Risks Associated with Money Laundering and Terrorist Financing

Trust and Asset Management Services—Overview

Objective. Assess the adequacy of the bank’s policies, procedures, processes, and systems to manage the risks associated with trust and asset management255Asset management accounts can be trust or agency accounts and are managed by the bank. services, and management’s ability to implement effective due diligence, monitoring, and reporting systems.

Trust256The Office of the Comptroller of the Currency uses the broader term "fiduciary capacity" instead of "trust." Fiduciary capacity includes a trustee, an executor, an administrator, a registrar of stocks and bonds, a transfer agent, a guardian, an assignee, a receiver, or a custodian under a uniform gifts to minors act; an investment adviser, if the bank receives a fee for its investment advice; and any capacity in which the bank possesses investment discretion on behalf of another (12 CFR 9.2(e) and 12 CFR 550.30). accounts are generally defined as a legal arrangement in which one party (the trustor or grantor) transfers ownership of assets to a person or bank (the trustee) to be held or used for the benefit of others. These arrangements include the broad categories of court-supervised accounts (e.g., executorships and guardianships), personal trusts (e.g., living trusts, trusts established under a will, and charitable trusts), and corporate trusts (e.g., bond trusteeships).

Unlike trust arrangements, agency accounts are established by contract and governed by contract law. Assets are held under the terms of the contract, and legal title or ownership does not transfer to the bank as agent. Agency accounts include custody, escrow, investment management,257For purposes of national banks and savings associations, certain investment management activities, such as providing investment advice for a fee, are "fiduciary" in nature. and safekeeping relationships. Agency products and services may be offered in a traditional trust department or through other bank departments.

Customer Identification Program

CIP rules, which became effective October 1, 2003, apply to substantially all bank accounts opened after that date. The CIP rule defines an "account" to include cash management, safekeeping, custodian, and trust relationships. The definition of account in the CIP rule does not include an account for the purpose of participating in an employee benefit plan established under the Employee Retirement Income Security Act of 1974 (ERISA).258Refer to the Interagency Interpretive Guidance on Customer Identification Program Requirements under Section 326 of the USA PATRIOT Act, August 28, 2005.

In the case of employee benefit plan accounts that are subject to ERISA that are established as trusts, the bank's customer is the employee benefit plan trust established by the employer to hold the assets of the employee benefit plan. Such plans often have individual participant or beneficiary accounts. For purposes of the CIP rule, a participant in or beneficiary of such an account will not be deemed to be the bank's "customer," as such a person will not have initiated the relationship with the bank. The account will not be considered opened by the employee even if a subaccount is maintained in the employee's name, or the employee is able to contribute assets into the account, so long as the employee contribution is limited to rolling over assets from another plan, elective salary deferral contributions, purchasing securities or exercising options to purchase securities, or repaying a loan, in accordance with the terms of the plan. For employee benefit plan accounts that are not subject to ERISA such as employee benefit plan accounts established by government entities, the bank's customer is the employer that contracts with the bank to establish the account. By contrast, where an individual opens an individual retirement account in a bank, the individual who opens the account is the bank's "customer."

For purposes of the CIP, the bank is not required to search the trust, escrow, or similar accounts to verify the identities of beneficiaries, but instead is only required to verify the identity of the named accountholder (the trust). In the case of a trust account, the customer is the trust whether or not the bank is the trustee for the trust. However, the CIP rule also provides that, based on the bank’s risk assessment of a new account opened by a customer that is not an individual, the bank may need "to obtain information about" individuals with authority or control over such an account, including signatories, in order to verify the customer’s identity.259Refer to 31 CFR 1020.220(a)(2(ii)(C). For example, in certain circumstances involving revocable trusts, the bank may need to gather information about the settlor, grantor, trustee, or other persons with the authority to direct the trustee, and who thus have authority or control over the account, in order to establish the true identity of the customer.

In the case of an escrow account, if a bank establishes an account in the name of a third party, such as a real estate agent, who is acting as escrow agent, then the bank’s customer is the escrow agent. If the bank is the escrow agent, then the person who establishes the account is the bank’s customer. For example, if the purchaser of real estate directly opens an escrow account and deposits funds to be paid to the seller upon satisfaction of specified conditions, the bank’s customer will be the purchaser. Further, if a company in formation establishes an escrow account for investors to deposit their subscriptions pending receipt of a required minimum amount, the bank’s customer will be the company in formation (or if not yet a legal entity, the person opening the account on its behalf). However, the CIP rule also provides that, based on the bank’s risk assessment of a new account opened by a customer that is not an individual, the bank may need "to obtain information about" individuals with authority or control over such an account, including signatories, in order to verify the customer’s identity.260Id.

Risk Factors

Trust and asset management accounts, including agency relationships, present BSA/AML concerns similar to those of deposit taking, lending, and other traditional banking activities. Concerns are primarily due to the unique relationship structures involved when the bank handles trust and agency activities, such as:

  • Personal and court-supervised accounts.
  • Trust accounts formed in the private banking department.
  • Asset management and investment advisory accounts.
  • Global and domestic custody accounts.
  • Securities lending.
  • Employee benefit and retirement accounts.
  • Corporate trust accounts.
  • Transfer agent accounts.
  • Other related business lines.

As in any account relationship, money laundering risk may arise from trust and asset management activities. When misused, trust and asset management accounts can conceal the sources and uses of funds, as well as the identity of beneficial and legal owners. Customers and account beneficiaries may try to remain anonymous in order to move illicit funds or avoid scrutiny. For example, customers may seek a certain level of anonymity by creating private investment companies (PIC),261For additional guidance on PICs, refer to the expanded overview section, "Business Entities (Domestic and Foreign)," page 314. offshore trusts, or other investment entities that hide the true ownership or beneficial interest of the trust.

Risk Mitigation

Management should develop policies, procedures, and processes that enable the bank to identify unusual account relationships and circumstances, questionable assets and sources of assets, and other potential areas of risk (e.g., offshore accounts, PICs, asset protection trusts (APT),262APTs are a special form of irrevocable trust, usually created (settled) offshore for the principal purposes of preserving and protecting part of one's wealth against creditors. Title to the asset is transferred to a person named as the trustee. APTs are generally tax neutral with the ultimate function of providing for the beneficiaries. agency accounts, and unidentified beneficiaries). While the majority of traditional trust and asset management accounts will not need EDD, management should be alert to those situations that need additional review or research.

Customer Comparison Against Lists

The bank must maintain required CIP information and complete the required one-time check of trust account names against section 314(a) search requests. The bank should also be able to identify customers who may be politically exposed persons (PEP), doing business with or located in a jurisdiction designated as "primary money laundering concern" under section 311 of the USA PATRIOT Act, or match OFAC lists.263Management and examiners should be aware that OFAC list-matching is not a BSA requirement. However, because trust systems are typically separate and distinct from bank systems, verification of these checks on the bank system is not sufficient to ensure that these checks are also completed in the trust and asset management department. Moreover, OFAC's position is that an account beneficiary has a future or contingent interest in funds in an account and, consistent with a bank's risk profile, beneficiaries should be screened to assure OFAC compliance. Refer to the core overview section, "Office of Foreign Assets Control," page 142, for additional guidance. As a sound practice, the bank should also determine the identity of other parties that may have control over the account, such as grantors or co-trustees. Refer to the core overview section, "Information Sharing," page 92, and expanded overview section, "Politically Exposed Persons," page 290, for additional guidance.

Circumstances Warranting Enhanced Due Diligence

Management should assess account risk on the basis of a variety of factors, which may include:

  • Type of trust or agency account and its size.
  • Types and frequency of transactions.
  • Country of residence of the principals or beneficiaries, or the country where established, or source of funds.
  • Accounts and transactions that are not usual and customary for the customer or for the bank.
  • Stringent documentation, verification, and transaction monitoring procedures should be established for accounts that management considers as higher risk. Typically, employee benefit accounts and court-supervised accounts are among the lowest BSA/AML risks.

The following are examples of situations in which EDD may be appropriate:

  • Bank is entering into a relationship with a new customer.
  • Account principals or beneficiaries reside in a foreign jurisdiction, or the trust or its funding mechanisms are established offshore.
  • Assets or transactions are atypical for the type and character of the customer.
  • Account type, size, assets, or transactions are atypical for the bank.
  • International funds transfers are conducted, particularly through offshore funding sources.
  • Accounts are funded with easily transportable assets such as gemstones, precious metals, coins, artwork, rare stamps, or negotiable instruments.
  • Accounts or relationships are maintained in which the identities of the principals, or beneficiaries, or sources of funds are unknown or cannot easily be determined.
  • Accounts benefit charitable organizations or other nongovernmental organizations (NGO) that may be used as a conduit for illegal activities.264For additional guidance, refer to the expanded overview section, "Nongovernmental Organizations and Charities," page 311.
  • Interest on lawyers’ trust accounts (IOLTA) holding and processing significant dollar amounts.
  • Account assets that include PICs.
  • PEPs are parties to any accounts or transactions.


< Previous Page
Trade Finance Activites - Examination Procedures
Next Page >
Trust and Asset Management Services - Examination Procedures