Risks Associated with Money Laundering and Terrorist Financing

INDEPENDENT AUTOMATED TELLER MACHINE OWNERS OR OPERATORS EXAMINATION AND TESTING PROCEDURES

Objective:  Evaluate the bank’s policies, procedures, and processes to assess, manage, and mitigate potential risks associated with independent automated teller machine (ATM) owner or operator customers, including Independent Sales Organizations (ISOs).  Evaluate the bank’s compliance with regulatory requirements, such as customer identification, customer due diligence (CDD), beneficial ownership of legal entity customers, currency transaction reporting, and suspicious activity reporting, with respect to these customers.  Examiners are reminded that there are no Bank Secrecy Act (BSA) regulations specific to independent ATM owner or operator customers, including ISOs.

The following examination and testing procedures are intended to be a subset of a broader review of compliance with Bank Secrecy Act/anti-money laundering (BSA/AML) regulations, such as customer identification, customer due diligence (CDD), beneficial ownership, currency transaction reporting, and suspicious activity reporting. Not all of the examination and testing procedures will apply to every bank or be used during every examination.

  1. Determine whether the bank has developed and implemented appropriate, written risk-based procedures for conducting ongoing CDD for all customers, including independent automated teller machine (ATM) owner or operator customers, and that these procedures enable the bank to:
  2. Determine whether the bank, as part of the overall CDD program, has effective processes to develop customer risk profiles that identify the specific risks of individual customers including, as appropriate, independent ATM owner or operator customers.
  3. Determine whether the bank has policies, procedures, and processes to identify customers that may pose higher risk for money laundering, terrorist financing (ML/TF), and other illicit financial activities, which may include independent ATM owner or operator customers. Policies, procedures, and processes generally include whether and when, based on risk, it is appropriate to obtain and review additional customer information, including guidance for resolving issues when insufficient, inaccurate, or unverifiable information is obtained. Determine whether the risk-based CDD policies, procedures, and processes are commensurate with the bank’s ML/TF and other illicit financial activity risk profile.
  4. Determine whether the bank’s system for monitoring independent ATM owner or operator customer accounts for suspicious activities, and for reporting suspicious activities, is adequate given the bank’s risk profile
  5. Consider whether the bank’s policies, procedures, and processes adequately address the preparation, filing, and retention of currency transaction reports for independent ATM owner or operator customers.
  6. Determine if performing risk-focused testing is appropriate based on the review of a risk assessment, prior examination reports, other examination information, or a review of the bank’s audit findings. If risk-focused testing is appropriate, select a sample of independent ATM owner or operator customer relationships and request applicable documentation to perform risk-focused testing.  From the sample selected, perform the following examination procedures:
    • Determine whether the bank collects appropriate information to understand the nature and purpose of customer relationships, and to evaluate such customers according to their particular characteristics when assessing whether the bank can effectively mitigate the potential risk those customers may pose.
    • Determine whether the bank effectively incorporates customer information, including beneficial ownership information for legal entity customers, into the customer risk profile.
    • Review transaction activity for selected customer relationships and, if necessary, request and review specific transactions and transaction monitoring documentation to determine whether the bank has identified and reported any suspicious activity.
  7. Based on examination and testing procedures completed, form a conclusion about the adequacy of policies, procedures, and processes associated with independent ATM owner or operator customers.

 

< Previous Page
Independent Automated Teller Machine Owners or Operators
Next Page >
Nondeposit Investment Products