§ 1020.210 Anti-money laundering program requirements for banks.

(a) Anti-money laundering program requirements for banks regulated by a Federal functional regulator, including banks, savings associations, and credit unions. A bank regulated by a Federal functional regulator shall be deemed to satisfy the requirements of 31 U.S.C. 5318(h)(1) if it implements and maintains an anti-money laundering program that:

(1) Complies with the requirements of §§ 1010.610 and 1010.620 of this chapter;

(2) Includes, at a minimum:

(i) A system of internal controls to assure ongoing compliance;

(ii) Independent testing for compliance to be conducted by bank personnel or by an outside party;

(iii) Designation of an individual or individuals responsible for coordinating and monitoring day-to-day compliance;

(iv) Training for appropriate personnel; and

(v) Appropriate risk-based procedures for conducting ongoing customer due diligence, to include, but not be limited to:

(A) Understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile; and

(B) Conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information. For purposes of this paragraph, customer information shall include information regarding the beneficial owners of legal entity customers (as defined in § 1010.230 of this chapter); and

(3) Complies with the regulation of its Federal functional regulator governing such programs.

(b) Anti-money laundering program requirements for banks lacking a Federal functional regulator including, but not limited to, private banks, non-federally insured credit unions, and certain trust companies. A bank lacking a Federal functional regulator shall be deemed to satisfy the requirements of 31 U.S.C. 5318(h)(1) if the bank establishes and maintains a written anti-money laundering program that:

(1) Complies with the requirements of §§ 1010.610 and 1010.620 of this chapter; and

(2) Includes, at a minimum:

(i) A system of internal controls to assure ongoing compliance with the Bank Secrecy Act and the regulations set forth in 31 CFR Chapter X;

(ii) Independent testing for compliance to be conducted by bank personnel or by an outside party;

(iii) Designation of an individual or individuals responsible for coordinating and monitoring day-to-day compliance;

(iv) Training for appropriate personnel; and

(v) Appropriate risk-based procedures for conducting ongoing customer due diligence, to include, but not be limited to:

(A) Understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile; and

(B) Conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information. For purposes of this paragraph, customer information shall include information regarding the beneficial owners of legal entity customers (as defined in § 1010.230); and

(3) Is approved by the board of directors or, if the bank does not have a board of directors, an equivalent governing body within the bank. The bank shall make a copy of its anti-money laundering program available to the Financial Crimes Enforcement Network or its designee upon request.

[85 FR 57137, Sept. 15, 2020]