What is Bank Secrecy Act?
Bank Secrecy Act (BSA) refers to the laws that require financial institutions to assist the US government in preventing, detecting and reporting money laundering, terrorist financing, and financial crimes.
BSA regulations require financial institutions to monitor its transactions to detect and report suspicious activities, maintain a customer information program, perform due diligence on clients, report certain cash transactions, file certain reports, develop a BSA compliance program, and other requirements. Due to the strong focus on preventing money laundering BSA is also referred to as the Anti-Money Laundering (AML) law or as BSA/AML.
Financial Crimes Enforcement Network (FinCEN), a bureau within the U.S. Department of Treasury, has the authority to promulgate and interpret the regulations implementing Bank Secrecy Act. Violations of BSA may attract enforcement actions from FinCEN.
BSA Applies to Mortgage Lenders, Brokers, and Originators
Mortgage lenders, mortgage brokers, and loan originations are required to comply. FinCEN issued new regulations in 2012 to require the residential mortgage brokers and mortgage companies to be covered under the BSA requirements. The 2012 rules are effective from April 16, 2012 having the compliance date of August 13, 2012. The rules were based on FinCEN's interpretation that the BSA definition of Financial Institution includes loan or finance companies. Accordingly, the definition is now covers residential mortgage brokers and mortgage companies.
Core Pillars of BSA Compliance Program
There are five core pillars of a BSA Compliance Program:
- Designated BSA Officer: The Board of Directors must designate a full time person as a BSA Officer that is responsible for designing and implementing the BSA Compliance program. An implied expectation is that the Board exercises oversight over the BSA Officer by approving the BSA compliance program, requiring periodic reporting and updates, creating a direct path for escalation, and ensuring adequate resources are provided to the BSA Officer to fulfill the requirements of the program.
- Internal Controls: BSA Program must be implemented through well-developed policies, procedures, and controls that are commensurate to the size and complexity of the organization. Controls must address areas such as implementation of an interdiction software to monitor and identify suspicious activities, timely reporting of BSA reports, adequate customer due diligence program, and periodic BSA risk assessments.
- Training: Adequate employee training ensures the staff at different levels has the knowledge and skills to carry out their responsibilities under the BSA program. Some employees will receive elementary training to ensure they know how to respond to suspicious activities. Training for tellers is targeted to identifying red flags related to money laundering and knowing how to identify transactions that require filing Currency Transaction Reports. BSA Compliance would receive more detailed training.
- Independent Testing: The processes and controls within the BSA Compliance program must be subject to independent testing. The testing should be performed, at least, annually. It may be performed by Internal Audit, by an external third party, or another function that is independent of the operations.
- Beneficial Ownership: This is the newest pillar for the BSA program which requires the organizations to ensure they are verifying the true beneficial owners for every customer that is a legal entity. Beneficial owners are the individuals (natural persons) that ultimately own the legal entity. Legal entity customers include corporations, limited liability companies, partnerships, trusts, and other customers that are not a natural person. This pillar aims to reduce the anonymity present in the entities involved in the financial transactions. This pillar is required as per the new Customer Due Diligence Requirements for Financial Institutions rule (81 FR 29397) published by FiNCEN. The rule was published on May 11, 2016 and requires covered financial institutions to comply by May 11, 2018.
Financial institutions are required to file various reports under BSA such as:
- Currency Transaction Report (CTR): To report cash transactions exceeding an aggregate of $10,000 per day. CTR is FinCEN Report 112.
- Suspicious Activity Report (SAR): To report suspicious activities that indicates potential money laundering, terrorist financing or other crimes. SAR is FinCEN Report 111.
- Report of Foreign Bank and Financial Accounts (FBAR): To report foreign bank and financial accounts if the aggregate value of the foreign financial accounts exceeds $10,000 at any time during the calendar year. FBAR is FinCEN Report 114.
- Designation of Exempt Person (DOEP) Report: For Banks to request exemptions for certain customers from CTR filing requirements. DOEP is FinCEN Report 110.
BSA reports are filed electronically using FinCEN's BSA E-Filing System.
Statues comprising of BSA
The set of laws that are commonly referred to as BSA are listed below.
- 31 USC 5311-5314
- 12 U.S.C. 1829
- 12 U.S.C. 1951-1959
- Federal Crime of Money Laundering - Title 18, U.S. Code, Crimes and Criminal Procedure
- Federal Crime of Operating an Unlicensed or Unregistered Money Transmitting Business - Title 18 U.S. Code, Crimes and Criminal Procedure
Below are set of key regulations promulgated by various regulatory agencies. The list is not intended to be complete list of all BSA/AML related applicable regulations and/or guidances.
FinCEN has the authority to promulgate and interpret the regulations implementing Bank Secrecy Act. The regulations are codified in the Code of Federal Regulations under the treasury regulations from 31 CFR 1000 to 31 CFR 1099. The key sections of the regulation that are applicable to mortgage lending are:
- 31 CFR 1010: These regulations contain the general provisions applicable to all financial institutions.
- 31 CFR 1020: These regulations contain the rules for Banks.
- 31 CFR 1029: These regulations contain rules for loan or finance companies. Independent mortgage firms that are not banks are covered under these provisions.
31 CFR 1030: These rules apply to the entities supervised by Federal Housing Finance Agency (FHFA), which include:
- The Federal National Mortgage Association
- The Federal Home Loan Mortgage Corporation
- Federal Home Loan Banks
Other parts of 31 CFR 1000 to 31 CFR 1099 applies to other financial institutions such as broker dealers or dealers in securities, money service businesses, casinos and card clubs, and credit card systems.
Banking agencies have promulgated various regulations that require depository institutions to follow the BSA rules. These regulations include:
Federal Reserve Bank
Office of the Comptroller of the Currency
Federal Deposit Insurance Corporation