RCBJ Retrospective: Anti-Money Laundering Rules and IIUSA Members

11.13.15 | Archived

Ken Wright
Anti Money Laundering Rules and IIUSA Members (Vol. 3, Issue 3, October 2015)

by Ken Wright, Partner, Baker & Hostetler LLP 


Regional Centers, affiliated issuers, and other IIUSA Members (Members) may act in capacities that fit within federal rules for “financial institutions” and thereby may be required to implement certain policies, procedures and controls intended to prevent financial crimes.  Stiff penalties may be levied for non-compliance.  Even where coverage under the rules is unclear, Members are encouraged to consider implementing policies, procedures and controls that are designed to protect business from the ill effects of financial crime.  This article introduces requirements of the Bank Secrecy Act (BSA), first enacted in 1970, and the USA Patriot Act (Patriot Act), initially enacted in October 2001 in the aftermath of the 9/11 terrorist attacks.

The BSA is our nation’s first and most comprehensive anti-money laundering (AML) statute and requires US financial institutions and other industries vulnerable to money laundering to assist US government agencies to detect and prevent money laundering and take a number of precautions against financial crime. This includes filing and reporting certain data about financial transactions possibly indicative of money laundering, including cash transactions over $10,000 and suspicious activity that might signify money laundering, tax evasion, or other criminal activities. According to the Financial Crimes Enforcement Network (FinCEN), a bureau of the Treasury that administers the BSA, over 15 million BSA reports are filed each year by more than 25,000 US financial institutions, providing a wealth of potentially useful information to agencies whose mission is to detect and prevent money laundering, other financial crimes and terrorism.

The Patriot Act made a significant number of changes to the BSA to enable the tracking of financial assets in the economy to combat terrorism, including the following:

Expanded Definition of Financial Institutions.The definition of financial institution was greatly expanded to 27 categories that include not only traditional finance industry entities, but also other persons or entities that could include Members, such as:

  • Loan or finance companies:
  • Persons involved in real estate closings and settlements;
  • Private bankers;
  • Investment companies (whether or not registered);
  • Securities brokers (whether or not registered); and
  • Investment bankers.
  • Any other category the Secretary of Treasury determines (by regulation) or designates (regulation not required) for specified reasons.

Anti-Money Laundering Programs (AML Program). To require “financial institutions” to establish anti-money laundering programs that include, at a minimum, the following “four pillars”:

  •     Development of internal policies, procedures, and controls;
  •     Designation of an anti-money laundering compliance officer;
  •     An ongoing employee training program; and
  •     Independent audit function to test the AML Program.

Consideration of the size, location, and activities of the financial institutions must be taken into account.

Customer Identification Programs (CI Program).To prescribe regulations establishing minimum standards for “financial institutions” and their customers regarding the identity of a customer at the time of opening of an account. At a minimum, CI Programs must implement reasonable procedures for:

  •   Verifying the identity of any person seeking to open an account;
  •   Maintaining records of the information used to verify identity, including name, address, and other identifying information; and
  •   Determining whether the person appears on any lists of known or suspected terrorists or terrorist organizations provided to the financial institution by any government agency.

The various types of accounts maintained by various types of financial institutions, the methods of opening accounts, and the types of identifying information available, all must be taken into account.


REGULATIONS. The Patriot Act allows the Secretary of the Treasury to adopt regulations providing minimum compliance standards. To date, FinCEN has adopted a General Rule applicable to all “financial institutions” (and temporarily exempting 13 categories from the AML Program requirements described above) and adopted or proposed specific Rules (each different for the reasons stated above) for 12 categories of “financial institutions” (Category Rules) described in the Table below (together, the Program Rules or the Rules). Each “financial institution” looks to the General Rule and then to its Category Rule, if applicable, to determine any additional requirements.

The Program Rules generally cover the following areas:

AML Programs and CI Programs.  See Table below for current program requirements.

Reports Required to Be Made. These vary by category, but include:

  • Form 112 – Currency Transaction Report (CTR). To be filed by certain financial institutions indicated in the Table, involving cash currency transactions in excess of $10,000 in one business day, including aggregated transactions if the institution has knowledge they are by or on behalf of the same person, including the identity of the depositor or recipient and the real party in interest, if different. These basically relate to transactions in which the institution pays out or receives cash currency.
  • Form 8300 — Generally requires each person engaged in a trade or business to report the receipt of “cash,” e., currency and cash equivalents (bank drafts, money orders, traveler’s checks and cashier’s checks) to the Internal Revenue Service (IRS) on IRS Form 8300. Generally, any person who, in the course of a trade or business, receives cash in excess of $10,000 in one transaction, or in two or more related transactions, must report such transaction on Form 8300, including the amount, the identity of the payer and certain other information, and notify the person named of such filing by January 31 of the following year.
  • Form 111 – Suspicious Activity Report (SAR). This is a report regarding suspicious activities that are conducted or attempted by, at, or through an institution and that involve in aggregate at least $5,000 in funds or other assets, including currency and all other forms of payment. In addition, the Rules that impose SAR obligations encourage the institutions to file SARs on a voluntary basis regarding transactions that appear relevant to violations of law or regulation, even in cases where the $5,000 threshold is not met. According to FinCEN, “suspicious activity” is any conducted or attempted transaction or pattern of transactions that one knows, suspects or has reason to suspect meets any of the following conditions:
  • Involves money from criminal activity.
  • Is designed to evade BSA requirements, whether through structuring or other means.
  • Appears to serve no business or other legal purpose and for which available facts provide no reasonable explanation.
  • Involves use of the money services business to facilitate criminal activity.

Examples of activities that could be considered suspicious and red flags include:

  • Use of a false ID, or multiple IDs on different occasions.
  • Two or more customers use the same or similar IDs (photo or name may be different).
  • A customer breaks a large transaction into two or more smaller transactions.
  • Customer changes a transaction after learning that he or she must show ID.
  • Customer conducts transactions so that they fall just below amounts that require reporting or recordkeeping.
  • Two or more customers seem to be working together to break one transaction into two or more transactions.
  • Customer uses two or more locations or cashiers on the same day to break one transaction into smaller transactions.

If customer does something obviously criminal – such as offering a bribe or even admitting to a crime – the law requires an SAR if it involves or aggregates funds or other assets of $2,000 or more.  If required, a SAR must be file within 30 calendar days after obligated person becomes aware of any suspicious transaction or pattern of suspicious transactions or activities that are required to be reported.

As summarized by FinCEN, the law protects you from SAR report civil liability; you are not being asked to accuse customers of criminal activity – you are only required to file a SAR if you believe the activity is suspicious and involves $2,000 or more; and it is illegal to tell any person involved in the transaction that a SAR has been filed.

  • Form 114 – Report of Foreign Bank and Financial Account (FBAR). This report must be filed by a US Person who has a financial interest, signature power or other authority over a financial account in a foreign country and having a value exceeding $10,000 (alone or aggregated with others) at any time during a calendar year. It must be filed by June 30 of the following year. “US Person” includes a US person, a resident alien and generally any entity formed in the US, its states, territories, possessions, enclaves or Indian Tribe territories. “Financial interest” generally includes acting as an agent and having direct or indirect control of 50% or more value or voting interest. Physical location of the account outside geographic boundaries described above is a key concept, so even an interest by a US Person in an account of a US Bank maintained in a foreign country would be reportable. Note: The filing of this report does not address the requirements of the Foreign Account Tax Compliance Act, enacted in 2010 to combat tax evasion by US taxpayers by requiring them to report certain foreign financial accounts and offshore assets to the IRS and by requiring foreign financial institutions (FFIs) to identify accounts owned by US persons to the IRS.
  • Form 105 – International Transportation of Currency or Monetary Instruments (CMIR). This report must be filed by each person who physically transports, mails, or ships, or causes to the same to occur, or attempts to do so with respect to currency or other monetary instruments in an aggregate amount exceeding $10,000 at one time from the US to any place outside the US, or into the US from any place outside the US. A person is deemed to have caused such transportation, mailing or shipping when he aids, abets, counsels, commands, procures, or requests it to be done by a financial institution or any other person. Additionally, each person who receives the US currency or other monetary instruments in an aggregate amount exceeding $10,000 at one time which have been so transported, mailed, or shipped to such person from any place outside the US with respect to which a report has not been filed as provided above, whether or not required to be filed thereunder, shall make a report thereof.  Exemptions from this filing requirement include (i) a person who is not a citizen or resident of the US in respect to currency or other monetary instruments mailed or shipped from abroad to a bank or securities broker or dealer through the postal service or by common carrier;  (ii) currency or other monetary instruments mailed or shipped through the postal service or by common carrier by a bank, a foreign bank, or a securities broker or dealer: (iii) a commercial US bank with respect to overland shipments of currency or monetary instruments shipped to or received from an established customer maintaining a deposit relationship with the bank, in amounts which the bank may reasonably conclude do not exceed amounts commensurate with the customary conduct of the business, industry or profession of the customer concerned; and (iv) the common carriers and the postal service in the above described exceptions.
  • Form 107 – Registration of Money Center Business (RMSB). Each money services business (MSB), whether or not licensed as a money services business by any State, must register on this form on or before the end of the 180-day period following the date the business is established, and registration must be renewed every 2 years. Each provider of prepaid access must identify each prepaid program for which it is the provider of prepaid access. Each MSB must, as part of its registration, maintain a list of its agents.  Each foreign-located person doing business, whether or not on a regular basis or as an organized or licensed business concern, in the US as an MSB must identify a person who resides in the US who is authorized, and has agreed, to be an agent to accept service of legal process, and identify the address in the US where records pertaining to registration and maintenance information are kept.  A list of the approximately 36,000 registered MSB’s may be viewed at: http://www.fincen.gov/financial_institutions/msb/msbstateselector.html#
  • Form 110 – Designation of Exempt Person (DOEP). This is a voluntary filing available only to Depository Institutions (e.g., banks, thrifts, credit unions, etc.) allowing them to exempt from the CTR filing requirements regarding currency transactions exceeding $10,000 in one business day entities that include: (i) other banks, to the extent their domestic operations; (ii) most 51% or greater controlled US subsidiaries of the institution; (iii) entities to the extent of US operations with shares listed on the NYSE, AMEX or designated as a NASDAQ National Market Security listed on the NASDAQ Stock Market (except stock or interests listed under the separate “NASDAQ Capital Markets Companies” heading); (iv) certain governmental entities; and (v) certain domestic “payroll customers” and “non-listed” businesses with whom they have a pre-existing relationship, frequent withdrawals or currency or other transactions in excess of $10,000 through certain “eligible accounts” and not involving any “non-eligible businesses”.  This form may be filed within 30 days following a reportable transaction with the person sought to be exempted and must be monitored and reviewed annually for compliance.

Records Required to be Maintained (RR). The records retention requirements include any of the reports described above and additional extensive requirements. The general requirements are located at 31 CFR 1010.400. The Table below indicates whether each Category has requirements in addition to the general ones. The retention period is generally 5 years.

Special Information Sharing Procedures to Deter Money Laundering and Terrorist Activity (SIS). The Information Sharing Procedures requirements include any of the reports described above and additional extensive requirements. The general requirements are located at 31 CFR 1010.520 and apply to all categories of financial Institution. The Table below indicates whether each listed Category has requirements in addition to the general ones.

Special Standards of Diligence; Prohibitions; and Special Measures (SSDS). Generally, these Rules provide that a “covered financial institution” (generally, a Depository Institution, a Securities Broker or Dealer, a Futures Commission Merchant or Introducing Broker in Commodities or a Mutual Fund) shall establish a due diligence program that includes appropriate, specific, risk-based, and, where necessary, enhanced policies, procedures, and controls that are reasonably designed to enable the covered financial institution to detect and report, on an ongoing basis, any known or suspected money laundering activity conducted through or involving any account of such covered financial institution in the US for a new foreign customer or counterparty, and are required as part of the AML Program. Such policies, procedures, and controls include:

(1) Assessing the money laundering risk, based on a consideration of all relevant factors, which shall include, as appropriate:(i) the nature of the party’s business and the markets it serves; (ii) the type, purpose, and anticipated activity of such account; (iii) the nature and duration of the covered financial institution’s relationship with the party (and any of its affiliates); (iv) the AML and supervisory regime of the jurisdiction that issued the charter or license to the party, to the extent that information regarding such jurisdiction is reasonably available; and (v) information known or reasonably available to the covered financial institution about the party’s AML record.

(2) Applying risk-based procedures and controls to each such account reasonably designed to detect and report known or suspected money laundering activity, including a periodic review of the account activity sufficient to determine consistency with information obtained about the type, purpose, and anticipated activity of the account.

(3) In the case of a “private banking account” (or combination of accounts) maintained at a covered financial institution that: requires a minimum deposit of $1,000,000; is established by one or more non-US persons as direct or beneficial owners; and is assigned to, or is administered or managed by, an officer, employee, or agent of the covered financial institution acting as a liaison between it and the direct or beneficial owner of the account), that the financial institution takes reasonable steps to: (i) Ascertain the identity of all nominal and beneficial owners of a private banking  account; (ii) Ascertain whether any beneficial owner a senior foreign political figure; (iii) Ascertain the source(s) of funds deposited into a private banking account and the purpose and expected use of the account; and(iv) Review the activity of the account to ensure that it is consistent with the information obtained about the client’s source of funds, and with the stated purpose and expected use of the account, as needed to guard against money laundering, and to report, in accordance with applicable law and regulation, any known or suspected money laundering or suspicious activity conducted to, from, or through a private banking account;(v) In the case of a private banking account for which a senior foreign political figure is a nominal or beneficial owner, the due diligence program must include enhanced scrutiny of such account that is reasonably designed to detect and report transactions that may involve the proceeds of foreign corruption; and(vi) The procedures must address circumstances in which a covered financial institution cannot perform appropriate due diligence with respect to such a private banking account, including when the covered financial institution should refuse to open the account, suspend transaction activity, file a suspicious activity report or close the account.

Prohibitions generally require a covered financial institution to take reasonable steps to ensure that any correspondent account established, maintained, administered, or managed by that covered financial institution in the United States for a foreign bank is not being used by that foreign bank to indirectly provide banking services to a foreign shell bank.

Special Measures generally require each covered financial institution to: (1) terminate all correspondent accounts with any Burmese banking institution, Commercial Bank of Syria, Banco Delta Asia, and FBME Bank, Ltd.; (2) adopt special procedures designed to ensure the covered financial institution will have no involvement with new correspondent accounts of such institutions; and (3) provide certain ownership and registered agent information on accounts maintained by it, if properly requested by federal law enforcement officers; (4) terminate its correspondent relations with any foreign bank the fails to respond to or contest any summons issued by the Secretary of Treasury or the Attorney General  regarding records of such foreign bank, wherever located.

AML Chart

AML Chart 2



ARE YOU A FINANCIAL INSTITUTION FOR THESE PURPOSES? Members may act in capacities that fit within the BSA and Program Rule descriptors of financial institutions, such as those above. For example, Regional Centers and affiliated issuers investing in or lending to project entities, and certain intermediaries may be covered by BSA and/or FinCEN definitions and categories of “financial institution” and therefore may be subject to requirements applicable to “financial institutions” thereunder.

IF SO, WHICH OF THE PROGRAMS AND OTHER RULES APPLY? If a Member is such a “financial institution,” the Rules that apply will depend on which of the Rules categories cover the Member. For example, all categories require an AML Program (and its four pillar requirements), but some do not require a CI Program. All must file CTRs. Most must file SARs. Only MSBs must register and retain MSB specific records. All have other detailed record keeping requirements.

WHAT’S THE DOWNSIDE OF NOT COMPLYING? Civil and criminal fines, penalties and other consequences of non-compliance can be significant.  A recent FinCEN settlement with Caesars Palace, including an $8 million fine for lax AML controls, is just one example.  http://www.fincen.gov/news_room/nr/html/20150908.html

WHAT IF MY COMPANY HAS LIMITED STAFF? There are provisions that allow certain functions be addressed by another financial institution, third party providers and/or trusted channel intermediaries, depending on your circumstances.

WHAT IF I’M NOT SURE? Check with a professional experienced in this area[ii] and who is knowledgeable about the facts and circumstances of your business. While most members probably don’t deal with very much cash and instruments deemed to be cash-like under the Program Rules, most categories of financial institutions (other than Depository Institutions, MSBs and Casinos and Card Clubs) probably don’t either, but are deemed under the Program Rules to warrant coverage. Also, our growing EB-5 Industry by definition involves new financial relationships with non-US persons that could benefit from CI Programs. If the conclusion is unclear, consider a conservative approach.  While the requirements of AML Programs and CI Programs were designed to assist our government in preventing the effects of financial crimes and funding of terrorism on the economy, they can have the added benefit of preventing those effects on your business and our Industry.

The IIUSA Best Practices Committee from time to time publishes non-binding “best practices” for Member consideration in various areas deemed relevant. Its work includes Recommended Best Practice for IIUSA members regarding “Know Your Customers (KYC) and it is currently working on an AML best practices piece.

RCBJ Retrospective articles are reprinted from IIUSA’s Regional Center Business Journal trade magazine. Opinions expressed within these articles do not necessarily represent the views of IIUSA and are provided for educational purposes.



    Your Cart
    Your cart is emptyReturn to Shop