• USA Patriot Act - The Regulations Just Keep Coming
  • May 7, 2003 | Author: Karen L. Grandstrand
  • Law Firm: Fredrikson & Byron, P.A. - Minneapolis Office
  • Congress passed the USA Patriot Act on October 26, 2001. Since then, the Treasury has issued numerous proposed and final interim regulations that affect banks, securities firms, mutual funds, credit card systems, money services businesses and a host of other broadly defined financial institutions. A key set of regulations came out on April 23rd. These regulations, issued under Section 352 of the Act, identify which financial institutions will need to have money laundering programs in place and set forth the money laundering program requirements for each type of financial institution.

    Treasury has decided to initially subject the following entities to the Act's money laundering program requirements: (a) banks, savings associations, and credit unions; (b) registered brokers and dealers in securities; (c) futures commission merchants; (d) casinos; (e) money services businesses; (f) operators of credit card systems; and (g) mutual funds.

    Thus, all financial institutions presently subject to FinCEN's existing Bank Secrecy Act (BSA) regulations are now subject to anti-money laundering program requirements, as are three new types of financial institutions that were not previously regulated under the BSA - futures commission merchants, mutual funds, and operators of credit card systems.

    All other businesses defined as financial institutions under the Act have been temporarily exempted from the money laundering program requirements until October 24, 2002. These businesses include dealers in precious metals, stones, or jewels; pawnbrokers; loan or finance companies; private bankers; insurance companies; travel agencies; telegraph companies; businesses engaged in vehicle sales; persons involved in real estate closings and settlements; investment companies other than mutual funds; and commodity pool operators and commodity trading advisors. During the next six months Treasury and FinCEN will study the risks posed by these businesses and determine appropriate money laundering program requirements.

    Banks, Savings Associations and Credit Unions

    Treasury has determined that banks, savings associations and credit unions will be deemed to be in compliance with Section 352 of the Act if they are in compliance with money laundering regulations issued by their primary federal regulators.

    Securities Broker-Dealers and Futures Commission Merchants

    Similarly, these firms will be deemed to be in compliance with Section 352 of the Act if they comply with the rules, regulations or requirements of their self-regulatory organizations (SROs). Treasury, however, has reserved the right to impose additional requirements in the future.


    Casinos must continue to comply with regulations issued by FinCEN in 1993.

    Money Services Businesses, Mutual Funds, Operators of Credit Card Systems

    Treasury has issued new money laundering regulations for these entities. Like the bank regulations, these regulations state that a money laundering program must consist of four elements: (1) policies, procedures and controls; (2) designation of a person responsible for implementing and monitoring the program; (3) training; and (4) independent testing for compliance. The developed policies, procedures and controls must be reasonably designed to prevent an institution from being used to launder money or finance terrorist activities. These policies must not be generic, but identify the particular vulnerabilities of a particular company given its business structure. Further, the policies, procedures and controls should assure compliance with applicable provisions of the BSA.

    One of the more interesting aspects of the Treasury regulations is how they differ by industry. For example, the regulations for money services businesses state that these companies should, as applicable, verify customer identification, respond to law enforcement requests, and integrate their compliance procedures with any automated data processing systems. The credit card regulations identify which types of customers pose the greatest risk. The mutual fund regulations include few requirements beyond the basic four elements noted in the above paragraph.

    Issues and Trends

    While the Treasury has indicated that banks need only comply with current money laundering requirements, banks should not think that their world has not changed. To the contrary, the regulators are paying increased attention to money laundering/BSA requirements as a result of 9/11 and the USA Patriot Act. Banks are viewed as key instrumentalities for the detection of terrorist funding and activities. Examiners are paying close attention to this area and regulators are reviewing a bank's BSA compliance in determining whether to approve applications.

    Second, the Act expands the types of entities subject to the BSA and money laundering laws.

    Third, these new requirements will increase compliance costs and risks. Small institutions, in particular, are struggling to determine how much is expected. The law and regulations emphasize flexibility - that an institution's size, location, activities, risks and vulnerabilities need to be considered when developing a money laundering program. This one-size-does-not-fit-all concept is good and bad. It is good in that flexibility arguably should ensure that more is being spent where more is needed. This flexibility, however, can be bad in that it brings great uncertainty. Compliance risks are relatively high because failure to comply can trigger not only civil but criminal sanctions. This is not a law where you want to guess what might be required and hope you have guessed right.

    Fourth, the most significant regulations have yet to be issued. Any day now, Treasury will be issuing proposed customer identification (also known as "know your customer") regulations.


    Portions of the USA Patriot Act are already in effect, while others will become effective as new Treasury regulations are issued. Penalties for noncompliance are high. A failure to comply can result in examination findings, issues in applications, and civil and criminal penalties. In addition, a failure to comply poses reputation risks - financial institutions need to ensure that they are not viewed as impeding the country's efforts to fight terrorism.