29 April 2002 Source: http://www.access.gpo.gov/su_docs/aces/fr-cont.html ------------------------------------------------------------------------- [Federal Register: April 29, 2002 (Volume 67, Number 82)] [Rules and Regulations] [Page 21109-21113] From the Federal Register Online via GPO Access [wais.access.gpo.gov] [DOCID:fr29ap02-18] [[Page 21109]] ----------------------------------------------------------------------- Part IV Department of the Treasury ----------------------------------------------------------------------- 31 CFR Part 103 Financial Crimes Enforcement Network; Anti-Money Laundering Programs; Final Rules [[Page 21110]] ----------------------------------------------------------------------- DEPARTMENT OF THE TREASURY 31 CFR Part 103 RIN 1506-AA28 Financial Crimes Enforcement Network; Anti-Money Laundering Programs for Financial Institutions AGENCY: Financial Crimes Enforcement Network (FinCEN), Treasury. ACTION: Interim final rule. ----------------------------------------------------------------------- SUMMARY: FinCEN is issuing a series of interim final rules to provide guidance to financial institutions concerning the provision in the Bank Secrecy Act (BSA), added by section 352 of the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act of 2001, that requires financial institutions to establish anti-money laundering programs. This interim final rule provides that banks, savings associations, credit unions, registered brokers and dealers in securities, futures commission merchants, and casinos, will be deemed to be in compliance with section 352 if they establish and maintain anti-money laundering programs as required by existing FinCEN regulations, or their respective Federal regulator or self-regulatory organization. The establishment of anti-money laundering programs by money services businesses, operators of credit card systems, and mutual funds are the subject of separate rules published in this separate part of this issue of the Federal Register. This rule temporarily exempts, pending further analysis and review by Treasury and FinCEN, all other financial institutions (as defined in the BSA) from the requirement in section 352 that they establish anti-money laundering programs. DATES: This interim final rule is effective April 24, 2002. Written comments may be submitted to FinCEN on or before May 29, 2002. ADDRESSES: Submit comments (preferably an original and four copies) to FinCEN, P.O. Box 39, Vienna, VA 22183, Attn: Section 352 AMLP Regulations. Comments may also be submitted by electronic mail to regcomments@fincen.treas.gov with the caption in the body of the text, ``Attention: Section 352 AMLP Regulations.'' Comments may be inspected at FinCEN between 10 a.m. and 4 p.m. in the FinCEN Reading Room in Washington, DC. Persons wishing to inspect the comments submitted must request an appointment by telephoning (202) 354-6400 (not a toll-free number). FOR FURTHER INFORMATION CONTACT: Office of the Chief Counsel (FinCEN), (703) 905-3590; Office of the Assistant General Counsel for Enforcement (Treasury), (202) 622-1927; or the Office of the Assistant General Counsel for Banking & Finance (Treasury), (202) 622-0480 (not toll-free numbers). SUPPLEMENTARY INFORMATION: I. Background On October 26, 2001, the President signed into law the USA PATRIOT Act (Public Law 107-56) (the Act). Title III of the Act makes a number of amendments to the anti-money laundering provisions of the BSA, which is codified in subchapter II of chapter 53 of title 31, United States Code. These amendments are intended to make it easier to prevent, detect, and prosecute international money laundering and the financing of terrorism. Section 352(a) of the Act, which becomes effective on April 24, 2002, amended section 5318(h) of the BSA. As amended, section 5318(h)(1) requires every financial institution to establish an anti- money laundering program that includes, at a minimum (i) the development of internal policies, procedures, and controls; (ii) the designation of a compliance officer; (iii) an ongoing employee training program; and (iv) an independent audit function to test programs. The definition of ``financial institution'' in sections 5312(a)(2) and (c)(1) is extremely broad. It includes institutions that are already subject to Federal regulation such as banks, savings associations, credit unions, money services businesses (such as money transmitters and currency exchanges), and registered securities broker- dealers and futures commission merchants. The definition also includes dealers in precious metals, stones, or jewels; pawnbrokers; loan or finance companies; private bankers; insurance companies; travel agencies; telegraph companies; sellers of vehicles, including automobiles, airplanes, and boats; persons engaged in real estate closings and settlements; investment bankers; investment companies; and commodity pool operators and commodity trading advisors that are registered or required to register under the Commodity Exchange Act (7 U.S.C. 1 et seq). Section 5318(h)(1) requires all of these businesses to establish anti-money laundering programs. Section 5318(h)(2) authorizes Treasury, after consulting with the appropriate Federal functional regulator,\1\ to prescribe minimum standards for anti-money laundering programs. This section also authorizes Treasury to exempt from the application of those minimum standards any financial institution that is not subject to the rules implementing the BSA for so long as it is not subject to such rules. Section 352(c) of the Act directs the Secretary of the Treasury to prescribe regulations by April 24, 2002 that ``consider the extent to which [the requirements of section 5318(h)(1)] are commensurate with the size, location, and activities'' of financial institutions. BSA section 5318(a)(6) provides that the Secretary may exempt any financial institution from any BSA statutory requirement. Taken together, these provisions authorize the issuance of regulations that may prescribe different requirements for anti-money laundering programs under, and that may exempt certain financial institutions from the requirements of, section 5318(h)(1). --------------------------------------------------------------------------- \1\ These are defined by reference to section 509 of the Gramm- Leach-Bliley Act (Public Law 106-102) to include the Board of Governors of the Federal Reserve System (FRB), the Office of the Comptroller of the Currency (OCC), the Board of Directors of the Federal Deposit Insurance Corporation (FDIC), the Office of Thrift Supervision (OTS), the National Credit Union Administration (NCUA), and the Securities and Exchange Commission (SEC), and, pursuant to section 321(c) of the Act, the Commodity Futures Trading Commission (CFTC). --------------------------------------------------------------------------- Accordingly, and as described below, this interim final rule prescribes anti-money laundering program requirements for banks, savings associations, registered brokers and dealers in securities, futures commission merchants, and casinos. The establishment of anti- money laundering programs by money services businesses, operators of credit card systems, and mutual funds are the subject of interim final rules published in this separate part of this issue of the Federal Register. Thus, by virtue of the interim final rules published today, all financial institutions presently subject to FinCEN's existing BSA regulations are now subject to anti-money laundering program requirements, as are three new types of financial institutions not previously regulated under the BSA: futures commission merchants, mutual funds, and operators of credit card systems. In order to ensure the issuance of well-considered regulations tailored to the unique money laundering risks associated with the remaining financial institutions, this rule temporarily exempts, until not later than October 24, 2002, all other financial institutions from the requirement that they establish anti-money laundering programs. During the next six months Treasury [[Page 21111]] and FinCEN will continue studying the money laundering risks posed by these institutions in order to develop appropriate anti-money laundering program requirements. During this period, Treasury and FinCEN expect to issue a series of regulations, focusing first on those exempted financial institutions that appear to pose the greatest potential for money laundering, that will further define the exempted financial institutions and delineate minimum standards for their anti- money laundering programs. II. Analysis of the Interim Final Rule A. Banks, Savings Associations, and Credit Unions Following the enactment of the Act, Treasury established a working group that includes representatives of the Federal functional regulators and the Department of Justice to assist in implementing section 352 of the Act and in determining the appropriate minimum standards for anti-money laundering programs for financial institutions regulated by a Federal functional regulator. Certain financial institutions are already required to have anti-money laundering programs. Since 1987, all federally insured depository institutions and credit unions have been required by their federal regulators to have anti-money laundering programs. These programs contain the same elements that are required by section 5318(h)(1).\2\ Accordingly, section 103.120(b) provides that a financial institution that is subject to regulation by a Federal functional regulator will be deemed to be in compliance with the requirements of section 5318(h)(1) if it complies with the regulations of its regulator governing the establishment and maintenance of anti-money laundering programs. Examination of these financial institutions by their Federal functional regulators will continue to ensure compliance with those regulations. --------------------------------------------------------------------------- \2\ 12 CFR 21.21 (OCC); 12 CFR 208.63 (FRB); 12 CFR 326.8 (FDIC); 12 CFR 563.177 (OTS); 12 CFR 748.2 (NCUA). --------------------------------------------------------------------------- B. Registered Securities Broker-Dealers and Futures Commission Merchants Similarly, Treasury and FinCEN also believe it is appropriate to implement section 5318(h)(1) with respect to registered securities brokers and dealers and to futures commission merchants through their respective self-regulatory organizations (SROs). Indeed, the initiative demonstrated by the SEC, CFTC and their SROs in advancing anti-money laundering programs has significantly accelerated the implementation of section 352. Accordingly, section 103.120(c) provides that a registered securities broker-dealer or a futures commission merchant will be deemed in compliance with the requirements of section 5318(h)(1) if it complies with the rules, regulations, or requirements of its SRO concerning the establishment and maintenance of anti-money laundering programs. Following consultation between Treasury and the SEC, the two principal securities industry SROs \3\ have each adopted a rule requiring their members to implement anti-money laundering programs.\4\ These rules, which incorporate the requirements of section 5318(h)(1), apply to essentially all securities broker-dealers that do business with the public and were approved by the SEC on April 22, 2002 (see Securities Exchange Act Release No. 45798). --------------------------------------------------------------------------- \3\ The National Association of Securities Dealers (NASD) and the New York Stock Exchange (NYSE). \4\ See 67 FR 8565 and 8567 (Feb. 25, 2002). --------------------------------------------------------------------------- The SROs will examine their members for compliance with these requirements and take appropriate enforcement action in cases of noncompliance. In addition, the SEC has authority to examine registered broker-dealers for compliance with these, as well as all other SRO rules. Utilizing the examination, enforcement, and outreach capabilities of the SROs and the SEC is an effective means to ensure meaningful compliance with the anti-money laundering program requirement, and is consistent with the objectives of section 352 of the Act. However, in the unlikely event that Treasury were to determine it necessary, Treasury specifically reserves its right to issue regulations prescribing minimum standards under section 352 for securities brokers and dealers. Treasury and FinCEN, in consultation with the CFTC, are implementing section 5318(h)(1) with respect to the futures industry in a similar manner. The National Futures Association (NFA), which is the futures industry SRO whose members include all registered futures commission merchants, empowered its Executive Committee on February 21, 2002 to develop and adopt a rule requiring all futures commission merchants and introducing broker members \5\ to establish anti-money laundering programs that satisfy the requirements of section 5318(h)(1). The CFTC approved this rule on April 23, 2002. The NFA will examine its members for compliance with this requirement and take enforcement actions in cases of noncompliance. The CFTC, in turn, will examine the NFA for its enforcement of the anti-money laundering program rule and take enforcement action against the NFA in cases of non-enforcement. As with securities brokers and dealers, Treasury reserves its right to issue regulations prescribing minimum standards for futures commission merchants should it be deemed necessary. --------------------------------------------------------------------------- \5\ ``Introducing brokers'' (defined in section 1a(23) of the Commodity Exchange Act (7 U.S.C. 1a(23))) play a crucial role in preventing money laundering in the futures industry. BSA section 5312(a)(2)(H) defines ``financial institution'' to include ``a broker or dealer in securities or commodities,'' and Treasury believes that introducing brokers are included within this definition. Accordingly, NFA has included introducing brokers in its anti-money laundering program requirement. Sections 5312(a)(2)(Y) and (Z) authorize Treasury to include additional businesses within the BSA's definition of financial institution. Treasury is considering whether it is necessary to clarify formally that section 5312(a)(2)(H) includes ``introducing brokers'' within the definition of ``financial institution.'' --------------------------------------------------------------------------- C. Casinos In 1993, FinCEN issued regulations requiring casinos to establish written anti-money laundering compliance programs.\6\ Each compliance program must include internal controls to assure ongoing compliance, internal or external independent testing for compliance, training for casino personnel, and one or more compliance officers. In addition, casinos that have automated data processing systems are required to use automated programs to aid in assuring compliance. Accordingly, section 103.120(d) provides that a casino that is in compliance with these regulations will be deemed to be in compliance with the requirements of section 5318(h)(1). --------------------------------------------------------------------------- \6\ 31 CFR 103.64. --------------------------------------------------------------------------- D. Money Services Businesses, Mutual Funds, Operators of Credit Card Systems Anti-money laundering program requirements for money services businesses, mutual funds, and operators of credit card systems are described in separate interim final rules published in this separate part of this issue of the Federal Register. E. All Other BSA Financial Institutions Treasury and FinCEN are exercising the authority under BSA section 5318(a)(6) to temporarily exempt all other financial institutions from the requirement in section 5318(h)(1) that they establish anti-money laundering programs. The temporary exemption in section 103.170 applies to dealers in precious metals, stones, or jewels; pawnbrokers; loan or finance [[Page 21112]] companies; private bankers; insurance companies; travel agencies; telegraph companies; sellers of vehicles, including automobiles, airplanes, and boats; persons engaged in real estate closings and settlements; certain investment companies \7\; commodity pool operators; and commodity trading advisors. The exemption does not extend to ``investment bankers'' because all such entities are either depository institutions or securities broker-dealers that are subject to anti-money laundering program requirements by section 103.120(b) or (c), respectively. \8\ --------------------------------------------------------------------------- \7\ The principal statute governing investment companies is the Investment Company Act of 1940 (codified at 15 U.S.C. 80a1-80a64) (the 1940 Act), which defines investment company broadly. However, entities commonly known as hedge funds, private equity funds and venture capital funds are specifically excluded from the definition of investment company for purposes of the 1940 Act. Section 356 of the USA PATRIOT Act requires that the Treasury, the Federal Reserve, and the SEC submit a joint report to Congress, not later than October 26, 2002, on recommendations for effective regulations to apply the requirements of the BSA to investment companies, including persons that, but for the noted exceptions, would be investment companies. Treasury anticipates that the CFTC will participate in ;the development of this report because a significant percentage of hedge funds are registered and regulated as commodity pool operators. Section 356 also requires that the report include recommendations whether personal holding companies should be treated as investment companies under the BSA. Pending further review and analysis, Treasury is temporarily exempting investment companies, other than ``open-end companies'' (as defined in section 5(a)(1) of the 1940 Act), from the requirements of BSA section 5318(h)(1). The applicability of these requirements to ``open-end companies'' is addressed in the interim final rule concerning mutual funds published in this separate part of this issue of the Federal Register. Pending further review and analysis, Treasury is also deferring determination of the scope of the BSA definition of ``investment company,'' but anticipates that it is likely that the referenced entities excluded from application ;of the 1940 Act will be subject to anti-money laundering program requirements. \8\ See Davenport Management, Inc. 1993 SEC No-Act. Lexis 624 (April 13, 1993) (stating that a corporation would be required to register as a broker-dealer if it acted as an intermediary in securities transactions, negotiated the terms of securities transactions, received transaction-based compensation, had direct contact with outside investors, and provided ``investment banking services''); See also Securities Exchange Act Release No. 11742 (October 5, 1975) (noting that a bank might be subject to registration as a municipal securities dealer if it engages in underwriting or otherwise holds itself out as a dealer). --------------------------------------------------------------------------- The need for the temporary exemption is a practical one. First, although included within the list of financial institutions in the BSA, these businesses have never been defined for purposes of the BSA. For example, does a ``dealer in precious metals, stones, or jewels'' include a jewelry counter at a department store and a kiosk in a shopping mall that sells gold and silver earrings, bracelets, and necklaces, as well as a diamond merchant? Similarly, does ``a business engaged in ``vehicle sales, including automobile, airplane, and boat sales `` include businesses selling motorcycles, motorbikes, or snowmobiles? Treasury and FinCEN do not believe it is sound regulatory policy to subject the broad categories of BSA ``financial institutions'' to the requirements of BSA section 5318(h)(1) without specifically defining the businesses that will be subject to those requirements. Second, in the six months since the enactment of the Act, Treasury and FinCEN have not had sufficient time and opportunity to analyze the nature of the businesses of the remaining financial institutions. More importantly, Treasury and FinCEN have not had the opportunity to identify the nature and scope of the money laundering or terrorist financing risks associated with these businesses. The extension of the anti-money laundering program requirement to all the remaining financial institutions, most of which have never been subject to federal financial regulation, raises many significant practical and policy issues. An inadequate understanding of the affected industries could result in poorly conceived regulations that impose unreasonable regulatory burdens with little or no corresponding anti-money laundering benefits. Finally, Treasury and FinCEN are aware that many of these financial institutions are sole proprietors or small businesses, and that any regulations affecting them must recognize this fact. For these reasons, Treasury and FinCEN believe that a temporary exemption from the requirements of section 5318(h)(1) is appropriate at this time. During the next six months, Treasury and FinCEN will review and analyze the extent to which these businesses may be used by money launderers or terrorist financiers, and will issue a series of additional rules requiring that they establish anti-money laundering programs where appropriate, and delineating minimum standards for those programs. Treasury and FinCEN have been examining the money laundering risks associated with insurance products and will issue in the near future a proposed rule governing the establishment of anti-money laundering programs by insurance companies. Although Treasury and FinCEN intend to issue regulations addressing anti-money laundering programs for all exempted financial institutions by October 24, 2002, any category of financial institution for which regulations have not been proposed or promulgated by that date will be required to establish anti-money laundering programs that comply with the requirements of 31 U.S.C. 5318(h)(1). Treasury and FinCEN emphasize that the exemption from the requirement to establish anti-money laundering programs does not in any way relieve any business from the existing requirements in 31 U.S.C. 5331 and 26 U.S.C. 6050I that they report transactions in cash or currency, or certain monetary instruments, that exceed $10,000. The regulations under these sections are codified at 31 CFR 103.30 and 26 CFR 1.6050I, respectively. Every temporarily exempted business must ensure that it has appropriate procedures to report such transactions to FinCEN and the IRS using the single Form 8300 jointly prescribed by those agencies. In addition, all financial institutions are reminded of the importance of reporting suspected terrorist activities or otherwise suspicious transactions to the appropriate law enforcement authorities. Form 8300 contains a check box to indicate that a particular transaction, whether or not required to be reported, otherwise appears suspicious. III. Administrative Procedure Act The provisions of 31 U.S.C. 5318(h)(1), requiring all financial institutions to establish anti-money laundering programs with at least four identified elements, become effective April 24, 2002. This interim rule exempts certain financial institutions from these requirements and deems other financial institutions to be in compliance with these requirements. Accordingly, good cause is found to dispense with notice and public procedure as unnecessary pursuant to 5 U.S.C. 553(b)(B), and to make the provisions of the interim rule effective in less than 30 days pursuant to 5 U.S.C. 553(d)(1) and (3). IV. Regulatory Flexibility Act Because no notice of proposed rulemaking is required for this interim final rule, the provisions of the Regulatory Flexibility Act (5 U.S.C. 601 et seq.) do not apply. V. Executive Order 12866 This interim final rule is not a ``significant regulatory action'' as defined in Executive Order 12866. Accordingly, a regulatory assessment is not required. List of Subjects in 31 CFR Part 103 Banks, banking, Brokers, Counter money laundering, Counter- terrorism, [[Page 21113]] Currency, Foreign banking, Reporting and recordkeeping requirements. Authority and Issuance For the reasons set forth above, FinCEN is amending 31 CFR Part 103 as follows: PART 103--FINANCIAL RECORDKEEPING AND REPORTING OF CURRENCY AND FOREIGN TRANSACTIONS 1. The authority citation for part 103 is revised to read as follows: Authority: 12 U.S.C. 1829b and 1951-1959; 31 U.S.C. 5311-5331; title III, secs. 314, 352, Pub. L. 107-56, 115 Stat. 307. 2. Add new subpart I to part 103 to read as follows: Subpart I--Anti-Money Laundering Programs Sec. 103.120 Anti-money laundering program requirements for financial institutions regulated by a Federal functional regulator or a self- regulatory organization, and casinos. 103.125 [Reserved] 103.130 [Reserved] 103.135 [Reserved] 103.170 Deferred anti-money laundering programs for certain financial institutions. Subpart I--Anti-Money Laundering Programs Sec. 103.120 Anti-money laundering program requirements for financial institutions regulated by a Federal functional regulator or a self- regulatory organization, and casinos. (a) Definitions. For purposes of this section: (1) Financial institution means a financial institution defined in 31 U.S.C. 5312(a)(2) or (c)(1) that is subject to regulation by a Federal functional regulator or a self-regulatory organization. (2) Federal functional regulator means: (i) The Board of Governors of the Federal Reserve System; (ii) The Office of the Comptroller of the Currency; (iii) The Board of Directors of the Federal Deposit Insurance Corporation; (iv) The Office of Thrift Supervision; (v) The National Credit Union Administration; (vi) The Securities and Exchange Commission; or (vii) The Commodity Futures Trading Commission. (3) Self-regulatory organization: (i) Shall have the same meaning as provided in section 3(a)(26) of the Securities Exchange Act of 1934 (15 U.S.C. 78c(a)(26)); and (ii) Means a ``registered entity'' or a ``registered futures association'' as provided in section 1a(29) or 17, respectively, of the Commodity Exchange Act (7 U.S.C. 1a(29), 21). (4) Casino has the same meaning as provided in Sec. 103.11(n)(5). (b) Requirements for financial institutions regulated only by a Federal functional regulator, including banks, savings associations, and credit unions. A financial institution regulated by a Federal functional regulator that is not subject to the regulations of a self regulatory organization shall be deemed to satisfy the requirements of 31 U.S.C. 5318(h)(1) if it implements and maintains an anti-money laundering program that complies with the regulation of its Federal functional regulator governing such programs. (c) Requirements for financial institutions regulated by a self- regulatory organization, including registered securities broker-dealers and futures commission merchants. A financial institution regulated by a self-regulatory organization shall be deemed to satisfy the requirements of 31 U.S.C. 5318(h)(1) if: (1) The financial institution complies with any applicable regulation of its Federal functional regulator governing the establishment and implementation of anti-money laundering programs; and (2)(i) The financial institution implements and maintains an anti- money laundering program that complies with the rules, regulations, or requirements of its self-regulatory organization governing such programs; and (ii) The rules, regulations, or requirements of the self-regulatory organization have been approved, if required, by the appropriate Federal functional regulator. (d) Requirements for casinos. A casino shall be deemed to satisfy the requirements of 31 U.S.C. 5318(h)(1) if it implements and maintains a compliance program described in Sec. 103.64. Sec. 103.125 [Reserved] Sec. 103.130 [Reserved] Sec. 103.135 [Reserved] Sec. 103.170 Deferred anti-money laundering programs for certain financial institutions. (a) Exempt financial institutions. Subject to the provisions of paragraph (b) of this section, the following financial institutions (as defined in 31 U.S.C. 5312(a)(2) or (c)(1)) are exempt from the requirement in 31 U.S.C. 5318(h)(1) concerning the establishment of anti-money laundering programs: (1) An agency of the United States Government, or of a State or local government, carrying out a duty or power of a business described in 31 U.S.C. 5312(a)(2); and (2) Any of the following businesses or activities that is not described in Sec. 103.120(b) or (c), or subject to the requirements of Sec. 103.125 or Sec. 103.130: (i) Dealer in precious metals, stones, or jewels; (ii) Pawnbroker; (iii) Loan or finance company; (iv) Travel agency; (v) Telegraph company; (vi) Seller of vehicles, including automobiles, airplanes, and boats; (vii) Persons involved real estate closings and settlements; (viii) Private banker; (ix) Insurance company; (x) Commodity pool operator; (xi) Commodity trading advisor; or (xii) Investment company. (b) Termination of exemption. (1) In general. Subject to paragraph (b)(2) of this section, a financial institution described in paragraph (a)(2) of this section shall, effective October 24, 2002, establish and maintain an anti-money laundering program as required by 31 U.S.C. 5318(h)(1). (2) Exception. The provisions of paragraph (b)(1) of this section shall not apply to any financial institution to the extent: (i) Provided in guidance issued in a document published in the Federal Register by the Department of the Treasury (including FinCEN) on or before October 24, 2002, governing the application of 31 U.S.C. 5318(h)(1) to such financial institution; or (ii) That the Secretary determines that the application of any or all of the requirements of 31 U.S.C. 5318(h)(1) to such financial institution is unnecessary or should continue to be deferred pending further analysis and review. (c) Compliance obligations of deferred financial institutions. Nothing in this section shall be deemed to relieve an exempt financial institution from its responsibility to comply with the applicable requirements of law concerning the reporting of certain transactions in cash, currency, or monetary instruments in accordance with Sec. 103.30 or 26 CFR 1.6050I. Dated: April 23, 2002. James F. Sloan, Director, Financial Crimes Enforcement Network. [FR Doc. 02-10452 Filed 4-24-02; 4:09 pm] BILLING CODE 4810-02-P ------------------------------------------------------------------------ [Federal Register: April 29, 2002 (Volume 67, Number 82)] [Rules and Regulations] [Page 21114-21117] From the Federal Register Online via GPO Access [wais.access.gpo.gov] [DOCID:fr29ap02-19] [[Page 21114]] ----------------------------------------------------------------------- DEPARTMENT OF THE TREASURY 31 CFR Part 103 RIN 1506-AA28 Financial Crimes Enforcement Network; Anti-Money Laundering Programs for Money Services Businesses AGENCY: Financial Crimes Enforcement Network (FinCEN), Treasury. ACTION: Interim final rule. ----------------------------------------------------------------------- SUMMARY: FinCEN is issuing this interim final rule to prescribe minimum standards applicable to money services businesses pursuant to the revised provision of the Bank Secrecy Act that requires financial institutions to establish anti-money laundering programs. DATES: This interim final rule is effective April 24, 2002. Written comments may be submitted to FinCEN on or before May 29, 2002. ADDRESSES: Submit comments (preferably an original and four copies) to FinCEN, P.O. Box 39, Vienna, VA 22183, ATTN: Section 352 MSB Regulations. Comments may also be submitted by electronic mail to regcomments@fincen.treas.gov with the caption in the body of the text, ``Attention: Section 352 MSB Regulations.'' Comments may be inspected at FinCEN between 10 a.m. and 4 p.m., in the FinCEN Reading Room in Washington, DC. Persons wishing to inspect the comments submitted must request an appointment by telephoning (202) 354-6400 (not a toll-free number). FOR FURTHER INFORMATION CONTACT: Office of the Chief Counsel (FinCEN), (703) 905-3590; Office of the Assistant General Counsel for Enforcement (Treasury), (202) 622-1927; or the Office of the Assistant General Counsel for Banking & Finance (Treasury), (202) 622-0480 (not toll-free numbers). SUPPLEMENTARY INFORMATION: I. Background On October 26, 2001, the President signed into law the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT ACT) Act of 2001 (Public Law 107-56) (the Act). Title III of the Act makes a number of amendments to the anti-money laundering provisions of the Bank Secrecy Act (BSA), which is codified in subchapter II of chapter 53 of title 31, United States Code. These amendments are intended to provide additional tools to prevent, detect, and prosecute international money laundering and the financing of terrorism. Section 352(a) of the Act, which becomes effective on April 24, 2002, amended section 5318(h) of the BSA. As amended, section 5318(h)(1) requires every financial institution to establish an anti-money laundering program that includes, at a minimum, (i) the development of internal policies, procedures, and controls; (ii) the designation of a compliance officer; (iii) an ongoing employee training program; and (iv) an independent audit function to test programs. The statute further permits the Secretary to exempt from this requirement those financial institutions not currently subject to Treasury's regulations implementing the BSA. In addition, Section 352(c) directs the Secretary to prescribe regulations by April 24, 2002, for anti-money laundering programs that are ``commensurate with the size, location, and activities'' of the financial institutions to which such regulations apply. Money services businesses are defined as financial institutions under the BSA and are subject to registration, recordkeeping, and reporting obligations under the implementing regulations. They thus fall within the category of financial institutions to which Congress intended to apply the anti-money laundering program requirements.\1\ Requiring money services businesses to implement anti-money laundering programs should enhance their ability to comply with their BSA obligations. This interim final rule prescribes minimum standards for anti-money laundering programs for money services businesses, tailored to the particular circumstances of their industry. --------------------------------------------------------------------------- \1\ Although Section 5318(a)(6) authorizes the Secretary to exempt any financial institution from any BSA requirement, in light of the vulnerability of the industry to money laundering described infra and the extent of existing BSA regulation of money services businesses, the Secretary is declining to exempt money services businesses from the anti-money laundering program requirement. --------------------------------------------------------------------------- In requiring money services businesses to register with the Department of the Treasury, Congress recognized that money services businesses, like depository institutions, are subject to abuse by money launderers.\2\ Following up on this finding, along with issuing regulations implementing the registration requirement, Treasury and FinCEN also issued regulations requiring money services businesses (with the exception of currency dealers or exchangers, check cashers, and issuers, sellers, and redeemers of stored value) to report to FinCEN suspicious activity occurring after December 31, 2001.\3\ As Treasury and FinCEN acknowledged in promulgating these regulations, implementation of a comprehensive counter-money laundering strategy for this category of financial institution raises significant issues not present for depository institutions subject to the BSA such as banks because of a number of unique factors affecting the money services business industry.\4\ --------------------------------------------------------------------------- \2\ Money Laundering Suppression Act of 1994, Title IV of the Riegle Community Development and Regulatory Improvement Act of 1994, Public Law 103-325 (September 23, 1994). Treasury's implementing regulations required all money services businesses to register with FinCEN by December 31, 2001. See 31 CFR 103.41(f). \3\ 31 CFR 103.20(f). \4\ See 62 FR 27903 (May 21, 1997). --------------------------------------------------------------------------- The money services businesses category of financial institutions subject to Part 103 includes a variety of non-bank financial institutions: currency dealers or exchangers; check cashers; issuers of traveler's checks, money orders, or stored value; sellers or redeemers of traveler's checks, money orders, or stored value; and money transmitters.\5\ The size and complexity of money services business enterprises range from the small and simple to the very large and complex; structures include sole proprietorships, partnerships, and corporations. Money services business enterprises range from small ``mom and pop'' operations based in one location to large, well capitalized firms that trade on major securities exchanges, enterprises with numerous branches or large agent networks, and also include the United States Postal Service. For some enterprises, such as grocery stores, convenience stores, and gas stations, the financial activities that make them money services businesses are not their core business activities but only incidental services offered along with core products and services. Other money services businesses are organized to provide several financial services to their customers similar to the full range of financial products provided by a bank. Issuers of traveler's checks, issuers of money orders, and primary money transmitter companies often operate through networks of independent enterprises that serve as distribution points throughout the country or the world. These agent networks make up the bulk of the sellers of traveler's checks and money orders and distributors of money transfer services in the United States.\6\ --------------------------------------------------------------------------- \5\ See 31 CFR 103.11uu(1)-(6). \6\ See 62 FR 27891-895 (May 21, 1997). --------------------------------------------------------------------------- The interim final rule requires each money services business to establish a program reasonably designed to prevent [[Page 21115]] its use in money laundering or terrorist financing. Treasury and FinCEN have determined that the exact nature of an effective anti-money laundering program for money services businesses must be commensurate with the risks posed by the size and location of the particular money services business, and the nature and volume of the financial services it offers. Critical components of such a program are procedures for assuring that applicable customer identification requirements are met, all reports required under 31 CFR part 103, including but not limited to reports of suspicious transactions, are filed in a timely fashion, all required records are maintained in complete and accurate form, and requests for information from law enforcement agencies are handled with appropriate speed. The interim final rule mandates certain methods to attain such regulatory compliance, including documentation of policies, procedures, and internal controls, training, designation of a compliance officer, and program review. Finally, in addition to compliance with mandatory regulatory requirements, Treasury and FinCEN encourage money services businesses to implement procedures for voluntarily reporting suspected terrorist activity to FinCEN using its Financial Institutions Hotline (1-866-556-3974). II. Analysis of the Interim Final Rule Section 103.125(a) requires each money services business to have an effective anti-money laundering program, which is defined as a program reasonably designed to prevent the money services business from being used to facilitate money laundering or to finance terrorist activities. Section 103.125(b) provides that the program is to be commensurate with the risks posed by the financial services provided by the money services business, in light of their nature and volume, and the location and size of the money services business. Section 103.125(c) provides that each money services business must have a written anti- money laundering program. Section 103.125(d) sets forth the minimum requirements for an effective anti-money laundering program. First, Sec. 103.125(d)(1) provides that such a program must contain policies, procedures, and internal controls reasonably designed to ensure compliance with the applicable requirements of 31 CFR part 103, including recordkeeping, reporting, verifying customer identification, and responding to law enforcement requests. In addition, money services businesses that have automated data processing systems should integrate into their systems compliance procedures such as recordkeeping and monitoring transactions subject to reporting requirements. In recognition of the fact that a number of issuers of money services instruments such as traveler's checks and money orders sell their products through other money services businesses, Sec. 103.125(d)(1)(iii) permits such issuers and sellers to allocate responsibility for developing written policies, procedures, and internal controls among themselves. However, responsibility for implementation of the policies, procedures, and internal controls rests with each money services business, and, particularly with respect to internal controls, a money services business needs to be vigilant in ensuring that such controls are effective in the circumstances under which it operates.\7\ This section also makes clear that a money services business may not contract away its responsibility to establish and maintain an effective anti-money laundering program. --------------------------------------------------------------------------- \7\ For example, a money services business that offers products from different issuers must ensure that its internal controls are effective for all the products it offers, and not just blindly adopt controls generated by the issuer of one of the products it sells, which may not be applicable to its other products. --------------------------------------------------------------------------- In addition, Sec. 103.125(d)(2) requires each money services business to designate a person or persons to be responsible for the program, i.e., a compliance officer. The compliance officer shall be responsible for day to day compliance with 31 CFR Part 103, ensuring the compliance program is updated as necessary and reflects current Treasury guidance, and overseeing the money services business's education and training program. Section 103.125(d)(3) provides that each money services business must have an ongoing training or education program for employees concerning their responsibilities under the program and 31 CFR Part 103, including training in the detection of suspicious activities. Finally, under Sec. 103.125(d)(4), each money services business must provide for an independent review of the program on a periodic basis. The independent review may be performed by an employee of the money services business, so long as the reviewer is not the compliance officer. The interim final rule is designed to give money services businesses flexibility to tailor their programs to their specific circumstances so long as the minimum requirements are met. For example, the program for a money services business that provides a full range of financial services (e.g., check cashing, currency exchange, money order sales, money transmission services) from multiple branches would be structured differently than a program for a money services business that offers one or two services through an agent network. The educational component for an enterprise that offers multiple financial services may require more comprehensive training for employees to recognize aspects of suspicious activity associated with different transaction types and may differ based on the geographic location of the branches. An enterprise with multiple locations that offers multiple financial services may require more extensive oversight by its compliance officer than would an enterprise that offers one or two financial services incidental to its core business in isolated transactions. The former would also require more frequent independent review. The interim final rule also permits programs to be tailored to the specific risks associated with the different financial services offered by money services businesses. For example, sales of traveler's checks, money orders, and money transfers may be particularly vulnerable to structuring--that is, the breaking up of a transaction into multiple transactions so as to fall beneath the thresholds for recordkeeping and reporting.\8\ An appropriate anti-money laundering program for such an enterprise would include the training of employees to recognize indications of structuring. --------------------------------------------------------------------------- \8\ See 62 FR 27911 (May 21, 1997). --------------------------------------------------------------------------- FinCEN intends to issue guidance to assist money services businesses in complying with the interim final rule. Such guidance will be posted on the FinCEN web site dedicated to money services businesses (www.msb.gov). III. Implementation Date Requirements Pursuant to section 103.125(e), an existing money services business is required to comply with the anti-money laundering program requirements of 31 CFR 103.125 by July 24, 2002. Money services businesses coming into existence after that date must develop and implement such a program on or before the later of July 24, 2002, and the end of the 90-day period beginning on the day following the date the business is established. IV. Administrative Procedure Act The provisions of 31 U.S.C. 5318(h)(1), requiring all financial institutions to establish anti-money laundering programs with at least four identified elements, become effective [[Page 21116]] April 24, 2002. This interim rule provides guidance to money services businesses on how to comply with the law in effect on that date and does not impose any obligation on any financial institution that is not required by section 352 of the Act. Accordingly, good cause is found to dispense with notice and public procedure as unnecessary pursuant to 5 U.S.C. 553(b)(B), and to make the provisions of the interim rule effective in less than 30 days pursuant to 5 U.S.C. 553(d)(1) and (3). V. Regulatory Flexibility Act Because no notice of proposed rulemaking is required for this interim final rule, the provisions of the Regulatory Flexibility Act (5 U.S.C. 601 et seq.) do not apply. VI. Executive Order 12866 This interim final rule is not a ``significant regulatory action'' as defined in Executive Order 12866. Accordingly, a regulatory assessment is not required. VII. Paperwork Reduction Act This regulation is being issued without prior notice and public procedure pursuant to the Administrative Procedure Act (5 U.S.C. 553). For this reason, the collection of information contained in this interim final rule has been reviewed under the requirements of the Paperwork Reduction Act (44 U.S.C. 3507(j)) and, pending receipt and evaluation of public comments, approved by the Office of Management and Budget (OMB) under control number 1506-0020. An agency may not conduct or sponsor, and a person is not required to respond to, a collection of information unless it displays a valid control number assigned by OMB. Comments concerning the collection of information should be sent to the Office of Management and Budget, ATTN: Alexander T. Hunt, Office of Information and Regulatory Affairs, Office of Management and Budget, New Executive Office Building, Room 3208, Washington, DC 20503, with copies to FinCEN at Department of the Treasury, Financial Crimes Enforcement Network, Post Office Box 39, Vienna, Virginia, 22183. FinCEN specifically invites comments on the following subjects: (a) Whether the proposed collection of information is necessary for the proper performance of the mission of FinCEN, including whether the information shall have practical utility; (b) the accuracy of FinCEN's estimate of the burden of the proposed collection of information; (c) ways to enhance the quality, utility, and clarity of the information to be collected; (d) ways to minimize the burden of the collection of information on respondents, including through the use of automated collection techniques or other forms of information technology; and (e) estimates of capital or start-up costs and costs of operation, maintenance, and purchase of services to provide information. The collection of information in this interim final rule is in 31 CFR 103.125(c). The information will be used by federal agencies to verify compliance by money services businesses with the provisions of 31 CFR 103.125. The collection of information is mandatory. The likely recordkeepers are businesses. In accordance with the requirements of the Paperwork Reduction Act of 1995, 44 U.S.C. 3506(c)(2)(A), and its implementing regulations, 5 CFR 1320, the following information concerning the collection of information as required by 31 CFR 103.125(c) is presented to assist those persons wishing to comment on the information collection. Description of Recordkeepers: Money services businesses as defined in 31 CFR 103.11(uu). Estimated Number of Recordkeepers: 200,000. Estimated Average Annual Burden Hours Per Recordkeeper: The estimated average burden associated with the collection of information in this interim final rule is 1 hour per recordkeeper. Estimated Total Annual Recordkeeping Burden: 200,000 hours. List of Subjects in 31 CFR Part 103 Authority delegations (Government agencies), Banks, banking, Brokers, Counter money laundering, Counter-terrorism, Currency, Foreign banking, Reporting and recordkeeping requirements. PART 103--FINANCIAL RECORDKEEPING AND REPORTING OF CURRENCY AND FOREIGN TRANSACTIONS 1. The authority citation for Part 103 continues to read as follows: Authority: 12 U.S.C. 1829b and 1951-1959; 31 U.S.C. 5311-5331; title III, secs. 314, 352, Pub. L. 107-56, 115 Stat. 307. 2. In subpart I, add new Sec. 103.125 to read as follows: Sec. 103.125 Anti-money laundering programs for money services businesses. (a) Each money services business, as defined by Sec. 103.11(uu), shall develop, implement, and maintain an effective anti-money laundering program. An effective anti-money laundering program is one that is reasonably designed to prevent the money services business from being used to facilitate money laundering and the financing of terrorist activities. (b) The program shall be commensurate with the risks posed by the location and size of, and the nature and volume of the financial services provided by, the money services business. (c) The program shall be in writing, and a money services business shall make copies of the anti-money laundering program available for inspection to the Department of the Treasury upon request. (d) At a minimum, the program shall: (1) Incorporate policies, procedures, and internal controls reasonably designed to assure compliance with this part. (i) Policies, procedures, and internal controls developed and implemented under this section shall include provisions for complying with the requirements of this part including, to the extent applicable to the money services business, requirements for: (A) Verifying customer identification; (B) Filing reports; (C) Creating and retaining records; and (D) Responding to law enforcement requests. (ii) Money services businesses that have automated data processing systems should integrate their compliance procedures with such systems. (iii) A person that is a money services business solely because it is an agent for another money services business as set forth in Sec. 103.41(a)(2), and the money services business for which it serves as agent, may by agreement allocate between them responsibility for development of policies, procedures, and internal controls required by this paragraph (d)(1). Each money services business shall remain solely responsible for implementation of the requirements set forth in this section, and nothing in this paragraph (d)(1) relieves any money services business from its obligation to establish and maintain an effective anti-money laundering program. (2) Designate a person to assure day to day compliance with the program and this part. The responsibilities of such person shall include assuring that: (i) The money services business properly files reports, and creates and retains records, in accordance with applicable requirements of this part; (ii) The compliance program is updated as necessary to reflect current requirements of this part, and related [[Page 21117]] guidance issued by the Department of the Treasury; and (iii) The money services business provides appropriate training and education in accordance with paragraph (d)(3) of this section. (3) Provide education and/or training of appropriate personnel concerning their responsibilities under the program, including training in the detection of suspicious transactions to the extent that the money services business is required to report such transactions under this part. (4) Provide for independent review to monitor and maintain an adequate program. The scope and frequency of the review shall be commensurate with the risk of the financial services provided by the money services business. Such review may be conducted by an officer or employee of the money services business so long as the reviewer is not the person designated in paragraph (d)(2) of this section. (e) Effective date. A money services business must develop and implement an anti-money laundering program that complies with the requirements of this section on or before the later of July 24, 2002, and the end of the 90-day period beginning on the day following the date the business is established. Dated: April 23, 2002. James F. Sloan, Director, Financial Crimes Enforcement Network. [FR Doc. 02-10453 Filed 4-24-02; 4:09 pm] BILLING CODE 4810-02-P --------------------------------------------------------------------- [Federal Register: April 29, 2002 (Volume 67, Number 82)] [Rules and Regulations] [Page 21117-21121] From the Federal Register Online via GPO Access [wais.access.gpo.gov] [DOCID:fr29ap02-20] ----------------------------------------------------------------------- DEPARTMENT OF THE TREASURY 31 CFR Part 103 RIN 1506-AA28 Financial Crimes Enforcement Network; Anti-Money Laundering Programs for Mutual Funds AGENCY: Financial Crimes Enforcement Network (FinCEN), Treasury. ACTION: Interim final rule. ----------------------------------------------------------------------- SUMMARY: FinCEN is issuing this interim final rule to prescribe minimum standards applicable to mutual funds pursuant to the revised provision in the Bank Secrecy Act that requires financial institutions to establish anti-money laundering programs. DATES: This interim final rule is effective April 24, 2002. Written comments may be submitted to FinCEN on or before May 29, 2002. ADDRESSES: Submit comments (preferably an original and four copies) to FinCEN, P.O. Box 39, Vienna, VA 22183, Attn: Section 352 Mutual Fund Regulations. Comments may also be submitted by electronic mail to regcomments@fincen.treas.gov with the caption in the body of the text, ``Attention: Section 352 Mutual Fund Regulations.'' Comments may be inspected at FinCEN between 10 a.m. and 4 p.m. in the FinCEN Reading Room in Washington, DC. Persons wishing to inspect the comments submitted must request an appointment by telephoning (202) 354-6400 (not a toll-free number). FOR FURTHER INFORMATION CONTACT: Office of the Assistant General Counsel for Banking & Finance (Treasury), (202) 622-0480; Office of the Assistant General Counsel for Enforcement (Treasury), (202) 622-1927; or Office of Chief Counsel (FinCEN), (703) 905-3590 (not toll-free numbers). SUPPLEMENTARY INFORMATION: I. Background On October 26, 2001, the President signed into law the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act of 2001 (Public Law 107-56) (the Act). Title III of the Act makes a number of amendments to the anti-money laundering provisions of the Bank Secrecy Act (BSA), which are codified in subchapter II of chapter 53 of title 31, United States Code. These amendments are intended to make it easier to prevent, detect, and prosecute international money laundering and the financing of terrorism. Section 352(a) of the Act, which becomes effective on April 24, 2002, amends section 5318(h) of the BSA. As amended, section 5318(h)(1) requires every financial institution to establish an anti-money laundering program that includes, at a minimum (i) the development of internal policies, procedures, and controls; (ii) the designation of a compliance officer; (iii) an ongoing employee training program; and (iv) an independent audit function to test programs. Section 5318(h)(2) authorizes the Secretary, after consulting with the appropriate Federal functional regulator,\1\ to prescribe minimum standards for anti-money laundering programs, and to exempt from the application of those standards any financial institution that is not otherwise subject to BSA regulation. --------------------------------------------------------------------------- \1\ The Federal functional regulator for mutual funds is the Securities and Exchange Commission (Commission). --------------------------------------------------------------------------- Although the BSA includes ``an * * * investment company'' \2\ among the entities defined as financial institutions, FinCEN has not previously defined the term for purposes of the BSA. The Investment Company Act of 1940 (codified at 15 U.S.C. 80a-1 et seq.) (the 1940 Act) defines investment company broadly \3\ and subjects those entities to comprehensive regulation by the Commission. However, entities commonly known as hedge funds, private equity funds and venture capital funds are specifically excluded from the 1940 Act definition of investment company.\4\ For purposes of the section 352 requirement that financial institutions establish anti-money laundering programs effective April 24, 2002, Treasury is limiting the application of this interim rule to those investment companies falling within the category of ``open-end company'' contained in section 5(a)(1) of the 1940 Act, which are commonly referred to as ``mutual funds.'' \5\ --------------------------------------------------------------------------- \2\ 31 U.S.C 5312(a)(2)(I). \3\ Section 3(a)(1) defines ``investment company'' as any issuer which (A) is or holds itself out as being engaged primarily, or proposes to engage primarily, in the business of investing, reinvesting, or trading in securities; (B) is engaged or proposes to engage in the business of issuing face-amount certificates of the installment type, or has been engaged in such business and has any such certificate outstanding; or (C) is engaged or proposes to engage in the business of investing, reinvesting, owning, holding, or trading in securities, and owns or proposes to acquire investment securities having a value exceeding 40 per centum of the value of such issuer's total assets (exclusive of Government securities and cash items) on an unconsolidated basis. \4\ Section 356 of the Act requires that the Secretary, the Federal Reserve and the Commission jointly submit a report to Congress, not later than October 26, 2002, on recommendations for effective regulations to apply the requirements of the BSA to investment companies as defined in section 3 of the 1940 Act, including persons that, but for the provisions that exclude entities commonly known as hedge funds, private equity funds, and venture capital funds, would be investment companies. \5\ By interim rule published elsewhere in this separate part of this issue of the Federal Register, Treasury is temporarily exempting investment companies other than mutual funds from the requirement that they establish anti-money laundering programs. Treasury is also temporarily deferring determining the definition of ``investment company'' for purposes of the BSA. However, it is likely that those entities excluded from the definition of ``investment company'' in the 1940 Act will be required to establish anti-money laundering programs pursuant to section 352. --------------------------------------------------------------------------- Mutual funds are by far the predominant type of investment company. Other types of investment companies regulated by the Commission include closed-end companies and unit investment trusts. Closed-end companies typically sell a fixed number of shares in traditional underwritten offerings. Holders of closed-end company shares then trade their shares in secondary market transactions, usually on a securities exchange or in the over-the-counter market. Unit [[Page 21118]] investment trusts are pooled investment entities without a board of directors or investment adviser that offer investors redeemable units in an unmanaged, fixed portfolio of securities. Treasury will continue to consider the type of anti-money laundering program that would be appropriate for the issuers of these products, including the extent to which they pose a money laundering risk that is not more effectively covered by the anti-money laundering program of another financial institution involved in their distribution (e.g., a broker-dealer). Currently, almost 3000 active mutual funds are registered with the Commission. At the end of fiscal year 2001, these companies managed or sponsored 8,313 mutual fund portfolios. During the last few years, mutual fund assets have dramatically increased. Since 1980, the number of mutual fund portfolios has increased 1370 percent and their assets have increased 4,659 percent. During fiscal year 2000 alone, assets managed by mutual funds increased by more than $1.3 trillion. At the end of fiscal year 2001, mutual funds held $6.4 trillion--more than double the $3 trillion of insured deposits at commercial banks, and more than 95 per cent of the assets held by all investment companies regulated by the Commission. Approximately one-third of the assets managed by mutual funds are held in retirement accounts--both employer- sponsored plans and Individual Retirement Accounts (``IRAs'').\6\ --------------------------------------------------------------------------- \6\ See The 1990s: A Decade of Expansion and Change in the U.S. Mutual Fund Industry, Perspective, Investment Company Institute (Vol. 6, No. 3, July 2000). --------------------------------------------------------------------------- A mutual fund offers its shares continuously and is required to provide its shareholders the right to redeem shares at net asset value on a daily basis. Virtually all mutual funds are externally managed. Their operations are conducted by affiliated organizations and third party service providers. An investment adviser is primarily responsible for selecting portfolio investments consistent with the objectives and policies stated in the mutual fund's prospectus.\7\ Administrative services are usually conducted by an investment adviser or an unaffiliated third party. --------------------------------------------------------------------------- \7\ Advisers to mutual funds must register with the Commission and comply with the requirements of the Investment Advisers Act of 1940 (codified at 15 U.S.C. 80b-1 et seq.). --------------------------------------------------------------------------- Mutual funds usually offer their shares to the public through a principal underwriter. Principal underwriters are regulated as broker- dealers and are subject to National Association of Securities Dealers, Inc. rules.\8\ Mutual funds employ transfer agents to conduct recordkeeping and related functions. Transfer agents maintain records of shareholder accounts, calculate and disburse dividends, and prepare and mail shareholder account statements, federal income tax information, and other shareholder notices. Some transfer agents prepare and mail statements confirming shareholder transactions and account balances, and maintain customer service departments to respond to shareholder inquiries. --------------------------------------------------------------------------- \8\ On April 22, 2002, the Commission approved NASD Regulation Rule 3011, which requires its member firms to develop, and a member of the firm's senior management to approve, programs designed to achieve and monitor compliance with the BSA and related regulations. See Securities Exchange Act Release No. 45798 (April 22, 2002). --------------------------------------------------------------------------- A mutual fund is governed by a board of directors or trustees, which is responsible for overseeing the management of the fund's business affairs. In order to avail themselves of certain Commission exemptive rules, most funds' boards have a majority of directors who are independent of the fund's investment adviser or principal underwriter. In addition to purchasing shares directly from some mutual funds (``direct-sold funds''), investors may purchase mutual fund shares through a variety of distribution channels including broker-dealers (including sponsors of fund ``supermarkets'' where investors can purchase shares of several different mutual funds), insurance agents, financial planners, and banks. These alternative distribution channels usually maintain omnibus accounts with the mutual funds that they distribute. In these cases, the funds and their transfer agents do not know the identities of the individual investors. Only the distributor (e.g., a broker-dealer) will have contact with the individual investors, will receive and process individual investment and redemption requests, and will have access to individuals' trading activity. Because mutual funds do not usually receive from or disburse to shareholders significant amounts of currency, they are not as likely as banks to be used during the initial placement stage of the money laundering process. However, some structuring schemes used in the placement stage involve monetary instruments such as money orders, and money launderers could attempt to use mutual funds that accept these forms of payment. Money launderers would more likely attempt to use mutual fund accounts in the layering and integration stages of money laundering, rather than the placement stage. ``Layering'' involves the distancing of illegal proceeds from their criminal source through the creation of complex layers of financial transactions. Money launderers could use mutual fund accounts to layer their funds by, for example, sending and receiving money and wiring it quickly through several accounts and multiple institutions, or by redeeming fund shares purchased with illegal proceeds and then reinvesting the proceeds received in another fund. Layering could also involve purchasing funds in the name of a fictitious corporation or an entity designed to conceal the true owner. Mutual funds could also be used for integrating illicit income into legitimate assets. ``Integration'' occurs when illegal proceeds appear to have been derived from a legitimate source. For example, if an individual were to redeem fund shares that were purchased with illegal proceeds and direct that the proceeds be wired to a bank account in the person's own name, the transfer would appear legitimate to the receiving bank. A recent survey conducted by the General Accounting Office of 310 direct-sold fund groups found that approximately 40 percent of those groups currently have some type of voluntary measures designed to prevent money laundering.\9\ However, those measures rarely go beyond restrictions on accepting currency, and thus do not address possible use by money launderers during the layering and integration phases.\10\ In light of this vulnerability, and after consultation with the Commission, Treasury has determined not to exercise its authority to exempt temporarily mutual funds from the section 352 requirement to implement anti-money laundering programs. Accordingly, the interim rule sets forth the minimum requirements applicable to such programs. --------------------------------------------------------------------------- \9\ Before passage of the Act, the Investment Company Institute, a national association of the investment company industry, recommended procedures for funds to adopt to avoid being used by money launderers. See Money Laundering Compliance for Mutual Funds, Investment Company Institute, May 1999. \10\ Report to the Chairman, Permanent Subcommittee on Investigations, Committee on Governmental Affairs, U.S. Senate, Anti-Money Laundering Efforts in the Securities Industry, GAO-02- 111, October 2001. --------------------------------------------------------------------------- II. The Anti-Money Laundering Program The interim final rule requires that, by July 24, 2002, mutual funds develop and implement an anti-money laundering program reasonably designed to prevent them from being used to launder money or finance terrorist activities, which includes achieving and monitoring [[Page 21119]] compliance with the applicable requirements of the BSA and Treasury's implementing regulations. The legislative history of the Act explains that the requirement to have an anti-money laundering program is not a one-size-fits-all requirement. The general nature of the requirement reflects Congress' intent that each financial institution should have the flexibility to tailor its program to fit its business, taking into account factors such as size, location, activities, and risks or vulnerabilities to money laundering. This flexibility is designed to ensure that all firms subject to the statute, from the largest to the very small firms, have in place policies and procedures appropriate to monitor for anti-money laundering compliance.\11\ --------------------------------------------------------------------------- \11\ See USA PATRIOT Act of 2001: Consideration of H.R. 3162 Before the Senate (October 25, 2001) (statement of Sen. Sarbanes); Financial Anti-Terrorism Act of 2001: Consideration Under Suspension of Rules of H.R. 3004 Before the House of Representatives (October 17, 2001)(statement of Rep. Kelly)(provisions of the Financial Anti- Terrorism Act of 2001 were incorporated as Title III in the Act). --------------------------------------------------------------------------- In order to assure that this requirement receives the highest level of attention throughout the industry, the proposed rule requires that each company's program be approved in writing by its board of directors or trustees.\12\ The four required elements of the anti-money laundering program are discussed below. --------------------------------------------------------------------------- \12\ The board's approval could be given at its first regularly scheduled meeting after the program is adopted. --------------------------------------------------------------------------- (1) Establish and Implement Policies, Procedures, and Internal Controls Reasonably Designed To Prevent the Mutual Fund From Being Used To Launder Money or Finance Terrorist Activities, Including But Not Limited to Achieving Compliance With the Applicable Provisions of the Bank Secrecy Act and the Implementing Regulations Thereunder Written policies and procedures, which form the basis of any compliance program, should set forth clearly the details of the program, including the responsibilities of the individuals and departments involved. Because mutual funds operate through a variety of different business models, one generic anti-money laundering program for this industry is not possible; rather, each mutual fund must develop a program based upon its own business structure. This requires that each mutual fund complex identify its vulnerabilities to money laundering and terrorist financing activity, understand the BSA requirements applicable to it, identify the risk factors relating to these requirements, design the procedures and controls that will be required to reasonably assure compliance with these requirements, and periodically assess the effectiveness of the procedures and controls. Policies, procedures, and internal controls should be reasonably designed to detect activities indicative of money laundering. Transactions that could indicate potential money laundering include the use of fraudulent checks and unusual wire activity. For example, an investment in a fund by check or checks drawn on the account of a third party or parties, or by one or more wire transfers from an account of a third party or parties, in each case unrelated to the investor, could be indicative of attempted money laundering. Other examples of ``red flags'' that may indicate potential illegal activity include frequent wire transfer activity to and from a cash reserve account, coming from or sent to the same bank; large deposits with relatively small fund investments; frequent purchases of fund shares followed by large redemptions, particularly if the resulting proceeds are wired to unrelated third parties or bank accounts in foreign countries; and transfers to accounts in countries where drugs are known to be produced or other high-risk countries.\13\ --------------------------------------------------------------------------- \13\ 18 U.S.C. 1956 and 1957 make it a crime for any person, including an individual or company, to engage knowingly in a financial transaction with the proceeds from any of a long list of crimes or ``specific unlawful activity.'' Although the standard of knowledge required is ``actual knowledge,'' actual knowledge includes ``willful blindness.'' Thus, a person could be deemed to have knowledge that proceeds were derived from illegal activity if he or she ignored ``red flags'' that indicated illegality. --------------------------------------------------------------------------- Policies, procedures, and internal controls should also be reasonably designed to assure compliance with BSA requirements. The only BSA regulatory requirement currently applicable to mutual funds is the obligation to report on Form 8300 the receipt of cash or certain noncash instruments totaling more than $10,000 in one transaction or two or more related transactions.\14\ In order to develop a compliant anti-money laundering program, the program should be reasonably designed to detect and report not only transactions required to be reported on Form 8300, but also to detect activity designed to evade such requirements. Such activity, commonly known as ``structuring,'' may involve the purchase of more than $10,000 in fund shares with multiple money orders, travelers' checks, or cashiers' checks or other bank checks, each with a face amount of less than $10,000. Such methods of payment may be indicative of money laundering, particularly when the payment instruments were obtained from different sources or the payments were made at different times on the same day or on consecutive days or close in time. --------------------------------------------------------------------------- \14\ See 31 CFR 103.30. If a mutual fund complex includes a registered broker-dealer (as principal underwriter) or a bank (as transfer agent), then those financial institutions would also be subject to separate BSA requirements. --------------------------------------------------------------------------- We also note that mutual funds will be required to comply with BSA requirements regarding accountholder identification and verification pursuant to section 326 of the Act, as set forth in joint Treasury/ Commission regulations required to be issued by October 26, 2002, and are likely to become subject to additional BSA requirements, including filing suspicious activity reports. As mutual funds become subject to additional requirements, their compliance programs will obviously have to be updated to include appropriate policies, procedures, training, and testing functions. Because mutual funds typically conduct their operations through separate entities, which may or may not be affiliated, some elements of the compliance program will best be performed by personnel of these separate entities. It is permissible for a mutual fund to contractually delegate the implementation and operation of its anti-money laundering program to another affiliated or unaffiliated service provider, such as a transfer agent. Any mutual fund delegating responsibility for aspects of its anti-money laundering program to a third party must obtain written consent from the third party ensuring the ability of federal examiners to obtain information and records relating to the anti-money laundering program and to inspect the third party for purposes of the program. However, the mutual fund remains responsible for assuring compliance with this regulation. That means that it must take reasonable steps to identify the aspects of its operations that may give rise to BSA regulatory requirements or are vulnerable to money laundering or terrorist financing activity, develop and implement a program reasonably designed to achieve compliance with such regulatory requirements and prevent such activity, monitor the operation of its program and assess its effectiveness. For example, it would not be sufficient to simply obtain a certification from its delegate that it ``has a satisfactory anti-money laundering program.'' With respect to omnibus accounts, a mutual fund's anti-money laundering program could have a more limited scope. Typically, a fund has little or no [[Page 21120]] information about the identities and transaction activities of the individual customers represented in an omnibus account. For example, when fund shares are sold through a broker-dealer, the broker-dealer has all of the relevant information about the customer. When that customer places an order for fund shares with her broker-dealer, her individual order is combined with all other purchase or redemption orders to the fund (or its transfer agent). That net order is then processed in the omnibus account. This rule does not require that a mutual fund obtain any additional information regarding individual transactions that are processed through another entity's omnibus account. Consequently, given Treasury's risk-based approach to anti- money laundering programs for financial institutions generally, including mutual funds, it is not expected that mutual funds will scrutinize activity in omnibus accounts to the same extent as individual accounts. Nevertheless, mutual funds would need to analyze the money laundering risks posed by particular omnibus accounts based upon a risk-based evaluation of relevant factors regarding the entity holding the omnibus account, including such factors as the type of entity, its location, type of regulation, and of course, the viability of its anti-money laundering program. (2) Provide for Independent Testing for Compliance To Be Conducted by Company Personnel or by a Qualified Outside Party It is necessary that a mutual fund conduct periodic testing of its program, in order to assure that the program is indeed functioning as designed. Such testing should be accomplished by personnel knowledgeable regarding BSA requirements. Such testing may be accomplished either by employees of the fund, its affiliates, or unaffiliated service providers so long as those same employees are not involved in the operation or oversight of the program. The frequency of such a review would depend upon factors such as the size and complexity of the mutual fund complex and the extent to which its business model may be more subject to money laundering than other institutions. A written assessment or report should be a part of the review, and any recommendations resulting from such review should, of course, be promptly implemented or submitted to the board for consideration. (3) Designate a Person or Persons Responsible for Implementing and Monitoring the Operations and Internal Controls of the Program The mutual fund must charge an individual (or committee) with the responsibility for overseeing the anti-money laundering program. The person (or group of persons) should be competent and knowledgeable regarding BSA requirements and money laundering issues and risks, and empowered with full responsibility and authority to develop and enforce appropriate policies and procedures throughout the fund complex. Whether the compliance officer is dedicated full time to BSA compliance would depend upon the size and complexity of the fund complex. Although in many cases the implementation and operation of the compliance program will be conducted by entities (and their employees) other than the mutual fund, the person responsible for the supervision of the overall program should be a fund officer. (4) Provide Ongoing Training for Appropriate Persons Employee training is an integral part of any anti-money laundering program. Employees of the fund (and of its affiliated and third-party service providers) must be trained in BSA requirements relevant to their functions and in recognizing possible signs of money laundering that could arise in the course of their duties, so that they can carry out their responsibilities effectively. Such training could be conducted by outside or in-house seminars, and could include computer- based training. The level, frequency, and focus of the training would be determined by the responsibilities of the employees and the extent to which their functions bring them in contact with BSA requirements or possible money laundering activity. Consequently, the training program should provide both a general awareness of overall BSA requirements and money laundering issues, as well as more job-specific guidance regarding particular employees' roles and functions in the anti-money laundering program.\15\ For those employees whose duties bring them in contact with BSA requirements or possible money laundering activity, the requisite training should occur when the employee assumes those duties. Moreover, these employees should receive periodic updates and refreshers regarding the anti-money laundering program. --------------------------------------------------------------------------- \15\ Appropriate topics for an anti-money laundering program include, but are not limited to: BSA requirements, a description of money laundering, how money laundering is carried out, what types of activities and transactions should raise concerns, what steps should be followed when suspicions arise, and OFAC and other government lists. --------------------------------------------------------------------------- Finally, in addition to complying with the requirements of this interim regulation, mutual funds are encouraged to adopt procedures for voluntarily filing Suspicious Activity Reports with FinCEN and for reporting suspected terrorist activities to FinCEN using its Financial Institutions Hotline (1-866-566-3974). As an administrative matter, this rulemaking includes an amendment to the delegation of examination authority by FinCEN to the Commission, to enable the Commission to examine mutual funds for compliance with this regulation. III. Implementation Date Pursuant to section 103.130(b), a mutual fund is required to comply with the anti-money laundering program requirements of 31 CFR 103.130 by July 24, 2002. IV. Administrative Procedure Act The provisions of 31 U.S.C. 5318(h)(1), requiring all financial institutions to establish anti-money laundering programs with at least four identified elements, become effective April 24, 2002. This interim rule provides guidance to mutual funds on how to comply with the law in effect on that date and does not impose any obligation on any financial institution that is not required by section 352 of the Act. Accordingly, good cause is found to dispense with notice and public procedure as unnecessary pursuant to 5 U.S.C. 553(b)(B), and to make the provisions of the interim rule effective in less than 30 days pursuant to 5 U.S.C. 553(d)(1) and (3). V. Regulatory Flexibility Act Because no notice of proposed rulemaking is required for this interim final rule, the provisions of the Regulatory Flexibility Act (5 U.S.C. 601 et seq.) do not apply. VI. Executive Order 12866 This interim final rule is not a ``significant regulatory action'' as defined in Executive Order 12866. Accordingly, a regulatory assessment is not required. VII. Paperwork Reduction Act This regulation is being issued without prior notice and public procedure pursuant to the Administrative Procedure Act (5 U.S.C. 553). For this reason, the collection of [[Page 21121]] information contained in this interim final rule has been reviewed under the requirements of the Paperwork Reduction Act (44 U.S.C. 3507(j)) and, pending receipt and evaluation of public comments, approved by the Office of Management and Budget (OMB) under control number 1506-0020. An agency may not conduct or sponsor, and a person is not required to respond to, a collection of information unless it displays a valid control number assigned by OMB. Comments concerning the collection of information should be sent to the Office of Management and Budget, Attn: Alexander T. Hunt, Office of Information and Regulatory Affairs, Office of Management and Budget, New Executive Office Building, Room 3208, Washington, DC 20503, with copies to FinCEN at Department of the Treasury, Financial Crimes Enforcement Network, Post Office Box 39, Vienna, Virginia, 22183. FinCEN specifically invites comments on the following subjects: (a) Whether the collection of information is necessary for the proper performance of the mission of FinCEN, including whether the information shall have practical utility; (b) the accuracy of FinCEN's estimate of the burden of the collection of information; (c) ways to enhance the quality, utility, and clarity of the information to be collected; (d) ways to minimize the burden of the collection of information on respondents, including through the use of automated collection techniques or other forms of information technology; and (e) estimates of capital or start-up costs and costs of operation, maintenance, and purchase of services to provide information. The collection of information in this interim final rule is in 31 CFR 103.130(b). The information will be used by federal agencies to verify compliance by mutual funds with the provisions of 31 CFR 103.130. The collection of information is mandatory. The likely recordkeepers are businesses. In accordance with the requirements of the Paperwork Reduction Act of 1995, 44 U.S.C. 3506(c)(2)(A), and its implementing regulations, 5 CFR 1320, the following information concerning the collection of information as required by 31 CFR 103.130(a) is presented to assist those persons wishing to comment on the information collection. Description of Recordkeepers: Mutual funds, as defined in 31 CFR 103.130(a). Estimated Number of Recordkeepers: 3,000. Estimated Average Annual Burden Hours Per Recordkeeper: The estimated average burden associated with the collection of information in this interim final rule is 1 hour per recordkeeper. Estimated Total Annual Recordkeeping Burden: 3,000 hours. List of Subjects in 31 CFR Part 103 Banks, banking, Brokers, Counter money laundering, Counter- terrorism, Currency, Foreign banking, Reporting and recordkeeping requirements. PART 103--FINANCIAL RECORDKEEPING AND REPORTING OF CURRENCY AND FOREIGN TRANSACTIONS 1. The authority citation for part 103 continues to read as follows: Authority: 12 U.S.C. 1829b and 1951-1959; 31 U.S.C. 5311-5331; title III, secs. 314, 352, Pub. L. 107-56, 115 Stat. 307. 2. In Subpart E, revise Sec. 103.56(b)(6) to read as follows: Sec. 103.56 Enforcement. * * * * * (b) * * * (6) To the Securities and Exchange Commission with respect to brokers and dealers in securities and investment companies as that term is defined in the Investment Company Act of 1940 (15 U.S.C. 80-1 et seq.); * * * * * 3. In subpart I, add new Sec. 103.130 to read as follows: Sec. 103.130 Anti-money laundering programs for mutual funds. (a) For purposes of this section, ``mutual fund'' means an open-end company as defined in section 5(a)(1) of the Investment Company act of 1940 (15 U.S.C. 80a-5(a)(1)). (b) Effective July 24, 2002, each mutual fund shall develop and implement a written anti-money laundering program reasonably designed to prevent the mutual fund from being used for money laundering or the financing of terrorist activities and to achieve and monitor compliance with the applicable requirements of the Bank Secrecy Act (31 U.S.C. 5311, et seq.), and the implementing regulations promulgated thereunder by the Department of the Treasury. Each mutual fund's anti-money laundering program must be approved in writing by its board of directors or trustees. A mutual fund shall make its anti-money laundering program available for inspection by the Commission. (c) The anti-money laundering program shall at a minimum: (1) Establish and implement policies, procedures, and internal controls reasonably designed to prevent the mutual fund from being used for money laundering or the financing of terrorist activities and to achieve compliance with the applicable provisions of the Bank Secrecy Act and the implementing regulations thereunder; (2) Provide for independent testing for compliance to be conducted by the mutual fund's personnel or by a qualified outside party; (3) Designate a person or persons responsible for implementing and monitoring the operations and internal controls of the program; and (4) Provide ongoing training for appropriate persons. Dated: April 23, 2002. James F. Sloan, Director, Financial Crimes Enforcement Network. [FR Doc. 02-10454 Filed 4-24-02; 4:09 pm] BILLING CODE 4810-02-P --------------------------------------------------------------------- [Federal Register: April 29, 2002 (Volume 67, Number 82)] [Rules and Regulations] [Page 21121-21127] From the Federal Register Online via GPO Access [wais.access.gpo.gov] [DOCID:fr29ap02-21] ----------------------------------------------------------------------- DEPARTMENT OF THE TREASURY 31 CFR Part 103 RIN 1506-AA28 Financial Crimes Enforcement Network; Anti-Money Laundering Programs for Operators of a Credit Card System AGENCY: Financial Crimes Enforcement Network (FinCEN), Treasury. ACTION: Interim final rule. ----------------------------------------------------------------------- SUMMARY: FinCEN is issuing this interim final rule to define and provide guidance to operators of credit card systems concerning the revised provision in the Bank Secrecy Act that requires them to establish anti-money laundering programs. DATES: This interim final rule is effective April 24, 2002. Written comments may be submitted to FinCEN on or before May 29, 2002. ADDRESSES: Submit comments (preferably an original and four copies) to FinCEN, P.O. Box 39, Vienna, VA 22183, Attn: Section 352 CC Regulations. Comments may also be submitted by electronic mail to regcomments@fincen.treas.gov with the caption in the body of the text, Attention: Section 352 CC Regulations.'' Comments may be inspected at FinCEN between 10 a.m. and 4 p.m. in the FinCEN Reading Room in Washington, DC. Persons wishing to inspect the comments submitted must request an appointment by telephoning (202) 354-6400 (not a toll-free number). FOR FURTHER INFORMATION CONTACT: Office of the Chief Counsel (FinCEN), (703) 905-3590; Office of the Assistant General Counsel for Enforcement [[Page 21122]] (Treasury), (202) 622-1927; or the Office of the Assistant General Counsel for Banking & Finance (Treasury), (202) 622-0480 (not toll-free numbers). SUPPLEMENTARY INFORMATION: I. Background On October 26, 2001, the President signed into law the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act of 2001 (Public Law 107-56) (the Act). Title III of the Act makes a number of amendments to the anti-money laundering provisions of the Bank Secrecy Act (BSA), which are codified in subchapter II of chapter 53 of title 31, United States Code. These amendments are intended to make it easier to prevent, detect, and prosecute international money laundering and the financing of terrorism. Section 352(a) of the Act, which becomes effective on April 24, 2002, amended section 5318(h) of the BSA. As amended, section 5318(h)(1) requires every financial institution to establish an anti-money laundering program that includes, at a minimum, (i) the development of internal policies, procedures, and controls; (ii) the designation of a compliance officer; (iii) an ongoing employee training program; and (iv) an independent audit function to test programs. As operators of credit card systems are identified as financial institutions under the BSA, 31 U.S.C. 5312(a)(2)(L), they are subject to the anti-money laundering program requirement. This rule is intended to define an ``operator of a credit card system,'' and to provide guidance to them in complying with the law, tailored to the industry. A. Credit Card Systems Credit cards represent the right to purchase goods and services, or in some cases the right to obtain a cash advance, against a line of credit offered by the issuer of the credit card. The Truth in Lending Act defines a credit card as a ``card, plate, coupon book or other credit device existing for the purpose of obtaining money, property, labor, or services on credit.'' \1\ 15 U.S.C. 1602(k). This interim final rule adopts this definition. Also included within this definition is a charge card, that is, a credit card for which the cardholder must pay the monthly balance in full.\2\ --------------------------------------------------------------------------- \1\ ``Credit'' is defined as ``the right granted by a creditor to a debtor to defer payment of a debt or to incur debt and defer its payment.'' 15 U.S.C. 1602(e). \2\ Regulations implementing the Truth in Lending Act define a charge card as ``a credit card on an account for which no periodic rate is used to compute a finance charge.'' 12 CFR 226.2(15). This interim final rule likewise adopts this definition. --------------------------------------------------------------------------- The use to which a credit card may be put depends upon the entity issuing or accepting the card.\3\ In the case of general purpose credit cards, such as those issued by members of the VISA or MasterCard system, the cards are accepted by a variety of merchants worldwide. In the United States, most such cards are issued by banks \4\ authorized by the operator of the credit card system to use the particular name and access the associated clearance and settlement system. Such entities are called ``issuing institutions.'' On the other side of the transaction, in order for a particular merchant to accept the credit card, it must have a relationship with a bank or entity that is itself authorized to sign up merchants to accept the credit card for purchases and process such credit card transactions. Entities authorized to accept credit card purchases from merchants are called ``acquiring institutions'' or ``merchant institutions.'' In all cases, the operator of the credit card system determines which entities may serve as issuing and acquiring institutions (member institutions) and prescribes rules that member institutions must follow. --------------------------------------------------------------------------- \3\ In its 1997 report entitled, ``Payments, Clearance, and Settlement: A Guide to the Systems, Risks and Issues,'' the General Accounting Office described the use of credit cards generally, as well as the role of operators of a credit card system in the clearance and settlement of transactions. See GAO/GGD-97-73 at 108- 15 (June 1997) (``the 1997 GAO Report''). \4\ For purposes of this preamble, the term ``bank'' refers to insured depository institutions, including federally and state chartered banks, thrifts, and credit unions. --------------------------------------------------------------------------- Other credit cards used in the United States are issued by a particular merchant or vendor and may only be used in connection with purchases made from that merchant or vendor. Examples include department store and oil company credit cards, as well as charge cards issued by individual merchants. Often such cards are issued by a bank on behalf of a particular merchant, but in some cases the merchant itself may issue the card. Merchants, vendors, or banks whose issuance of credit cards is restricted to such circumstances do not fall within the definition of an operator of a credit card system as set forth in this interim final rule.\5\ However, if an entity otherwise falls within the definition of an operator of a credit card system under this interim final rule, the fact that the operator may also issue credit cards with particular merchants, or may itself serve as the issuing or acquiring institution, does not remove it from the scope of this interim final rule. --------------------------------------------------------------------------- \5\ Banks issuing merchant or vendor cards are already subject to anti-money laundering regulation enforced by the bank regulators. --------------------------------------------------------------------------- The purpose for distinguishing between general purpose credit cards and merchant cards lies first in the fact that the definition in the BSA refers to ``an operator of a credit card system'' as a financial institution. We do not view the issuance of a merchant or vendor card as the operation of a credit card system, which is more naturally interpreted to refer to the organizer of a membership or other interrelated group. Second, as discussed more fully below, the significant money laundering or terrorist financing risk associated with the operation of a credit card system sought to be minimized by this interim final rule is the operator's authorization or licensing of issuing or acquiring institutions without conducting appropriate due diligence relating to the money laundering or terrorist financing risk posed by those institutions. A merchant or a vendor that issues its own card does not present that particular risk because it does not perform that function.\6\ --------------------------------------------------------------------------- \6\ This interim final rule neither considers nor addresses the money laundering or terrorist financing risks associated with issuing institutions. However, this should not be construed to suggest no such risks exist. --------------------------------------------------------------------------- With general purpose credit cards, the operator of a credit card system plays a vital role in the authorization, clearance, and settlement of credit card purchases. This role is important to understanding both how the operator of the credit card system can assist in preventing money laundering or terrorist financing, as well as the practical limitations placed on the operator in this regard. Authorization is the process by which the issuer of the credit card approves or rejects a purchase at the time the cardholder seeks to access the line of credit associated with the card. Typically, the merchant swipes the credit card through a terminal that electronically captures the relevant data.\7\ Once the merchant keys in the amount of the purchase, that information is transmitted electronically through the operator's system to the issuing bank for approval. If appropriate, the purchase is approved. Once approved, the transaction with the consumer is consummated. --------------------------------------------------------------------------- \7\ ``Electronic Data Capture (EDC) is a point-of-sale terminal that reads the information embedded in the magnetic strip of bank cards. These terminals electronically authorize and capture transaction data, thus eliminating the need for a paper deposit.'' The 1997 GAO Report at 108. --------------------------------------------------------------------------- The next step is the clearance process. The merchant submits the credit card payment information to its merchant bank for payment. The merchant bank credits the merchant's account, and [[Page 21123]] submits the purchase information to the operator of the credit card system. The operator then sends the purchase information to the issuing bank for payment. The final step is the settlement process. The issuing bank transmits the funds owed by virtue of the purchase to the operator of the credit card system. The operator then transmits the funds to the merchant bank in settlement of the debt. In the settlement process, funds are transmitted through traditional payment systems. The issuing bank then bills the cardholder for the transaction in accordance with the credit agreement. Thus, the operator of the credit card system not only controls which entities may issue or process transactions involving its card, but it also serves as a clearinghouse where debts are settled and from which payments are made and received. This is the functional definition of an operator of a credit card system. The reality is that there are few operators of credit card systems in the United States, certainly in contrast to the number of issuing and acquiring banks. In addition, a debit card may at times also be used as a credit card. A debit card generally accesses an existing deposit account at an insured depository institution from which funds are withdrawn upon use of the debit card. Debit cards generally require the use of a personal identification number at the point of sale. Some debit cards can also function as a credit card and some credit card system operators also authorize, clear, and settle debit card transactions. Often such dual use cards are marked with a logo or insignia of the operator of the credit card system. The interim final rule applies to both functions of a dual use card.\8\ --------------------------------------------------------------------------- \8\ While this interim final rule applies to the debit card functions performed by an operator of a credit card system accepting dual use cards, the rule does not apply generally to operators of a debit card system. Treasury intends to consider whether operators of debit card systems should likewise be included as financial institutions under the BSA and thus be subject to the anti-money laundering program requirement. --------------------------------------------------------------------------- B. The Authorization of Acquiring and Issuing Banks The success of a general purpose credit card depends upon its availability to consumers and the extent to which it is widely accepted by merchants and vendors. The operator of the system is directly responsible for selecting and approving issuing and acquiring institutions to become a part of the system, and setting the rules by which they must abide. In addition, in its role of ensuring that the member institutions continue to abide by the membership rules, the operator of the system indirectly plays a role in selecting and approving other users in the system, including cardholders and merchants. These functions--determining which institutions may serve as issuing or acquiring institutions, and setting and ensuring ongoing compliance with the system's rules and regulations--play a crucial role in determining the extent to which a credit card system may be vulnerable to money laundering or terrorist financing. It appears that during the authorization, clearance, and settlement process, cardholder and individual merchant names may not be transmitted through the operator's credit card system.\9\ Comprehensive cardholder information is maintained by the issuing institutions. Similarly, information about the merchants that accept the card is maintained by the acquiring institutions. Thus, many important anti- money laundering functions of necessity reside with the issuing and acquiring institutions, and, in the United States, existing anti-money laundering regulations typically govern these institutions. However, the initial and continuing authorization of institutions to issue a credit card and process credit card transactions is within the sole control of the operator of the credit card system. --------------------------------------------------------------------------- \9\ Operators may well have complete information regarding cardholders and merchants during the authorization and settlement process, e.g., if the operator also serves as an issuer. --------------------------------------------------------------------------- C. Existing Anti-Fraud Functions Performed by the Operator of a Credit Card System Incentives exist for the operator of a credit card system to minimize financial losses caused by fraud in connection with the use of its credit card. According to the industry, those incentives encourage operators to scrutinize institutions seeking authorization to become issuers or acquirers to ensure that member institutions themselves do not pose an unreasonable risk of loss, whether through participation in fraud or through their issuing or acquiring functions. This interim final rule seeks to take advantage of those existing practices by increasing the scope of the due diligence conducted by the operator to include the potential for money laundering or terrorist financing. Operators of credit card systems support the efforts of issuing and acquiring institutions in the detection of fraudulent uses of their credit cards. Some of the methods for identifying irregular and possibly fraudulent transactions are quite sophisticated. For example, operators and some issuers use computers to flag potentially fraudulent uses of credit cards as the purchases are authorized, cleared, and settled by comparing recent purchases with the cardholder's purchase history as well as known typologies of fraudulent uses. At this time, Treasury does not necessarily intend to require operators of credit card systems, as part of their anti-money laundering program, to use this type of fraud detection capabilities to detect potential money laundering or terrorist financing. The reason is practical--it is not clear that potential money laundering or terrorist financing can be easily identified with the current technology that evaluates transactions passing through the operator's system. However, Treasury hopes to work with operators of credit card systems going forward to develop, where possible, typologies of money laundering or terrorist financing that may be capable of being identified through existing fraud detection mechanisms.\10\ --------------------------------------------------------------------------- \10\ FinCEN, in conjunction with the Bank Secrecy Act Advisory Group, publishes an annual SAR Activity Review that discusses typologies revealed in SAR filings. --------------------------------------------------------------------------- D. Money Laundering and Terrorist Financing Risks Associated with Credit Cards from the Perspective of the Operator of a Credit Card System Once in the hands of a consumer, a general purpose credit card is designed to facilitate the purchase of goods or services or the securing of cash advances worldwide with minimal delay. But the very attributes that make credit cards attractive to legitimate consumers are the attributes that make them susceptible to potential abuse. The myriad ways in which credit cards may be abused for money laundering or terrorist financing are beyond the scope of this preamble.\11\ Instead, the primary focus of this interim final rule is on the risks--and the need to minimize them--associated with the operator authorizing, and maintaining authorization for, issuing and acquiring institutions. --------------------------------------------------------------------------- \11\ The GAO is currently drafting a report that will analyze money laundering in the credit card industry. --------------------------------------------------------------------------- Absent effective anti-money laundering controls in issuing and acquiring institutions, the use of a credit card may provide a convenient way for money launderers or those financing terrorism to access their tainted funds all over the world. For example, if a foreign bank lacking adequate anti-money laundering controls is authorized [[Page 21124]] to issue a credit card capable of being used in the United States, there exists an increased risk that illicit funds located in the foreign bank may be accessed--and those funds injected into the U.S. financial system--by account holders using the credit card in the United States to make purchases, obtain cash advances, or, if it is a dual use card, use the card as a debit card. The problem is exacerbated by the fact that the operator of the credit card system that clears and settles transactions might not have information about the identity of the cardholder or the source of funds used to pay the debts at the time the transactions are processed. Under the Act, and even prior to the Act, numerous restrictions and heightened due diligence requirements were placed on U.S. banks and securities brokers and dealers maintaining accounts for certain types of foreign banks and foreign banks located in jurisdictions identified as lacking adequate anti-money laundering controls and supervision. In this way, the Act seeks to eliminate or minimize known risks to the U.S. financial system, even requiring the termination of accounts for certain financial institutions when the risk is deemed too high. Examples of known risks identified by the Act include maintaining ``correspondent accounts'' for: (1) Foreign banks located in jurisdictions identified as lacking basic anti-money laundering controls; (2) foreign shell banks, that is, banks with no physical presence in any jurisdiction; and (3) foreign banks operating under an offshore banking license.\12\ --------------------------------------------------------------------------- \12\ See Act sections 312 and 313; see also Minority Staff of the Senate Permanent Subcommittee on Investigations, 107th Cong., Correspondent Banking: A Gateway for Money Laundering, 14-18 (S. Prt. 2001). Congress defined a ``correspondent account'' broadly in the Act to include any ``account established to receive deposits from, make payments on behalf of a foreign financial institution, or handle other financial transactions related to such institution.'' Act section 311 (31 U.S.C. 5318A(e)(1)(B)). Treasury is now considering comments received on a previous proposed rule in which the statutory definition was adopted without limitation. See 66 FR 67460 (Dec. 28, 2001) (implementing sections 313 and 319(b) of the Act). --------------------------------------------------------------------------- Despite the risks associated with these identified foreign financial institutions, the prohibitions or enhanced due diligence obligations have not been applied directly to operators of credit card systems that may well authorize foreign financial institutions to issue their credit cards and access their systems. But if such foreign banks were authorized to issue credit cards capable of being used in the United States, customers of such banks would have the opportunity to inject illicit funds into the U.S. financial system. Recent examples confirm the potential for utilizing a credit card system to access in the United States funds located in a foreign financial institutions. The Internal Revenue Service has successfully sought permission to serve ``John Doe'' subpoenas on MasterCard International, American Express Travel Related Services Co., and VISA International seeking records relating to U.S. citizens with credit, charge, and debit cards issued by banks or other financial institutions located in identified tax havens. According to the IRS, U.S. citizens are using credit, charge, and debit cards to access in the United States funds placed in these foreign banks and financial institutions to avoid U.S. taxes. The tax haven jurisdictions do not disclose account information to the United States for purposes of enforcing U.S. tax laws. If credit cards can be used to access funds located in tax havens to avoid U.S. income tax obligations, credit cards have the potential to be used to access illicit funds located in money laundering havens if banks in those jurisdictions are given permission by the operator of the credit card system to issue the credit cards. The same principle holds true for illicit funds deposited in U.S. financial institutions that issue credit cards. To the extent the issuing institution lacks sufficient anti-money laundering controls, issuance of a credit card would allow easy and seemingly ``clean'' access to tainted funds. E. The Anti-Money Laundering Program As the foregoing discussion demonstrates, the anti-money laundering program required by this interim final rule is designed primarily to ensure that operators of credit card systems conduct sufficient due diligence on those banks or other entities that they authorize to be issuing or acquiring institutions. Such due diligence should be performed prior to accepting the institution into the system, and on an on-going basis with a frequency that is commensurate with the risk posed by the particular institution. The anti-money laundering program must also have procedures to minimize the opportunity for money laundering or terrorist financing when identified high-risk institutions are issuing or acquiring institutions. In fulfilling obligations under the interim final rule, it is expected that operators will tailor existing rules and guidelines governing member institutions to minimize the risk of money laundering or terrorist financing. Finally, the program should be risk-based, meaning that resources should be devoted to those areas that pose the greatest risk of money laundering or terrorist financing. This interim final rule is meant to provide guidance to operators on identified risks. The focus of the rule is on what operators can and do control, and it may be that most are already taking the steps outlined in this rule. The interim final rule is not intended to place the operator of a credit card system in the role of guaranteeing that no issuing or acquiring institutions permit money laundering or terrorist financing through the use of the operator's credit card. To the contrary, while the operator of the credit card system will play an important role in minimizing the risk of abuse by controlling access to the system, perhaps even denying access to institutions posing an unreasonable risk of money laundering or terrorist financing, the operator should not be placed in the role of regulating issuing or acquiring institutions. Finally, in addition to compliance with mandatory regulatory requirements, Treasury and FinCEN encourage operators of credit card systems to have procedures for voluntarily reporting suspected terrorist activity to FinCEN using its Financial Institutions Hotline (1-866-556-3974). II. Section-by-Section Analysis A. Section 103.135(a)--Definitions The definition of an operator of a credit card system is a functional one. It includes any entity that (1) operates a system that clears and settles transactions involving its credit card; and (2) authorizes another entity to serve as an issuing or acquiring institution for the operator's credit card. The credit card must be capable of being used in the United States. An operator may be a bank, a consortium or association of banks, or any other entity performing the functions described. All operators of credit card systems doing business in the United States are covered by the interim final rule. Issuing and acquiring institutions within such systems need not be located in the United States and may be foreign entities. An issuing institution is any entity authorized by the operator to issue the operator's credit card. An acquiring institution is any entity authorized by the operator to contract with merchants to process transactions involving the operator's credit card. The interim final rule adopts the definition of a credit card found in the Truth in Lending Act, a definition that includes charge cards. Finally, debit cards [[Page 21125]] capable of being used as a credit card are covered by this interim final rule. B. Section 103.135(b) and (c)--The Required Anti-Money Laundering Program Section 103.135(b) requires that each operator of a credit card system have an anti-money laundering program reasonably designed to prevent the system from being used to launder money or to finance terrorist activities. The program must be in writing and approved by senior management. The minimum requirements for the anti-money laundering program are set forth in section 103.135(c). Beyond these minimum requirements, however, the anti-money laundering program is designed to give operators of a credit card system flexibility to design their programs to meet the specific risks presented. The steps necessary to guard against an institution, foreign or domestic, issuing or processing transactions involving the credit card in connection with money laundering when the institution does not fall within a high risk category may be minimal if the institution and its anti-money laundering controls are well known to the operator. The fact that a member institution is a foreign bank or entity is not itself determinative of the risk posed. The minimum standards for the anti-money laundering program set forth in this interim final rule become effective July 24, 2002. 1. Section 103.135(c)(1)--Policies, Procedures and Internal Controls Section 103.135(c)(1) requires the operator's anti-money laundering program to include policies, procedures and internal controls focused on the process of authorizing and maintaining authorization for issuing and acquiring institutions. This provision will thus involve the operator tailoring existing anti-fraud and risk of loss assessment procedures to ensure that money laundering and terrorist financing risks are taken into account. It will further involve the operator adapting existing licensing or membership agreements to ensure that member banks and entities fulfill their obligations to assist the operator in guarding against money laundering and terrorist financing. Finally, the interim final rule makes clear that this obligation is ongoing. The frequency with which banks or entities are reviewed to ensure compliance with required procedures will depend upon the operator's assessment of the risk posed by the particular bank or entity. It is anticipated that the type of information to be considered by the operator in evaluating the risks of money laundering or terrorist financing posed by an issuing or acquiring institution will include many of the same factors that bear on whether the institution represents a risk of fraud or insolvency. In addition, the operator must consider information concerning the institutions, the jurisdictions in which they are located or licensed, and any other money laundering or terrorist financing information provided by Treasury, FinCEN, and other U.S. government sources. Information in publicly available sources should be considered as well. In some situations, information relevant to anti-money laundering controls or risks may need to be obtained from the institution itself, e.g., information relating to the institution's anti-money laundering controls. If an operator is unable to obtain sufficient information from existing or potential issuing or acquiring institutions, this must be taken into account in evaluating the overall money laundering or terrorist financing risk. For the purpose of making the risk assessment required by Sec. 103.135(c)(1)(i), Sec. 103.135(c)(1)(ii) sets forth the presumption that certain categories of foreign banks or other institutions pose an increased, or in some cases an unreasonable, risk of money laundering or terrorist financing. Accordingly, an operator's anti-money laundering program must be designed to ensure that the institutions identified under this paragraph, if they are permitted to serve as issuing or acquiring institutions, have received a thorough assessment of the risk of money laundering or terrorist financing that they pose in connection with the issuance or acceptance of the operator's credit card. Additionally, the anti-money laundering program must also ensure that the operator has taken reasonable steps to minimize the risks associated with such institutions. Within this collection of high risk institutions, even though there is a presumption of a heightened risk, operators still retain the flexibility to assess the risk posed in each case to determine whether and under what conditions such an institution may serve as an issuing or acquiring institution. Some of the categories of institutions within this paragraph have been effectively cut off from the U.S. financial system, e.g., foreign shell banks that are not regulated affiliates. Given the unreasonable risk that funds located in such financial institutions are derived from the proceeds of illegal activities or directly support terrorism, there is a significantly heightened risk that allowing them to issue a credit card will introduce the illicit funds into the U.S. financial system. In such cases, the steps necessary to guard against money laundering or terrorist financing by such institutions in connection with the operator's credit card will be comprehensive. On the other hand, other institutions within this list may, upon examination, pose a less significant risk of money laundering or terrorist financing. As a result, the reasonable steps to be taken by the operator to guard against money laundering or terrorist financing will be reduced. As with all issuing and acquiring institutions, the obligation to assess money laundering and terrorist financing risks applies to both prospective and existing issuing or acquiring institutions. However, institutions falling within the categories identified in Sec. 103.135(c)(1)(ii), because they pose greater risks, should be reviewed by the operator with greater frequency. By identifying certain high risk institutions, we do not intend to imply that no other institutions pose similar risks. To the contrary, it is incumbent upon the operator to ensure that its anti-money laundering program will identify other institutions posing similar risks. Section 103.135(c)(1)(iii) confirms that operators of a credit card system must ensure the operators' compliance with any applicable provisions of the BSA or the implementing regulations. At this time, the only BSA provision applicable to an operator of a credit card system, with the exception of this interim final rule, is the obligation to report on Form 8300 the receipt of cash or certain monetary instruments totaling more than $10,000 in one transaction or two or more transactions. Given the functions performed by the operator of a credit card system, it seems unlikely that cash or cash equivalents will be received. However, this provision is inserted in the interim final rule in the event future BSA requirements are imposed on operators of credit card systems. 2. Sections 103.135(c)(2)-(4)--The Compliance Officer, Employee Training, and the Independent Assessment In connection with its anti-money laundering program, the operator of a credit card system must designate a person or persons to be responsible for administering the anti-money laundering program. The person or persons should be competent and knowledgeable regarding BSA requirements and money laundering issues and risks, and be empowered with full responsibility and authority to [[Page 21126]] develop and enforce appropriate policies and procedures. The role of the compliance officer is to ensure that (1) the program is implemented; (2) appropriate due diligence is being conducted on existing and potential issuers and acquirers in accordance with the requirements of this interim final rule; and (3) the program is updated to reflect new directives from Treasury or FinCEN. The compliance officer is also responsible for ensuring that appropriate personnel are trained and educated in accordance with section 103.135(c)(3). Employee training is an integral part of any anti-money laundering program. Those employees with responsibility under the program must be trained in the requirements of this rule and money laundering risks generally so that ``red flags'' associated with existing or potential issuing or acquiring institutions can be identified. Such training could be conducted by outside or in-house seminars, and could include computer-based training. The nature, scope, and frequency of the education and training program of the operator will depend upon the functions performed. However, those with obligations under the anti- money laundering program must be sufficiently trained to carry out their responsibilities effectively. Moreover, these employees should receive periodic updates and refreshers regarding the anti-money laundering program. Finally, the program must provide for an independent audit of the program on a periodic basis to ensure that it complies with this interim final rule and that it functions as designed. Although the interim final rule refers to an audit, the term does not equate with a financial audit and need not be performed by an outside consultant or accountant. The independent audit may be performed by an employee of the operator, so long as the auditor is not the compliance officer or others involved in administering the program. The frequency of the independent audit will depend upon the operator's assessment of the risks posed. The audit should be accompanied by a written assessment or report, and any recommendations resulting from such review should be implemented promptly or reviewed by senior management. III. Administrative Procedure Act The provisions of 31 U.S.C. 5318(h)(1), requiring all financial institutions to establish anti-money laundering programs with at least four identified elements, become effective April 24, 2002. This interim rule provides guidance to operators of credit card systems on how to comply with the law in effect on that date and does not impose any obligation on any financial institution that is not required by section 352 of the Act. Accordingly, good cause is found to dispense with notice and public procedure as unnecessary pursuant to 5 U.S.C. 553(b)(B), and to make the provisions of the interim rule effective in less than 30 days pursuant to 5 U.S.C. 553(d)(1) and (3). VI. Paperwork Reduction Act This regulation is being issued without prior notice and public procedure pursuant to the Administrative Procedure Act (5 U.S.C. 553). For this reason, the collection of information contained in this interim final rule has been reviewed under the requirements of the Paperwork Reduction Act (44 U.S.C. 3507(j)) and, pending receipt and evaluation of public comments, approved by the Office of Management and Budget (OMB) under control number 1506-0020. An agency may not conduct or sponsor, and a person is not required to respond to, a collection of information unless it displays a valid control number assigned by OMB. The collection of information in this interim final rule is in 31 CFR 103.135(b). The information will be used by federal agencies to verify compliance by operators of credit card systems with the provisions of 31 CFR 103.135. The collection of information is mandatory. The likely recordkeepers are businesses. In accordance with the requirements of the Paperwork Reduction Act of 1995, 44 U.S.C. 3506(c)(2)(A), and its implementing regulations, 5 CFR 1320, the following information concerning the collection of information as required by 31 CFR 103.135(b) is presented to assist those persons wishing to comment on the information collection. Description of Recordkeepers: Operators of Credit Card Systems, as defined in 31 CFR 103.135(a). Estimated Number of Recordkeepers: 6. Estimated Average Annual Burden Hours Per Recordkeeper: The estimated average burden associated with the collection of information in this interim final rule is 1 hour per recordkeeper. Estimated Total Annual Recordkeeping Burden: 6 hours. Comments concerning the collection of information should be sent to the Office of Management and Budget, Attn: Alexander T. Hunt, Office of Information and Regulatory Affairs, Office of Management and Budget, New Executive Office Building, Room 3208, Washington, DC 20503, with copies to FinCEN at Department of the Treasury, Financial Crimes Enforcement Network, Post Office Box 39, Vienna, Virginia, 22183. FinCEN specifically invites comments on the following subjects: (a) Whether the collection of information is necessary for the proper performance of the mission of FinCEN, including whether the information shall have practical utility; (b) the accuracy of FinCEN's estimate of the burden of the collection of information; (c) ways to enhance the quality, utility, and clarity of the information to be collected; (d) ways to minimize the burden of the collection of information on respondents, including through the use of automated collection techniques or other forms of information technology; and (e) estimates of capital or start-up costs and costs of operation, maintenance, and purchase of services to provide information. V. Regulatory Flexibility Act Because no notice of proposed rulemaking is required for this interim final rule, the provisions of the Regulatory Flexibility Act (5 U.S.C. 601 et seq.) do not apply. VI. Executive Order 12866 This interim final rule is not a ``significant regulatory action'' as defined in Executive Order 12866. Accordingly, a regulatory assessment is not required. List of Subjects in 31 CFR Part 103 Banks, banking, Brokers, Counter money laundering, Counter- terrorism, Currency, Foreign banking, Reporting and recordkeeping requirements. PART 103--FINANCIAL RECORDKEEPING AND REPORTING OF CURRENCY AND FOREIGN TRANSACTIONS 1. The authority citation for part 103 continues to read as follows: Authority: 12 U.S.C. 1829b and 1951-1959; 31 U.S.C. 5311-5331; title III, secs. 314, 352, Pub. L. 107-56, 115 Stat. 307. 2. In subpart I, add new Sec. 103.135 to read as follows: Sec. 103.135 Anti-money laundering programs for operators of credit card systems. (a) Definitions. For purposes of this section: (1) Operator of a credit card system means any person doing business in the United States that operates a system for clearing and settling transactions in [[Page 21127]] which the operator's credit card, whether acting as a credit or debit card, is used to purchase goods or services or to obtain a cash advance. To fall within this definition, the operator must also have authorized another person (whether located in the United States or not) to be an issuing or acquiring institution for the operator's credit card. (2) Issuing institution means a person authorized by the operator of a credit card system to issue the operator's credit card. (3) Acquiring institution means a person authorized by the operator of a credit card system to contract, directly or indirectly, with merchants or other persons to process transactions, including cash advances, involving the operator's credit card. (4) Operator's credit card means a credit card capable of being used in the United States that: (i) Has been issued by an issuing institution; and (ii) Can be used in the operator's credit card system. (5) Credit card has the same meaning as in 15 U.S.C. 1602(k). It includes charge cards as defined in 12 CFR 226.2(15). (6) Foreign bank means any organization that is organized under the laws of a foreign country; engages in the business of banking; is recognized as a bank by the bank supervisory or monetary authority of the country of its organization or the country of its principal banking operations; and receives deposits in the regular course of its business. For purposes of this definition: (i) The term foreign bank includes a branch of a foreign bank in a territory of the United States, Puerto Rico, Guam, American Samoa, or the U.S. Virgin Islands. (ii) The term foreign bank does not include: (A) A U.S. agency or branch of a foreign bank; and (B) An insured bank organized under the laws of a territory of the United States, Puerto Rico, Guam, American Samoa, or the U.S. Virgin Islands. (b) Anti-money laundering program requirement. Effective July 24, 2002, each operator of a credit card system shall develop and implement a written anti-money laundering program reasonably designed to prevent the operator of a credit card system from being used to facilitate money laundering and the financing of terrorist activities. The program must be approved by senior management. Operators of credit card systems must make their anti-money laundering programs available to the Department of the Treasury or the appropriate Federal regulator for review. (c) Minimum requirements. At a minimum, the program must: (1) Incorporate policies, procedures, and internal controls designed to ensure the following: (i) That the operator does not authorize, or maintain authorization for, any person to serve as an issuing or acquiring institution without the operator taking appropriate steps, based upon the operator's money laundering or terrorist financing risk assessment, to guard against that person issuing the operator's credit card or acquiring merchants who accept the operator's credit card in circumstances that facilitate money laundering or the financing of terrorist activities; (ii) For purposes of making the risk assessment required by paragraph (c)(1)(i) of this section, the following persons are presumed to pose a heightened risk of money laundering or terrorist financing when evaluating whether and under what circumstances to authorize, or to maintain authorization for, any such person to serve as an issuing or acquiring institution: (A) A foreign shell bank that is not a regulated affiliate, as those terms are defined in 31 CFR 104.10(e) and (j); (B) A person appearing on the Specially Designated Nationals List issued by Treasury's Office of Foreign Assets Control; (C) A person located in, or operating under a license issued by, a jurisdiction whose government has been identified by the Department of State as a sponsor of international terrorism under 22 U.S.C. 2371; (D) A foreign bank operating under an offshore banking license, other than a branch of a foreign bank if such foreign bank has been found by the Board of Governors of the Federal Reserve System under the Bank Holding Company Act (12 U.S.C. 1841, et seq.) or the International Banking Act (12 U.S.C. 3101, et seq.) to be subject to comprehensive supervision or regulation on a consolidated basis by the relevant supervisors in that jurisdiction; (E) A person located in, or operating under a license issued by, a jurisdiction that has been designated as noncooperative with international anti-money laundering principles or procedures by an intergovernmental group or organization of which the United States is a member, with which designation the United States representative to the group or organization concurs; and (F) A person located in, or operating under a license issued by, a jurisdiction that has been designated by the Secretary of the Treasury pursuant to 31 U.S.C. 5318A as warranting special measures due to money laundering concerns; (iii) That the operator is in compliance with all applicable provisions of subchapter II of chapter 53 of title 31, United States Code and this part; (2) Designate a compliance officer who will be responsible for assuring that: (i) The anti-money laundering program is implemented effectively; (ii) The anti-money laundering program is updated as necessary to reflect changes in risk factors or the risk assessment, current requirements of part 103, and further guidance issued by the Department of the Treasury; and (iii) Appropriate personnel are trained in accordance with paragraph (c)(3) of this section; (3) Provide for education and training of appropriate personnel concerning their responsibilities under the program; and (4) Provide for an independent audit to monitor and maintain an adequate program. The scope and frequency of the audit shall be commensurate with the risks posed by the persons authorized to issue or accept the operator's credit card. Such audit may be conducted by an officer or employee of the operator, so long as the reviewer is not the person designated in paragraph (c)(2) of this section or a person involved in the operation of the program. Dated: April 23, 2002. James F. Sloan, Director, Financial Crimes Enforcement Network. [FR Doc. 02-10455 Filed 4-24-02; 4:09 pm] BILLING CODE 4810-02-P ---------------------------------------------------------------------