Bank Secrecy Act
Foreign Branches and Offices of U.S. Banks—Overview
Objective. Assess the adequacy of the U.S. bank’s systems to manage the risks associated with its foreign branches and offices, and management’s ability to implement effective monitoring and reporting systems.
U.S. banks open foreign branches and offices154 to meet specific customer demands, to help the bank grow, or to expand products or services offered. Foreign branches and offices vary significantly in size, complexity of operations, and scope of products and services offered. Examiners must take these factors into consideration when reviewing the foreign branches and offices AML compliance program. The definitions of "financial institution" and "bank" in the BSA and its implementing regulations do not encompass foreign offices or foreign investments of U.S. banks or Edge and agreement corporations.155 Nevertheless, banks are expected to have policies, procedures, and processes in place at all their branches and offices to protect against risks of money laundering and terrorist financing.156 AML policies, procedures, and processes at the foreign office or branch should comply with local requirements and be consistent with the U.S. bank’s standards; however, they may need to be tailored for local or business practices.157
Examiners should understand the type of products and services offered at foreign branches and offices, as well as the customers and geographic locations served at the foreign branches and offices. Any service offered by the U.S. bank may be offered by the foreign branches and offices if not prohibited by the host country. Such products and services offered at the foreign branches and offices may have a different risk profile from that of the same product or service offered in the U.S. bank (e.g., money services businesses are regulated in the United States; however, similar entities in another country may not be regulated). Therefore, the examiner should be aware that risks associated with foreign branches and offices may differ (e.g., wholesale versus retail operations).
The examiner should understand the foreign jurisdiction’s various AML requirements. Secrecy laws or their equivalent may affect the ability of the foreign branch or office to share information with the U.S. parent bank, or the ability of the examiner to examine on-site. While banking organizations with overseas branches or subsidiaries may find it necessary to tailor monitoring approaches as a result of local privacy laws, the compliance oversight mechanism should ensure it can effectively assess and monitor risks within such branches and subsidiaries. Although specific BSA requirements are not applicable at foreign branches and offices, banks are expected to have policies, procedures, and processes in place at all their branches and offices to protect against risks of money laundering and terrorist financing. In this regard, foreign branches and offices should be guided by the U.S. bank’s BSA/AML policies, procedures, and processes. The foreign branches and offices must comply with applicable OFAC requirements and all local AML-related laws, rules, and regulations.
Branches and offices of U.S. banks located in higher-risk geographic locations may be vulnerable to abuse by money launderers. To address this concern, the U.S. bank’s policies, procedures, and processes for the foreign operation should be consistent with the following recommendations:
- The U.S. bank’s head office and management at the foreign operation should understand the effectiveness and quality of bank supervision in the host country and understand the legal and regulatory requirements of the host country. The U.S. bank’s head office should be aware of and understand any concerns that the host country supervisors may have with respect to the foreign branch or office.
- The U.S. bank’s head office should understand the foreign branches’ or offices’ risk profile (e.g., products, services, customers, and geographic locations).
- The U.S. bank’s head office and management should have access to sufficient information in order to periodically monitor the activity of their foreign branches and offices, including the offices’ and branches’ level of compliance with head office policies, procedures, and processes. Some of this may be achieved through MIS reports.
- The U.S. bank’s head office should develop a system for testing and verifying the integrity and effectiveness of internal controls at the foreign branches or offices by conducting in-country audits. Senior management at the head office should obtain and review copies, written in English, of audit reports and any other reports related to AML and internal control evaluations.
- The U.S. bank’s head office should establish robust information-sharing practices between branches and offices, particularly regarding higher-risk account relationships. The bank should use the information to evaluate and understand account relationships throughout the corporate structure (e.g., across borders or legal structures).
- The U.S. bank’s head office should be able to provide examiners with any information deemed necessary to assess compliance with U.S. banking laws.
Foreign branch and office compliance and audit structures can vary substantially based on the scope of operations (e.g., geographic locations) and the type of products, services, and customers. Foreign branches and offices with multiple locations within a geographic region (e.g., Europe, Asia, and South America) are frequently overseen by regional compliance and audit staff. Regardless of the size or scope of operations, the compliance and audit staff and audit programs should be sufficient to oversee the AML risks.
Scoping AML Examinations
Examinations may be completed in the host country or in the United States. The factors that will be considered in deciding whether the examination work should occur in the host jurisdiction or the United States include:
- The risk profile of the foreign branch or office and whether the profile is stable or changing as a result of a reorganization, the introduction of new products or services, or other factors, including the risk profile of the jurisdiction itself.
- The effectiveness and quality of bank supervision in the host country.
- Existence of an information-sharing arrangement between the host country and the U.S. supervisor.
- The history of examination or audit concerns at the foreign branch or office.
- The size and complexity of the foreign branch’s or office’s operations.
- Effectiveness of internal controls, including systems for managing AML risks on a consolidated basis and internal audit.
- The capability of management at the foreign branch or office to protect the entity from money laundering or terrorist financing.
- The availability of the foreign branch or office records in the United States.
In some jurisdictions, financial secrecy and other laws may prevent or severely limit U.S. examiners or U.S. head office staff from directly evaluating customer activity or records. In cases when an on-site examination cannot be conducted effectively, examiners should consult with appropriate agency personnel. In such cases, agency personnel may contact foreign supervisors to make appropriate information sharing or examination arrangements. In lower-risk situations when information is restricted, examiners may conduct U.S.-based examinations (refer to discussion below). In higher-risk situations when adequate examinations (on-site or otherwise) cannot be effected, the agency may require the head office to take action to address the situation, which may include closing the foreign office.
U.S.-based, or off-site, examinations generally require greater confidence in the AML program at the foreign branch or office, as well as the ability to access sufficient records. Such off-site examinations should include discussions with senior bank management at the head and foreign office. These discussions are crucial to the understanding of the foreign branches’ or offices’ operations, AML risks, and AML programs. Also, the examination of the foreign branch or office should include a review of the U.S. bank’s involvement in managing or monitoring the foreign branch’s operations, internal control systems (e.g., policies, procedures, and monitoring reports), and, where available, the host country supervisors’ examination findings, audit findings, and workpapers. As with all BSA/AML examinations, the extent of transaction testing and activities where it is performed is based on various factors including the examiner’s judgment of risks, controls, and the adequacy of the independent testing.
Host Jurisdiction-Based Examinations
On-site work in the host jurisdiction enables examiners not only to better understand the role of the U.S. bank in relation to its foreign branch or office but also, perhaps more importantly, permit examiners to determine the extent to which the U.S. bank’s global policies, procedures, and processes are being followed locally.
The standard scoping and planning process will determine the focus of the examination and the resource needs. There may be some differences in the examination process conducted abroad. The host supervisory authority may send an examiner to join the U.S. team or request attendance at meetings at the beginning and at the conclusion of the examination. AML reporting requirements also are likely to be different, as they will be adjusted to local regulatory requirements.
For both U.S.-based and host-based examinations of foreign branches and offices, the procedures used for specific products, services, customers, and entities are those found in this manual. For example, if an examiner is looking at pouch activities at foreign branches and offices, he or she should use applicable expanded examination procedures.