Bank Secrecy Act
Nondeposit Investment Products—Overview
Objective. Assess the adequacy of the bank’s systems to manage the risks associated with both networking and in-house nondeposit investment products (NDIP), and management’s ability to implement effective monitoring and reporting systems.
NDIP include a wide array of investment products (e.g., securities, bonds, and fixed or variable annuities). Sales programs may also include cash management sweep accounts to retail and commercial clients; these programs are offered by the bank directly. Banks offer these investments to increase fee income and provide customers with additional products and services. The manner in which the NDIP relationship is structured and the methods with which the products are offered substantially affect the bank’s BSA/AML risks and responsibilities.
Banks typically enter into networking arrangements with securities broker/dealers to offer NDIP on bank premises. For BSA/AML purposes, under a networking arrangement, the customer is a customer of the broker/dealer, although the customer may also be a bank customer for other financial services. Bank examiners recognize that the U.S. Securities and Exchange Commission (SEC) is the primary regulator for NDIP offerings through broker/dealers, and the agencies will observe functional supervision requirements of the Gramm–Leach–Bliley Act.207 Federal banking agencies are responsible for supervising NDIP activity conducted directly by the bank. Different types of networking arrangements may include co-branded products, dual-employee arrangements, or third-party arrangements.
Co-branded products are offered by another company or financial services corporation208 in co-sponsorship with the bank. For example, a financial services corporation tailors a mutual fund product for sale at a specific bank. The product is sold exclusively at that bank and bears the name of both the bank and the financial services corporation.
Because of this co-branded relationship, responsibility for BSA/AML compliance becomes complex. As these accounts are not under the sole control of the bank or financial entity, responsibilities for completing CIP, CDD, and suspicious activity monitoring and reporting can vary. The bank should fully understand each party’s contractual responsibilities and ensure adequate control by all parties.
In a dual-employee arrangement, the bank and the financial services corporation such as an insurance agency or a registered broker/dealer have a common (shared) employee. The shared employee may conduct banking business as well as sell NDIP, or sell NDIP full-time. Because of this dual-employee arrangement, the bank retains responsibility over NDIP activities. Even if contractual agreements establish the financial services corporation as being responsible for BSA/AML, the bank needs to ensure proper oversight of its employees, including dual employees, and their compliance with all regulatory requirements.209
Under some networking arrangements, registered securities sales representatives are dual employees of the bank and the broker/dealer. When the dual employee is providing investment products and services, the broker/dealer is responsible for monitoring the registered representative’s compliance with applicable securities laws and regulations. When the dual employee is providing bank products or services, the bank has the responsibility for monitoring the employee’s performance and compliance with BSA/AML.
Third-party arrangements may involve leasing the bank’s lobby space to a financial services corporation to sell NDIPs. In this case, the third party must clearly differentiate itself from the bank. If the arrangement is appropriately implemented, third-party arrangements do not affect the BSA/AML compliance requirements of the bank. As a sound practice, the bank is encouraged to ascertain if the financial services provider has an adequate BSA/AML compliance program as part of its due diligence.
In-House Sales and Proprietary Products
Unlike networking arrangements, the bank is fully responsible for in-house NDIP transactions completed on behalf of its customers, either with or without the benefit of an internal broker/dealer employee.210 In addition, the bank may also offer its own proprietary NDIPs, which can be created and offered by the bank, its subsidiary, or an affiliate.
With in-house sales and proprietary products, the entire customer relationship and all BSA/AML risks may need to be managed by the bank, depending on how the products are sold. Unlike a networking arrangement, in which all or some of the responsibilities may be assumed by the third-party broker/dealer with in-house sales and proprietary products, the bank should manage all of its in-house and proprietary NDIP sales not only on a department-wide basis, but on an firm-wide basis.
BSA/AML risks arise because NDIP can involve complex legal arrangements, large dollar amounts, and the rapid movement of funds. NDIP portfolios managed and controlled directly by clients pose a greater money laundering risk than those managed by the bank or by the financial services provider. Sophisticated clients may create ownership structures to obscure the ultimate control and ownership of these investments. For example, customers can retain a certain level of anonymity by creating Private Investment Companies (PIC),211 offshore trusts, or other investment entities that hide the customer’s ownership or beneficial interest.
Management should develop risk-based policies, procedures, and processes that enable the bank to identify unusual account relationships and circumstances, questionable assets and sources of funds, and other potential areas of risk (e.g., offshore accounts, agency accounts, and unidentified beneficiaries). Management should be alert to situations that need additional review or research.
Before entering into a networking arrangement, banks should conduct an appropriate review of the broker/dealer. The review should include an assessment of the broker/dealer’s financial status, management experience, National Association of Securities Dealers (NASD) status, reputation, and ability to fulfill its BSA/AML compliance responsibilities in regards to the bank’s customers. Appropriate due diligence would include a determination that the broker/dealer has adequate policies, procedures, and processes in place to enable the broker/dealer to meet its legal obligations. The bank should maintain documentation on its due diligence of the broker/dealer. Furthermore, detailed written contracts should address the BSA/AML responsibilities, including suspicious activity monitoring and reporting, of the broker/dealer and its registered representatives.
A bank may also want to mitigate risk exposure by limiting certain investment products offered to its customers. Investment products such as PICs, offshore trusts, or offshore hedge funds may involve international funds transfers or offer customers ways to obscure ownership interests.
Bank management should make reasonable efforts to update due diligence information on the broker/dealer. Such efforts may include a periodic review of information on the broker/dealer’s compliance with its BSA/AML responsibilities, verification of the broker/dealer’s record in meeting testing requirements, and a review of consumer complaints. Bank management is also encouraged, when possible, to review BSA/AML reports generated by the broker/dealer. This review could include information on account openings, transactions, investment products sold, and suspicious activity monitoring and reporting.
In-House Sales and Proprietary Products
Bank management should assess risk on the basis of a variety of factors such as:
- Type of NDIP purchased and the size of the transactions.
- Types and frequency of transactions.
- Country of residence of the principals or beneficiaries, or the country of incorporation, or the source of funds.
- Accounts and transactions that are not usual and customary for the customer or for the bank.
For customers that management considers higher risk for money laundering and terrorist financing, more stringent documentation, verification, and transaction monitoring procedures should be established. EDD may be appropriate in the following situations:
- Bank is entering into a relationship with a new customer.
- Nondiscretionary accounts have a large asset size or frequent transactions.
- Customer resides in a foreign jurisdiction.
- Customer is a PIC or other corporate structure established in a higher-risk jurisdiction.
- Assets or transactions are atypical for the customer.
- Investment type, size, assets, or transactions are atypical for the bank.
- International funds transfers are conducted, particularly from offshore funding sources.
- The identities of the principals or beneficiaries in investments or relationships are unknown or cannot be easily determined.
- Politically exposed persons (PEP) are parties to any investments or transactions.