify higher-risk members and to monitor their accounts with enhanced due diligence. Examiners will check on this issue, so it’s important to stay on top of these accounts – or even to decide whether to serve higher-risk businesses at all.
Customer Due Diligence expectations
BSA regulations require credit unions and other covered institutions (including banks) to have written, risk-based procedures for conducting ongoing Customer Due Diligence (CDD). The League’s ii Release No. 0159 explains that a credit union’s CDD program should cover three key steps:
- Gathering information to develop a member risk profile at account opening.
- Conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, maintaining and updating member information.
- Applying enhanced due diligence to higher-risk members.
What’s a higher-risk member?
Essentially, a higher-risk member is one that is especially vulnerable to money laundering or terrorist financing. That could include anyone, but federal regulators say that certain members may pose higher risks because of their business, occupation, or anticipated transaction activity. These include:
- Non-bank financial institutions (e.g., money services businesses, casinos and card clubs, brokers/dealers in securities, and dealers in precious metals, stones or jewels);
- Nonresident aliens, foreign individuals and foreign entities;
- Cash-intensive businesses (e.g., convenience stores, restaurants, retail stores, liquor stores, cigarette distributors, privately owned ATMs, vending machine operators, and parking garages);
- Non-governmental organizations and charities (foreign and domestic);
- Professional service providers (e.g., attorneys, accountants, doctors, and real estate brokers); and
- Deposit brokers.
Do not simply define or treat everyone in a specific category as necessarily being high risk. The level of risk varies, depending on the services provided, products offered, geographic locations, and the types of transactions conducted through the account.
What is “enhanced” due diligence?
If you determine that a member poses heightened risks because of the member’s business activity, ownership structure, anticipated or actual volume and types of transactions, (including transactions in high-risk jurisdictions), etc., then federal regulators say that you should consider obtaining the following information (both at account opening and throughout the relationship):
- Purpose of the accounts.
- Source of funds and wealth.
- Beneficial owners of the accounts, as applicable.
- Member’s/customer’s (or beneficial owner’s) occupation or type of business.
- Financial statements.
- Banking references.
- Domicile (where the business is incorporated).
- Proximity of the member’s/customer’s residence, place of employment, or place of business to the credit union.
- Description of the business’ primary trade area and whether international transactions are expected to be routine.
- Description of the business operations, the anticipated volume of currency and total sales, and a list of major customers and suppliers.
- Explanations for changes in account activity
How can you reduce risk exposure?
- Ask the big questions, like: Which business types will the credit union agree to serve? Do you have the resources to monitor them effectively? Do you have appropriately trained staff to monitor these higher-risk accounts?
- Do the math. Calculate the costs to ensure that you allocate the resources to provide for proper monitoring.
- Determine a risk spectrum. Some financial institutions have found it useful to tier-rate certain types of businesses. This allows them to spend resources appropriately, offering services to lower tiers of high-risk business types.
- Set a review schedule suitable for your programs size and staffing capabilities. Programs often consist of monitoring higher-risk account monthly, quarterly, semiannually, or annually based on risks they pose to the credit union.
- Avoid silos. Communication between departments and branches is a vital risk reducer.
For more information
To learn more about risk-based processes for higher-risk members, please see The League’s ii Release No. 0159 – BSA: Customer Identification Program and Customer Due Diligence.