On October 26, 2001, President Bush signed into law the "Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001" (USA PATRIOT Act).1 The Act, enacted in response to the terrorist attacks of September 11, 2001, strengthens our Nation's ability to combat terrorism and prevent and detect money-laundering activities.
The purpose of this Bulletin is to advise persons and entities regulated by the Bureau of Insurance of important new responsibilities under the Act. In particular, Section 352 of the Act amends the Bank Secrecy Act (BSA)2 to require that all financial institutions establish anti-money-laundering programs, and Section 326 amends the BSA to require the Secretary of the Treasury to adopt minimum standards for financial institutions regarding the identity of customers that open accounts.
Section 352 - Establishing Anti-Money-Laundering Programs
Section 352 of the Act requires the establishment of an anti-money-laundering program by each financial institution, including, at a minimum:
- The development of internal policies, procedures, and controls; these should be appropriate for the level of risk of money-laundering identified.
- The designation of a compliance officer; the officer should have appropriate training and background to execute their responsibilities. In addition, the compliance officer should have access to senior management.
- An ongoing employee training program; a training program should match training to the employees' roles in the organization and their job functions. The training program should be provided as often as necessary to address gaps created by movement of employees within the organization and turnover.
- An independent audit function to test the programs. The independent audit requirement does not mandate engaging outside consultants. Internal staff that is independent of those developing and executing the anti-money-laundering program may conduct the audit.
Insurance companies are included in the BSA's definition of "financial institution," and should be prepared to comply with the new law and the regulations promulgated thereunder. Section 352 of the Act and its implementing regulations became effective on April 24, 2002. Although the Interim Final Rule issued by Treasury on April 23 provides a temporary exemption for insurance companies, the exemption is of limited duration, and the notice of rulemaking announces that "Treasury and FinCEN3 have been examining the money laundering risks associated with insurance products and will issue in the near future a proposed rule governing the establishment of anti-money laundering programs by insurance companies." The regulation may borrow from the anti-money-laundering compliance program rule recently proposed by the NASD for broker-dealers.4 Treasury and FinCEN have also emphasized that the exemption from the requirement to establish anti-money-laundering programs does not in any way relieve any business from the existing requirements in 31 U.S.C. § 5331 and 26 U.S.C. § 6050I that they report transactions in cash or currency, or certain monetary instruments, that exceed $10,000.
As part of its rulemaking process, Treasury is determining the extent to which other insurance entities will be considered financial institutions for purposes of the regulation. It is anticipated that the regulation could cover all other persons and entities engaged in the business of insurance, including brokers, agents, and managing general agents, and may also include other regulated entities. These insurance entities will be required to comply with the regulation by the regulation's effective date.
Anti-money-laundering programs are not anticipated to be "one size fits all." Rather, it is expected that they will be developed using a risk-based approach. Development of an anti-money-laundering program should begin with identification of those areas, processes, and programs that are susceptible to money-laundering activities. The practices and procedures implemented under the program should reflect the risks of money-laundering given the entity's products, methods of distribution, contact with customers, and forms of customer payment and deposits.
Section 326 - Customer Identification
Section 326 of the Act amends the BSA to require that Treasury issue regulations setting forth minimum standards for financial institutions regarding the identification of their customers in connection with the purchase of a policy or contract of insurance. This program must set forth customer identity verification and documentation procedures, as well as procedures the insurer will employ to notify its customers about this requirement and determine whether the customer appears on government lists of known or suspected terrorists or terrorist organizations. A financial institution's customer identification program must also include procedures for notifying its customers about its program.
Final regulations regarding this requirement are to be issued by the Department of the Treasury by October 26, 2002. Proposed regulations will be published in the Federal Register later in the year.5 Through the rulemaking process, Treasury will determine which insurance entities will be subject to the regulations. Insurance entities subject to the regulations will be required to comply when the final Treasury regulations become effective.
Requests for additional information or questions about this Bulletin may be directed to Bureau of Insurance Senior Staff Attorney Thomas M. Record at (207) 624-8475 or firstname.lastname@example.org.
Requests for additional information or questions about the Act may be directed to Linda L. Duzick, Office of Thrift Supervision, serving as insurance industry liaison for the Department of the Treasury, at (202) 906-6565 or email@example.com.
1 The full text of the law can be obtained at http://www.access.gpo.gov/congress. Scroll to "Public and Private Laws," select "107th Congress," and select "Pub.L. 107-056."
2 Codified in Chapter 53, Subchapter II of Title 31, U.S. Code.
3 The Department of the Treasury Financial Crimes Enforcement Network.
4 67 CFR 8565 (February 25, 2002).
5 The Federal Register website address is http://www.access.gpo.gov/nara.
April 29, 2002 ________________________________________
Alessandro A. Iuppa
Superintendent of Insurance
NOTE: This bulletin is intended solely for informational purposes. It is not intended to set forth legal rights, duties, or privileges, nor is it intended to provide legal advice. Readers are encouraged to consult applicable statutes and rules and to contact the Bureau of Insurance at (207) 624-8475 if they need additional information.