81 FR 58425 - Customer Identification Programs, Anti-Money Laundering Programs, and Beneficial Ownership Requirements for Banks Lacking a Federal Functional Regulator
DEPARTMENT OF THE TREASURY
Financial Crimes Enforcement Network Federal Register Volume 81, Issue 165 (August 25, 2016)
Financial Crimes Enforcement Network
Federal Register Volume 81, Issue 165 (August 25, 2016)
| Page Range | 58425-58434 | |
| FR Document | 2016-20219 |
[Federal Register Volume 81, Number 165 (Thursday, August 25, 2016)] [Proposed Rules] [Pages 58425-58434] From the Federal Register Online [www.thefederalregister.org] [FR Doc No: 2016-20219] ======================================================================= ----------------------------------------------------------------------- DEPARTMENT OF THE TREASURY Financial Crimes Enforcement Network 31 CFR Parts 1010 and 1020 RIN 1506-AB28 Customer Identification Programs, Anti-Money Laundering Programs, and Beneficial Ownership Requirements for Banks Lacking a Federal Functional Regulator AGENCY: Financial Crimes Enforcement Network (``FinCEN''), Treasury. ACTION: Notice of proposed rulemaking. ----------------------------------------------------------------------- SUMMARY: FinCEN is issuing this proposed rule to implement section 326 of the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 and to remove the anti-money laundering program exemption for banks that lack a Federal functional regulator, including, but not limited to, private banks, non-federally insured credit unions, and certain trust companies. The proposed rule would prescribe minimum standards for anti-money laundering programs for banks without a Federal functional regulator to ensure that all banks, regardless of whether they are subject to Federal regulation and oversight, are required to establish and implement anti-money laundering programs, and would extend customer identification program requirements and beneficial ownership requirements to those banks not already subject to these requirements. DATES: Written comments may be submitted to FinCEN on or before October 24, 2016. ADDRESSES: You may submit comments, identified by Regulatory Identification Number (RIN) 1506-AB28, by any of the following methods:Federal E-rulemaking Portal: http://www.regulations.gov. Follow the instructions for submitting comments. Include 1506-AB28 in the submission. Refer to Docket Number FINCEN-2014-0004. Mail: Policy Division, Financial Crimes Enforcement Network, P.O. Box 39, Vienna, VA 22183. Include 1506-AB28 in the body of the text. Please submit comments by one method only. Comments submitted in response to this notice of proposed rulemaking (``NPRM'') will become a matter of public record. Therefore, you should submit only information that you wish to make publicly available. Inspection of comments: FinCEN uses the electronic, Internet- accessible dockets at Regulations.gov as their complete, official- record docket; all hard copies of materials that should be in the docket, including public comments, are electronically scanned and placed there. Federal Register notices published by FinCEN are searchable by docket number, RIN, or document title, among other things, and the docket number, RIN, and title may be found at the beginning of the notice. In general, FinCEN will make all comments publicly available by posting them on http://www.regulations.gov. FOR FURTHER INFORMATION CONTACT: The FinCEN Resource Center at (800) 767-2825 or email [email protected]. SUPPLEMENTARY INFORMATION: I. Background A. Statutory Provisions FinCEN exercises regulatory functions primarily under the Currency and Financial Transactions Reporting Act of 1970, as amended by the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (``USA PATRIOT Act'') (Pub. L. 107-56) and other legislation. This legislative framework is commonly referred to as the ``Bank Secrecy Act'' (``BSA'').\1\ The Secretary of the Treasury (``Secretary'') has delegated to the Director of FinCEN the authority to implement, administer, and enforce compliance with the BSA and associated regulations.\2\ Pursuant to this authority, FinCEN may issue regulations requiring financial institutions to keep records and file reports that ``have a high degree of usefulness in criminal, tax, or regulatory investigations or proceedings, or in the conduct of intelligence or counterintelligence activities, including analysis, to protect against international terrorism.'' \3\ Additionally, FinCEN is authorized to impose anti-money laundering (``AML'') program requirements for financial institutions.\4\ --------------------------------------------------------------------------- \1\ The BSA is codified at 12 U.S.C. 1829b, 12 U.S.C. 1951-1959, 31 U.S.C. 5311-5314 and 5316-5332, and notes thereto, with implementing regulations at 31 CFR chapter X. See 31 CFR 1010.100(e). \2\ Treasury Order 180-01 (Jul. 1, 2014). \3\ 31 U.S.C. 5311. \4\ 31 U.S.C. 5318(h). --------------------------------------------------------------------------- Section 352 of the USA PATRIOT Act requires financial institutions to establish AML programs that, at a minimum, include: (1) The development of internal policies, procedures, and controls; (2) the designation of a compliance officer; (3) an ongoing employee training program; and (4) an independent audit function [[Page 58426]] to test programs.\5\ Section 352 of the USA PATRIOT Act authorizes FinCEN, in consultation with the ``appropriate'' Federal functional regulator (using the definition of ``Federal functional regulator'' found in 15 U.S.C. 6809), to prescribe minimum standards for AML programs. In determining the appropriate scope and nature for this proposed rulemaking for financial institutions that are not directly regulated by any Federal functional regulator under any definition of that term, FinCEN considered the Federal functional regulators of similar institutions, including Federal bank supervisory authorities, the U.S. Securities and Exchange Commission (``SEC''), and the Commodity Futures Trading Commission (``CFTC''), to be ``appropriate'' Federal functional regulators within the meaning of Section 352. In preparing this rule, FinCEN consulted with these regulators and in order to be certain of addressing all important issues, it also consulted with state bank supervisory authorities, and the Internal Revenue Service (``IRS''), which, to date, has been the examining authority for all institutions regulated by FinCEN that do not have a Federal functional regulator. --------------------------------------------------------------------------- \5\ Id. --------------------------------------------------------------------------- When prescribing minimum standards for AML programs, FinCEN must ``consider the extent to which the requirements imposed [under section 352 of the USA PATRIOT Act] are commensurate with the size, location, and activities of the financial institutions to which [the standards] apply.'' \6\ In addition, FinCEN may ``prescribe an appropriate exemption from a requirement [in the BSA] or regulations [issued under the BSA].'' \7\ FinCEN used this authority in 2002 to exempt temporarily certain financial institutions identified in section 352 from the requirement to establish an AML program. --------------------------------------------------------------------------- \6\ Public Law 107-56, title III, Sec. 352(c), 115 Stat. 322. \7\ 31 U.S.C. 5318(a)(6). --------------------------------------------------------------------------- Section 326 of the USA PATRIOT Act requires FinCEN to prescribe regulations that require financial institutions to establish programs for account opening that, at a minimum, include: (1) Verifying the identity of any person seeking to open an account, to the extent reasonable and practicable; (2) maintaining records of the information used to verify the person's identity, including name, address, and other identifying information; and (3) determining whether the person appears on any lists of known or suspected terrorists or terrorist organizations provided to the financial institution by any government agency.\8\ These programs are referred to as Customer Identification Programs (``CIPs''). --------------------------------------------------------------------------- \8\ 31 U.S.C. 5318(l). See Joint Final Rule--Customer Identification Programs for Banks, Savings Associations, Credit Unions and Certain Non-Federally Regulated Banks, 68 FR 25103 (May 9, 2003) (``The CIP must include procedures for determining whether the customer appears on any list of known or suspected terrorists or terrorist organizations issued by any Federal government agency and designated as such by Treasury in consultation with the Federal functional regulators.'' To date, the Department of the Treasury has not designated any such list.). --------------------------------------------------------------------------- When prescribing CIP regulations for financial institutions that engage in financial activities described in Section 4(k) of the Bank Holding Company Act of 1956, 12 U.S.C. 1843(k), FinCEN must prescribe such CIP regulations jointly with the Federal functional regulator (again using the definition of ``Federal functional regulator'' found in 15 U.S.C. 6809, but also including the CFTC) that is ``appropriate'' for the affected financial institutions.\9\ FinCEN generally considers the Federal functional regulator--if any--that actually regulates a financial institution to be the Federal functional regulator appropriate to promulgate regulations for such a financial institution.\10\ Specifically with respect to CIP rules, FinCEN has maintained publicly since 2003 that, for a CIP rule that applies to institutions not directly regulated by any Federal functional regulator under any definition of that term, it is not ``appropriate'' for any Federal agency to issue jointly such a CIP rule with FinCEN, given that no Federal agency has direct supervisory authority over such financial institutions comparable in its pervasiveness to the direct authority of the Federal functional regulators over their regulated financial institutions.\11\ Consistent with these long-held positions, FinCEN proposes to issue the CIP rule set forth here under its sole authority. --------------------------------------------------------------------------- \9\ 31 U.S.C. 5318(l)(4). The financial institutions subject to the CIP rule being proposed here engage in financial activities within the meaning of 12 U.S.C. 1843(k), in particular lending money and providing financial advisory services. See 12 U.S.C. 1843(k)(4)(A) and (C). \10\ See, e.g., 31 CFR 1020.210(a). \11\ See Notice of Proposed Rulemaking--Customer Identification Programs for Certain Banks Lacking a Federal Functional Regulator, 68 FR 25163 (May 9, 2003). --------------------------------------------------------------------------- Section 312 of the USA PATRIOT Act requires each U.S. financial institution that establishes, maintains, administers, or manages a correspondent account or a private banking account in the United States for a non-U.S. person to subject such accounts to certain anti-money laundering measures.\12\ In particular, financial institutions must establish appropriate, specific, and, where necessary, enhanced due diligence policies, procedures, and controls that are reasonably designed to enable the financial institution to detect and report instances of money laundering through these accounts. In addition to the general due diligence requirements, which apply to all correspondent accounts for non-U.S. persons, section 5318(i)(2) specifies additional standards for correspondent accounts maintained for certain foreign banks. Section 5318(i) also sets forth minimum due diligence requirements for private banking accounts for non-U.S. persons. Specifically, a covered financial institution must take reasonable steps to ascertain the identity of the nominal and beneficial owners of, and the source of funds deposited into, private banking accounts, as necessary to guard against money laundering and to report suspicious transactions. The institution must also conduct enhanced scrutiny of private banking accounts requested or maintained for, or on behalf of, senior foreign political figures (which includes family members or close associates). Enhanced scrutiny must be reasonably designed to detect and report transactions that may involve the proceeds of foreign corruption. --------------------------------------------------------------------------- \12\ These requirements are set forth and cross referenced in sections 1020.610 (cross-referencing to 31 CFR 1010.610) and 1020.620 (cross-referencing to 31 CFR 1010.620). --------------------------------------------------------------------------- B. Regulatory Background The following information describes the effect of certain previous rulemakings on banks, and specifically on banks lacking a Federal functional regulator. AML Program Requirements Most banks became subject to an AML program requirement pursuant to the BSA with FinCEN's issuance of an Interim Final Rule on April 29, 2002 (the ``Interim Final Rule'').\13\ The Interim Final Rule stated that an institution regulated by a Federal functional regulator ``shall be deemed to satisfy the requirements of 31 U.S.C. [[Page 58427]] 5318(h)(1) if it implements and maintains an [AML] program that complies with the regulation of its Federal functional regulator governing such programs.'' \14\ ``Federal functional regulator'' is defined at 31 CFR 1010.100(r) to include each of the Federal banking agencies, as well as the SEC and the CFTC. --------------------------------------------------------------------------- \13\ See Interim Final Rule--Anti-Money Laundering Programs for Financial Institutions, 67 FR 21110 (Apr. 29, 2002). Since 1987, all federally insured depository institutions and credit unions have been required by their Federal regulators to have anti-money laundering programs ``to assure and monitor compliance with the requirements of subchapter II of chapter 53 of title 31, United States Code,'' but until the passage of the USA PATRIOT Act the requirement to implement such programs did not arise under a specific provision of the Bank Secrecy Act itself. See Final Rule-- Procedures for Monitoring Bank Secrecy Act Compliance, 52 FR 2858 (Jan. 27, 1987). \14\ See 67 FR 21113. Since the time of the 2002 Interim Final Rule, FinCEN has reorganized its regulations under 31 CFR Chapter X. See Final Rule--Transfer and Reorganization of Bank Secrecy Act Regulations, 75 FR 65806 (Oct. 26, 2010). The cited AML program requirement can currently be found at 31 CFR 1020.210, with an added cross-reference to enhanced due diligence requirements imposed by rulemakings later than the Interim Final Rule. --------------------------------------------------------------------------- The Interim Final Rule also deferred AML program requirements for certain financial institutions, including ``private bankers.'' \15\ On November 6, 2002, FinCEN amended the Interim Final Rule.\16\ The amendment extended the deferral indefinitely,\17\ and included within the deferral not only private bankers, but any bank ``that is not subject to regulation by a Federal functional regulator.'' \18\ --------------------------------------------------------------------------- \15\ ``Private banker'' is included in the list of financial institutions in the BSA. 12 U.S.C. 5312(a)(2)(C). \16\ See Amendment of Interim Final Rule--Anti-Money Laundering Programs for Financial Institutions, 67 FR 67547 (Nov. 6, 2002). \17\ See 31 CFR 1010.205(c). The deferral expires for a financial institution on the date the financial institution otherwise must comply with a final rule requiring the financial institution to establish an AML program. \18\ See 31 CFR 1010.205(b)(1)(vi) and (b)(2). --------------------------------------------------------------------------- Although banks that lack a Federal functional regulator have not been required to establish an AML program, they are required to comply with many other BSA requirements. For example, banks that lack a Federal functional regulator still must file currency transaction reports (``CTRs'') and suspicious activity reports (``SARs''), and make and maintain certain records.\19\ In addition, banks that lack a Federal functional regulator must comply with 31 CFR 1010.630, which prohibits covered financial institutions from maintaining correspondent accounts for foreign shell banks and requires covered financial institutions to obtain and retain information on the ownership of foreign banks.\20\ --------------------------------------------------------------------------- \19\ See 31 CFR 1010.306-315 (CTRs); 31 CFR 1020.320 (SAR rule for banks); 31 CFR 1010.410 (records to be made and retained by financial institutions). \20\ Private banks, trust companies, and credit unions are ``covered financial institutions'' for purposes of 31 CFR 1010.630 and 31 CFR 1010.670, regardless of whether the institutions have a Federal functional Regulator. See 31 CFR 1010.605(e)(2). In contrast, rules requiring the implementation of due diligence programs for correspondent accounts and private banking accounts do not apply to private banks, apply only to ``federally insured credit unions,'' and certain trust companies that are ``federally regulated and subject to an anti-money laundering program requirement.'' See 31 CFR 1010.605(e)(1); 31 CFR 1010.610 (correspondent accounts); 31 CFR 1010.620 (private banking accounts). --------------------------------------------------------------------------- Despite being subject to the various BSA obligations detailed above, banks that lack a Federal functional regulator have remained exempt from the AML program requirement since the Interim Final Rule. In contrast, FinCEN has already eliminated the exemption and promulgated AML program rules for other institutions that had been exempted under the Interim Final Rule, including insurance companies, certain loan or finance companies, and dealers in precious metals, precious stones, or jewels. Customer Identification Program Requirements CIP requirements were finalized, through a joint final rule, for banks, savings associations, credit unions, and certain non-Federally regulated banks on May 9, 2003. With this action, certain banks that lack a Federal functional regulator, namely, private banks, non- federally insured credit unions and certain trust companies, were required to comply with CIP requirements.\21\ On the same day, FinCEN published a notice of proposed rulemaking that would have imposed CIP requirements on all other state-regulated banks without a Federal functional regulator that were not included in the joint rule.\22\ This rulemaking was never finalized. --------------------------------------------------------------------------- \21\ See Joint Final Rule--Customer Identification Programs for Banks, Savings Associations, Credit Unions and Certain Non-Federally Regulated Banks, 68 FR 25090 (May 9, 2003). See 31 CFR 1020.220. \22\ See Notice of Proposed Rulemaking--Customer Identification Programs for Certain Banks Lacking a Federal Functional Regulator, 68 FR 25163 (May 9, 2003). --------------------------------------------------------------------------- Beneficial Ownership Requirement On May 11, 2016, FinCEN published a final rule (``CDD Rule''),\23\ to clarify and strengthen customer due diligence requirements for certain financial institutions, including federally regulated banks, requiring these financial institutions to identify and verify the identity of the beneficial owners of their legal entity customers, subject to certain exclusions and exemptions. The CDD Rule also amends the AML program requirements for these financial institutions. For purposes of regulatory consistency, FinCEN believes that it is appropriate that these requirements should apply to non-federally regulated banks as well, and accordingly proposes these requirements in this notice. --------------------------------------------------------------------------- \23\ See Final Rules, Customer Due Diligence Rules for Financial Institutions, 81 FR 29398 (May 11, 2016). --------------------------------------------------------------------------- C. Categories of Banks Lacking a Federal Functional Regulator FinCEN has identified the following categories of banks that lack a Federal functional regulator and is interested in identifying additional categories of such entities. However, no discussion of such entities should be thought to be exhaustive. This NPRM proposes that any entity that meets the definition of bank in 31 CFR 1010.100(d) would be required to establish an AML program. State-Chartered Non-Depository Trust Companies State-chartered non-depository trust companies are generally smaller than depository (or federally regulated non-depository) trust companies, and often provide estate planning and settlement and trust administration on a regional basis.\24\ Trust companies can provide services similar to investment advisory firms, including securities investment advisers, but are generally exempt from registration as investment advisers with the SEC.\25\ Trust companies also may provide services to clients similar to the services offered by other financial services firms. The number of state-chartered non-depository trust companies is difficult to determine; however, according to data available from state banking regulator Web sites, there are upwards of 347 of these entities.\26\ --------------------------------------------------------------------------- \24\ Certain trust companies and banks offering trust services are subject to safety and soundness regulation by one or more Federal banking agencies. See, e.g., 12 U.S.C. 1813(a)(2), (l)(2), and (p); 12 U.S.C. 1817(i). \25\ See 15 U.S.C. 80b-2(a)(2) and (11)(A). \26\ We reviewed relevant information from the Web sites of state banking departments to determine the estimated number. See http://www.csbs.org/about/what/Pages/StateBankingDepartmentLinks.aspx. --------------------------------------------------------------------------- Non-Federally Insured Credit Unions Of the more than 6,273 credit unions nationwide, FinCEN understands that there are approximately 265 state-chartered credit unions that are not federally insured. Aside from their lack of a Federal functional regulator, these credit unions generally are similar in structure to federally insured credit unions.\27\ --------------------------------------------------------------------------- \27\ The statistics are based upon information provided in 2013 by the National Association of State Credit Union Supervisors. Federally chartered credit unions are insured by the NCUA through the National Credit Union Share Insurance Fund. See 12 U.S.C. 1781. --------------------------------------------------------------------------- Private Banks A private bank is a bank chartered under state law that is owned by an [[Page 58428]] individual or a partnership and generally provides financial services to individuals with high net worth.\28\ Although private banks have a long history in certain jurisdictions, including Switzerland and the United Kingdom, at least one private bank remains in the United States. --------------------------------------------------------------------------- \28\ Private banks should be distinguished from private banking accounts. A ``private banking account'' for purposes of rules implementing section 312 of the USA PATRIOT Act includes any account--at any kind of bank--that is established for certain individuals who are not United States citizens, provided the account requires a minimum aggregate deposit of $1,000,000 or more and the account is administered by an officer, employee, or agent of the covered financial institution acting as a liaison with the direct or beneficial owner of the account. See 31 CFR 1010.605(m). The rules implementing section 312 of the USA PATRIOT Act do not apply to private banks per se. --------------------------------------------------------------------------- Non-Federally Insured State Banks and Savings Associations According to estimates available from state banking regulator Web sites, the number of state-chartered banks and savings and loan or building and loan associations without Federal Deposit Insurance Corporation (``FDIC'') insurance is not more than 12.\29\ These banks function similarly to other federally insured banks, but are privately insured. --------------------------------------------------------------------------- \29\ See supra note 26. --------------------------------------------------------------------------- International Banking Entities International banking entities, or ``entidades bancarias internacionales'' (``EBIs''), are not federally insured, but are authorized by Puerto Rican and the U.S. Virgin Islands law to provide banking and other services to non-resident aliens. As of 2014, 33 EBIs were licensed by Puerto Rico.\30\ --------------------------------------------------------------------------- \30\ See Commissioner of Financial Institutions of Puerto Rico http://www.ocif.gobierno.pr/documents/cons/EBI.pdf.> --------------------------------------------------------------------------- D. Extension of AML Program, CIP and Beneficial Ownership Requirements The Anti-Money Laundering Program The statutory mandate that all financial institutions establish anti-money laundering programs is a key element in the national effort to prevent and detect money laundering and the financing of terrorism. Banks without a Federal functional regulator may be as vulnerable to the risks of money laundering and terrorist financing as banks with one. This proposed rule would eliminate the present regulatory ``gap'' in AML coverage between banks with and without a Federal functional regulator. FinCEN expects uniform regulatory requirements for all banks to reduce the opportunity for criminals to seek out and exploit banks subject to less rigorous AML requirements. FinCEN also believes that imposing an AML program requirement on banks that lack a Federal functional regulator would not be unduly burdensome, given that such banks already must comply with various BSA recordkeeping, reporting, and, in some cases, CIP requirements. In order to comply with these existing rules, banks lacking a Federal functional regulator have likely developed procedures and protocol comparable to what would be required under the proposed rule. In 2005, uniform BSA examination procedures were issued through the first publication of the Federal Financial Institutions Examination Council Bank Secrecy Act/Anti-Money Laundering Examination Manual.\31\ FinCEN understands that uniform audits or examinations of policies, procedures, internal controls, reporting structures, transaction monitoring, and recordkeeping have caused many banks that lack a Federal functional regulator to adopt procedures similar to the ones that would be required under the proposed rule. --------------------------------------------------------------------------- \31\ The Federal Financial Institutions Examination Council is a formal interagency body consisting of the Federal banking agencies authorized to prescribe uniform standards for the examination of financial institutions. See http://www.ffiec.gov/. Regulators from forty-seven state regulators, the District of Columbia, and the Commonwealth of Puerto Rico conduct AML compliance inspections in conjunction with the Federal banking agencies. Similarly, credit unions are subject to joint supervision by the NCUA and their state supervisors, pursuant to a Document of Cooperation executed by the NCUA and the National Association of State Credit Union Supervisors. --------------------------------------------------------------------------- Customer Identification Program For the reasons of regulatory consistency and protection against systemic vulnerability discussed above in connection with AML programs, FinCEN believes that CIP should also apply to all banks (including all depository institutions chartered under state banking law, even if the charter was not for a credit union, trust company, or private bank), regardless of whether they are Federally regulated. The preamble of the final CIP rule said that it applied to ``banks with a Federal functional regulator and to credit unions, trust companies, and private banks without a federal functional regulator.'' However, on the same day that the final CIP rule was issued, FinCEN issued a follow-on Notice of Proposed Rulemaking to ensure that there would be no gaps in the scope of the CIP obligations as they apply to banks.\32\ Because this proposal was never finalized, FinCEN is also re-proposing changes that would explicitly require all banks that lack a Federal functional regulator to establish CIP. --------------------------------------------------------------------------- \32\ See supra note 22. --------------------------------------------------------------------------- Beneficial Ownership Requirements As noted above, the CDD Rule requires that federally regulated banks and certain other financial institutions identify, and verify the identity of, the beneficial owners of their legal entity customers, as set forth in section 1010.230.\33\ For purposes of regulatory consistency, FinCEN believes that this requirement should apply to non- federally regulated banks as well. --------------------------------------------------------------------------- \33\ The CDD Rule is effective July 11, 2016 and applicable on and after May 11, 2018. --------------------------------------------------------------------------- II. Section-by-Section Analysis This notice proposes to amend chapter X by adding AML program requirements for banks that lack a Federal functional regulator, and extending CIP and beneficial ownership requirements to those banks not already subject to these requirements. These proposed changes include the following: (1) Amending the provision in Sec. 1010.205 that exempts certain financial institutions from the requirement to establish an AML program; (2) amending the definition of covered financial institution in Sec. 1010.605 so that non-federally regulated banks will be subject to the beneficial ownership requirements pursuant to the CDD Rule (as well as the requirements in Sec. Sec. 1010.610 and 1010.620); (3) removing the substantive language in the definitions of bank and financial institution in part 1020, Rules for Banks, because there will no longer be a need to make distinctions from the definitions in part 1010's General Definitions; (4) imposing AML program requirements on banks that lack a Federal functional regulator and prescribing minimum standards for the AML programs; and (5) amending the CIP requirements to delete a specific requirement that until banks without a Federal functional regulator are subject to AML program requirements they must have their CIPs approved by their boards of directors. If the proposed changes are implemented, banks without a Federal functional regulator will be required to implement a written AML program approved by their boards of directors or by equivalent functional units within the banks. A. Exempted Anti-Money Laundering Programs for Certain Financial Institutions Section 1010.205 provides temporary exemptions for certain financial institutions from the requirement to establish an anti-money laundering [[Page 58429]] program.\34\ The proposed amendments to 31 CFR 1010.205 reflect the removal of: (1) The exemption for private bankers (Sec. 1010.205(b)(1)(vi)); (2) the broader exemption for banks that lack a Federal functional regulator (Sec. 1010.205(b)(2)); and (3) the exemption for persons subject to supervision by a state banking authority (Sec. 1010.205(b)(3)). --------------------------------------------------------------------------- \34\ See 67 FR 21113 (Apr. 29, 2002), as amended at 67 FR 67549 (Nov. 6, 2002) and corrected at 67 FR 68935 (Nov. 14, 2002) (Treasury temporarily exempted private bankers and banks not subject to regulation by a Federal functional regulator from establishing an AML program). --------------------------------------------------------------------------- B. General and Specific Definitions General rules that apply to all industries appear in part 1010, and industry-specific rules are contained in other parts within chapter X. Because the definition of bank in part 1010 makes no distinctions as to whether a bank has a Federal functional regulator, there are no proposed changes to that definition of bank in Sec. 1010.100(d).\35\ Likewise, there are no proposed changes to the general definition of financial institution in Sec. 1010.100(t).\36\ Specific rules for banks are contained in part 1020, which includes definitions of both ``bank'' and ``financial institution'' specific to that part, to note a distinction in the application of AML program and CIP requirements between banks with a Federal functional regulator and those lacking one. FinCEN proposes to amend those definitions, as described below. --------------------------------------------------------------------------- \35\ Bank is defined in 31 CFR 1010.100(d) as each agent, agency, branch, or office within the United States of any person doing business in one or more of the capacities listed: (1) A commercial bank or trust company organized under the laws of any state or of the United States; (2) A private bank; (3) A savings and loan association or a building and loan association organized under the laws of any state or of the United States; (4) An insured institution as defined in section 401 of the National Housing Act; (5) A savings bank, industrial bank or other thrift institution; (6) A credit union organized under the law of any state or of the United States; (7) Any other organization (except a money services business) chartered under the banking laws of any state and subject to the supervision of the bank supervisory authorities of a state; (8) A bank organized under foreign law; (9) Any national banking association or corporation acting under the provisions of section 25(a) of the Act of Dec. 23, 1913, as added by the Act of Dec. 24, 1919, ch. 18, 41 Stat. 378, as amended (12 U.S.C. 611-32). \36\ 31 CFR 1010.100(t) defines financial institution as each agent, agency, branch, or office within the United States of any person doing business, whether or not on a regular basis or as an organized business concern, in one or more of the capacities listed below: (1) A bank (except bank credit card systems); (2) A broker or dealer in securities; (3) A money services business as defined in Sec. 1010.100(ff); (4) A telegraph company; (5) Casino; (6) Card club; (7) A person subject to supervision by any state or Federal bank supervisory authority; (8) A futures commission merchant; (9) An introducing broker in commodities; or (10) A mutual fund. --------------------------------------------------------------------------- Customer Identification Program Requirement The separate definition of bank in Sec. 1020.100(b) reflects the fact that existing CIP requirements do not apply to all banks that lack a Federal functional regulator. The current definition of bank, for the purposes of 31 CFR 1020.220, is (1) A bank, as that term is defined in 31 CFR 1010.100(d), that is subject to regulation by a Federal functional regulator; and (2) A credit union, private bank, and trust company, as set forth in 31 CFR 1010.100(d) of this chapter, that does not have a Federal functional regulator.\37\ --------------------------------------------------------------------------- \37\ See 31 CFR 1020.100(b). --------------------------------------------------------------------------- This rulemaking proposes to remove existing Sec. 1020.100(b), which would result in making all banks, regardless of whether they are subject to regulation by a Federal functional regulator, comply with CIP requirements. Beneficial Ownership Requirement The beneficial ownership requirement in the CDD Rule applies to covered financial institutions as defined in Sec. 1010.605(e)(1). This definition includes several types of banks, all of which are federally regulated,\38\ as well as brokers and dealers in securities, futures commission merchants and introducing brokers, and mutual funds. In order to apply this requirement to non-federally regulated banks, this rulemaking proposes to amend the current definition of covered financial institution by replacing paragraphs (i) through (vii) of Sec. 1010.605(e)(1) with the following, which includes all banks (whether or not federally regulated) that are subject to an AML program requirement ``a bank required to have an anti-money laundering compliance program under the regulations implementing 31 U.S.C. 5318(h), 12 U.S.C. 1818(s), or 12 U.S.C. 1786(q)(1).'' --------------------------------------------------------------------------- \38\ These include (1) An insured bank (as defined in section 3(h) of the Federal Deposit Insurance Act (12 U.S.C. 1813(h)); (2) A commercial bank; (3) An agency or branch of a foreign bank; (4) A federally insured credit union; (5) A savings association; (6) A corporation acting under section 25A of the Federal Reserve Act; and (7) A trust bank or trust company that is federally regulated and is subject to an anti-money laundering program requirement. --------------------------------------------------------------------------- Anti-Money Laundering Program Requirement The definition of financial institution in Sec. 1020.100(d) reflects the fact that existing AML program requirements are based on whether a bank is subject to regulation by a Federal functional regulator. The current definition of financial institution is (1) For the purposes of 31 CFR 1020.210, a financial institution is defined in 31 U.S.C. 5312(a)(2) or (c)(1) that is subject to regulation by a Federal functional regulator or a self-regulatory organization; (2) For the purposes of 31 CFR 1020.220, a financial institution is defined in 31 U.S.C. 5312(a)(2) or (c)(1). This rulemaking proposes to remove existing Sec. 1020.100(d)(1), which along with the proposed amendments to Sec. 1020.210 described below, would result in requiring all banks, regardless of whether they are subject to regulation by a Federal functional regulator, to comply with the obligation to implement an AML program.\39\ --------------------------------------------------------------------------- \39\ We are also proposing to remove Sec. 1020.100(d)(2). Due to the current definition of ``financial institution'' in Sec. 1010.100(t), this broader definition of the term is no longer necessary. --------------------------------------------------------------------------- C. AML Program Requirements Section 1020.210 (as amended by the CDD Rule) sets forth the current AML program requirements for banks. This rulemaking proposes certain changes necessary to ensure that all banks, regardless of whether they are subject to Federal regulation and oversight, are required to establish and implement anti-money laundering programs. One proposed change concerns the title and structure of the section. Currently, the title reads: ``Anti-money laundering program requirements for financial institutions regulated only by a Federal functional regulator, including banks, savings associations, and credit unions.'' With the proposed change, the title would read: ``Anti-money laundering program requirements for banks,'' and it would contain one section for banks regulated only by a Federal functional regulator and another section for banks that lack a Federal functional regulator. As proposed, Sec. 1020.210(a) would be titled: ``Anti-money laundering program requirements for banks regulated only by a Federal functional regulator, including banks, savings associations, and credit unions.'' The existing language in Sec. 1020.210 states that compliance by a financial institution regulated by a Federal functional regulator that is not subject to the regulations of a self-regulatory organization satisfies the AML program requirement under 31 U.S.C. 5318(h)(1) if its program complies with the requirements of Sec. Sec. 1010.610 and 1010.620 and the regulations of its Federal functional regulator governing AML programs. FinCEN is unaware of any instance in which a bank is subject to regulations by a self-regulatory organization. Accordingly, FinCEN proposes to remove reference to such regulation from the regulatory text, by [[Page 58430]] striking the words ``that is not subject to the regulations of a self- regulatory organization.'' This proposed change would appear in Sec. 1020.210(a).\40\ --------------------------------------------------------------------------- \40\ The regulation text set forth is the text as amended by the CDD Rule, which is effective July 11, 2016 and applicable on and after May 11, 2018. --------------------------------------------------------------------------- Proposed new Sec. 1020.210(b) would be titled: ``Anti-money laundering program requirements for banks lacking a Federal functional regulator including, but not limited to, private banks, non-federally insured credit unions, and certain trust companies.'' New Sec. 1020.210(b)(1) would require banks that lack a Federal functional regulator to establish and implement AML programs reasonably designed to assure ongoing compliance with the Bank Secrecy Act. Section 1020.210(b)(1)(ii)(E) would require compliance with due diligence requirements for correspondent accounts for foreign financial institutions (Sec. 1010.610) and for private banking accounts (Sec. 1010.620), and new Sec. 1020.210(b)(1) also would prescribe the minimum standards necessary for an AML program. With respect to minimum standards, proposed Sec. 1020.210(b)(1)(ii)(A) would require that the AML program include a system of internal controls to assure ongoing compliance with the BSA. As part of implementing an AML program, FinCEN would expect banks that lack a Federal functional regulator to assess the money laundering and terrorist financing risks that are associated with their products, customers, distribution channels, and geographic locations. An assessment of customer-related information is a key component to a robust AML program, and banks must ensure that they obtain all the information necessary for their AML program requirements. For purposes of making the required risk assessment, banks have discretion to determine how best to collect the relevant customer information. FinCEN does not anticipate that this requirement will entail obtaining information not already obtained in the ordinary course of business. Policies, procedures, and internal controls also must be reasonably designed to ensure compliance with BSA requirements. Banks may conduct some of their operations through agents and third-party service providers. Some elements of the compliance program may best be performed by personnel of these entities, in which case it is permissible for banks to contract with such entities to assist them with implementation and operation of those aspects of its AML program. Any bank that contracts with an agent or third party to assist with aspects of its AML program, however, remains fully responsible for the effectiveness of the program, as well as ensuring that compliance examiners are able to obtain information and records relating to the AML program. Proposed Sec. 1020.210(b)(1)(ii)(B) would require that the program provide for independent testing to monitor and maintain an adequate program. A party external to the bank, such as an outside consultant or accountant, need not perform the testing. The testing may be conducted by an officer, employee, or group of employees, so long as the person or persons conducting the testing are independent of the person or group of persons primarily responsible for implementing the bank's AML program. The frequency of independent testing will depend upon the risks posed.\41\ Any recommendations that result from the independent testing should be implemented promptly or reviewed by senior management. --------------------------------------------------------------------------- \41\ See The Federal Financial Institutions Examination Council, Bank Secrecy Act/Anti-Money Laundering Examination Manual, at 30 (2014) available at https://www.ffiec.gov/bsa_aml_infobase/documents/BSA_AML_Man_2014_v2.pdf (``[A] sound practice is for the bank to conduct independent testing generally every 12 to 18 months, commensurate with the BSA/AML risk profile of the bank.''). --------------------------------------------------------------------------- Proposed Sec. 1020.210(b)(1)(ii)(C) would require that the bank designate a person or persons who will be responsible for coordinating and monitoring day-to-day compliance with the AML program. The bank may have one individual, or the bank may designate multiple individuals to perform the function as a group. The person or persons should be competent and knowledgeable regarding BSA requirements and money laundering issues and risks, and should be empowered with full responsibility and authority to develop and enforce appropriate policies and procedures. The role of this function is to ensure that the program is implemented effectively and updated as necessary. Proposed Sec. 1020.210(b)(1)(ii)(D) would require that the program provide for training of appropriate persons. Employee training is an integral part of any AML program. In order to carry out their responsibilities effectively, employees must be trained in requirements under the BSA and money laundering risks generally, as well as the internal policies and procedures of the institution, so that red flags can be identified. Such training may be conducted by third parties or in-house, and may include computer-based training. Employees should receive periodic updates and refreshers to such training. The nature, scope, and frequency of training would depend upon the functions performed by employees. Proposed Sec. 1020.210(b)(1)(ii)(E) would require that the program include, at a minimum, appropriate risk-based procedures for conducting ongoing customer due diligence, to include, but not be limited to, understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile; and conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information. For purposes of this proposed paragraph, customer information would include information regarding the beneficial owners of legal entity customers (as defined in Sec. 1010.230). FinCEN views this not as a new requirement, but as an explicit statement of the activities that are already required of covered financial institutions in order to monitor for, and detect and report, suspicious transactions.\42\ --------------------------------------------------------------------------- \42\ For a description of what is required by this new provision in the AML program rule for banks, see CDD Rule, 81 FR 29398, 29419- 29421. --------------------------------------------------------------------------- Proposed Sec. 1020.210(b)(2) would require that an AML program be approved by the bank's board of directors or, if the bank does not have a board of directors, an equivalent function within the bank. Additionally, a bank would be required to make a copy of its AML program available to FinCEN or its designee upon request.\43\ --------------------------------------------------------------------------- \43\ An agency with authority delegated by FinCEN to examine the bank for compliance with the BSA would qualify as a designee of FinCEN. --------------------------------------------------------------------------- D. CIP Requirements Currently, the title reads: Section 1020.220, ``Customer identification programs for banks, savings associations, credit unions, and certain non-Federally regulated banks.'' With the proposed change, the title would read: ``Customer identification program requirements for banks.'' This proposed change recognizes that going forward CIP requirements would apply to all banks. The proposed changes would also delete an unnecessary reference in Sec. 1020.220 that stipulates that credit unions, private banks, and trust companies without a Federal functional regulator must seek board approval for their CIPs. With finalization of this proposal, banks lacking a Federal functional regulator would be required to implement a written AML program approved by their boards of directors. Since CIP would be part of their AML [[Page 58431]] programs, which must be approved by their boards of directors, it would no longer be necessary to stipulate a separate approval of CIP in this section. III. Request for Comment FinCEN welcomes comment on all aspects of the proposed rule. In addition, FinCEN seeks comment on the following issues: Whether certain banks lacking a Federal functional regulator should be excluded from the proposed rule; Whether there are additional bank categories that should be included in the proposed rule; Whether non-federally regulated banks should be subject to the requirements contained in the CDD Rule; If the requirements contained in the CDD Rule and under Section 312 are imposed on non-federally regulated banks, what time period should be given to these institutions to implement such requirements; and Whether there are banks that are, in fact, regulated by self-regulatory organizations. IV. Initial Regulatory Flexibility Act Analysis When an agency issues a rulemaking proposal, the Regulatory Flexibility Act (``RFA'') requires the agency to ``prepare and make available for public comment an initial regulatory flexibility analysis'' that will ``describe the impact of the proposed rule on small entities.'' (5 U.S.C. 603(a).) Section 605 of the RFA allows an agency to certify a rule, in lieu of preparing an analysis, if the proposed rulemaking is not expected to have a significant economic impact on a substantial number of small entities. A. Reasons Why Action by the Agency Is Being Considered The Anti-Money Laundering Program The statutory mandate that all financial institutions establish anti-money laundering programs is a key element in the national effort to prevent and detect money laundering and the financing of terrorism. Banks without a Federal functional regulator may be as vulnerable to the risks of AML and terrorist financing as banks with one. This proposed rule would eliminate the present regulatory ``gap'' in AML coverage between banks with and without a Federal functional regulator. FinCEN expects that uniform regulatory requirements for all banks will reduce the opportunity for criminals to seek out and exploit banks subject to less rigorous AML requirements. Customer Identification Program For the reasons of regulatory consistency and protection against systemic vulnerability discussed above in connection with AML programs, FinCEN believes that CIP should also apply to all banks (including all depository institutions chartered under state banking law, even if the charter was not for a credit union, trust company, or private bank), regardless of whether they are Federally regulated. In July 2002, FinCEN issued a Notice of Proposed Rulemaking to ensure that there would be no gaps in the scope of the CIP obligations as they apply to banks. Because this proposal was never finalized, FinCEN is also re- proposing changes that would explicitly require all banks that lack a Federal functional regulator to establish CIP. Beneficial Ownership Requirements As noted above, the CDD Rule requires that from and after May 11, 2018, federally regulated banks and certain other financial institutions identify, and verify the identity of, the beneficial owners of their legal entity customers, as set forth in section 1010.230. For purposes of regulatory consistency, FinCEN believes that this requirement should apply to non-federally regulated banks as well. B. Objectives of, and Legal Basis for, the Proposed Rules Section 352 of the USA PATRIOT Act requires financial institutions to establish AML programs that, at a minimum, include: (1) The development of internal policies, procedures, and controls; (2) the designation of a compliance officer; (3) an ongoing employee training program; and (4) an independent audit function to test programs. In addition, the CDD Rule described above adds an explicit requirement to conduct ongoing monitoring. Section 326 of the USA PATRIOT Act requires FinCEN to prescribe regulations that require financial institutions to establish programs for account opening that, at a minimum, include: (1) Verifying the identity of any person seeking to open an account, to the extent reasonable and practicable; (2) maintaining records of the information used to verify the person's identity, including name, address, and other identifying information; and (3) determining whether the person appears on any lists of known or suspected terrorists or terrorist organizations provided to the financial institution by any government agency. Section 312 of the USA PATRIOT Act requires each U.S. financial institution that establishes, maintains, administers, or manages a correspondent account or a private banking account in the United States for a non-U.S. person to subject such accounts to certain anti-money laundering measures. C. Small Entities Subject to the Proposed Rules Based upon current data, for the purposes of RFA, FinCEN estimates that these rules will impact approximately 347 state chartered non- depository trust companies; 265 state-chartered credit unions that are not federally insured; 12 state-chartered banks and savings and loan or building and loan associations without FDIC insurance; and 115 EBIs licensed in Puerto Rico.\44\ FinCEN believes it is likely that most or all of the non-federally insured credit unions are small entities, and has no data on the size of the other entities subject to this rulemaking, and therefore assumes that many of them are small entities. Therefore, FinCEN concludes that the proposed rules will apply to a substantial number of small entities. --------------------------------------------------------------------------- \44\ The Small Business Administration (``SBA'') defines a trust company as a small business if it has assets of $35.5 million or less. The SBA defines a depository institution (including a credit union) as a small business if it has assets of $550 million or less. FinCEN was unable to find an authoritative figure on the number of non-federally regulated depository institutions that would meet the definition of small entity. --------------------------------------------------------------------------- D. Projected Reporting, Recordkeeping, and Other Compliance Requirements of the Proposed Rules The proposed rules would prescribe minimum standards for AML programs for banks without a Federal functional regulator to ensure that all banks, regardless of whether they are subject to Federal regulation and oversight, are required to establish and implement written AML programs, including conducting ongoing customer due diligence, and to identify and verify the identity of the beneficial owners of their legal entity customers. The changes would also extend customer identification program requirements to those banks not already subject to these requirements. Banks lacking a Federal functional regulator are currently required to comply with many existing requirements under the BSA. All banks, including those not subject to Federal regulation and oversight, are already required to file SARs, which necessarily requires a bank to establish a process to detect unusual activity. Certain banks lacking a Federal functional regulator--namely, private banks, non-federally insured credit unions, and certain trust companies--must maintain CIPs. [[Page 58432]] Uniform audits at the state and Federal levels may have caused banks lacking a Federal functional regulator to adopt procedures similar to the ones that would be required under the AML program requirement of the proposed rule. With respect to the beneficial ownership requirement, the proposed rule would require banks lacking a Federal functional regulator to obtain and maintain the identity of each beneficial owner from each legal entity customer that opens a new account, including name, address, date of birth and identification number. The financial institution would also be required to verify such identity by documentary or non-documentary methods and to maintain in its records for five years a description of (1) any document relied on for verification, (2) any such non-documentary methods and results of such measures undertaken, and (3) the resolution of any substantive discrepancies discovered in verifying the identification information. The burden on a small non-federally regulated bank at account opening resulting from the final rule would be a function of the number of beneficial owners of each legal entity customer opening a new account, the additional time required for each beneficial owner, and the number of new accounts opened for legal entities by the small banks during a specified period. None of the small businesses that commented on the CDD Rule's Initial Regulatory Flexibility Analysis (``IRFA'') included an estimate of the amount of time to open a legal entity account; only one noted the number of such accounts it opens per year (70). As a result of the comments FinCEN received to the CDD Rule's-related regulatory impact assessment from other commenters, FinCEN concluded in its Final Regulatory Flexibility Analysis (``FRFA'') \45\ that the estimated time for financial institutions to open accounts ranges from 20 to 40 minutes. Based on opening 471 new accounts for legal entities and an average wage of $16.77 for ``new account clerks,'' \46\ this would result in an annual cost to a small bank of $2,550 to $5,100.\47\ FinCEN also notes that, even among small entities, the costs could be expected to vary substantially.\48\ --------------------------------------------------------------------------- \45\ See 81 FR 29398, 29448 (May 11, 2016). \46\ See 81 FR 29398, 29448, n. 179, (May 11, 2016). \47\ The estimated cost is based on the bank-reported 471 new accounts per year, additional time at account opening of 15 to 30 minutes, and the average wage of $16.77 for the financial industry ``new account clerks'' reported by the Bureau of Labor Statistics. \48\ For example, for the small bank that responded to the CDD IRFA and estimated that it opens 70 new accounts for business customers per year, the estimated costs would range from $380 to $760 per year. See 81 FR 29398, 29447-48 (May 11, 2016). --------------------------------------------------------------------------- In addition, compliance with the beneficial ownership requirement would be expected to require additional training, information technology upgrades, and revisions to policies, procedures, and internal controls. A discussion of the estimated costs for these tasks for small entities is included in the CDD Rule FRFA referred to above. E. Overlapping or Conflicting Federal Rules FinCEN is unaware of any existing Federal regulations that would overlap or conflict with the amendments being proposed. F. Consideration of Significant Alternatives FinCEN has not identified any alternative means for bringing these categories of non-federally regulated banks into compliance with the same standards as all other banks in the United States. Were FinCEN to exempt small entities from this requirement, those entities would potentially be at greater risk of abuse by money launderers and other financial criminals. With respect to the CDD pillar of the AML program rule, FinCEN considered several alternatives to that which is being proposed. As described in greater detail elsewhere,\49\ these alternatives included exempting small financial institutions below a certain asset or legal entity customer threshold from the requirements, as well as utilizing a lower (e.g., 10 percent) or higher (e.g., 50 percent) threshold for the minimum level of equity ownership for the definition of beneficial owner. FinCEN determined, however, that identifying the beneficial owner of a financial institution's legal entity customers and verifying that identity are necessary parts of an effective AML program. Were FinCEN to exempt small entities from this requirement, or entities that establish fewer than a limited number of accounts for legal entities, those financial institutions would be at greater risk of abuse by money launderers and other financial criminals, as criminals would identify institutions without this requirement. FinCEN also considered increasing the threshold for ownership of equity interests in the definition of beneficial ownership to 50 percent or more of the equity interests. Although this higher threshold would reduce the number of individuals whose identity would need to be verified from five to three, thus reducing marginally the onboarding time, this change would not impact the training or IT costs, and therefore, would not substantially reduce the overall costs of the rule and also would provide less useful information. After considering all the alternatives FinCEN has concluded that an ownership threshold of 25 percent is appropriate to maximize the benefits of the requirement while minimizing the burden. --------------------------------------------------------------------------- \49\ See 81 FR 29398, 29450 (May 11, 2016). --------------------------------------------------------------------------- G. Questions for Comment Please provide comment on any or all of the provisions of the proposed rule with regard to their economic impact on small entities, and what less burdensome alternatives, if any, FinCEN should consider. V. Unfunded Mandates Act Section 202 of the Unfunded Mandates Reform Act of 1995 (``Unfunded Mandates Act''), Public Law 104-4 (March 22, 1995), requires that an agency prepare a budgetary impact statement before promulgating a rule that may result in expenditure by the State, local, and tribal governments, in the aggregate, or by the private sector, of $100 million or more in any one year. If a budgetary impact statement is required, section 202 of the Unfunded Mandates Act also requires an agency to identify and consider a reasonable number of regulatory alternatives before promulgating a rule. Taking into account the factors noted above and using conservative estimates of average labor costs in evaluating the cost of the burden imposed by the proposed regulation, FinCEN has determined that it is not required to prepare a written statement under section 202. VI. Executive Orders 13563 and 12866 Executive Orders 13563 and 12866 direct agencies to assess costs and benefits of available regulatory alternatives and, if regulation is necessary, to select regulatory approaches that maximize net benefits (including potential economic, environmental, public health and safety effects, distributive impacts, and equity). Executive Order 13563 emphasizes the importance of quantifying both costs and benefits, of reducing costs, of harmonizing rules, and of promoting flexibility. It has been determined that this is not a significant regulatory action for purposes of Executive Order 12866. Accordingly, a regulatory impact analysis is not required. [[Page 58433]] VII. Paperwork Reduction Act The collection of information contained in this proposed rule is being submitted to the Office of Management and Budget for review in accordance with the Paperwork Reduction Act of 1995 (44 U.S.C. 3507(d)). Comments on the collection of information should be sent (preferably by fax (202-395-6974)) to the Desk Officer for the Department of the Treasury, Office of Information and Regulatory Affairs, Office of Management and Budget, Paperwork Reduction Project (1506), Washington, DC 20503, or by the Internet to [email protected], with a copy to FinCEN by mail or the Internet. Comments on the collection of information should be received by October 24, 2016. An agency may not conduct or sponsor, and a person is not required to respond to, a collection of information subject to the Paperwork Reduction Act unless it displays a valid control number assigned by the Office of Management and Budget. The collection of information in the proposed rule would be codified at 31 CFR 1020.210, 1020.220, and 1020.230. The information will be used by examining agencies to verify compliance with these provisions. The collection of information is mandatory. Records required to be retained under the BSA must be retained for five years. Description of Recordkeepers: Banks without a Federal functional regulator, as defined in 31 CFR 1020.210 and 1020.220. Estimated Number of Affected Institutions: 1,151. Estimated Average Annual Burden Hours per Recordkeeper: Since this is a new requirement, the estimated average burden associated with the recordkeeping requirement in this proposed rule is 40 hours for development of a written program, and following the initial development, the program must be reviewed on an annual basis, to include a one (1) hour per year burden recognized for annual maintenance and update. Estimated Total Annual Reporting Burden: 46,040 hours. This burden will be added to the existing burden listed under OMB Control Number 1506-0035 currently titled AML Programs for insurance companies and loan and finance companies. The new title for this control number will be AML Programs for insurance companies, and residential mortgage lenders and originators, and banks that lack a Federal functional regulator. The new total burden will be 140,240 hours. Questions for comment: (1) Whether the collection of information is necessary for the proper performance of FinCEN's mission, including whether the information will have practical utility; (2) Whether FinCEN's estimate of the burden of the collection of information is accurate; (3) What are ways to enhance the quality, utility, and clarity of the information to be collected; (4) What are ways to minimize the burden of the collection of information, including through the use of automated collection techniques or other forms of information technology; (5) What are the estimates of capital or start- up costs to implement and then maintain an AML program; (6) How many banks that lack a Federal functional regulator are considered ``small businesses'' because the entities have less than $550 million in total assets; (7) What is the average number of employees or the average total annual salary expense for banks that lack a Federal functional regulator; and (8) What is the average number of employees dedicated to bank regulation compliance. List of Subjects in 31 CFR Parts 1010 and 1020 Administrative practice and procedure, Banks, banking, Brokers, Currency, Foreign banking, Foreign currencies, Gambling, Investigations, Penalties, Reporting and recordkeeping requirements, Securities, Terrorism. Authority and Issuance For the reasons set forth in the preamble, parts 1010 and 1020 of chapter X of title 31 of the Code of Federal Regulations are proposed to be amended as follows: PART 1010--GENERAL PROVISIONS 0 1. The authority citation for part 1010 continues to read as follows: Authority: 12 U.S.C. 1829b and 1951-1959; 31 U.S.C. 5311-5314 and 5316-5332; title III, sec. 314, Public Law 107-56, 115 Stat. 307. Sec. 1010.205 [Amended] 0 2. Section 1010.205 is amended by: 0 a. Removing paragraph (b)(1)(vi); 0 b. Redesignating paragraphs (b)(1)(vii) through (ix) as paragraphs (b)(1)(vi) through (viii); and 0 c. Removing and reserving paragraph (b)(2) and removing paragraph (b)(3). 0 3. Section 1010.605 is amended by: 0 a. Revising paragraph (e)(1)(i) 0 b. Removing paragraphs through (e)(1)(ii) through (vii); and 0 b. Redesignating paragraphs (e)(1)(viii) through (x) as paragraphs (e)(1)(ii) through (iv). The revision reads as follows: Sec. 1010.605 Definitions. * * * * * (e) * * * (i) A bank required to have an anti-money laundering compliance program under the regulations implementing 31 U.S.C. 5318(h), 12 U.S.C. 1818(s), or 12 U.S.C. 1786(q)(1); * * * * * PART 1020--RULE FOR BANKS 0 4. The authority citation for part 1020 continues to read as follows: Authority: 12 U.S.C. 1829b and 1951-1959; 31 U.S.C. 5311-5314 and 5316-5332; title III, sec. 314, Public Law 107-56, 115 Stat. 307. Sec. 1020.100 [Amended] 0 5. Section 1020.100 is amended by: 0 a. Removing paragraphs (b) and (d); and 0 b. Redesignating paragraph (c) as paragraph (b). 0 6. Section 1020.210 is revised to read as follows: Sec. 1020.210 Anti-money laundering program requirements for banks. (a) Anti-money laundering program requirements for banks regulated only by a Federal functional regulator, including banks, savings associations, and credit unions. A bank regulated by a Federal functional regulator shall be deemed to satisfy the requirements of 31 U.S.C. 5318(h)(1) if it implements and maintains an anti-money laundering program that: (1) Complies with the requirements of Sec. Sec. 1010.610 and 1010.620 of this chapter; (2) Includes, at a minimum: (i) A system of internal controls to assure ongoing compliance; (ii) Independent testing for compliance to be conducted by bank personnel or by an outside party; (iii) Designation of an individual or individuals responsible for coordinating and monitoring day-to-day compliance; (iv) Training for appropriate personnel; and (v) Appropriate risk-based procedures for conducting ongoing customer due diligence, to include, but not be limited to: (A) Understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile; and (B) Conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information. For purposes of this paragraph, customer information shall [[Page 58434]] include information regarding the beneficial owners of legal entity customers (as defined in Sec. 1010.230); and (3) Complies with the regulation of its Federal functional regulator governing such programs. (b) Anti-money laundering program requirements for banks lacking a Federal functional regulator including, but not limited to, private banks, non-federally insured credit unions, and certain trust companies. (1) A bank lacking a Federal functional regulator shall be deemed to satisfy the requirements of 31 U.S.C. 5318(h)(1) if the bank establishes and maintains a written anti-money laundering program that: (i) Complies with the requirements of Sec. Sec. 1010.610 and 1010.620 of this chapter; and (ii) Includes, at a minimum: (A) A system of internal controls to assure ongoing compliance with the Bank Secrecy Act and the regulations set forth in 31 CFR chapter X; (B) Independent testing for compliance to be conducted by bank personnel or by an outside party; (C) Designation of an individual or individuals responsible for coordinating and monitoring day-to-day compliance; (D) Training for appropriate personnel; and (E) Appropriate risk-based procedures for conducting ongoing customer due diligence, to include, but not be limited to: (1) Understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile; and (2) Conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information. For purposes of this paragraph, customer information shall include information regarding the beneficial owners of legal entity customers (as defined in Sec. 1010.230). (2) The program must be approved by the board of directors or, if the bank does not have a board of directors, an equivalent governing body within the bank. The bank shall make a copy of its anti-money laundering program available to the Financial Crimes Enforcement Network or its designee upon request. 0 7. Amend Sec. 1020.220 by revising the section heading and paragraph (a)(1) to read as follows: Sec. 1020.220 Customer identification program requirements for banks. (a) * * * (1) In general. A bank required to have an anti-money laundering compliance program under the regulations implementing 31 U.S.C. 5318(h), 12 U.S.C. 1818(s), or 12 U.S.C. 1786(q)(1) must implement a written Customer Identification Program (CIP) appropriate for its size and type of business that, at a minimum, includes each of the requirements of paragraphs (a)(1) through (5) of this section. The CIP must be a part of the anti-money laundering compliance program. * * * * * Jamal El-Hindi, Acting Director, Financial Crimes Enforcement Network. [FR Doc. 2016-20219 Filed 8-24-16; 8:45 am] BILLING CODE 4810-02-P
![Federal Register / Vol. 81, No. 165 / Thursday, August 25, 2016 / Proposed Rules 58425
www.regulations.gov or http:// DEPARTMENT OF THE TREASURY dockets at Regulations.gov as their
arlweb.msha.gov/currentcomments.asp. complete, official-record docket; all
To read background documents, go to Financial Crimes Enforcement Network hard copies of materials that should be
http://www.regulations.gov. Review the in the docket, including public
docket in person at MSHA, Office of 31 CFR Parts 1010 and 1020 comments, are electronically scanned
Standards, Regulations, and Variances, and placed there. Federal Register
RIN 1506–AB28
201 12th Street South, Arlington, notices published by FinCEN are
Virginia, between 9:00 a.m. and 5:00 Customer Identification Programs, searchable by docket number, RIN, or
p.m. Monday through Friday, except Anti-Money Laundering Programs, and document title, among other things, and
Federal Holidays. Sign in at the Beneficial Ownership Requirements the docket number, RIN, and title may
receptionist’s desk in Suite 4E401. for Banks Lacking a Federal Functional be found at the beginning of the notice.
Regulator In general, FinCEN will make all
Email Notification: To subscribe to comments publicly available by posting
receive an email notification when AGENCY: Financial Crimes Enforcement them on http://www.regulations.gov.
MSHA publishes rules in the Federal Network (‘‘FinCEN’’), Treasury. FOR FURTHER INFORMATION CONTACT: The
Register, go to http://www.msha.gov. ACTION: Notice of proposed rulemaking. FinCEN Resource Center at (800) 767–
FOR FURTHER INFORMATION CONTACT: 2825 or email frc@fincen.gov.
SUMMARY: FinCEN is issuing this
Sheila A. McConnell, Director, Office of proposed rule to implement section 326 SUPPLEMENTARY INFORMATION:
Standards, Regulations, and Variances, of the Uniting and Strengthening
MSHA, at mcconnell.sheila.a@dol.gov I. Background
America by Providing Appropriate
(email), 202–693–9440 (voice); or 202– Tools Required to Intercept and A. Statutory Provisions
693–9441 (facsimile). These are not toll- Obstruct Terrorism Act of 2001 and to FinCEN exercises regulatory functions
free numbers. remove the anti-money laundering primarily under the Currency and
SUPPLEMENTARY INFORMATION: On June 8, program exemption for banks that lack Financial Transactions Reporting Act of
2016 (81 FR 36826), MSHA published a a Federal functional regulator, 1970, as amended by the Uniting and
request for information on Exposure of including, but not limited to, private Strengthening America by Providing
Underground Miners to Diesel Exhaust. banks, non-federally insured credit Appropriate Tools Required to Intercept
unions, and certain trust companies. and Obstruct Terrorism Act of 2001
The request for information seeks input
The proposed rule would prescribe (‘‘USA PATRIOT Act’’) (Pub. L. 107–56)
from the public that will help MSHA
minimum standards for anti-money and other legislation. This legislative
evaluate the Agency’s existing standards laundering programs for banks without
and policy guidance on controlling framework is commonly referred to as
a Federal functional regulator to ensure the ‘‘Bank Secrecy Act’’ (‘‘BSA’’).1 The
miners’ exposures to diesel exhaust to that all banks, regardless of whether
evaluate the effectiveness of the Secretary of the Treasury (‘‘Secretary’’)
they are subject to Federal regulation has delegated to the Director of FinCEN
protection now in place to preserve and oversight, are required to establish the authority to implement, administer,
miners’ health. and implement anti-money laundering and enforce compliance with the BSA
On June 27, 2016, (81 FR 41486), programs, and would extend customer and associated regulations.2 Pursuant to
MSHA published a notice in the Federal identification program requirements and this authority, FinCEN may issue
Register announcing the dates and beneficial ownership requirements to regulations requiring financial
locations for four public meetings on the those banks not already subject to these institutions to keep records and file
request for information. MSHA held requirements. reports that ‘‘have a high degree of
meetings on July 19, 21, and 26 and DATES: Written comments may be usefulness in criminal, tax, or regulatory
August 4, 2016. In response to requests submitted to FinCEN on or before investigations or proceedings, or in the
from the public, MSHA is providing October 24, 2016. conduct of intelligence or
additional time for interested parties to ADDRESSES: You may submit comments, counterintelligence activities, including
comment. MSHA is extending the identified by Regulatory Identification analysis, to protect against international
comment period from September 6, Number (RIN) 1506–AB28, by any of the terrorism.’’ 3 Additionally, FinCEN is
2016, to November 30, 2016. following methods: authorized to impose anti-money
• Federal E-rulemaking Portal: http:// laundering (‘‘AML’’) program
Dated: August 17, 2016. requirements for financial institutions.4
www.regulations.gov. Follow the
Joseph A. Main, instructions for submitting comments. Section 352 of the USA PATRIOT Act
Assistant Secretary of Labor for Mine Safety Include 1506–AB28 in the submission. requires financial institutions to
and Health. Refer to Docket Number FINCEN–2014– establish AML programs that, at a
[FR Doc. 2016–20396 Filed 8–24–16; 8:45 am] 0004. minimum, include: (1) The
BILLING CODE 4520–43–P • Mail: Policy Division, Financial development of internal policies,
Crimes Enforcement Network, P.O. Box procedures, and controls; (2) the
39, Vienna, VA 22183. Include 1506– designation of a compliance officer; (3)
AB28 in the body of the text. Please an ongoing employee training program;
submit comments by one method only. and (4) an independent audit function
Comments submitted in response to this
Lhorne on DSK30JT082PROD with PROPOSALS
notice of proposed rulemaking 1 The BSA is codified at 12 U.S.C. 1829b, 12
(‘‘NPRM’’) will become a matter of U.S.C. 1951–1959, 31 U.S.C. 5311–5314 and 5316–
public record. Therefore, you should 5332, and notes thereto, with implementing
regulations at 31 CFR chapter X. See 31 CFR
submit only information that you wish 1010.100(e).
to make publicly available. 2 Treasury Order 180–01 (Jul. 1, 2014).
Inspection of comments: FinCEN uses 3 31 U.S.C. 5311.
the electronic, Internet-accessible 4 31 U.S.C. 5318(h).
VerDate Sep<11>2014 13:57 Aug 24, 2016 Jkt 238001 PO 00000 Frm 00013 Fmt 4702 Sfmt 4702 E:\FR\FM\25AUP1.SGM 25AUP1](https://thefederalregister.org/doc/81_FR_58590/page/1.svg)
![58426 Federal Register / Vol. 81, No. 165 / Thursday, August 25, 2016 / Proposed Rules
to test programs.5 Section 352 of the provided to the financial institution by laundering measures.12 In particular,
USA PATRIOT Act authorizes FinCEN, any government agency.8 These financial institutions must establish
in consultation with the ‘‘appropriate’’ programs are referred to as Customer appropriate, specific, and, where
Federal functional regulator (using the Identification Programs (‘‘CIPs’’). necessary, enhanced due diligence
definition of ‘‘Federal functional When prescribing CIP regulations for policies, procedures, and controls that
regulator’’ found in 15 U.S.C. 6809), to financial institutions that engage in are reasonably designed to enable the
prescribe minimum standards for AML financial institution to detect and report
financial activities described in Section
programs. In determining the instances of money laundering through
4(k) of the Bank Holding Company Act
appropriate scope and nature for this these accounts. In addition to the
of 1956, 12 U.S.C. 1843(k), FinCEN must
proposed rulemaking for financial general due diligence requirements,
institutions that are not directly prescribe such CIP regulations jointly
which apply to all correspondent
regulated by any Federal functional with the Federal functional regulator
accounts for non-U.S. persons, section
regulator under any definition of that (again using the definition of ‘‘Federal 5318(i)(2) specifies additional standards
term, FinCEN considered the Federal functional regulator’’ found in 15 U.S.C. for correspondent accounts maintained
functional regulators of similar 6809, but also including the CFTC) that for certain foreign banks. Section 5318(i)
institutions, including Federal bank is ‘‘appropriate’’ for the affected also sets forth minimum due diligence
supervisory authorities, the U.S. financial institutions.9 FinCEN requirements for private banking
Securities and Exchange Commission generally considers the Federal accounts for non-U.S. persons.
(‘‘SEC’’), and the Commodity Futures functional regulator—if any—that Specifically, a covered financial
Trading Commission (‘‘CFTC’’), to be actually regulates a financial institution institution must take reasonable steps to
‘‘appropriate’’ Federal functional to be the Federal functional regulator ascertain the identity of the nominal
regulators within the meaning of appropriate to promulgate regulations and beneficial owners of, and the source
Section 352. In preparing this rule, for such a financial institution.10 of funds deposited into, private banking
FinCEN consulted with these regulators Specifically with respect to CIP rules, accounts, as necessary to guard against
and in order to be certain of addressing FinCEN has maintained publicly since money laundering and to report
all important issues, it also consulted 2003 that, for a CIP rule that applies to suspicious transactions. The institution
with state bank supervisory authorities, institutions not directly regulated by must also conduct enhanced scrutiny of
and the Internal Revenue Service any Federal functional regulator under private banking accounts requested or
(‘‘IRS’’), which, to date, has been the any definition of that term, it is not maintained for, or on behalf of, senior
examining authority for all institutions ‘‘appropriate’’ for any Federal agency to foreign political figures (which includes
regulated by FinCEN that do not have a issue jointly such a CIP rule with family members or close associates).
Federal functional regulator. FinCEN, given that no Federal agency Enhanced scrutiny must be reasonably
When prescribing minimum has direct supervisory authority over designed to detect and report
standards for AML programs, FinCEN such financial institutions comparable transactions that may involve the
must ‘‘consider the extent to which the in its pervasiveness to the direct proceeds of foreign corruption.
requirements imposed [under section authority of the Federal functional
352 of the USA PATRIOT Act] are regulators over their regulated financial B. Regulatory Background
commensurate with the size, location, institutions.11 Consistent with these The following information describes
and activities of the financial long-held positions, FinCEN proposes to the effect of certain previous
institutions to which [the standards] issue the CIP rule set forth here under rulemakings on banks, and specifically
apply.’’ 6 In addition, FinCEN may its sole authority. on banks lacking a Federal functional
‘‘prescribe an appropriate exemption Section 312 of the USA PATRIOT Act regulator.
from a requirement [in the BSA] or requires each U.S. financial institution AML Program Requirements
regulations [issued under the BSA].’’ 7 that establishes, maintains, administers,
FinCEN used this authority in 2002 to Most banks became subject to an AML
or manages a correspondent account or program requirement pursuant to the
exempt temporarily certain financial a private banking account in the United
institutions identified in section 352 BSA with FinCEN’s issuance of an
States for a non-U.S. person to subject Interim Final Rule on April 29, 2002
from the requirement to establish an
such accounts to certain anti-money (the ‘‘Interim Final Rule’’).13 The
AML program.
Section 326 of the USA PATRIOT Act Interim Final Rule stated that an
8 31 U.S.C. 5318(l). See Joint Final Rule—
requires FinCEN to prescribe regulations institution regulated by a Federal
Customer Identification Programs for Banks,
that require financial institutions to Savings Associations, Credit Unions and Certain functional regulator ‘‘shall be deemed to
establish programs for account opening Non-Federally Regulated Banks, 68 FR 25103 (May satisfy the requirements of 31 U.S.C.
that, at a minimum, include: (1) 9, 2003) (‘‘The CIP must include procedures for
determining whether the customer appears on any 12 These requirements are set forth and cross
Verifying the identity of any person list of known or suspected terrorists or terrorist referenced in sections 1020.610 (cross-referencing
seeking to open an account, to the organizations issued by any Federal government to 31 CFR 1010.610) and 1020.620 (cross-
extent reasonable and practicable; (2) agency and designated as such by Treasury in referencing to 31 CFR 1010.620).
maintaining records of the information consultation with the Federal functional 13 See Interim Final Rule—Anti-Money
regulators.’’ To date, the Department of the Treasury
used to verify the person’s identity, has not designated any such list.).
Laundering Programs for Financial Institutions, 67
including name, address, and other FR 21110 (Apr. 29, 2002). Since 1987, all federally
9 31 U.S.C. 5318(l)(4). The financial institutions
insured depository institutions and credit unions
identifying information; and (3) subject to the CIP rule being proposed here engage have been required by their Federal regulators to
Lhorne on DSK30JT082PROD with PROPOSALS
determining whether the person appears in financial activities within the meaning of 12 have anti-money laundering programs ‘‘to assure
on any lists of known or suspected U.S.C. 1843(k), in particular lending money and and monitor compliance with the requirements of
providing financial advisory services. See 12 U.S.C. subchapter II of chapter 53 of title 31, United States
terrorists or terrorist organizations 1843(k)(4)(A) and (C). Code,’’ but until the passage of the USA PATRIOT
10 See, e.g., 31 CFR 1020.210(a).
Act the requirement to implement such programs
5 Id. 11 See Notice of Proposed Rulemaking—Customer did not arise under a specific provision of the Bank
6 Public Law 107–56, title III, Sec. 352(c), 115
Identification Programs for Certain Banks Lacking a Secrecy Act itself. See Final Rule—Procedures for
Stat. 322. Federal Functional Regulator, 68 FR 25163 (May 9, Monitoring Bank Secrecy Act Compliance, 52 FR
7 31 U.S.C. 5318(a)(6). 2003). 2858 (Jan. 27, 1987).
VerDate Sep<11>2014 13:57 Aug 24, 2016 Jkt 238001 PO 00000 Frm 00014 Fmt 4702 Sfmt 4702 E:\FR\FM\25AUP1.SGM 25AUP1](https://thefederalregister.org/doc/81_FR_58590/page/2.svg)
![Federal Register / Vol. 81, No. 165 / Thursday, August 25, 2016 / Proposed Rules 58427
5318(h)(1) if it implements and Despite being subject to the various and accordingly proposes these
maintains an [AML] program that BSA obligations detailed above, banks requirements in this notice.
complies with the regulation of its that lack a Federal functional regulator
C. Categories of Banks Lacking a Federal
Federal functional regulator governing have remained exempt from the AML
Functional Regulator
such programs.’’ 14 ‘‘Federal functional program requirement since the Interim
regulator’’ is defined at 31 CFR Final Rule. In contrast, FinCEN has FinCEN has identified the following
1010.100(r) to include each of the already eliminated the exemption and categories of banks that lack a Federal
Federal banking agencies, as well as the promulgated AML program rules for functional regulator and is interested in
SEC and the CFTC. other institutions that had been identifying additional categories of such
The Interim Final Rule also deferred exempted under the Interim Final Rule, entities. However, no discussion of such
AML program requirements for certain including insurance companies, certain entities should be thought to be
financial institutions, including ‘‘private loan or finance companies, and dealers exhaustive. This NPRM proposes that
bankers.’’ 15 On November 6, 2002, in precious metals, precious stones, or any entity that meets the definition of
FinCEN amended the Interim Final jewels. bank in 31 CFR 1010.100(d) would be
Rule.16 The amendment extended the required to establish an AML program.
deferral indefinitely,17 and included Customer Identification Program
Requirements State-Chartered Non-Depository Trust
within the deferral not only private
CIP requirements were finalized, Companies
bankers, but any bank ‘‘that is not
subject to regulation by a Federal through a joint final rule, for banks, State-chartered non-depository trust
functional regulator.’’ 18 savings associations, credit unions, and companies are generally smaller than
Although banks that lack a Federal certain non-Federally regulated banks depository (or federally regulated non-
functional regulator have not been on May 9, 2003. With this action, depository) trust companies, and often
required to establish an AML program, certain banks that lack a Federal provide estate planning and settlement
they are required to comply with many functional regulator, namely, private and trust administration on a regional
other BSA requirements. For example, banks, non-federally insured credit basis.24 Trust companies can provide
banks that lack a Federal functional unions and certain trust companies, services similar to investment advisory
regulator still must file currency were required to comply with CIP firms, including securities investment
transaction reports (‘‘CTRs’’) and requirements.21 On the same day, advisers, but are generally exempt from
suspicious activity reports (‘‘SARs’’), FinCEN published a notice of proposed registration as investment advisers with
and make and maintain certain rulemaking that would have imposed the SEC.25 Trust companies also may
records.19 In addition, banks that lack a CIP requirements on all other state- provide services to clients similar to the
Federal functional regulator must regulated banks without a Federal services offered by other financial
comply with 31 CFR 1010.630, which functional regulator that were not services firms. The number of state-
prohibits covered financial institutions included in the joint rule.22 This chartered non-depository trust
from maintaining correspondent rulemaking was never finalized. companies is difficult to determine;
accounts for foreign shell banks and however, according to data available
Beneficial Ownership Requirement
requires covered financial institutions to from state banking regulator Web sites,
obtain and retain information on the On May 11, 2016, FinCEN published there are upwards of 347 of these
ownership of foreign banks.20 a final rule (‘‘CDD Rule’’),23 to clarify entities.26
and strengthen customer due diligence
14 See 67 FR 21113. Since the time of the 2002 requirements for certain financial Non-Federally Insured Credit Unions
Interim Final Rule, FinCEN has reorganized its institutions, including federally Of the more than 6,273 credit unions
regulations under 31 CFR Chapter X. See Final regulated banks, requiring these nationwide, FinCEN understands that
Rule—Transfer and Reorganization of Bank Secrecy
Act Regulations, 75 FR 65806 (Oct. 26, 2010). The
financial institutions to identify and there are approximately 265 state-
cited AML program requirement can currently be verify the identity of the beneficial chartered credit unions that are not
found at 31 CFR 1020.210, with an added cross- owners of their legal entity customers, federally insured. Aside from their lack
reference to enhanced due diligence requirements subject to certain exclusions and
imposed by rulemakings later than the Interim Final
of a Federal functional regulator, these
Rule.
exemptions. The CDD Rule also amends credit unions generally are similar in
15 ‘‘Private banker’’ is included in the list of the AML program requirements for structure to federally insured credit
financial institutions in the BSA. 12 U.S.C. these financial institutions. For unions.27
5312(a)(2)(C). purposes of regulatory consistency,
16 See Amendment of Interim Final Rule—Anti-
FinCEN believes that it is appropriate Private Banks
Money Laundering Programs for Financial
Institutions, 67 FR 67547 (Nov. 6, 2002).
that these requirements should apply to A private bank is a bank chartered
17 See 31 CFR 1010.205(c). The deferral expires non-federally regulated banks as well, under state law that is owned by an
for a financial institution on the date the financial
institution otherwise must comply with a final rule to ‘‘federally insured credit unions,’’ and certain 24 Certain trust companies and banks offering
requiring the financial institution to establish an trust companies that are ‘‘federally regulated and trust services are subject to safety and soundness
AML program. subject to an anti-money laundering program regulation by one or more Federal banking agencies.
18 See 31 CFR 1010.205(b)(1)(vi) and (b)(2). requirement.’’ See 31 CFR 1010.605(e)(1); 31 CFR See, e.g., 12 U.S.C. 1813(a)(2), (l)(2), and (p); 12
19 See 31 CFR 1010.306–315 (CTRs); 31 CFR 1010.610 (correspondent accounts); 31 CFR U.S.C. 1817(i).
1020.320 (SAR rule for banks); 31 CFR 1010.410 1010.620 (private banking accounts). 25 See 15 U.S.C. 80b–2(a)(2) and (11)(A).
21 See Joint Final Rule—Customer Identification
(records to be made and retained by financial 26 We reviewed relevant information from the
institutions). Programs for Banks, Savings Associations, Credit Web sites of state banking departments to determine
Lhorne on DSK30JT082PROD with PROPOSALS
20 Private banks, trust companies, and credit Unions and Certain Non-Federally Regulated Banks, the estimated number. See http://www.csbs.org/
unions are ‘‘covered financial institutions’’ for 68 FR 25090 (May 9, 2003). See 31 CFR 1020.220. about/what/Pages/
22 See Notice of Proposed Rulemaking—Customer StateBankingDepartmentLinks.aspx.
purposes of 31 CFR 1010.630 and 31 CFR 1010.670,
regardless of whether the institutions have a Identification Programs for Certain Banks Lacking a 27 The statistics are based upon information
Federal functional Regulator. See 31 CFR Federal Functional Regulator, 68 FR 25163 (May 9, provided in 2013 by the National Association of
1010.605(e)(2). In contrast, rules requiring the 2003). State Credit Union Supervisors. Federally chartered
implementation of due diligence programs for 23 See Final Rules, Customer Due Diligence Rules credit unions are insured by the NCUA through the
correspondent accounts and private banking for Financial Institutions, 81 FR 29398 (May 11, National Credit Union Share Insurance Fund. See
accounts do not apply to private banks, apply only 2016). 12 U.S.C. 1781.
VerDate Sep<11>2014 13:57 Aug 24, 2016 Jkt 238001 PO 00000 Frm 00015 Fmt 4702 Sfmt 4702 E:\FR\FM\25AUP1.SGM 25AUP1](https://thefederalregister.org/doc/81_FR_58590/page/3.svg)
![58430 Federal Register / Vol. 81, No. 165 / Thursday, August 25, 2016 / Proposed Rules
striking the words ‘‘that is not subject to aspects of its AML program, however, training. The nature, scope, and
the regulations of a self-regulatory remains fully responsible for the frequency of training would depend
organization.’’ This proposed change effectiveness of the program, as well as upon the functions performed by
would appear in § 1020.210(a).40 ensuring that compliance examiners are employees.
Proposed new § 1020.210(b) would be able to obtain information and records Proposed § 1020.210(b)(1)(ii)(E)
titled: ‘‘Anti-money laundering program relating to the AML program. would require that the program include,
requirements for banks lacking a Federal Proposed § 1020.210(b)(1)(ii)(B) at a minimum, appropriate risk-based
functional regulator including, but not would require that the program provide procedures for conducting ongoing
limited to, private banks, non-federally for independent testing to monitor and customer due diligence, to include, but
insured credit unions, and certain trust maintain an adequate program. A party not be limited to, understanding the
companies.’’ New § 1020.210(b)(1) external to the bank, such as an outside nature and purpose of customer
would require banks that lack a Federal consultant or accountant, need not relationships for the purpose of
functional regulator to establish and perform the testing. The testing may be developing a customer risk profile; and
implement AML programs reasonably conducted by an officer, employee, or conducting ongoing monitoring to
designed to assure ongoing compliance group of employees, so long as the identify and report suspicious
with the Bank Secrecy Act. Section person or persons conducting the testing transactions and, on a risk basis, to
1020.210(b)(1)(ii)(E) would require are independent of the person or group maintain and update customer
compliance with due diligence of persons primarily responsible for information. For purposes of this
requirements for correspondent implementing the bank’s AML program. proposed paragraph, customer
accounts for foreign financial The frequency of independent testing information would include information
institutions (§ 1010.610) and for private will depend upon the risks posed.41 regarding the beneficial owners of legal
banking accounts (§ 1010.620), and new Any recommendations that result from entity customers (as defined in
§ 1020.210(b)(1) also would prescribe the independent testing should be § 1010.230). FinCEN views this not as a
the minimum standards necessary for an implemented promptly or reviewed by new requirement, but as an explicit
AML program. senior management. statement of the activities that are
With respect to minimum standards, Proposed § 1020.210(b)(1)(ii)(C) already required of covered financial
proposed § 1020.210(b)(1)(ii)(A) would would require that the bank designate a institutions in order to monitor for, and
require that the AML program include a person or persons who will be detect and report, suspicious
system of internal controls to assure responsible for coordinating and transactions.42
ongoing compliance with the BSA. As monitoring day-to-day compliance with Proposed § 1020.210(b)(2) would
part of implementing an AML program, the AML program. The bank may have require that an AML program be
FinCEN would expect banks that lack a one individual, or the bank may approved by the bank’s board of
Federal functional regulator to assess designate multiple individuals to directors or, if the bank does not have
the money laundering and terrorist perform the function as a group. The a board of directors, an equivalent
financing risks that are associated with person or persons should be competent function within the bank. Additionally,
their products, customers, distribution and knowledgeable regarding BSA a bank would be required to make a
channels, and geographic locations. An requirements and money laundering copy of its AML program available to
assessment of customer-related issues and risks, and should be FinCEN or its designee upon request.43
information is a key component to a empowered with full responsibility and D. CIP Requirements
robust AML program, and banks must authority to develop and enforce
ensure that they obtain all the Currently, the title reads: Section
appropriate policies and procedures. 1020.220, ‘‘Customer identification
information necessary for their AML The role of this function is to ensure
program requirements. For purposes of programs for banks, savings
that the program is implemented associations, credit unions, and certain
making the required risk assessment, effectively and updated as necessary.
banks have discretion to determine how non-Federally regulated banks.’’ With
Proposed § 1020.210(b)(1)(ii)(D) the proposed change, the title would
best to collect the relevant customer would require that the program provide
information. FinCEN does not anticipate read: ‘‘Customer identification program
for training of appropriate persons. requirements for banks.’’ This proposed
that this requirement will entail Employee training is an integral part of
obtaining information not already change recognizes that going forward
any AML program. In order to carry out CIP requirements would apply to all
obtained in the ordinary course of their responsibilities effectively,
business. Policies, procedures, and banks.
employees must be trained in The proposed changes would also
internal controls also must be requirements under the BSA and money delete an unnecessary reference in
reasonably designed to ensure laundering risks generally, as well as the § 1020.220 that stipulates that credit
compliance with BSA requirements. internal policies and procedures of the unions, private banks, and trust
Banks may conduct some of their institution, so that red flags can be companies without a Federal functional
operations through agents and third- identified. Such training may be regulator must seek board approval for
party service providers. Some elements conducted by third parties or in-house, their CIPs. With finalization of this
of the compliance program may best be and may include computer-based proposal, banks lacking a Federal
performed by personnel of these training. Employees should receive functional regulator would be required
entities, in which case it is permissible periodic updates and refreshers to such to implement a written AML program
for banks to contract with such entities
approved by their boards of directors.
Lhorne on DSK30JT082PROD with PROPOSALS
to assist them with implementation and 41 See The Federal Financial Institutions
Since CIP would be part of their AML
operation of those aspects of its AML Examination Council, Bank Secrecy Act/Anti-
program. Any bank that contracts with Money Laundering Examination Manual, at 30
42 For a description of what is required by this
(2014) available at https://www.ffiec.gov/bsa_aml_
an agent or third party to assist with infobase/documents/BSA_AML_Man_2014_v2.pdf new provision in the AML program rule for banks,
(‘‘[A] sound practice is for the bank to conduct see CDD Rule, 81 FR 29398, 29419–29421.
40 The regulation text set forth is the text as independent testing generally every 12 to 18 43 An agency with authority delegated by FinCEN
amended by the CDD Rule, which is effective July months, commensurate with the BSA/AML risk to examine the bank for compliance with the BSA
11, 2016 and applicable on and after May 11, 2018. profile of the bank.’’). would qualify as a designee of FinCEN.
VerDate Sep<11>2014 13:57 Aug 24, 2016 Jkt 238001 PO 00000 Frm 00018 Fmt 4702 Sfmt 4702 E:\FR\FM\25AUP1.SGM 25AUP1](https://thefederalregister.org/doc/81_FR_58590/page/6.svg)
![Federal Register / Vol. 81, No. 165 / Thursday, August 25, 2016 / Proposed Rules 58433
VII. Paperwork Reduction Act Questions for comment: (1) Whether The revision reads as follows:
The collection of information the collection of information is
necessary for the proper performance of § 1010.605 Definitions.
contained in this proposed rule is being * * * * *
submitted to the Office of Management FinCEN’s mission, including whether
the information will have practical (e) * * *
and Budget for review in accordance (i) A bank required to have an anti-
with the Paperwork Reduction Act of utility; (2) Whether FinCEN’s estimate
of the burden of the collection of money laundering compliance program
1995 (44 U.S.C. 3507(d)). Comments on under the regulations implementing 31
the collection of information should be information is accurate; (3) What are
ways to enhance the quality, utility, and U.S.C. 5318(h), 12 U.S.C. 1818(s), or 12
sent (preferably by fax (202–395–6974)) U.S.C. 1786(q)(1);
to the Desk Officer for the Department clarity of the information to be
collected; (4) What are ways to * * * * *
of the Treasury, Office of Information
and Regulatory Affairs, Office of minimize the burden of the collection of
information, including through the use PART 1020—RULE FOR BANKS
Management and Budget, Paperwork
Reduction Project (1506), Washington, of automated collection techniques or ■ 4. The authority citation for part 1020
DC 20503, or by the Internet to OIRA_ other forms of information technology; continues to read as follows:
submission@omb.eop.gov, with a copy (5) What are the estimates of capital or
Authority: 12 U.S.C. 1829b and 1951–
to FinCEN by mail or the Internet. start-up costs to implement and then
1959; 31 U.S.C. 5311–5314 and 5316–5332;
Comments on the collection of maintain an AML program; (6) How title III, sec. 314, Public Law 107–56, 115
information should be received by many banks that lack a Federal Stat. 307.
October 24, 2016. functional regulator are considered
‘‘small businesses’’ because the entities § 1020.100 [Amended]
An agency may not conduct or
sponsor, and a person is not required to have less than $550 million in total ■ 5. Section 1020.100 is amended by:
respond to, a collection of information assets; (7) What is the average number ■ a. Removing paragraphs (b) and (d);
subject to the Paperwork Reduction Act of employees or the average total annual and
salary expense for banks that lack a ■ b. Redesignating paragraph (c) as
unless it displays a valid control
number assigned by the Office of Federal functional regulator; and (8) paragraph (b).
What is the average number of ■ 6. Section 1020.210 is revised to read
Management and Budget.
The collection of information in the employees dedicated to bank regulation as follows:
proposed rule would be codified at 31 compliance.
§ 1020.210 Anti-money laundering
CFR 1020.210, 1020.220, and 1020.230. List of Subjects in 31 CFR Parts 1010 program requirements for banks.
The information will be used by and 1020 (a) Anti-money laundering program
examining agencies to verify requirements for banks regulated only
compliance with these provisions. The Administrative practice and
procedure, Banks, banking, Brokers, by a Federal functional regulator,
collection of information is mandatory. including banks, savings associations,
Records required to be retained under Currency, Foreign banking, Foreign
currencies, Gambling, Investigations, and credit unions. A bank regulated by
the BSA must be retained for five years. a Federal functional regulator shall be
Description of Recordkeepers: Banks Penalties, Reporting and recordkeeping
requirements, Securities, Terrorism. deemed to satisfy the requirements of 31
without a Federal functional regulator, U.S.C. 5318(h)(1) if it implements and
as defined in 31 CFR 1020.210 and Authority and Issuance maintains an anti-money laundering
1020.220. program that:
For the reasons set forth in the
Estimated Number of Affected (1) Complies with the requirements of
preamble, parts 1010 and 1020 of
Institutions: 1,151. §§ 1010.610 and 1010.620 of this
chapter X of title 31 of the Code of
Estimated Average Annual Burden chapter;
Federal Regulations are proposed to be
Hours per Recordkeeper: Since this is a (2) Includes, at a minimum:
amended as follows:
new requirement, the estimated average (i) A system of internal controls to
burden associated with the PART 1010—GENERAL PROVISIONS assure ongoing compliance;
recordkeeping requirement in this (ii) Independent testing for
proposed rule is 40 hours for ■ 1. The authority citation for part 1010 compliance to be conducted by bank
development of a written program, and continues to read as follows: personnel or by an outside party;
following the initial development, the Authority: 12 U.S.C. 1829b and 1951–1959; (iii) Designation of an individual or
program must be reviewed on an annual 31 U.S.C. 5311–5314 and 5316–5332; title III, individuals responsible for coordinating
basis, to include a one (1) hour per year sec. 314, Public Law 107–56, 115 Stat. 307. and monitoring day-to-day compliance;
burden recognized for annual (iv) Training for appropriate
maintenance and update. § 1010.205 [Amended] personnel; and
Estimated Total Annual Reporting ■ 2. Section 1010.205 is amended by: (v) Appropriate risk-based procedures
Burden: 46,040 hours. ■ a. Removing paragraph (b)(1)(vi); for conducting ongoing customer due
This burden will be added to the ■ b. Redesignating paragraphs (b)(1)(vii) diligence, to include, but not be limited
existing burden listed under OMB through (ix) as paragraphs (b)(1)(vi) to:
Control Number 1506–0035 currently through (viii); and (A) Understanding the nature and
titled AML Programs for insurance ■ c. Removing and reserving paragraph purpose of customer relationships for
companies and loan and finance (b)(2) and removing paragraph (b)(3). the purpose of developing a customer
Lhorne on DSK30JT082PROD with PROPOSALS
companies. The new title for this ■ 3. Section 1010.605 is amended by: risk profile; and
control number will be AML Programs ■ a. Revising paragraph (e)(1)(i) (B) Conducting ongoing monitoring to
for insurance companies, and ■ b. Removing paragraphs through identify and report suspicious
residential mortgage lenders and (e)(1)(ii) through (vii); and transactions and, on a risk basis, to
originators, and banks that lack a ■ b. Redesignating paragraphs maintain and update customer
Federal functional regulator. The new (e)(1)(viii) through (x) as paragraphs information. For purposes of this
total burden will be 140,240 hours. (e)(1)(ii) through (iv). paragraph, customer information shall
VerDate Sep<11>2014 13:57 Aug 24, 2016 Jkt 238001 PO 00000 Frm 00021 Fmt 4702 Sfmt 4702 E:\FR\FM\25AUP1.SGM 25AUP1](https://thefederalregister.org/doc/81_FR_58590/page/9.svg)
![58434 Federal Register / Vol. 81, No. 165 / Thursday, August 25, 2016 / Proposed Rules
include information regarding the laundering compliance program under submissions (audio, video, etc.) must be
beneficial owners of legal entity the regulations implementing 31 U.S.C. accompanied by a written comment.
customers (as defined in § 1010.230); 5318(h), 12 U.S.C. 1818(s), or 12 U.S.C. The written comment is considered the
and 1786(q)(1) must implement a written official comment and should include
(3) Complies with the regulation of its Customer Identification Program (CIP) discussion of all points you wish to
Federal functional regulator governing appropriate for its size and type of make. The EPA will generally not
such programs. business that, at a minimum, includes consider comments or comment
(b) Anti-money laundering program each of the requirements of paragraphs contents located outside of the primary
requirements for banks lacking a (a)(1) through (5) of this section. The submission (i.e., on the Web, cloud, or
Federal functional regulator including, CIP must be a part of the anti-money other file sharing system). For
but not limited to, private banks, non- laundering compliance program. additional submission methods, the full
federally insured credit unions, and * * * * * EPA public comment policy,
certain trust companies. (1) A bank information about CBI or multimedia
lacking a Federal functional regulator Jamal El-Hindi, submissions, and general guidance on
shall be deemed to satisfy the Acting Director, Financial Crimes making effective comments, please visit
requirements of 31 U.S.C. 5318(h)(1) if Enforcement Network. http://www2.epa.gov/dockets/
the bank establishes and maintains a [FR Doc. 2016–20219 Filed 8–24–16; 8:45 am] commenting-epa-dockets.
written anti-money laundering program BILLING CODE 4810–02–P FOR FURTHER INFORMATION CONTACT:
that: Chris Dresser, Air Program, U.S.
(i) Complies with the requirements of Environmental Protection Agency,
§§ 1010.610 and 1010.620 of this ENVIRONMENTAL PROTECTION Region 8, Mail Code 8P–AR, 1595
chapter; and AGENCY Wynkoop Street, Denver, Colorado
(ii) Includes, at a minimum: 80202–1129, (303) 312–6385,
(A) A system of internal controls to 40 CFR Part 52 dresser.chris@epa.gov.
assure ongoing compliance with the
[EPA–R08–OAR–2016–0377; FRL–9951–33– SUPPLEMENTARY INFORMATION: In the
Bank Secrecy Act and the regulations
Region 8] ‘‘Rules and Regulations’’ section of this
set forth in 31 CFR chapter X;
(B) Independent testing for Federal Register, the EPA is approving
Approval and Promulgation of Air the State’s SIP revision as a direct final
compliance to be conducted by bank Quality Implementation Plans; State of
personnel or by an outside party; rule without prior proposal because the
Wyoming; Emission Inventory Rule for agency views this as a noncontroversial
(C) Designation of an individual or 2008 Ozone NAAQS and Revisions to
individuals responsible for coordinating SIP revision and anticipates no adverse
Incorporation by Reference comments. A detailed rationale for the
and monitoring day-to-day compliance;
(D) Training for appropriate AGENCY: Environmental Protection approval is set forth in the preamble to
personnel; and Agency (EPA). the direct final rule.
(E) Appropriate risk-based procedures If the EPA receives no adverse
ACTION: Proposed rule.
for conducting ongoing customer due comments, the EPA will not take further
diligence, to include, but not be limited SUMMARY: The Environmental Protection action on this proposed rule. If the EPA
to: Agency (EPA) is proposing to approve receives adverse comments, the EPA
(1) Understanding the nature and State Implementation Plan (SIP) will withdraw the direct final rule and
purpose of customer relationships for revisions submitted by the State of it will not take effect. The EPA will
the purpose of developing a customer Wyoming on July 1, 2014. The submittal address all public comments in a
risk profile; and requests SIP revisions to the State’s subsequent final rule based on this
(2) Conducting ongoing monitoring to Incorporation by reference section as proposed rule.
identify and report suspicious well as an administrative change in The EPA will not institute a second
transactions and, on a risk basis, to section numbering. The SIP also comment period on this action. Any
maintain and update customer includes the addition of a section parties interested in commenting must
information. For purposes of this establishing requirements for the do so at this time. For further
paragraph, customer information shall submittal of emission inventories from information, please see the ADDRESSES
include information regarding the facilities or sources located in an ozone section of this notice.
beneficial owners of legal entity nonattainment area. Please note that if the EPA receives
customers (as defined in § 1010.230). adverse comment on an amendment,
DATES: Written comments must be
(2) The program must be approved by paragraph, or section of this rule and if
received on or before September 26, that provision may be severed from the
the board of directors or, if the bank 2016.
does not have a board of directors, an remainder of the rule, the EPA may
equivalent governing body within the ADDRESSES: Submit your comments, adopt as final those provisions of the
bank. The bank shall make a copy of its identified by Docket ID No. EPA–R08– rule that are not the subject of an
anti-money laundering program OAR–2016–0377, at http:// adverse comment. See the information
available to the Financial Crimes www.regulations.gov. Follow the online provided in the Direct Final action of
Enforcement Network or its designee instructions for submitting comments. the same title which is located in the
upon request. Once submitted, comments cannot be Rules and Regulations Section of this
edited or removed from regulations.gov. Federal Register.
Lhorne on DSK30JT082PROD with PROPOSALS
■ 7. Amend § 1020.220 by revising the
section heading and paragraph (a)(1) to The EPA may publish any comment Authority: 42 U.S.C. 7401 et seq.
read as follows: received to its public docket. Do not
submit electronically any information Dated: August 11, 2016.
§ 1020.220 Customer identification you consider to be Confidential Debra Thomas,
program requirements for banks. Business Information (CBI) or other Deputy Regional Administrator, Region 8.
(a) * * * (1) In general. A bank information whose disclosure is [FR Doc. 2016–20316 Filed 8–24–16; 8:45 am]
required to have an anti-money restricted by statute. Multimedia BILLING CODE 6560–50–P
VerDate Sep<11>2014 13:57 Aug 24, 2016 Jkt 238001 PO 00000 Frm 00022 Fmt 4702 Sfmt 9990 E:\FR\FM\25AUP1.SGM 25AUP1](https://thefederalregister.org/doc/81_FR_58590/page/10.svg)
Document Created: 2016-08-25 00:34:47
Document Modified: 2016-08-25 00:34:47
| Category | Regulatory Information | |
| Collection | Federal Register | |
| sudoc Class | AE 2.7: GS 4.107: AE 2.106: | |
| Publisher | Office of the Federal Register, National Archives and Records Administration | |
| Section | Proposed Rules | |
| Action | Notice of proposed rulemaking. | |
| Dates | Written comments may be submitted to FinCEN on or before October 24, 2016. | |
| Contact | The FinCEN Resource Center at (800) 767-2825 or email [email protected] | |
| FR Citation | 81 FR 58425 | |
| RIN Number | 1506-AB28 | |
| CFR Citation | 31
CFR
1010 31 CFR 1020 | |
| CFR Associated | Administrative Practice and Procedure; Banks; Banking; Brokers; Currency; Foreign Banking; Foreign Currencies; Gambling; Investigations; Penalties; Reporting and Recordkeeping Requirements; Securities and Terrorism |
2025 Federal Register | Disclaimer | Privacy Policy
USC | CFR | eCFR