The USA Patriot Act was passed by Congress on 26 October 2001 as a response to the September 11 terror attacks. The Patriot Act gave law enforcement agencies across the United States a range of new investigative powers. In addition to more robust immigration and surveillance laws, it introduced measures to address the financial crimes associated with terrorism, including money laundering and the financing of terrorism.
Given its legal significance, banks and financial institutions in the United States, or those doing business there, should understand their Patriot Act anti-money laundering compliance obligations and set up their AML/CFT programs appropriately.
USA Patriot Act: Legal Impact
Upon its introduction, the USA Patriot Act’s anti-money laundering and counter-financing of terrorism laws impacted existing articles of legislation: specifically, the Money Laundering Control Act of 1986 and the Bank Secrecy Act (BSA) of 1970, the latter of which primarily imposes record-keeping and reporting regulations on obligated institutions.
The Patriot Act is an important legal consideration. Financial institutions that fall short of their Patriot Act AML compliance obligations may face civil and criminal penalties, including fines of $1 million or twice the value of the violating transaction (whichever is greater).
The Patriot Act affected the BSA significantly, expanding its legislative scope and adding new legal requirements to it — which include the following AML/CFT provisions:
Anti-Money Laundering Program
The Patriot Act requires all financial institutions to develop and implement their own AML program and emphasizes a number of mandatory checks and screening capabilities. Accordingly, a firm’s USA Patriot Act anti-money laundering program must be built around the following criteria:
- The company must develop internal AML policies, procedures, and controls
- An AML Compliance Officer must be appointed to oversee the AML program
- Employees must receive ongoing AML training
- The AML program must be independently audited regularly
There is no “one size fits all” solution to Patriot Act anti-money laundering compliance requirements. While each financial institution must fulfill the criteria listed above, it is essential that their program is tailored to their unique needs and vulnerabilities as well as the risk profiles of their clients.
In practice, this means that an AML program must take into account factors like the size and location of its institution and the business activities of its customers; it must be flexible enough to adapt should those factors change. Since that requirement involves a significant amount of administrative work, AML programs are often best served by time-saving automated screening processes as a complement to their human administrators.
Beyond simply protecting against criminal liability, an effective AML program protects its firm against the potential financial and reputational damage that results from association with criminal activities.
Customer Identification Verification
Under the Patriot Act, financial institutions have a duty to verify their customers’ identities — that is, to ensure they are who they say they are and that they are being truthful about the nature of their business. These Customer Due Diligence (CDD) measures allow financial institutions to check that their customers are not involved in criminal activities like money laundering or terrorism. In practice, customer identity verification involves:
- Verifying personal details — name, date of birth, address — as accurately as possible
- Maintaining records to facilitate ongoing identification.
- Checking customers against lists of known or suspected terrorists and terrorist organizations
In order to check that customers are not involved in terrorism, most governments maintain sanctions lists and lists of known terrorists. The United States’ Office of Foreign Assets Control (OFAC), for example, maintains the Specially Designated Nationals List (SDNL). Financial institutions are required to screen their customers against these lists before establishing a business relationship.
Suspicious Activity Reports
The Patriot Act requires financial institutions to monitor their customer accounts for suspicious activity as a way to detect financial crime and, if suspicious activity is detected, make the authorities aware quickly.
When a customer engages in transactions that might be considered out of the ordinary, such as irregular deposits and withdrawals of large amounts of money, financial institutions are required to submit a Suspicious Activity Report (SAR). In the United States, SARs must be submitted to the Financial Crimes Enforcement Network using the BSA e-filing system.