Bank Secrecy Act
Foreign Branches and Offices of U.S. Banks
Objective. Assess the adequacy of the U.S. bank’s systems to manage the risks associated with its foreign branches and offices, and management’s ability to implement effective monitoring and reporting systems.
1. Review the policies, procedures, and processes related to foreign branches and offices176Foreign offices include affiliates and subsidiaries. to evaluate their adequacy given the activity in relation to the bank’s risk, and assess whether the controls are adequate to reasonably protect the bank from money laundering and terrorist financing.
2. On the basis of a review of MIS and internal risk rating factors, determine whether the U.S. bank’s head office effectively identifies and monitors foreign branches and offices, particularly those conducting higher-risk transactions or located in higher-risk jurisdictions.
3. Determine whether the U.S. bank’s head office system for monitoring foreign branches and offices and detecting unusual or suspicious activities at those branches and offices is adequate given the bank’s size, complexity, location, and types of customer relationships. Determine whether the host country requires reporting of suspicious activities and, if permitted and available, review those reports. Determine whether this information is provided to the U.S. bank’s head office and filtered into a bank-wide or, if appropriate, a firm-wide assessment of suspicious activities.
4. Review the bank’s tiering or organizational structure report, which should include a list of all legal entities and the countries in which they are registered. Determine the locations of foreign branches and offices, including the foreign regulatory environment and the degree of access by U.S. regulators for on-site examinations and customer records.
5. Review any partnering or outsourcing relationships of foreign branches and offices. Determine whether the relationship is consistent with the bank’s AML program.
6. Determine the type of products, services, customers, entities, and geographic locations served by the foreign branches and offices. Review the risk assessments of the foreign branches and offices.
7. Review the management, compliance, and audit structure of the foreign branches and offices. Identify the decisions that are made at the bank’s U.S. head office level versus those that are made at the foreign branch or office.
8. Determine the involvement of the U.S. bank’s head office in managing and monitoring foreign branches and offices. Conduct a preliminary evaluation of the foreign branches or offices through discussions with senior management at the U.S. bank’s head office (e.g., operations, customers, entities, jurisdictions, products, services, management strategies, audit programs, anticipated product lines, management changes, branch expansions, AML risks, and AML programs). Similar discussions should occur with management of the foreign branches and offices, particularly those that may be considered higher risk.
9. Coordinate with the host country supervisor and, if applicable, U.S. federal and state regulatory agencies. Discuss their assessment of the foreign branches’ and offices’ compliance with local laws. Determine whether there are any restrictions on materials that may be reviewed, copied, or taken out of the country.
10. If available, review the following:
- Previous regulatory examination reports.
- Host country’s regulatory examination report.
- Audit reports and supporting documentation.
- Compliance reviews and supporting documentation.
11. If appropriate, refer to the core examination procedures, "Office of Foreign Assets Control," page 152, for guidance.
12. Make a determination whether transaction testing is feasible. If feasible on the basis of the bank’s risk assessment of this activity and prior examination and audit reports, select a sample of higher-risk foreign branch and office activity. Complete transaction testing from appropriate expanded examination procedures sections (e.g., pouch activity).
13. On the basis of examination procedures completed, including transaction testing, form a conclusion about the adequacy of policies, procedures, and processes associated with the U.S. bank’s foreign branches and offices.