FEDERAL DEPOSIT INSURANCE CORPORATION

12 CFR 3 Subchapter A, Part 326.8

TITLE 12: Banks and Banking

PART 326—MINIMUM SECURITY DEVICES AND PROCEDURES AND BANK SECRECY ACT 1 COMPLIANCE

Subpart B—Procedures for Monitoring Bank Secrecy Act Compliance

§ 326.8   Bank Secrecy Act compliance.

(a) Purpose. This subpart is issued to assure that all insured nonmember banks as defined in §326.1 3 establish and maintain procedures reasonably designed to assure and monitor their compliance with the requirements of subchapter II of chapter 53 of title 31, United States Code, and the implementing regulations promulgated thereunder by the Department of Treasury at 31 CFR part 103.

3 In regard to foreign banks, the programs and procedures required by §326.8 need be instituted only at an insured branch as defined in §347.202 of this chapter which is a State branch as defined in §347.202 of this chapter.

(b) Compliance procedures—(1) Program requirement. Each bank shall develop and provide for the continued administration of a program reasonably designed to assure and monitor compliance with recordkeeping and reporting requirements set forth in subchapter II of chapter 53 of title 31, United States Code and the implementing regulations issued by the Department of the Treasury at 31 CFR part 103. The compliance program shall be written, approved by the bank's board of directors, and noted in the minutes.

(2) Customer identification program. Each bank is subject to the requirements of 31 U.S.C. 5318(l) and the implementing regulation jointly promulgated by the FDIC and the Department of the Treasury at 31 CFR 103.121, which require a customer identification program to be implemented as part of the Bank Secrecy Act compliance program required under this section.

(c) Contents of compliance program. The compliance program shall, at a minimum:

(1) Provide for a system of internal controls to assure ongoing compliance;

(2) Provide for independent testing for compliance to be conducted by bank personnel or by an outside party;

(3) Designate an individual or individuals responsible for coordinating and monitoring day-to-day compliance; and

(4) Provide training for appropriate personnel.

(Approved by the Office of Management and Budget under control number 3064–0087)

[52 FR 2860, Jan. 27, 1987, as amended at 53 FR 17917, May 19, 1988; 63 FR 17075, Apr. 8, 1998; 68 FR 25112, May 9, 2003]