The Bank Secrecy Act (BSA) and Anti-Money Laundering (AML) requirements for customer and enhanced due diligence are the cornerstone of a strong BSA/AML compliance program. Customer due diligence procedures are critical to your institution to aid in detecting and reporting unusual or suspicious transactions that potentially expose your institution to financial loss, increased expenses, or reputation risk; avoiding criminal exposure from persons who use or attempt to use your institution’s products and services for illicit purposes; and adhering to safe and sound banking practices. There are high-risk customers your institution may be more familiar with, such as cash intensive businesses, nonresident aliens, foreign individuals, politically exposed persons (PEPs), and money service businesses (MSBs); however, there are also other high-risk customers to consider, such as nonbank financial institutions (NBFIs), professional service providers (PSPs), and nongovernmental organizations (NGOs).
NBFIs are institutions other than banks that offer financial services. While this also includes MSBs, other entities such as insurance companies, loan or finance companies, and pawn brokers are also considered NBFIs. According to the Federal Financial Institutions Examination Council’s (FFIEC’s) BSA/AML Examination Manual, neither the Financial Crimes Enforcement Network (FinCEN) nor the federal banking agencies expect financial institutions to serve as the de facto regulators of any NBFI industry or individual NBFI customer. While institutions are expected to manage risk associated with accounts, they are generally not held accountable for their customers’ compliance with the BSA and other applicable federal and state laws and regulations; however, the regulatory expectation is that financial institutions have systems in place to identity NBFIs and conduct the appropriate due diligence based on the risk level of the customer.
NBFIs may serve a wide range of customers and vary in the products and services they offer; therefore, some may be higher risk than others. Higher-risk NBFIs may include those that require little or no identification from their customers, have little or inconsistent recordkeeping for transactions conducted by their customers, or offer multiple high-risk products or services such as funds transfers, prepaid access sales, or payday lending. In addition, NBFIs may not have proper state or federal registration or licensing to operate their business.
PSPs act as an intermediary between their clients and your financial institution. They may include lawyers, accountants, investment brokers, and other third parties that act as financial liaisons for their clients. Your financial institution typically does not have a direct relationship with or knowledge of the beneficial owners of the accounts. For example, an attorney may perform services for a client or arrange for services to be performed on the client’s behalf, such as the settlement of real estate transactions, asset transfers, management of client monies, investment services, and trust arrangements.
As with any account that presents third-party risk, your financial institution could be more vulnerable to potential money laundering abuse such as laundering illicit currency, structuring currency deposits and withdrawals, and opening any third-party account for the primary purpose of masking the underlying client’s identity.
NGOs are private nonprofit organizations that pursue activities intended to serve the public good and are typically dependent, in whole or in part, on charitable donations and voluntary service for support. In addition to charities, NGOs include churches, professional associations, research institutes, and lobby groups.
The flow of funds both in and out of customers’ accounts can be complex, which may make them subject to money laundering, as well as terrorist activity. A potential high-risk NGO is a church that wires monies to a high-risk country to fund a missionary. Whereas a low-risk NGO may be a church that uses funds within the local community.
Understanding and Monitoring Customer Risk
In order to understand the customer risk, your financial institution should determine at the time of account opening the locations and markets served by the customer, anticipated account activity, and the purpose of the account. For NBFIs, you should also determine the types of products and services they offer.
In addition, your institution should have policies, procedures, and processes in place to identify high-risk customer relationships, assess the risks of these relationships, conduct ongoing due diligence, and ensure customers are appropriately considered for suspicious activity monitoring and reporting. Your institution’s resources should be directed to the appropriate customer accounts that pose a more significant money laundering risk, and enhanced due diligence should be performed on these customers.
Enhanced due diligence may include but is not limited to the following:
- Periodically monitoring the account activity to ensure it is consistent with expectations.
- Conducting on-site visits.
- Reporting suspicious activity, if applicable.
- For high-risk NGOs, also:
- Evaluating the principals of the organization.
- Obtaining and reviewing the financial statements and audits.
- Verifying the source and use of funds.
- Evaluating who are large contributors or grantors.
- Conducting reference checks.
The objective of due diligence and enhanced due diligence is to enable your financial institution to confidently predict the types of transactions the customer will conduct within their account(s). By understanding what would be the typical transactions for the customer, your institution should be able to determine whether potentially suspicious activity is being conducted by the customer. The adoption and implementation of comprehensive due diligence policies, procedures, and processes is important, especially for higher-risk customers.