by Amy Kleinschmit, Chief Compliance Officer
Reminder - 314(a) Information Sharing Requirements
Section 314 of the USA PATRIOT Act, in which regulations implementing its requirements were effective in 2002, established procedures for information sharing to deter money laundering and terrorist activity. Section 314 helps law enforcement identify, disrupt, and prevent terrorist acts and money laundering activities by encouraging further cooperation among law enforcement, regulators, and financial institutions to share information regarding those suspected of being involved in terrorism or money laundering.
314(a) of the USA PATRIOT Act allows a federal, state, local, or foreign law enforcement agency investigating terrorist activity or money laundering to request that FinCEN solicit, on its behalf, certain information from a financial institution or a group of financial institutions. Through FinCEN, law enforcement agencies are able to reach out to more than 34,000 points of contact at more than 14,000 financial institutions to locate accounts and transactions of persons that may be involved in terrorism or money laundering.
Credit unions, along with other financial institutions, must conduct a one-time search of its records to identify accounts or transactions of a named suspect upon receiving and information request from FinCEN (314(a) list). Every two weeks, or more frequently if an emergency request is transmitted, the credit union's designated point(s) of contact will receive notification from FinCEN that there are new postings to FinCEN's secure Web site.
Unless otherwise instructed by an information request, credit unions must search their records for current accounts, accounts maintained during the preceding 12 months, and transactions conducted outside of an account by or on behalf of a named suspect during the preceding six months. The credit union must search its records and report any positive matches to FinCEN within 14 days, unless otherwise specified in the information request.
Credit unions should report all positive matches via the Secure Information Sharing System (SISS). If a financial institution identifies any account or transaction, it must report to FinCEN that it has a match. No details should be provided to FinCEN other than the fact that the financial institution has a match. A negative response is not required.
If a credit union fails to perform or complete searches on one or more information request received during the previous 12 months, it must immediately obtain these prior requests from FinCEN and perform a retroactive search of its records.
Remember, the 314(a) list is confidential! A credit union cannot disclose to any person, other than to FinCEN, the institution’s primary banking regulator, or the law enforcement agency on whose behalf FinCEN is requesting information, the fact that FinCEN has requested or obtained information.
Credit unions must maintain evidence of compliance, in other words, that all required searches were performed. FinCEN regularly updates a list of recent search transmissions, including information on the date of transmission, tracking number, and number of subjects listed in the transmission which can be found here. This list is useful to make sure that the credit union has searched all 314(a) lists. As noted above, 314(a) lists are issued more frequently if an emergency request is transmitted – in 2021 there were a number of emergency 314(a) lists transmitted – make sure your credit union completed all required searches and you have evidence of compliance for each transmission.
FinCEN – Rapid Response Program (RRP)
The Financial Crimes Enforcement Network (FinCEN) recently issued a fact sheet on the success that the Rapid Response Program has had. Through collaborative efforts between FinCEN, law enforcement, U.S. financial institutions, and foreign financial intelligence units, FinCEN has successfully assisted in the recovery of over $1.1 billion since the program’s inception in 2015.
A victim of a cyber-enabled crime, or the victim’s financial institution, must file a complaint with law enforcement to initiate the RRP. To request assistance from law enforcement, a victim or the victim’s financial institution may file a complaint with the FBI’s Cyber- and Internet-related Crime Complaint Center (IC3) or the nearest USSS field office. Victims should also expeditiously contact their financial institution at the time that they file a complaint with law enforcement.
When requesting law enforcement assistance, the victim or the victim’s financial institution should provide as much transactional detail and cyber-related information surrounding the scheme as possible. While FinCEN does not ensure the recovery of stolen funds, the RRP has had greater success in recovering funds when victims or financial institutions report fraudulently induced wire transfers to law enforcement within 72 hours of the transaction. The Fact Sheet at the link above details the information that should be provided to law enforcement.
NACHA – Micro Entries New Rule
NACHA recently announced a new rule regarding Micro-Entries. This Rule defines and standardizes practices and formatting of Micro-Entries, which are used by some ACH Originators as a method of account validation.
The rule is effective in two phases – September 16, 2022 and then March 17, 2023.
“Micro-Entries” will be defined as ACH credits of less than $1, and any offsetting debits, for account validation. Credit amounts must be equal to, or greater than, debit amounts, and must be transmitted to settle at the same time. Effective September 16, Originators must use “ACCTVERIFY” in the company entry description field. Furthermore, the company name must be easily recognizable to Receivers and the same or similar to what will be used in subsequent entries.
Fed – Synthetic Identity Fraud Mitigation Toolkit
The Federal Reserve has a number of resources to assist credit unions with identifying, detecting and mitigation synthetic identity fraud, including a fraud mitigation toolkit.
Synthetic identity fraud is reported to be the fastest-growing type of financial crime in the United States and accounts for billions in losses annually. It is often unreported, since victims are typically individuals – such as children, the elderly or homeless – who are less likely to access their credit information and uncover the fraud.
Synthetic identity payments fraud is when a fraudster creates a new identity to commit fraud in one of several ways. Methods include identity fabrication (a completely fictitious identity without any real PII), identity manipulation (using slightly modified real PII to create a new identity), or identity compilation (a combination of real and fake PII, such as a false driver’s license, to form a new identity).
The Synthetic Identity Fraud Mitigation Toolkit, released earlier this year by the Federal Reserve to help educate the industry about synthetic identity fraud and outline potential ways to help detect and mitigate this fraud type.
CFPB – New way to Request Rule Changes.
The Consumer Financial Protection Bureau (CFPB) recently announced that anyone will now be able to submit petitions for rulemaking directly to the CPFB. The petitions will be posted on public dockets for review and comment.
As explained in the CFPB’s press release – “The reforms announced today will make it easier for individuals to directly submit a petition for rulemaking to the CFPB. Members of the public can request that the agency pursue a new rule, amend an existing one, or repeal a rule. Former government employees and other individuals who are paid to influence the agency’s rulemaking agenda behind the scenes will be asked to submit their petition for public inspection instead.”
NCUA – Publication Ordering Moved
The National Credit Union Administration (NCUA) recently announced they transferred the sale and distribution of NCUA publications to the United States Government Publishing Office (GPO). This includes NCUA Insurance signs and decals, Equal Housing Posters, Share Insurance brochures and booklets. The NCUA will no longer accept publication orders at its Alexandria facility. Credit unions can order these publications online here.
InfoSight Highlight - NEW and UPDATED Content in the Investment Channel
A new topic, Subordinated Debt, has been added to the Investment channel in response to the NCUA’s subordinated debt rule which became effective on January 1, 2022. This new rule allows certain low-income designated credit unions, complex credit unions and new credit unions to issue subordinated debt for purposes of regulatory capital treatment. New InfoSight content was created to provide an overview of the requirements for credit unions.
As always, DakCU members may contact Amy Kleinschmit with any compliance related questions.
The Memo is DakCU's newsletter that keeps
Want the Memo delivered straight to your inbox?