United States: Anti-Money Laundering & the USA Patriot Act Of 2001 - America´s War Against Terrorism Spreads to the Inusrance Industry

On October 26, 2001, President George W. Bush signed into law an extensive anti-terrorism bill referred to as the USA PATRIOT Act of 2001 (the "Patriot Act").¹ Adopted in response to the terrorist attacks of September 11th, the Patriot Act provides many new tools to assist in America’s war against terrorism. One such tool is designed to strengthen existing measures for preventing, detecting and prosecuting international money laundering and the financing of terrorism.² The Patriot Act is crafted, in part, to ensure that all elements of the financial services industry are subject to appropriate requirements for identifying and reporting potential money laundering transactions.

This article examines both new and existing obligations facing the insurance industry for combating money laundering and terrorist funding activities. Insurance companies have been specifically identified by the United States Department of Treasury ("Treasury") as potential facilities for money laundering activities on both the production and investment side of their operations. The highly publicized insurance racketeering scandal masterminded by Martin Frankel provides evidence of the vulnerability of insurance companies as vehicles for illegal money laundering activities.

Typically, money laundering uses legitimate financial mechanisms to make the proceeds of illegal activity appear legitimate. In the context of insurance, this can be accomplished through various means, such as using illegal funds to purchase insurance policies or annuities. These funds are then laundered through the insurer and paid out in the form of benefits, claim payments or return premium. Terrorists also use reverse money laundering techniques which use legitimate sources of funds, including insurance proceeds, to financially support terrorist activities.

The Patriot Act expands the anti-money laundering provisions contained in the Bank Secrecy Act (the "BSA") to make it easier to prevent, detect and prosecute money laundering and the financing of terrorism conducted through financial industries. Prior to its amendment by the Patriot Act, the BSA required only banks and certain other financial institutions to have anti-money laundering programs in place.³ The BSA now requires that all financial institutions establish and maintain anti-money laundering programs.⁴ The term "financial institution" is broadly defined under the Patriot Act and specifically includes insurance companies within its definition.⁵

While detailed regulations applicable to the insurance industry are still forthcoming, the required components for implementing an anti-money laundering program are contained in the Patriot Act. Insurers are required to adopt a broad statement setting forth their policy against activities which facilitate money laundering or the funding of terrorist or criminal activities. In addition, anti-money laundering programs must incorporate the following minimum elements:

• Establish and implement internal policies, procedures and controls reasonably expected to detect money laundering, and cause the reporting of suspicious activity;
• Designate a compliance officer to oversee the implementation and ongoing management of anti-money laundering programs;
• Develop an ongoing employee training program addressing anti-money laundering issues; and
• Arrange for independent audits and testing of compliance programs.

In developing an anti-money laundering program, insurers should first conduct a money laundering risk assessment. This assessment should examine an insurer’s products, customers, distribution channels, geographic locations, and international business customers and practices to identify potential areas of risk for money laundering activities. The results of the assessment will help to focus compliance program resources and structure the design of anti-money laundering programs and communications.

Based on the results of the initial assessment, insurers should develop appropriate policies, procedures and controls for detecting potential money laundering activities. The compliance program should incorporate procedures for identifying persons (including policyholders, insureds and beneficiaries), accounts and transactions which present a high risk for potential money laundering. The program should also set forth "know your customer" procedures and enhanced due diligence techniques. Finally, the program should implement mechanisms for monitoring and reporting suspicious activities or transactions to the appropriate authorities.

Insurers and certain other financial institutions initially were given until April 24, 2002 to have anti-money laundering programs in place. However, one day prior to the compliance deadline, Treasury issued an interim final rule deferring the compliance date for up to six months for certain categories of financial institutions, including insurance companies. According to the interim final rule, Treasury temporarily exempted certain financial institutions from the anti-money laundering program requirements in order to ensure the issuance of well considered regulations tailored to the unique money laundering risks associated with such financial institutions.⁶

During the next several months, Treasury and its Financial Crimes Enforcement Network ("FinCEN") will continue studying the money laundering risks posed by those institutions exempted by the interim final rule. Treasury and FinCEN expect to issue a series of regulations focusing first on those exempted financial institutions that appear to pose the greatest potential for money laundering. The interim final rule specifically states that Treasury and FinCEN have been examining the money laundering risks associated with insurance products and will issue in the near future a proposed rule governing the establishment of anti-money laundering programs by insurance companies.

At this point, it is unclear whether the requirements imposed by the Patriot Act will extend beyond insurance companies to other insurance-related entities. The Treasury Secretary has the authority to prescribe rules which are commensurate with the size, location, and activities of the financial institutions covered thereunder. As a result, it is quite possible that Treasury may impose different requirements for anti-money laundering programs on different types of insurance-related entities, or exempt certain insurance-related entities altogether.

Treasury acknowledged in its interim final rule that an inadequate understanding of the affected industries could result in poorly conceived regulations that impose unreasonable regulatory burdens with little or no corresponding anti-money laundering benefits. This acknowledgement suggests that Treasury may relax regulations applicable to insurance-related entities that are small in size or pose little risk for facilitating money laundering activities. However, a model bulletin adopted by the National Association of Insurance Commissioners ("NAIC") advising insurers of their new responsibilities under the Patriot Act (the "Model Bulletin") suggests that Treasury’s regulations could cover all persons and entities engaged in the business of insurance, including brokers, agents and managing general agents.⁷

Regardless of whether the final rules extend to insurance-related entities, insurance companies will need to enlist the participation of their agents and brokers in order to comply with the requirements of the Patriot Act. To the extent agents and brokers have contact with customers, obtain and maintain customer information, and effect customer transactions, they will be a necessary component in the policies, procedures and controls implemented by insurance companies.

The Patriot Act amends the BSA to require Treasury to issue regulations setting forth minimum standards for financial institutions to follow in determining the identity of their customers.⁸ Final regulations regarding these standards are expected to be issued by Treasury on or before October 26, 2002. During the rulemaking process, Treasury will again determine which insurance entities will be subject to the identification regulations.

The Patriot Act requires Treasury to include in its regulations certain minimum procedures that financial institutions must incorporate in their customer identification programs. These minimum procedures are reiterated in the Model Bulletin. According to the Model Bulletin, an identification program should set forth the insurer’s customer identity verification and documentation procedures. Such procedures should, to the extent reasonable and practicable, verify the identity of any person seeking to purchase an insurance product and maintain records of the information used to verify the person’s identity, including name, address and other information. The program should also address the insurer’s procedures for notifying customers about such identification requirements. Finally, the program should include procedures to determine whether customers appear on government lists of known or suspected terrorists or terrorist organizations and other prohibited parties.

The Patriot Act and the BSA impose several additional obligations on financial institutions targeted at detecting money laundering activities. As discussed below, financial institutions are subject to new information sharing requirements under the Patriot Act. In addition, the Patriot Act imposes new record-keeping and reporting requirements with respect to certain transactions. The Patriot Act also requires new categories of financial institutions to report "suspicious activities" of their customers if they know or suspect that a transaction involves illegal funds or serves no business or lawful purpose.

1. Information Sharing Provisions

Another tool contained in the Patriot Act for fighting money laundering is a provision designed to facilitate the sharing of information between the government and financial institutions, and among financial institutions themselves.⁹ Treasury has proposed rules encouraging cooperation between financial institutions (including insurance companies) and the federal government through the exchange of information regarding individuals, entities and organizations engaged in or reasonably suspected of engaging in terrorist acts or money laundering activities. According to the Patriot Act, information required to be provided under the rule will not constitute a violation of the privacy provisions contained under Gramm-Leach-Bliley.¹⁰

2. Currency Reporting Requirements

One of the principal methods which the government uses to detect money laundering is by requiring reports of certain currency transactions. Prior to the Patriot Act, only certain classes of financial institutions were subject to currency reporting requirements.¹¹ Subject to certain exceptions, federal law now requires anyone engaging in a trade or business who receives $10,000 or more in currency in any single transaction or two related transactions to file a report on the transaction to FinCEN.¹² Such transactions must be reported regardless of whether the money comes from a legal or illegal source.

3. Suspicious Activity Reporting

The Patriot Act expands the types of financial institutions required to file suspicious activity reports, commonly know as "SARs," with FinCEN when they detect known or suspected violations of federal law or suspicious transactions related to money laundering activities.¹³ It is anticipated that the Treasury Secretary will subject insurance companies to the SAR requirements in subsequent regulations. Companies that encounter suspected financial fraud or money laundering are strongly encouraged to contact law enforcement authorities and FinCEN, even if such companies are not required to do so or have not yet formally implemented anti-money laundering programs.

The Office of Foreign Assets Control ("OFAC"), an office within Treasury’s Office of Enforcement, is charged with administering and enforcing U.S. sanction policies against targeted foreign countries, individuals and organizations that sponsor terrorism, and international narcotics traffickers. To enforce such policies, OFAC has the authority to impose controls on certain transactions, freeze foreign assets under U.S. jurisdiction, and bring enforcement actions against violators. OFAC regulations extend beyond financial institutions and apply to all U.S. citizens and permanent residents, companies located in the U.S. and their overseas branches. While OFAC sanctions pre-date the Patriot Act, companies are being more closely scrutinized for their compliance with such requirements following the events of September 11th.

OFAC maintains a list of individuals, governmental entities, companies and merchant vessels around the world known or suspected to engage in illegal activities. Persons or entities on the list, known as Specially Designated Nationals and Blocked Persons ("SDNs"), include foreign agents, front organizations, terrorists and terrorist organizations and drug traffickers. The list contains over 5,000 variations on names of individuals, governmental entities, companies and merchant vessels and is updated on a regular basis. On September 24, 2001, President Bush issued an executive order imposing enhanced trade sanctions on 27 individuals and entities, including Usama bin Laden and Al Qaida.¹⁴ The immediate effect of the order is to block all assets of these individuals and entities under U.S. control and ban all dealings with the listed parties.

On July 26, 2001, OFAC issued a bulletin specific to the insurance industry, including underwriters, brokers, agents, primary insurers and reinsurers. The bulletin affirms that U.S. insurers may not insure SDN’s or individuals or entities located in certain prohibited countries or make payments to beneficiaries who are prohibited persons or entities. Examples of prohibited transactions include (1) issuing an insurance policy or annuity contract to an SDN, (2) issuing a life insurance policy naming an SDN as a beneficiary, and (3) receiving premium payments for any such transactions.

If not already in place, insurers should incorporate OFAC compliance procedures in their anti-money laundering programs. Because OFAC is continually updating its lists, insurers must ensure that their OFAC compliance procedures properly address these updates.

The Patriot Act grants the Treasury Secretary exclusive authority to promulgate and enforce the anti-money laundering regulations addressed in this article. At this time, it is unclear what role state regulators will play in monitoring anti-money laundering initiatives as they relate to the insurance industry. However, Treasury has been actively working with the NAIC to inform insurers of their obligations under the Patriot Act.

The failure to comply with anti-money laundering laws could potentially result in significant civil penalties for financial institutions and their employees and agents. Penalties for violations of certain OFAC requirements can include up to 12 years imprisonment, corporate and personal fines of up to $1 million, and civil penalties up to $275,000 per count. In one recent case, Treasury imposed a $700,000 fine against a bank which supposedly willfully failed to file approximately 2000 currency transactions reports (as required under the BSA) for currency transactions in excess of $10,000.

Financial institutions, including insurance companies, may also be subject to state laws targeted at identifying and preventing money laundering activities. In New York, for example, Commercial Bank of New York recently agreed to pay a $5 million fine to settle allegations of money laundering related largely to drug money flowing from Latin America. According to New York state officials, the bank failed to apply even minimal standards of "know your customer" rules or file suspicious activity reports as required by applicable law.

Although the full impact of the Patriot Act is unknown, it is clear that the insurance industry will be subject to increased scrutiny with respect to their anti-money laundering practices. The measures taken to date by the federal government, both on and off the battlefield, demonstrate its relentless commitment to root out terrorism and punish those who foster such activities. While the penalties that accompany violations of anti-money laundering laws can be severe, the public fallout incurred by an insurance company that becomes embroiled in a money laundering scheme involving terrorists or other criminals could be even more devastating. To avoid these negative consequences, insurance companies need to be pro-active in their efforts to prevent money laundering from occurring within their business operations.