An anti-money laundering (AML) compliance manual for a money services business (MSB) focused on cross-border payments in the US should include the following elements:
- Introduction: This section should provide an overview of the purpose and scope of the manual, including the legal and regulatory framework for AML compliance in the US. It should also outline the roles and responsibilities of staff members in implementing and maintaining the AML program.
- Risk assessment: This section should describe how the MSB identifies, assesses, and monitors risks associated with money laundering and terrorist financing. It should outline the process for identifying high-risk customers, products, and countries, as well as the procedures for conducting ongoing risk assessments.
- Customer due diligence (CDD): This section should outline the requirements for conducting CDD on new and existing customers, including the types of information and documents that must be collected and verified. It should also describe the process for identifying and verifying beneficial owners and politically exposed persons (PEPs).
- Suspicious activity reporting (SAR): This section should describe the procedures for detecting, reporting, and investigating suspicious activity, including the use of transaction monitoring systems and the process for filing SARs with the Financial Crimes Enforcement Network (FinCEN).
- Internal controls and recordkeeping: This section should outline the internal controls and procedures that the MSB has in place to prevent money laundering and terrorist financing, including policies and procedures for detecting and preventing suspicious activity. It should also describe the recordkeeping requirements for financial transactions and customer information.
- Training and employee compliance: This section should describe the training programs in place to educate staff members about AML compliance and the procedures for ensuring that all employees are aware of and adhere to the AML program.
- Independent testing and audits: This section should outline the procedures for conducting independent testing and audits of the MSB’s AML program to ensure that it is effective and compliant with relevant regulations.
- Appendices: This section should include any additional information or documents relevant to the AML program, such as sample policies and procedures, training materials, and risk assessment tools.
- Transaction monitoring: This section should describe the procedures for monitoring financial transactions for suspicious activity, including the use of transaction monitoring systems and the process for reviewing alerts and conducting investigations. It should also outline the procedures for documenting and reporting suspicious activity to the appropriate authorities.
- Sanctions screening: This section should describe the procedures for screening transactions and customers against lists of sanctioned individuals and entities, such as the Office of Foreign Assets Control (OFAC) list. It should outline the process for blocking or rejecting transactions that involve sanctioned parties and for reporting such transactions to the appropriate authorities.
- Third-party relationships: This section should describe the due diligence process for evaluating and managing relationships with third parties, such as agents, correspondents, and foreign partners. It should outline the procedures for conducting risk assessments and performing CDD on such parties, as well as the process for monitoring their activities for suspicious activity.
- Correspondent banking: This section should describe the procedures for establishing and maintaining correspondent banking relationships, including the process for conducting due diligence on foreign banks and the procedures for monitoring transactions for suspicious activity.
- Cross-border payments: This section should outline the specific procedures and controls in place for processing cross-border payments, including the process for verifying the identity of the sender and recipient, identifying the purpose of the payment, and ensuring compliance with OFAC regulations.
- Reporting and recordkeeping: This section should describe the reporting and recordkeeping requirements for financial transactions and customer information, including the types of records that must be maintained and the retention periods. It should also outline the process for producing records to regulatory authorities upon request.
- Changes to the AML program: This section should describe the process for updating and revising the AML program in response to changes in the regulatory environment or the MSB’s business operations. It should outline the procedures for ensuring that staff members are aware of and trained on any changes to the program.
- Customer identification program (CIP): This section should describe the CIP requirements for verifying the identity of customers and beneficial owners, including the types of documentation that must be collected and the process for verifying identity. It should also outline the procedures for identifying and verifying PEPs and high-risk customers.
- Enhanced due diligence (EDD): This section should describe the circumstances under which EDD is required, such as when dealing with high-risk customers or countries, and outline the procedures for conducting EDD on such customers.
- Fraud prevention: This section should describe the procedures for detecting and preventing fraud, including the use of fraud detection systems and the process for reporting and investigating fraudulent activity.
- Compliance with anti-terrorism financing laws: This section should outline the MSB’s obligations under anti-terrorism financing laws and describe the procedures for complying with these laws, including the process for identifying and reporting terrorist financing activity.
- Compliance with other legal and regulatory requirements: This section should outline the MSB’s obligations under other relevant laws and regulations, such as the Bank Secrecy Act (BSA) and the Fair Housing Act, and describe the procedures for complying with these requirements.
- Compliance officer: This section should describe the responsibilities and duties of the AML compliance officer, including the process for reporting to senior management and the board of directors. It should also outline the process for reviewing and updating the AML program, including risk assessments and the implementation of controls and procedures.
- Compliance committee: This section should describe the role and responsibilities of the compliance committee, if one is established, including the process for reviewing and approving changes to the AML program. It should also outline the process for conducting independent testing and audits of the AML program.
- Internal reporting and escalation: This section should describe the process for reporting potential AML compliance issues or concerns internally, including the procedures for escalating such issues to senior management or the compliance officer. It should also outline the process for conducting internal investigations and remedial actions as necessary.
- External reporting: This section should describe the process for reporting potential AML compliance issues or concerns to regulatory authorities, such as FinCEN or the Consumer Financial Protection Bureau (CFPB). It should outline the procedures for cooperating with regulatory examinations and investigations.
- Policies and procedures: This section should include copies of relevant AML policies and procedures, such as the CIP policy, SAR policy, and transaction monitoring policy. It may also be helpful to include sample forms and templates for use in implementing the AML program.
- Business continuity and disaster recovery: This section should describe the procedures in place to ensure the continuity of the MSB’s operations in the event of a disaster or disruption, such as a natural disaster or cyber attack. It should outline the process for maintaining critical systems and data and for communicating with staff and customers during an emergency.
- Data protection and privacy: This section should describe the measures in place to protect customer data and personal information, including the use of encryption and other security technologies. It should outline the procedures for complying with data protection and privacy laws, such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
- Cybersecurity: This section should describe the measures in place to protect the MSB’s systems and data from cyber threats, such as the use of firewalls and antivirus software. It should outline the process for responding to cyber incidents and the procedures for training staff on cyber hygiene.
- Physical security: This section should describe the measures in place to protect the MSB’s physical assets and facilities, such as the use of security cameras and access controls. It should outline the procedures for responding to security breaches and incidents.
- Marketing and advertising: This section should describe the requirements for marketing and advertising the MSB’s products and services, including the process for ensuring that such materials are compliant with AML laws and regulations. It should outline the procedures for reviewing and approving marketing materials before they are disseminated.
- Outsourcing and vendor management: This section should describe the procedures for managing relationships with third-party vendors and service providers, including the process for conducting due diligence on such parties and the procedures for monitoring their activities for compliance with AML laws and regulations.
- Financial crime reporting and analysis: This section should describe the process for collecting, analyzing, and reporting financial crime data, including the use of data analytics and visualization tools. It should outline the procedures for identifying trends and patterns that may indicate money laundering or terrorist financing activity.
- Compliance with foreign laws and regulations: This section should describe the procedures for complying with foreign laws and regulations when conducting business in other countries, including the process for conducting due diligence on foreign partners and the procedures for monitoring transactions for compliance with foreign AML laws.
- FinCEN 314(a) and 314(b): This section should describe the requirements for participating in the FinCEN 314(a) and 314(b) programs, which allow financial institutions to share information about customers and beneficial owners with other institutions in order to detect and prevent money laundering and terrorist financing. It should outline the process for submitting information to the programs and the procedures for reviewing and responding to requests for information from other institutions.
- Other regulatory guidance and requirements: This section should describe any additional regulatory guidance or requirements that apply to the MSB, such as FinCEN’s guidance on virtual currencies or the CFPB’s guidance on remittance transfers. It should outline the procedures for complying with these requirements.
- Testing and validation: This section should describe the procedures for testing and validating the effectiveness of the MSB’s AML program, including the process for conducting independent testing and audits. It should outline the process for reviewing and responding to any deficiencies identified during testing and for implementing corrective actions as needed.
- Sanctions evasion: This section should describe the procedures for detecting and preventing sanctions evasion, including the use of sanctions screening software and the process for reviewing and reporting transactions that may involve sanctioned parties.
- Customer complaints and disputes: This section should describe the process for handling customer complaints and disputes, including the procedures for escalating such issues to senior management or the compliance officer. It should outline the process for conducting investigations and taking corrective actions as needed.
- Cooperation with law enforcement: This section should describe the procedures for cooperating with law enforcement investigations, including the process for providing information and documents upon request. It should outline the process for ensuring that staff members are aware of and trained on the importance of cooperating with law enforcement.
- Compliance with AML laws and regulations: This section should summarize the MSB’s obligations under AML laws and regulations, including the BSA, the USA PATRIOT Act, and the Money Transmitter Act. It should outline the process for ensuring compliance with these requirements, including the procedures for updating and revising the AML program as needed.
- Reporting obligations: This section should describe the MSB’s reporting obligations under AML laws and regulations, including the requirement to file SARs with FinCEN and the process for doing so. It should outline the process for responding to requests for information from regulatory authorities and for producing records upon request.
- Record retention: This section should describe the record retention requirements for financial transactions and customer information, including the types of records that must be maintained and the retention periods. It should outline the process for storing and safeguarding records, as well as the procedures for destroying records when they are no longer needed.
- Compliance with sanctions laws: This section should describe the MSB’s obligations under sanctions laws, such as the International Emergency Economic Powers Act (IEEPA) and the Trading with the Enemy Act (TWEA). It should outline the process for conducting sanctions screening and for blocking or rejecting transactions that involve sanctioned parties.
- Compliance with anti-terrorism financing laws: This section should describe the MSB’s obligations under anti-terrorism financing laws, such as the Patriot Act and the Executive Order 13224. It should outline the process for identifying and reporting terrorist financing activity and the procedures for blocking or rejecting transactions that may involve terrorist organizations or activities.
- Compliance with other legal and regulatory requirements: This section should describe the MSB’s obligations under other relevant laws and regulations, such as the Fair Credit Reporting Act (FCRA) and the Equal Credit Opportunity Act (ECOA). It should outline the process for complying with these requirements and the procedures for training staff on relevant laws and regulations.
- Data governance: This section should describe the procedures in place to ensure the accuracy, integrity, and security of data used in the AML program, including the process for managing data sources and the procedures for handling data breaches or errors.
- Data analytics: This section should describe the use of data analytics in the AML program, including the process for collecting, analyzing, and visualizing data to detect and prevent money laundering and terrorist financing. It should outline the procedures for using data analytics to identify trends and patterns that may indicate suspicious activity.
- Continuous monitoring: This section should describe the procedures for conducting ongoing risk assessments and monitoring customer and transaction activity for suspicious activity. It should outline the process for reviewing and updating the AML program in response to changes in risk and for conducting regular independent testing and audits.
- Compliance with privacy laws: This section should describe the procedures for complying with privacy laws and regulations, such as the GDPR and the CCPA, when collecting, storing, and sharing customer data. It should outline the process for obtaining customer consent and for safeguarding personal information.
- Communication and training: This section should describe the process for communicating with staff members about AML compliance and the procedures for providing training on relevant laws and regulations. It should outline the process for promoting a culture of compliance and the procedures for responding to questions and concerns from staff.
- Compliance with anti-bribery and corruption laws: This section should describe the MSB’s obligations under anti-bribery and corruption laws, such as the Foreign Corrupt Practices Act (FCPA), and outline the procedures for complying with these laws.
- Compliance with consumer protection laws: This section should describe the MSB’s obligations under consumer protection laws, such as the Truth in Lending Act (TILA) and the Electronic Funds Transfer Act (EFTA), and outline the procedures for complying with these laws.
- Compliance with fair lending laws: This section should describe the MSB’s obligations under fair lending laws, such as the ECOA and the Fair Housing Act, and outline the procedures for complying with these laws.
- Compliance with electronic commerce laws: This section should describe the MSB’s obligations under electronic commerce laws, such as the Electronic Signatures in Global and National Commerce Act (ESIGN) and the Uniform Electronic Transactions Act (UETA), and outline the procedures for complying with these laws.
- Compliance with state and local laws: This section should describe any relevant state or local laws that apply to the MSB, such as state money transmitter laws or local ordinances related to AML compliance. It should outline the process for complying with these laws and the procedures for tracking changes to state and local regulations.
- Compliance with foreign laws and regulations: This section should describe the procedures for complying with foreign laws and regulations when conducting business in other countries, including the process for conducting due diligence on foreign partners and the procedures for monitoring transactions for compliance with foreign AML laws.
- Compliance with industry best practices: This section should describe the MSB’s commitment to complying with industry best practices, such as the Financial Action Task Force (FATF) Recommendations and the Wolfsberg Group’s Principles for Correspondent Banking. It should outline the process for staying up to date on relevant best practices and for incorporating them into the AML program.
- Internal controls: This section should describe the internal controls in place to ensure the effectiveness of the AML program, including the process for monitoring and testing the controls and the procedures for addressing any deficiencies.
- Third-party audits and assessments: This section should describe the process for conducting third-party audits and assessments of the AML program, including the selection of auditors and the procedures for reviewing and responding to audit findings.
- Customer feedback: This section should describe the process for soliciting and responding to customer feedback on the MSB’s AML program, including the procedures for handling customer complaints and concerns related to AML compliance.
It’s important to note that the specific content and focus of an AML compliance manual will depend on the size and complexity of the MSB, as well as the specific risks and vulnerabilities of its business model. It may also be necessary to customize the manual to account for state and local requirements in addition to federal regulations.
—
This page was last updated on July 18, 2023.
–