• New Rules Require Insurance Companies to Comply With Anti-Money Laundering Requirements
  • December 7, 2005 | Author: Charles E. Washburn
  • Law Firm: Manatt, Phelps & Phillips, LLP - Los Angeles Office
  • Introduction

    New regulations issued by the Financial Crimes Enforcement Network, U.S. Department of the Treasury ("FinCEN") will require many insurance companies to adopt extensive anti-money laundering ("AML") programs and to file with FinCEN suspicious activity reports ("SARs") regarding certain suspect transactions. The two new rules take effect on December 5, 2005, and compliance is mandatory on May 2, 2006. These regulations are issued under the Bank Secrecy Act (the "BSA") and the USA PATRIOT Act.

    The following are links to the new rules:

    • AML
    • SARs

    Coverage

    Affected insurance companies are those that offer "covered products" as defined in the regulations. Covered products are permanent life insurance (that is, life insurance with a cash value or investment element), annuity contracts and "any other insurance product with features of cash value or investment." Currently excluded are group life, group annuities, term life, property and casualty policies, title insurance, health insurance, workers compensation and reinsurance. However, FinCEN has stated that it will monitor these products and may include them within the scope of "covered products" in the future if they appear to be used for money laundering purposes.

    AML Program

    An insurance company offering covered products is required to develop and implement a written AML program applicable to those products "that is reasonably designed to prevent the insurance company from being used to facilitate money laundering or the financing of terrorist activities."

    It is important to note that the new rules expressly require that "senior management" of the insurance company approve the AML program.

    The regulations establish minimum requirements for an AML program. A program must at the very least:

    • Involve policies, procedures and internal controls reflecting the insurance company's own "assessment of the money laundering and terrorist financing risks associated with its covered products."
    • Designate a compliance officer (either a single person or a committee) who will be responsible for ensuring, among other things, that the program is implemented and updated as necessary.
    • Provide ongoing training of persons concerning their responsibilities under the AML program.
    • Provide for "independent" testing of the AML program. Testing will be independent if performed in-house by a tester who is not the compliance officer or otherwise involved in administering the AML program.

    SARs

    An insurance company is required to file with FinCEN "a report of any suspicious transaction involving a covered product that is relevant to a possible violation of law or regulation."

    Reports are required if the amount of the attempted or consummated transaction involves at least $5,000 (either the premium or maximum potential payout) and the insurance company knows, suspects or has reason to suspect that the transaction (1) involves funds derived from illegal activity or is intended to hide or disguise such funds, (2) is "structured" or otherwise designed to avoid the requirements of the BSA, (3) has no business or apparent lawful purpose and is not the sort in which the particular customer would normally be expected to engage or (4) involves use of the insurance company to facilitate criminal activity. Voluntary reports may be filed when these criteria are not met.

    Banks have been subject to SAR requirements for several years, and have found it very difficult to apply the foregoing standards. As a result, many banks have taken the conservative approach of filing SARs in all questionable cases. Such "defensive SARs" have created a massive volume of filings with FinCEN and have made it more difficult for FinCEN to identify those SARs that raise significant concerns. Each insurance company will need to balance FinCEN's legitimate concerns regarding maintaining the effectiveness of the system with the company's obligation under the new rules to file SARs when required.

    FinCEN will develop a SAR form for use by insurance companies (to be called SAR-IC). A SAR-IC must be filed no later than 30 calendar days after "initial detection by the insurance company of facts that may constitute a basis for filing a SAR-IC." (A report can be delayed an additional 30 calendar days to identify a suspect in the transaction.) If a "situation require[s] immediate attention, such as terrorist financing or ongoing money laundering schemes," the insurance company must immediately notify by telephone an appropriate law enforcement authority as well as file a SAR-IC. Accordingly, insurance companies will need to move quickly to prepare a SAR-IC and possibly telephone the authorities once such "initial detection" may have occurred.

    The regulations clarify that a SAR is not triggered in the case of actual or suspected insurance fraud unless the insurance company has reason to believe that the false or fraudulent submission of information relates to money laundering or terrorist financing.

    The insurance company or its agents or brokers must not inform any person involved in the transaction that the transaction has been reported, with limited exceptions. An insurance company filing a SAR is protected from liability for any disclosure in the SAR and for the failure to disclose the fact of the SAR.

    Agents and Brokers

    After much deliberation, FinCEN determined to adopt the approach taken in the proposed regulations and provide that the new regulations do not directly apply to insurance agents or brokers.

    However, the AML rules provide that an insurance company must "integrat[e] the company's insurance agents and insurance brokers into its [AML] program," and must obtain "all relevant customer related information necessary for an effective [AML] program," including information from agents and brokers. The program must include training of insurance agents and brokers (or verification of such training having been provided by other insurance companies or "competent" third parties) and testing to confirm that agents and brokers are complying with the program.

    Similarly, the SAR regulations state that an insurance company "is responsible for reporting suspicious transactions conducted through its insurance agents and insurance brokers. Accordingly, an insurance company shall establish and implement policies and procedures reasonably designed to obtain customer related information necessary to detect suspicious activity from all relevant sources, including from its insurance agents and insurance brokers, and shall report suspicious activity based on such information." FinCEN stated that such information would include an agent's or a broker's "observations and assessments" with respect to transactions.

    Accordingly, an insurance company will be required to fully integrate agents and brokers into the company's AML program and SAR filing procedures. This obligation likely will present significant challenges because of the lack of insurance company control over independent agents and brokers, especially in the case of an insurance company with a large agent network.

    FinCEN notes that agreements with agents and brokers may need to be amended to address these new insurance company obligations, including receiving necessary information for SAR purposes.

    Enforcement

    The foregoing insurance company rules will be enforced by FinCEN. FinCEN has been effective in enforcing the rules applicable to banks and has entered into several consent agreements with banks that allegedly have failed to comply with the AML and SAR requirements applicable to them, including civil money penalties in the millions of dollars.

    It therefore is critical that insurance companies begin to take the steps necessary to ensure that effective AML programs and SAR filing procedures, including with respect to agents and brokers, are in place before the mandatory compliance date.