To view or print PDF content, download the free Adobe Acrobat Reader.
Answers to Frequently Asked
Bank Secrecy Act (BSA) Questions
The following provides answers to basic questions that are frequently asked regarding the BSA. The answers are not meant to be comprehensive, apply to all factual situations, or to replace or supersede the BSA regulations. Additional questions and answers will be posted on a periodic basis.
Question 1: Is a depository institution required to file a Designation of Exempt Person form (TD F 90-22.53) in order to exempt transactions with a Federal Reserve Bank?
Answer 1: Depository institutions are not required to file a Designation of Exempt Person form (TD F 90-22.53) with respect to the transfer of currency to or from any of the 12 Federal Reserve Banks in accordance with an Interim Rule published by FinCEN in the Federal Register (65 FR 46356-46361) on July 28, 2000. This Interim Rule, which amends the CTR exemption regulation at 31 CFR Section 103.22(d), became effective on July 31, 2000. (7/2000)
Question 2(a): Where can a depository institution obtain a copy of the Designation of Exempt Person form (TD F 90-22.53), which must be used to designate an eligible customer as an exempt person from currency transaction reporting rules of the Department of the Treasury (31 CFR Section 103.22(d)(2))?
Answer 2(a): The Designation of Exempt Person form may be obtained by calling the IRS Forms Distribution Center at 1-800-829-3676. This form is also available from FinCEN’s web site at http://www.fincen.gov, under "BSA Forms." (7/2000)
Question 2(b): Where does a depository institution file the Designation of Exempt Person form?
Answer 2(b): The Designation of Exempt Person form should be filed with the U.S. Department of the Treasury, P.O. Box 33112, Detroit, Michigan 48232-0112. This is the Post Office mailing address for receipt of these forms by the IRS Enterprise Computing Center-Detroit. Magnetic media filers of these forms should mail magnetic media/diskettes to the IRS Enterprise Computing Center-Detroit, FinCEN, 985 Michigan Avenue, Detroit, Michigan 48226. (7/2000)
Question 2(c): Does the IRS Enterprise Computing Center-Detroit ("ECC-D") provide depository institutions with a confirmation of receipt of the Designation of Exempt Person form (TD F 90-22.53)?
The ECC-D does not send a confirmation to depository institutions upon its
receipt of the Designation of Exempt Person form by paper filers. However,
magnetic media filers receive a computer generated confirmation that the filing
has been received. If a depository institution needs confirmation that a paper
form has been received, it may call ECC-D at (313) 234-2011 and procedures
for submitting a written request and the cost will be explained.
Question 3: The reformed CTR exemption regulation (31 CFR Section 103.22(d)(3)(ii)) states "when designating another bank as an exempt person, a bank must either make the filing required by paragraph (d)(3)(i) of this section or file, in such a format and manner as FinCEN may specify, a current list of its domestic bank customers." What is the format and manner specified by FinCEN to provide a list of exempted domestic banks?
FinCEN will provide notification if a special procedure, such as
listing the exempted domestic banks, becomes available so that bank customers
can be exempted in a more streamlined way. At this time, database system
constraints do not allow such a procedure to be implemented. Therefore, a
depository institution should file the Designation of Exempt Person form (TD F
90-22.53) for each of the domestic bank customers that it wishes to exempt.
4. There are frequently asked questions regarding Repeated SAR Filings on the same Activity. The following discussion is contained in Section 5 of The SAR Activity Review – Trends, Tips & Issues (October 2000).
One of the purposes of filing SARs is to identify violations or potential violations of law to the appropriate law enforcement authorities for criminal investigation. This is accomplished by the filing of a SAR that identifies the activity of concern. Should this activity continue over a period of time, it is useful for such information to be made known to law enforcement (and the bank supervisors). As a general rule of thumb, organizations should report continuing suspicious activity with a report being filed at least every 90 days. This will serve the purposes of notifying law enforcement of the continuing nature of the activity, as well as provide a reminder to the organization that it must continue to review the suspicious activity to determine if other actions may be appropriate, such as terminating its relationship with the customer or employee that is the subject of the filing. (12/2000)
5. There are frequently asked questions regarding Cessation of
Relationship/Closure of Account as a result of the identification of
suspicious activity. The following discussion is contained in Section 5 of The
SAR Activity Review – Trends, Tips & Issues
The closure of a customer account as the result of the identification of suspicious activity is a determination for an organization to make in light of the information available to the organization. A filing of a SAR, on its own, should not be the basis for terminating a customer relationship. Rather, a determination should be made with the knowledge of the facts and circumstances giving rise to the SAR filing, as well as other available information that could tend to impact on such a decision. It may be advisable to include the organization's counsel, as well as other senior staff, in such determinations. (12/2000)
6. There are frequently asked questions regarding Timing for SAR Filings. The following discussion is contained in Section 5 of The SAR Activity Review – Trends, Tips & Issues (October 2000).
The SAR rules require that a SAR be filed no later than 30 calendar days from the date of the initial detection of the suspicious activity, unless no suspect can be identified, in which case, the time period for filing a SAR is extended to 60 days.
It may be appropriate for organizations to conduct a review of the activity to determine whether a need exists to file a SAR. The fact that a review of customer activity or transactions is determined to be necessary is not necessarily indicative of the need to file a SAR, even if a reasonable review of the activity or transactions might take an extended period of time. The time to file a SAR starts when the organization, in the course of its review or on account of other factors, reaches the position in which it knows, or has reason to suspect, that the activity or transactions under review meets one or more of the definitions of suspicious activity.
Of course, an expeditious review, wherever possible, is recommended and can be of significant assistance to law enforcement. In situations involving violations of law requiring immediate attention, the organization should immediately notify appropriate law enforcement and supervisory authorities, in addition to filing a SAR. (12/2000)
7. There are frequently asked questions regarding the Disclosure of SARs and Underlying Suspicious Activity. The following discussion is contained in Section 5 of The SAR Activity Review – Trends, Tips & Issues (October 2000).
Federal law (31 U.S.C. 5318(g)(2)) prohibits the notification of any person that is involved in the activity being reported on a SAR that the activity has been reported. This prohibition effectively precludes the disclosure of a SAR or the fact that a SAR has been filed. However, this prohibition does not preclude, under federal law, a disclosure in an appropriate manner of the facts that are the basis of the SAR, so long as the disclosure is not made in a way that indicates or implies that a SAR has been filed or that the information is included on a filed SAR.
The prohibition against disclosure can raise special issues when SAR records are sought by subpoena or court order. The SAR regulations direct organizations facing those issues to contact their primary supervisor, as well as FinCEN, to obtain guidance and direction on how to proceed. In several matters to date, government agencies have intervened to ensure that the protection for filing organizations and the integrity of the data contained within the SAR database remain intact. (12/2000)
8. There are frequently asked questions regarding Filing SARs on Continuing Activity after Law Enforcement Contact. The following discussion is contained in Section 6 of The SAR Activity Review – Trends, Tips & Issues (June 2001).
In some instances, after the filing of one or more SARs, law enforcement has contacted a financial institution requesting more specific information with regard to the suspect activity or requesting identified supporting documentation. In other instances, a law enforcement agency has contacted a financial institution to report that it does not intend to investigate the matter reported on the SAR.
If conduct continues for which a SAR has been filed, the guidance set forth in the October 2000 SAR Activity Review (Section 5 – Repeated SAR Filings on the Same Activity) should be followed (i.e., organizations should report continuing suspicious activity with a SAR being filed at least every 90 days) even if a law enforcement agency has declined to investigate or there is knowledge that an investigation has begun. The filing of SARs on continuing suspicious activity provides useful information to law enforcement and supervisory authorities. Moreover, the information contained in a SAR that one law enforcement agency has declined to investigate may be of interest to other law enforcement agencies, as well as supervisory agencies.(6/2001)
9. There are frequently asked questions regarding Filing SARs on Activity Outside the United States. The following discussion is contained in Section 6 of The SAR Activity Review – Trends, Tips & Issues (June 2001).
Consistent with the SAR regulations, it is expected that financial institutions will file SARs on activity deemed to be suspicious even when a portion of the activity occurs outside of the United States or the funds involved in the activity originated from outside the United States. Although foreign-located operations of U.S. organizations are not required to file SARs, an organization may wish, for example, to file a SAR with regard to suspicious activity that occurs outside the United States that is so egregious that it has the potential to cause harm to the entire organization. (It is, of course, expected that foreign-located operations of U.S. organizations that identify suspicious activity will report such activity consistent with local reporting requirements in the foreign jurisdiction where the operation is located.) (6/2001)
10. There are frequently asked questions regarding the Prohibition on Notification. The following discussion is contained in Section 6 of The SAR Activity Review – Trends, Tips & Issues (June 2001).
As set forth in the October 2000 SAR Activity Review (Section 5 – Disclosure of SARs and Underlying Suspicious Activity), federal law (31 U.S.C. 5318(g)(2)) prohibits the notification to any person that is involved in the activity being reported on a SAR that the activity has been reported. This prohibition extends to disclosures that could indirectly result in the notification to the subject of a SAR that a SAR has been filed, effectively precluding the disclosure of a SAR or even its existence to any persons other than appropriate law enforcement and supervisory agency or agencies. This prohibition does not preclude, under federal law, a disclosure in an appropriate manner of the facts that are the basis of the SAR, so long as the disclosure is not made in a way that indicates or implies that a SAR has been filed or that information is included on a filed SAR.
In the rare instance when suspicious activity is related to an individual in the organization, such as the president or one of the members of the board of directors, the established policy that would require notification of a SAR filing to such an individual should not be followed. Deviations to established policies and procedures so as to avoid notification of a SAR filing to a subject of the SAR should be documented and appropriate uninvolved senior organizational personnel should be so advised.
The prohibition on notification of a SAR filing can raise special issues when SAR filings are sought by subpoena or court order. The SAR regulations direct organizations facing these issues to contact their primary supervisor, as well as FinCEN, to obtain guidance and direction on how to proceed. In several matters to date, government agencies have intervened to ensure that the protection for filing organizations and the integrity of the data contained within the SAR database remain intact. (6/2001)
11. There are frequently asked questions regarding Disclosure of SAR Documentation. The following discussion is contained in Section 6 of The SAR Activity Review – Trends, Tips & Issues (June 2001).
Under the SAR regulations, institutions filing SARs should identify within the SAR, and are directed to maintain all "supporting documentation" related to the activity being reported. Disclosure of supporting documentation related to the activity that is being reported on a SAR does not require a subpoena, court order, or other judicial or administrative process. Under the SAR regulations, financial institutions are required to disclose supporting documentation to appropriate law enforcement agencies, or FinCEN, upon request. (6/2001)
12. There are frequently asked questions regarding the Applicability of Safe Harbor. The following discussion is contained in Section 6 of The SAR Activity Review – Trends, Tips & Issues (June 2001).
The safe harbor provisions applicable to SAR filings provide a safe harbor for organizations that provide a SAR to all authorized government personnel, including Federal, state, and local authorities. Similarly, the safe harbor provisions apply even if the report of activity that is a possible violation of law or regulation is made orally or in some form other than through the use of a SAR. (6/2001)
Question 13a: A business customer of a depository institution provides payroll checks to individual employees for work performed. Each payroll check is under $10,000. However, several employees cash their payroll checks individually on the same business day, which results in an aggregate cash out from the business customer’s account in an amount exceeding $10,000. Would the institution be required to file a CTR, if no one person received an amount in excess of $10,000?
Answer 13a: The financial institution would not need to file a CTR because it would not be involved in a single cash transaction (or multiple cash transactions for which a duty to aggregate would arise) of more than $10,000. A financial institution must treat multiple transactions in currency as a single transaction if the financial institution has knowledge that the multiple transactions are "by or on behalf of any person" and result in cash in or cash out totaling more than $10,000 during any one business day. According to the facts described above, the cashing of checks would be conducted by or on behalf of each individual employee (rather than the business on whose account each check is drawn), and no one employee would be cashing more than $10,000 in a single transaction or in multiple transactions during the same business day.
Question 13b: Would a CTR be required if several individual employees endorsed their respective payroll checks (all individual payroll checks are under $10,000 but combined they aggregate to an amount that exceeds $10,000), and made the checks payable to one employee who, in turn, cashed them at a financial institution for the purpose of distributing the proceeds back to the individual employees?
Answer 13b: A CTR would be required in this instance because one person is receiving more than $10,000 in currency.(10/2001)
Question 14: Is a CTR required when a person presents a check, in excess of $10,000, for payment in cash at a financial institution and receives less than $10,000 after fees, or other deductions, are charged against the amount of the check?
Answer 14: Answer 14: The BSA only requires a CTR for a transaction in currency, such as a deposit, withdrawal, exchange or transfer of currency, in excess of $10,000. A transaction in currency involves the physical transfer of currency from one person to another. Accordingly, the transfer of currency below $10,000 would not trigger the CTR requirement, despite the amount of the check. For example, if a person cashed a check for $10,100 and received $9,990 after a service fee was charged against the amount of the check, the financial institution would not be required to file a CTR. On the other hand, if a person purchased a cashiers check for $9,990 and paid a service fee of $20 for a total of $10,010 in cash, the financial institution would be required to file a CTR. The key lies in the amount of the physical deposit, withdrawal, exchange or transfer of currency. (10/2001)
Question 15: If the initial “Designation of Exempt Person” form (“DEP”) for a non-listed business (or payroll customer) was filed in July 2000, is the biennial renewal date March 15, 2001 or March 15, 2002?
Answer 15: If you filed a DEP form with respect to a non-listed business or payroll customer in July of 2000, the filing deadline for biennial renewal is March 15, 2002 (assuming all applicable criteria listed in 31 CFR § 103.22 (d)(2)(vi) and (vii) still applies to the entity).(10/2001)
31 CFR § 103.22(d)(5)(ii) - Non-listed businesses and payroll customers - states “The designation of a non-listed business or a payroll customer as an exempt person must be renewed biennially, beginning on March 15 of the second calendar year following the year in which the first designation of such customer as an exempt person is made, and every other March 15 thereafter, on such form as FinCEN shall specify.”
FinCEN offers the following practical examples as a way of demonstrating the
timely biennial renewal of the DEP form with respect to non-listed businesses and payroll customers:
A) Initial DEP forms filed in February of 2001 are required to be renewed on or before March 15, 2003. Analysis - The initial designation was filed in calendar year 2001 (the base year), the first calendar year following the year in which the initial designation was made is 2002, the second calendar year following the year in which the initial designation was made is 2003, and the filing deadline within that second calendar year is March 15, 2003.
B) Initial DEP forms filed in June of 2001 are required to be renewed on or before March 15, 2003. Analysis - The initial designation was filed in calendar year 2001 (the base year), the first calendar year following the year in which the initial designation was made is 2002, the second calendar year following the year in which the initial designation was made is 2003, and the filing deadline within that second calendar year is March 15, 2003.
Question 16: When filing the DEP form for biennial renewals of CTR exemptions for non-listed businesses and payroll customers, what date should be entered as the “Effective date of the exemption” in Part II box 11?
Answer 16: A bank must report the biennial renewal of CTR exemptions for eligible non-listed businesses and payroll customers by completing and filing a DEP form every two years (calendar years) by March 15. See 31 CFR § 103.22 (d)(5)(ii). For biennial renewals, the date entered in Part II box 11 as the “Effective date of the exemption” should be the same date the depository institution used in this box when the initial designation was made utilizing the reformed CTR exemption regulations. (10/2001)
Question 17: Is a state-licensed check-cashing business exemptible under the BSA?
Answer 17: The reformed CTR exemption regulations do not distinguish between a “licensed” or “non-licensed” business. In determining whether any check-cashing business is eligible for exemption from currency transaction reporting requirements, a depository institution must determine whether the business falls into either of two categories described below:
1. An entity listed on one of the major national stock exchanges, or a subsidiary of an entity listed on those stock exchanges as described in 31 CFR § 103.22(d)(2)(iv)-(v). If a customer falls under one of the categories identified in 31 CFR § 103.22(d)(2)(i)-(v), the depository institution does not need to determine if the business activity is considered ineligible for exemption as identified in 31 CFR § 103.22(d)(6)(viii). Once the depository institution has determined that the customer qualifies for an exemption based on the above criteria, the depository institution may file a one-time DEP form.
2. A non-listed business, if the criteria of 31 CFR § 103.22 (d)(2)(vi) are met. Determining if a business can be considered a non-listed business depends, in part, on whether the customer is primarily engaged in one or more of the ineligible business activities listed in 31 CFR § 103.22(d)(6)(viii). If primarily engaged in such ineligible business activities, then the customer cannot be treated as a non-listed business.
a. One of the ineligible business activities listed in 31 CFR § 103.22 (d)(6)(viii) is serving as a financial institution. Under the BSA, the definition of “Financial Institution” includes money services businesses (MSBs) [31 CFR 103.11(n)(3)]. A check casher is defined as an MSB if it cashes checks in an amount greater than $1,000 in currency or monetary instruments for any one person in any one day in one or more transactions [31 CFR 103.11(uu)(2)]. Consequently, if the check casher meets the definition of a MSB, it is considered to be serving as a financial institution. Therefore, if the check casher is defined as a MSB and is primarily engaged (see item b. below) in the business of cashing checks [or other ineligible business activity listed in 31 CFR § 103.22 (d)(6)(viii)], then it is ineligible for treatment as an exempt person.
b. If a business engages in multiple business activities (e.g., money transmission in addition to check cashing), it may be treated as a non-listed business so long as no more than 50% of its gross revenues is derived from one or more of the ineligible business activities listed in § 103.22 (d)(6)(viii).
Example 1: A check casher (whether licensed or non-licensed) that cashes checks in an amount less than $1,000 in currency or monetary instruments for any one person on any one day and is not involved in any other ineligible business activity, or derives no more than 50% of its gross revenue from any such business, may be exempted from CTR reporting requirements as a non-listed business (assuming that all other criteria listed in 31 CFR § 103.22 (d)(2)(vi) are met).
Example 2: A check casher (whether licensed or non-licensed) that cashes checks in an amount more than $1,000 in currency or monetary instruments for any one person on any one day and derives more than 50% of its gross revenue from cashing checks (and/or other ineligible business activity) may not be exempted from CTR reporting requirements as a non-listed business because it is serving as a financial institution under the BSA regulations.
Question 18: How can I verify that a BSA report filed in paper format has been received by the ECC-D?
Answer 18: Requests for verification of filing must be submitted in writing to:
IRS Enterprise Computing Center-Detroit
Compliance Review Group
P.O. Box 32063
Detroit, MI 48232-0063
The written request should include the following information:
- filer name and TIN;
- person and TIN on whose behalf the transaction was conducted;
- date of the transaction, and;
- the dollar amount of the transaction.
There is a $20.00 flat fee for verifying ten or fewer forms and a $2.00 fee for each additional form. If you want a copy of the filed form, an additional fee of .15 ¢ will be charged. Checks or money orders should be made payable to the Internal Revenue Service. For additional questions regarding this issue, please contact ECC-D directly at 1-800-800-2877. (10/2001)
Question 19: Does FinCEN prepare and distribute training materials, such as videos, on the BSA reporting and recordkeeping requirements?
Answer 19: FinCEN does not currently prepare or distribute training videos or materials. FinCEN frequently participates in conferences and other forums to discuss BSA reporting and recordkeeping requirements, developments relating to FinCEN's regulations, and counter money laundering efforts.
FinCEN’s publications also impart information that may be useful in the preparation of training materials, such as FinCEN Advisories, SAR Bulletins, and The SAR Activity Review: Trends, Tips & Issues, which are available on FinCEN’s web site (http://www.fincen.gov), under the tab for “Publications.” Other reference materials, including answers to frequently asked questions, can be found on FinCEN’s web site under the tab titled “Regulatory.”
Furthermore, financial institutions, particularly depository institutions such as banks, thrifts and credit unions, have significant resource materials available to help them train from their industry associations and other sources in the private sector. In addition, the primary regulators may also provide publications and resource material to use in BSA training and may be consulted on BSA compliance issues.(10/2001)
Question 20: As the individual responsible for filing SARs for my financial institution, sometimes I become confused about the correct blocks to mark on the form or the information to provide in the narrative. Where might I find guidance to assist me to properly complete a Suspicious Activity Report?
Answer 20: Several resources are available to guide filers in the completion of a SAR form.
First, be sure to review the completion instructions included with the form. Regardless of the type of SAR form, all have instructions, which address the specific fields on the form. Select one of the following types of SAR forms to see the instructions:
Instructions for Suspicious Activity Report for Depository Institutions – TD F 90-22.47 (Special Note: These instructions are being revised to correspond with the new fields on the latest SAR form for depository institutions, effective July 2003. Pending publication of the new instructions, the older [June 2000] version may be used as a guide when the fields are the same.)
Instructions for Suspicious Activity Report by Casinos and Card Clubs – FinCEN Form 102
FinCEN has provided additional guidance in every previous issue of The SAR Activity Review – Trends, Tips and Issues. A list of topics related to when and how to file SARs is available by clicking on "The SAR Activity Review – Trends, Tips and Issues"
Also, the next issue of The SAR Activity Review – Trends, Tips and Issues, which will be released in the Fall 2003, will provide enhanced guidance about how to write a SAR narrative. Two companion products, a document entitled "Preparing a Complete and Sufficient Suspicious Activity Report" and a power point presentation, "The Suspicious Activity Report and Keys to Writing a Complete and Sufficient SAR Narrative" will be available at that time on the FinCEN website.
Finally, if you still have questions after reviewing the aforementioned documents, you may consult your institution’s regulatory authority for further guidance or call the FinCEN Financial Institutions Help Line at 1-800-949-2732.
Question 21: When a federal, state or local government official, as part of his or her official duties, engages in a transaction in currency over $10,000, or purchases a monetary instrument for more than $3,000 in currency, as a non-accountholder, what kind of identifying information must a financial institution obtain?
Answer 21: Government officials sometimes need to conduct large currency transactions
as part of their official duties. For example, a law enforcement official may wish to convert
seized currency into monetary instruments for security reasons. In such cases, when a
transaction in currency over $10,000 is conducted on behalf of a government agency, rather
than on behalf of an individual, the financial institution involved in the transaction should
file a one-time Designation of Exempt Person form (TD F 90-22.53), to exempt the government
agency from the currency transaction reporting requirements and document the basis
for its conclusion. Subsequent transactions on behalf of the same government agency
would be similarly exempt from the currency reporting requirements. If a financial institution
chooses to file a currency transaction report, it generally is required only to obtain,
verify, and record identifying information pertaining to the agency for which the individual
is working. Thus, any employee identification number, address, or other identifying information
obtained should correspond to the government agency involved, and not the government official
conducting the transaction.
Notwithstanding the above, a financial institution should still obtain and record the name of the government official conducting the transaction and take those steps that a reasonable and prudent bank would take to verify and document that the customer is a government official conducting business on behalf of a government agency. Regarding the purchase of a monetary instrument for more than $3,000 in currency, a financial institution should record the date of birth of the government official, in addition to his or her name. (8/1/03)
Questions 22: Can you provide guidance on how money services businesses should conduct independent reviews of their anti-money laundering programs?
Answer 22: There are frequently asked questions regarding how to conduct independent reviews on money services business anti-money laundering programs. FinCEN has issued the the following guidance.
The Bank Secrecy Act requires money services businesses to establish anti-money laundering programs that include “an independent audit function to test programs.”1 In implementing this requirement, we determined to make clear that money services businesses are not required to hire a certified public accountant or an outside consultant to conduct a review of their programs. Rather, the relevant Bank Secrecy Act regulation requires money services businesses to establish anti-money laundering programs with written policies and procedures that:
The primary purpose of the independent review is to monitor the adequacy of the money services business’ anti-money laundering program. The review should determine whether the business is operating in compliance with the requirements of the Bank Secrecy Act and the business’ own policies and procedures. Each money services business should identify and assess the money laundering risks that may be associated with its unique products, services, customers, and geographic locations. Regardless of where risks arise, money services businesses must take reasonable steps to manage them. Each money services business should focus resources on the areas of its business that management believes pose the greatest risks, and the level of sophistication of the associated internal controls should be appropriate for the size, structure, risks, and complexity of the money services business.
Question 22(a): What should be done during the review? The review should provide a fair and unbiased appraisal of each of the required elements of the company’s anti-money laundering program, including its Bank Secrecy Act-related policies, procedures, internal controls, recordkeeping and reporting functions, and training.
Answer 22(a): The review should include testing of internal controls and transactional systems and procedures to identify problems and weaknesses and, if necessary, recommend to management appropriate corrective actions. For example, if the program requires that a particular employee or category of employee should be trained once every six months, then the independent testing should determine whether the training occurred and whether the training was adequate.
The review also should cover all of the anti-money laundering program actions taken by – or defined as part of the responsibility of – the designated compliance officer. These actions include, for example, the determination of the level of money laundering risks faced by the business, the frequency of Bank Secrecy Act anti-money laundering training for employees, and the adoption of procedures for implementation and oversight of program-related controls and transactional systems.
Question 22(b): Who should conduct the review?
Answer 22(b): Our regulations require an independent review, not a formal audit by a certified public accountant or third-party consultant. Accordingly, a money services business does not necessarily need to hire an outside auditor or consultant. The review may be conducted by an officer, employee or group of employees, so long as the reviewer is not the designated compliance officer and does not report directly to the compliance officer.
Question 22(c): How often should the review occur?
Answer 22(c): The review should be conducted on a periodic basis. The scope and frequency of the review will depend on the money services business’ risk assessment, which should take into account the business’ products, services, customers, and geographic locations. For some money services businesses, based on their risk assessments, an annual review may not be necessary; for others, more frequent review may be warranted. For example, if the money services business’ risk assessment changes, more frequent review may be prudent. Similarly, if compliance problems are identified in a review, it may be advisable to advance the date of the next review to confirm that corrective actions have been taken.
Question 22(d): Should the review be documented in some manner and reported to management?
Answer 22(d): Yes. The person or persons responsible for conducting the review should document the scope of the review, procedures performed, transaction testing completed, if any, findings of the review, and recommendations to management for corrective actions, if any. After the review, the reviewer or the designated compliance officer should track deficiencies and weaknesses discovered during the review and document corrective actions taken by the money services business. All of the documentation should, as appropriate, be made accessible to government examiners and law enforcement personnel who have authority to examine such documents. (9/2006)
The IRS Enterprise Computing Center-Detroit may be contacted at 1-800-800-2877 to assist you with questions regarding the use of the reformed CTR exemption regulations (31 CFR Section 103.22(d)(2)), completion of the Designation of Exempt Person form (TD F 90-22.53), completion of the CTR form (Form 4789), and CTR paper or magnetic filing issues. For other BSA related questions, you may call FinCEN’s Regulatory Helpline at 1-800-949-2732, leave a message with your name, name of your financial institution, and telephone number, and one of our staff will return your call promptly.