United States: Treasury Issues Proposed Regulations Requiring Anti-Money Laundering Programs for Insurance Companies

On September 26, 2002, the Department of the Treasury's Financial Crimes Enforcement Network ("FinCEN") published in the Federal Register proposed Bank Secrecy Act ("BSA") regulations that would require insurance companies to implement anti-money laundering ("AML") programs with respect to life and annuity products and certain other investment products. 67 Fed. Reg. 60625. Comments on the proposal are due on or before November 25, 2002.¹

Although insurance companies have been included in the BSA statutory definition of financial institution since the BSA was enacted, Treasury had not sought to exercise its BSA authority with respect to insurance companies until the Congressional impetus of Section 352 of the USA PATRIOT Act, 31 U.S.C. § 5318(n)(1). Section 352 requires all financial institutions under the BSA statute, 31 U.S.C. § 5312(a)(2), to have AML programs that include certain minimum elements by April 24, 2002. Section 352 also authorizes Treasury to exempt categories of financial institutions not designated as financial institutions under the BSA regulations from the AML program requirement. On April 23, 2002, Treasury announced that it was temporarily deferring the AML program requirement for insurance companies and other categories of financial institutions listed in the BSA statute, but not designated as financial institutions under the BSA regulations, pending further study.

One of the issues that Treasury has been studying over the last several months has been whether the AML program requirement for insurance companies should cover all types of insurance or just those types of insurance that pose significant money laundering risks. After much debate and discussions with the insurance industry, Treasury determined that the greatest money laundering risk was posed by insurance products with investment features and those that possess the ability to "store value" which can be transferred. Consequently, the proposed definition of "insurance company" subject to the AML program requirements includes a company engaged in the United States as a business in 1) issuing, underwriting or reinsuring a life insurance policy; 2) issuing, granting, purchasing or disposing of an annuity contract; or 3) issuing, underwriting or reinsuring "any insurance product with investment features similar to those of a life insurance policy or an annuity contract, or which can be used to store value and transfer that value to another person."

Treasury has exercised its exemption authority to exclude other types of insurance products that pose a low money laundering risk, such as health, property and casualty, title and mortgage insurance, from the AML requirements. Therefore, if a company were to offer both life insurance and annuities (or other investment products) and other types of non-covered insurance, its AML program would not be required to apply to the other types of products.

The proposed rule also provides an exemption for charities or non-profit organizations that come within the definition of insurance company because they are not considered to be "in the business" of being an insurance company. This raises a concern with a possible loophole that could result in money laundering through disreputable non-profit organizations.

Consistent with Section 352, each covered insurance company would be required to develop and implement a written AML program that is "reasonably designed" to prevent the insurance company from being used to facilitate money laundering or the financing of terrorist activities. In developing a flexible, risk-based program, a company would be required to assess the money laundering and terrorist financing risks associated with its products, customers, distribution channels, locations, and methods of payment. The program would have to be approved by senior management.

At a minimum, the AML program would have to:

1. Incorporate risk-based policies, procedures and internal controls including provisions for complying with BSA regulatory requirements (e.g., the parallel Form 8300 cash reporting requirements of the BSA and of Section 6050I of the Internal Revenue Code, the BSA requirement to report international transportations, mailings and shipments of currency and other monetary instruments, and any new requirements to obtain customer information and to report suspicious activity), and to ensure that the insurance company "obtains all the information necessary to make the anti-money laundering program effective," including relevant customer information collected and maintained by the insurance company's agents and brokers.
2. Designate a compliance officer responsible for ensuring that the AML program is implemented effectively and updated as necessary and that appropriate "persons" are educated and trained.²
3. Provide for ongoing education and training of "appropriate persons," including employees, agents and third-party service providers, concerning the anti-money laundering rules, the money laundering risks, suspicious indicators, and their responsibilities under the program.
4. Provide for periodic, independent testing to monitor and maintain an adequate program with a risk-based scope and frequency and to be conducted by someone outside or within the company other than the designated compliance officer.

There is no discussion of how much time insurance companies will be given to come into compliance with the AML program requirement once the regulations are issued in final form. However, consistent with the other regulatory actions that have been taken by Treasury under the USA PATRIOT Act and based upon discussions with Treasury, there will be some delayed effective date, e.g., sixty or ninety days.

The most controversial aspect of the regulations is the decision to exclude independently-owned insurance agents and brokers, who often are the only persons with face-to-face contact with the insurance customer, from the definition of insurance company. This means that agents and brokers would have no responsibility or potential liability to the government under the BSA. Consequently, even though the rule would permit insurance companies to delegate their AML compliance program responsibilities to agents and brokers by contract, only the insurance company would be liable to the government if its agents or brokers were to fail to carry out their delegated responsibilities. This raises not only fairness issues, but serious practical issues about how insurance companies will enforce compliance with any responsibilities delegated by contract, e.g., to identify customers or report suspicious activity.³

In the preamble to the proposal, Treasury also indicates that insurance companies would be responsible for training agents and brokers and monitoring he operation of the program. This may be impractical, particularly given that independent agents may handle policies for many insurance companies who may impose different AML responsibilities under their agreements.

Treasury specifically asks for comment on whether brokers and agents should be required to have their own AML programs. This issue is bound to generate substantial comments and lobbying activity from insurance companies and insurance trade associations. If Treasury determines that agents and brokers should have AML programs, it would appear that Treasury may have to issue a new notice of proposed rulemaking to provide agents and brokers with an opportunity to comment. This could further delay the implementation of the USA PATRIOT Act for the insurance industry.

Treasury is not clear about whether there will be further BSA regulations for the insurance industry. In the preamble, Treasury refers to the fact that "insurance companies may in the future" be required to comply with customer identification requirements under Section 326 of the PATRIOT Act and requirements to file Suspicious Activity Reports ("SARs").⁴ Recently, Treasury has indicated that Section 326 customer identification requirements and SAR reporting requirements are under consideration by Treasury for insurance companies. Previously, it was understood that Treasury would issue customer identification requirements for insurance companies under Section 326, focusing on the need to verify the identity of owners of insurance policies. Treasury advises that if insurance companies were to become subject to additional BSA requirements, their AML programs would have to be revised accordingly.

To the extent that these additional requirements were imposed, independent BSA responsibility and liability for agents and brokers would be of even more concern for insurance companies. In any event, regardless of whether regulations are issued under Section 326 or SARs are required, an effective AML program should include appropriate, risk-based policies and procedures for identifying customers and reporting suspicious activity.

Recently, Treasury revoked a longstanding BSA exemption for insurance companies required to register with the Securities and Exchange Commission ("SEC") to sell variable life insurance and annuity products. Those companies now are subject to the BSA requirements applicable to securities broker-dealers, including the compliance program requirements for broker-dealers under regulations issues by the SEC and securities self-regulatory organizations (the New York Stock Exchange and the NASD) ("SROs"). Under the proposal, insurance companies required to register with the SEC would be exempt from the proposed compliance program regulations for insurance companies with respect to the sale of the products subject to the AML program requirements for broker-dealers. In these cases, the insurance company would be "deemed to have satisfied" the requirements of the proposed regulations for insurance companies "to the extent the company complies with the AML compliance program requirements by the SEC or SRO."

The AML program must be made available to Treasury or its "designee" upon request. There is no discussion of who will be the designee with responsibility for BSA examination and enforcement with respect to insurance companies. Apparently, this is because Treasury has not determined which agency or agencies will be delegated enforcement and examination responsibility. FinCEN itself has no examination staff. Traditionally, the Internal Revenue Service has been delegated BSA enforcement responsibility for financial institutions with no federal regulator, such as money services businesses. However, resource considerations make it highly unlikely that the IRS alone could be responsible for insurance company enforcement. If agents and brokers are required to have AML programs, the enforcement would be even more difficult for FinCEN.

Copyright © 2002 Gibson, Dunn & Crutcher LLP