Connect ► twitter| youtube|  Log In ► Members Only  |  Corporate One Safekeeping  |  Search

BSA/AML compliance: Is your credit union doing enough?

By: Jennifer Morrison, VP, Senior Risk Manager

Jennifer Morrison HeadshotCredit unions have been required to “Know Your Member” since 1994, well ahead of the USA Patriot Act which was introduced in 2001. However,  regulatory enforcement actions beginning in 2004 raised the bar on their expectations of member assessments, indicating that regulators expect more from credit unions than just “knowing your member.” Credit unions with firm Member Due Diligence (MDD) programs which encompass and expand on the previous “Know Your Member” (KYC) have established a critical framework for complying with regulatory requirements and for reporting suspicious activities.  And taking member scrutiny a step further is the Expanded Due Diligence (EDD) program.

Let’s first review MDD. Federal regulators suggest financial institutions incorporate the following principles in their business practices and MDD program:

  • Understand the normal and expected transactions of the member
  • Determine the appropriate documentation necessary to confirm the identity and business activities of members
  • Implement a process (systematic and/or manual) to identify transactions that are unusual, unexpected, or illegal
  • Report suspicious activities using the Suspicious Activity Report (SAR)
  • Develop appropriate procedures to ensure that all new products and services comply with applicable money laundering laws and regulations and incorporate these products/services in performing ongoing risk-focused assessments of members
  • Perform a risk-focused assessment of the member base to determine members requiring greater review and scrutiny
  • Determine the appropriate additional level of MDD necessary for those members that pose a heightened risk of illicit activities

By the very nature of certain members’ business, occupation, and/or transaction activity, you may identify them to pose higher risks. If this is the case, you must perform an EDD. EDD requires the member’s transactions must be monitored more closely, not only when an account is opened, but also frequently during the term of membership. Members that may pose a higher risk can be determined based on any or all of the following:

  • Members’ business activity
  • Members’ source of funds and wealth
  • Ownership of the account, including beneficial owner(s), signatories, or guarantors
  • Occupation or type of business
  • Financial statements
  • Banking references
  • Domicile or location of the business or residence (geographic risk)
  • Proximity of the member’s residence, place of employment, or place of business to your location or branch
  • Description of the member’s primary trade area and whether international transactions are expected to become routine
  • Description of the business operations, the volume of currency and total sales, and a list of major customers and suppliers
  • Explanations for changes in account activity

How do you uncover this information for EDD? In most cases you ask your member. Branch staff must be trained to ask the questions necessary for you to risk assess your member at the time they join. Then, you must compare their responses with the activity actually conducted through their account(s). This risk assessment must be ongoing, an outcome of transaction monitoring. If a member poses too much risk to your credit union, you must be empowered to decline to open or to close a membership. You can find a specific list of “Customers and Entities” that pose higher risk in the “Bank Secrecy Act/Anti-Money Laundering Examination Manual” beginning on page 24.

No MDD or EDD program is complete without incorporating effective suspicious activity reporting.  Everyone in your institution should know what is unusual, unexpected, or illegal in their respective area, how to report the activity, and who in your organization should receive these referrals.   A source of these “red flags” or indications of possible money laundering and terrorist financing can be found in the “Bank Secrecy Act/Anti-Money Laundering Examination Manual,” Appendix F. Trust your front-line staff (tellers, branch managers) with face-to-face contact with members.  They may notice non-verbal behaviors during conversations with members.  But most importantly, don’t forget to trust your gut.

A successful member-risk program begins with adoption and implementation of comprehensive MDD policies, procedures, and processes of all members and to target those members that present higher risk. Credit unions are required to maintain an EDD program for their “high risk” members. Strong MDD and EDD measures will provide a strong BSA/AML program that will help you successfully navigate your next regulatory examination.

Additional Resources:
FinCEN’s publications “SAR Activity Review -By the Numbers” and “SAR Activity Review-Trends, Tips & Issues.” The “By the Numbers” publication is a compilation of numerical data gathered from SAR forms filed by financial institutions. The “Trends, Tips & Issues” provides information about the preparation, use, and utility of a SAR.