Originally published November 10, 2005
Introduction
On November 3, 2005, the Financial Crimes Enforcement Network ("FinCEN"), Department of Treasury promulgated long-awaited final rules for insurance companies under the Bank Secrecy Act, as amended by the PATRIOT Act.1
The new rules require insurance companies to implement anti-money laundering programs ("AMLPs") and file suspicious transaction reports ("SARs") effective as of May 2, 2006. A proposed new form for reporting suspicious activity by insurance companies was also issued for comment.2 The insurance SAR regulation requires that insurance companies must report transactions the ultimate payout of which may be $5,000 or more.
The highlights of the new rules are that they are risk-based, excluding from mandatory reporting requirements insurance products that entail less risk with respect to money laundering or use for financing terrorism; place the responsibility of effective compliance solely on insurance companies, while requiring insurance companies to obtain information from and provide training of agents, brokers and employees; and designate FinCEN as the agency responsible for regulating insurance companies.3 The new rules also require the engagement of an insurance company’s senior management and periodic "independent testing" of the AMLPs.
Applicability to Certain Insurance Companies
The Rule applies only to insurance companies engaged in the U.S. in the business of issuing or underwriting "covered products" as defined in the Rule. The Rule applies to insurance products possessing features that make them susceptible to being used for money laundering or financing terrorism. The Release explains that life insurance policies having a cash value, for example, are potential money laundering vehicles because the cash value can be redeemed by money launderers or used by them as a source of further investment of tainted funds by, among other things, taking loans secured by such cash values. Similarly, annuity contracts pose money laundering risk because they could permit a money launderer to exchange illicit funds for an immediate or deferred income stream or to purchase a deferred annuity and obtain clean funds upon redemption.4 In contrast, the Release indicates that property and casualty policies as well as certain types of contracts and products relating to life insurance and annuities, such as reinsurance, group life insurance policies, group annuities and term life insurance policies pose little or no risk of being used for money laundering.5 Group policies and contracts are defined as those where a number or persons are covered under a single policy or contract, and the Rule does not expressly limit eligibility for the group contract exceptions on the basis of the nature of a group.
Therefore, under the Rule, "covered product" is defined as: (1) a permanent life insurance policy, other than a group life insurance policy, (2) any annuity contract, other than a group annuity contract, and (3) any other insurance product with features of cash value or investment.6
Requirement For "Risk-Based" Anti-Money Laundering Programs
The Rule requires that no later than May 2, 2006, each insurance company issuing or underwriting a covered product develop and implement an AMLP reasonably designed to prevent the company from being used to facilitate money laundering or the financing of terrorist activities.7 An AMLP is only required with respect to covered products issued or underwritten by a company and should reflect the particular circumstances of the company.8 Specifically, the Rule requires the AMLP to incorporate policies, procedures, and internal controls based upon the insurance company’s assessment of the money laundering and terrorist financing risks associated with its covered products.9 The Release explains that the specific procedures for conducting a AMLP are left to the discretion of each insurance company; however, companies must use the expertise they possess about the industry and their particular covered products to develop AMLPs that meet the requirements of the Rule.10
In connection with the foregoing, the Release states that, in developing a risk-based AMLP, an insurance company must consider all relevant factors affecting the risks inherent in its covered products.11 For example, an insurance company’s assessment of its customer-related information, including methods of payment, would be a key component of any effective AMLP.12 Therefore, an insurance company should consider the extent and circumstances under which its customers use cash or cash equivalents to purchase its covered products.13
Directly Applicable to Insurance Companies Not Their Agents
The Rule requires insurance companies issuing covered products to establish AMLPs, but does not require the same of agents or brokers of such companies.14 But as the Release indicates, AMLPs of a covered insurance company must encompass the activities of its agents and brokers that sell its covered products. In this regard, the Release states:
. . . because insurance agents and brokers are an integral part of the insurance industry due to their direct contact with customers, the final rule requires each insurance company to establish and implement policies, procedures, and internal controls that are reasonably designed to integrate its agents and brokers into its anti-money laundering program and to monitor their performance with its
program. An insurance company’s anti-money laundering program also must include procedures for obtaining all relevant customer-related information necessary for an effective program, either from its agents and brokers or from other sources.15
The Rule’s requirements as to agents do not on their face differentiate between captive and independent agents. To the extent the Rule requires integration and monitoring of independent agents, it would appear to raise significant practical compliance issues for both insurers and agents. However, the Release indicates that, when a covered product is sold by a registered broker-dealer with its own anti-money laundering program, the insurance company generally may rely on the broker-dealer’s program to address issues at the time of the product’s sale, while the insurer’s AMLP should focus on the ongoing administration of the covered product.
Specific Anti-Money Laundering Program Requirements
The Rule’s specific requirements for AMLPs are similar to those in the comparable rules for broker-dealers and investment companies.16 First, the Rule requires insurance companies implementing AMLPs to designate a competent and knowledgeable compliance officer to be responsible for administering the program.17 The compliance officer must be empowered with full responsibility and authority to develop and enforce the AMLPs.18 The compliance officer’s role is to ensure that:
- The AMLP is implemented effectively, including monitoring compliance with the AMLP by the company’s agents and brokers.
- The AMLP is updated when necessary.
- Appropriate persons are trained as required by the Rule.
- Employees of the company have appropriate resources to which they can address questions regarding the AMLP.19
The Rule also requires that an insurance company adopting an AMLP provide training regarding the AMLP to appropriate employees and other persons in order that they be in a position to identify "red flags" that may indicate possible money laundering or terrorist financing activity.20 Such training may be conducted by the insurance company itself or by outside service providers, provided that persons with obligations under an AMLP are sufficiently trained to carry out their responsibilities effectively and receive periodic updates and refreshers about the program.21
The Rule requires as well that each insurance company adopting an AMLP obtain independent testing of the program on a periodic basis to ensure that it complies with the requirements of the Rule and that the program functions as designed.22 The scope and frequency of the testing must be commensurate with the risks posed by the insurance company’s covered products and may be conducted by a third party or by an officer or an employee of the company, other than the compliance officer under the AMLP.23
The Rule includes three additional requirements for insurance company AMLPs:
- AMLPs must be in writing.
- AMLPs must be approved by an insurance company’s senior management.
- AMLPs must be made available to the Treasury Department, FinCEN or their designee upon request.
Reporting Suspicious Activity
The SAR Rule requires insurance companies to report suspicious transactions to FinCEN.24 As with the Rule, companies subject to the SAR Rule are those that issue or underwrite covered products. Under the SAR Rule, covered insurance companies are required to file a report, in the form of a Suspicious Activity Report by Insurance Companies (an "SAR-IC"), of any suspicious transaction involving a covered product that may relate to a possible violation of any law or regulation.25 The report must be filed within thirty calendar days of the initial detection of facts that may constitute a basis for its filing.26 Insurance companies filing SAR-ICs must maintain copies of the reports and the original or business record equivalent of any supporting documentation for five years after filing the report.27
The threshold amount for reporting a suspicious transaction is $5,000 in funds or other assets, determined by either the premium payment or the potential payout, regardless of whether such amounts involve currency.28
All the facts and circumstances relating to a transaction and the customer effecting it should be evaluated in determining whether or not a transaction is suspicious and, therefore, whether or not to file a SAR-IC. Though the SAR Rule does not provide specific criteria, the SAR Release identifies "red flags" that serve as examples of potentially suspicious transactions.29 These are:
- The purchase of an insurance product that appears to be inconsistent with a customer’s needs.
- Any unusual method of payment, particularly by cash or cash equivalents (when such method is, in fact, unusual).
- The purchased of an insurance product with monetary instruments in structured amounts.
- The early termination of an insurance product, especially at a cost to the customer, or where cash was tendered and/or the refund check is directed to an apparently unrelated third party.
- Little or no concern by a customer for the investment performance of an insurance product, but much concern about the early termination features of the product.
- The reluctance by a customer to provide identifying information when purchasing an insurance product, or the provision of minimal or seemingly fictitious information.
- The borrowing of the maximum amount available soon after purchasing the product.
Lastly, the SAR Rule provides that a reporting insurance company may not notify any person involved in a transaction that a SAR-IC has been filed regarding that transaction, and provides a safe harbor protecting the insurance company from liability for the information in the SAR-IC and for its non-disclosure of the filing.30
Footnotes
1 Anti-Money Laundering Programs for Insurance Companies, 31 C.F.R. § 103.137 (2005), as codified by final rule published at 70 Fed. Reg. 66,754 (Nov. 3, 2005) (the "Rule"); Reports by Insurance Companies of Suspicious Transactions, 31 C.F.R. § 103.16 (2005), as codified by final rule published at 70 Fed. Reg. 66,761 (Nov. 3, 2005) (the "SAR Rule"). Click here to view 70 Fed. Reg. 66,754 (the "Release") or here to view 70 Fed. Reg. 66,761 (the "SAR Release").
2 Fin. Crimes Enforcement Network; Proposed Collection; Comment Request; Suspicious Activity Report by Insurance Companies, 70 Fed. Reg. 66,895, at 66,895-901 (Nov. 3, 2005). Click here to view 70 Fed. Reg. 66,895. The comment period expires on January 3, 2006.
3 Although the PATRIOT Act had designated the Internal Revenue Service as the default regulator of AMLPs for insurance companies if no other regulator was appointed, and some insurance companies believed that the Service was well-suited for the role because of its understanding of the industry, the Service was not eager to take on the mission and FinCEN designated itself for the role.
4 Fin. Crimes Enforcement Network; Amendment to the Bank Secrecy Act Regulations—Anti-Money Laundering Programs for Insurance Companies, 70 Fed. Reg. 66,754, at 66,755 (Nov. 3, 2005). See also United States v. Murillo, No. 02-210007 (S.D. Fla. Dec. 5, 2002) (Grand Jury Indictment).
5 Amendment to the Bank Secrecy Act Regulations—Anti-Money Laundering Programs for Insurance Companies, 70 Fed. Reg. at 66,757. The Release states that, while some companies may decide to adopt a company-wide AMLP addressing both covered products and non-covered insurance products, the Rule only requires that a company’s AMLP address covered products. Id.
6 31 C.F.R. § 103.137(a)(4). The Rule defines an annuity contract as "any agreement between the insurer and the contract owner whereby the insurer promises to pay out a fixed or variable income stream for a period of time", but excludes contracts of indemnity, as well as workers compensation insurance and structured settlements. § 103.137(a)(1).
7 § 103.137(b).
8 Amendment to the Bank Secrecy Act Regulations—Anti-Money Laundering Programs for Insurance Companies, 70 Fed. Reg. at 66,758.
9 § 103.137(c)(1).
10 Amendment to the Bank Secrecy Act Regulations—Anti-Money Laundering Programs for Insurance Companies, 70 Fed. Reg. at 66,758.
11 Id.
12 /d.
13 Id.
14 Id at 66,756
15 Id.
16 E.g., Anti-Money Laundering Programs for Mutual Funds, 31 § C.F.R. 103.130 (2002) (for investment companies); NASD RULE 3011 (2005) (for NASD member broker-dealers).
17 31 C.F.R. § 103.137(c)(2) (2005).
18 Amendment to the Bank Secrecy Act Regulations—Anti-Money Laundering Programs for Insurance Companies, 70 Fed. Reg. at 66,759.
19 Id.
20 Id.
21 Id. In this regard, the Release addressed training of insurance agents and brokers as follows: "An insurance company also must provide [sic] for the training of its insurance agents and brokers concerning their responsibilities under the company’s anti-money laundering program. An insurance company may satisfy this requirement by directly training its agents and brokers or by verifying its agents and brokers have received the required training by another insurance company or by a competent third party with respect to the covered products offered by the company." Id.
22 Id.
23 31 C.F.R. § 103.137(c)(4) (2005).
24 Reports by Insurance Companies of Suspicious Transactions, 31 C.F.R. § 103.16 (2005).
25 § 103.16(c)(1).
26 § 103.16(c)(2).
27 § 103.16(e).
28 Fin. Crimes Enforcement Network; Amendment to the Bank Secrecy Act Regulations—Requirement That Insurance Companies Report Suspicious Transactions, 70 Fed. Reg. 66761, at 66,765 (Nov. 3, 2005).
29 Id. at 66,768.
30 § 103.16(f).
Sutherland Asbill & Brennan LLP's Financial Services Team
Stephen Roth, James Heffernan, George Bostick, Peter Anderson, Neil Lang, Frederick Bellamy, W. Mark Smith, Steven Boehm, Michael Miles, Thomas Gick, James Cain, Susan Krawczyk, David Massey, Tom Conner, Lovida Coleman, Terry Weiss, Carol Weiser, David Goldstein, William Walderman, Eric Arnold, Holly Smith Mary Jane Wilson-Bilik, Brian Rubin, Bibb Strench, Cynthia Krus, Ann Cammack, Deb Heilizer, Mary Thornton, Adam Cohen, Michael Koffler, Allen Wolper, Stephen Herbert, Charles Locke, Ian Herbert, Christopher Nicholas, Thomas Bisset, Pamela Ellis, Tess Weil, Eric Freed, Patrice Pitts, Elisabeth Bentzinger, Michael Pawluk, Aneal Krishnamurthy, Kali Banks, Marie Baker, Christian Cannon, Timothy White, Shanyn Gillespie, Kevin Palmer, Lisa Morgan, Lisa Pellegrino, Cynthia Reid, David Magli, Christopher Mathews, Carol Willette, John Roper and Jon Hadfield.© 2005 Sutherland Asbill & Brennan LLP. All Rights Reserved.
This article is for informational purposes and is not intended to constitute legal advice.