1557-0180 Supporting Statement AML-CFT NPR Final (Submitted to OMB)

Download: docx | pdf

Supporting Statement

Minimum Security Devices and Procedures,

Reports of Suspicious Activities, and

Anti-Money Laundering/Countering the Financing of Terrorism Compliance

OMB Control No. 1557-0180

A. Justification.

This supporting statement is submitted in connection with a notice of proposed rulemaking that would amend the requirements issued by the Office of the Comptroller of the Currency (OCC), the Board of Governors of the Federal Reserve System (Board), Federal Deposit Insurance Corporation (FDIC), and the National Credit Union Administration (NCUA) (collectively, “the agencies”) for its supervised banks (currently referred to as “Bank Secrecy Act (BSA) compliance programs”) to establish, implement, and maintain effective, risk-based, and reasonably designed Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT) programs. The amendments are intended to align with changes that are being concurrently proposed by the Financial Crimes Enforcement Network (FinCEN) as a result of the Anti-Money Laundering Act of 2020 (AML Act).¹

1. Circumstances that make the collection necessary:

The proposed rule contains recordkeeping requirements that clarify the recordkeeping requirements included in the agencies currently approved information collections.

The revised information collection requirements in the proposed rule are as follows:

Proposed Updates to Collection

Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) program requirements (12 CFR 21.21(b) Establishment and contents of an AML/CFT program and (c) Board oversight): Under 12 CFR 21.21(b) and (c), national banks and federal savings associations would be required to establish, implement, and maintain an effective, risk-based, and reasonably designed AML/CFT program to ensure and monitor compliance with the requirements of the BSA² and applicable Department of Treasury regulations. The AML/CFT program and each of its components, as required under § 21.21(b)(2)(i) through (vi), would be required to be documented and approved by the board of directors.

Previously Approved Collection

Minimum Security Devices and Procedures (12 CFR 21.2, 21.4, 168.2, and 168.4): Under 12 CFR 21.2,21.4, 168.2, and 168.4, national banks and federal savings associations are required to designate a security officer who must develop and administer a written security program. The security officer shall report at least annually to the institution’s board of directors on the effectiveness of the security program. The substance of the report shall be reflected in the board’s minutes. These requirements ensure that each institution has a security officer who is responsible for the security program and that the institution’s management and board of directors are aware of the content and effectiveness of the program. These requirements are necessary to ensure prudent institution management and safety and soundness.

Suspicious Activity Report (SAR) (12 CFR 21.11 and 163.180): FinCEN and federal financial institution supervisory agencies³ adopted the SAR in 1996 to simplify the process through which depository institutions inform their regulators and law enforcement about suspected criminal activity.

In 1992, the Department of the Treasury was granted broad authority to require suspicious transaction reporting under the Bank Secrecy Act (BSA). See 31 U.S.C. 5318(g). FinCEN, which has delegated authority to administer the BSA, joined with the federal financial institution supervisory agencies in requiring, on a consolidated form, reports of suspicious transactions. See 31 CFR 1020.320(a). The filing of SARs is necessary to prevent and detect crimes involving depository institution funds, institution insiders, criminal transactions, and money laundering. These requirements are necessary to ensure an institution’s safety and soundness.

Banks and Federal savings associations are required to maintain a copy of any SAR filed and the original or business record equivalent of any supporting documentation for a period of five years. The documents are necessary for criminal investigations and prosecutions.

2. Use of the information:

Minimum Security Devices and Procedures (12 CFR 21.2, 21.4, 168.2, and 168.4): The OCC uses the information to ensure that national banks and federal savings associations carefully review the effectiveness of their security systems and comply with federal law. The information collection ensures that national banks and federal savings associations conduct their activities in accordance with safe and sound principles. The boards of directors of national banks and federal savings associations use the information to ensure that the institutions’ security systems are adequate.

SAR and Retention of Records (12 CFR 21.11 and 163.180): The OCC uses the SAR and the supporting documentation retained by national banks and federal savings associations for supervisory purposes. The information collection identifies suspicious transactions that could pose a threat to these institutions.

Effective December 31, 2012, FinCEN completed the development of a modernized information technology system containing the information collected from all filing institutions. FinCEN provides on-line access to the information to representatives of bank regulators and appropriate law enforcement agencies.

Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) program requirements (12 CFR 21.21(b) Establishment and contents of an AML/CFT program and (c) Board oversight): National banks and federal savings associations use the AML/CFT program to ensure compliance with the BSA. Bank examiners review the programs and board approval in the examination process.

Request for Exemption from the Requirements of Suspicious Activity Report (12 CFR 21.11(m) and 163.180(f): Upon receiving a written request from a national bank, federal savings association, or service corporation, the OCC will consider whether the exemption is consistent with the purposes of the Bank Secrecy Act, if applicable, and with safe and sound banking, and may consider other appropriate factors. Such exemptions shall be applicable only as expressly stated in the exemption, may be conditional or unconditional, may apply to particular persons or to classes of persons, and may apply to transactions or classes of transactions. The OCC will notify FinCEN and consider comments with regard to any exemptions that may involve the SAR provisions relating to potential money laundering or violations of the Bank Secrecy Act and may notify FinCEN and consider comments regarding other exemption requests. The OCC will provide a written response to the national bank, federal savings association, or service corporation that submitted the exemption request after notifying appropriate agencies as set forth above. A national bank, federal savings association, or service corporation that has received an exemption may rely on the exemption for a period of time to be communicated by the OCC in its granting of the exemption. The OCC may extend the extension or may revoke an exemption.

3. Consideration of the use of improved information technology:

Minimum Security Devices and Procedures (12 CFR 21.2,21.4, 168.2, and 168.4): This is an internal institution record. Institutions may use any technology that permits review by OCC examiners.

SAR (12 CFR 21.11 and 163.180): The SAR system uses improved information technology to reduce burden on institutions. In 2013, financial institutions transitioned to the BSA E-Filing System, which enabled the electronic filing of reports on-line with FinCEN. By offering on-line access to authorized users, FinCEN has eliminated the need for multiple filings. Because the system consolidates various forms into one form, the information collected is easier to collate, analyze, and use. FinCEN also provides improved access to the SAR database for law enforcement and state and federal regulators.

SAR Retention of Records (12 CFR 21.11 and 163.180): Original documents are needed for investigative and evidentiary purposes.

Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) program requirements (12 CFR 21.21(b) Establishment and contents of an AML/CFT program and (c) Board oversight): The OCC and the other bank regulators have imposed only the minimum requirements needed to satisfy the law. National banks and federal savings associations may use any information technology that permits review by OCC examiners.

4. Efforts to identify duplication:

The required information is unique and is not duplicative of any other information already collected.

5.       If the collection of information impacts small businesses or other small entities, describe any methods used to minimize burden.

The rules apply to all OCC-supervised institutions regardless of asset size.  The rules require that institutions report known or suspected violation of federal law or a suspicious transaction related to money laundering or a violation of the Bank Secrecy Act.  The rules require institutions to report criminal matters to law enforcement authorities.  The impact of the rules was minimized by setting the threshold for suspicious activities at $5,000 with the exception of insider-affiliated parties.  There are no currently viable alternatives that would result in further lowering the burden on small institutions while still accomplishing the purpose of the rule.

6. Consequences to the federal program if the collection were conducted less frequently:

Minimum Security Devices and Procedures (12 CFR 21.2,21.4, 168.2, and 168.4): A national bank and federal savings association must designate a security officer to develop and administer a written security program and report on the effectiveness of the program on an annual basis. This annual review and reporting is a necessary part of a strong security program and less frequent review and reporting could impair an institution’s safety and soundness.

SAR (12 CFR 21.11 and 163.180): A national bank and federal savings association is required to file a SAR with the appropriate federal law enforcement agencies and the Department of the Treasury on the form prescribed by the OCC and in accordance with the form's instructions. The failure to file timely SARs could be detrimental to law enforcement investigations and impede regulatory agencies’ ability to ensure the safety and soundness of institutions.

SAR Retention of Records (12 CFR 21.11 and 163.180): A national bank and federal savings association must maintain a copy of any SAR filed and the original or business record equivalent of any supporting documentation for a period of five years.

Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) program requirements (12 CFR 21.21(b) Establishment and contents of an AML/CFT program and (c) Board oversight): Each national bank and federal savings association would be required to establish, implement, and maintain an effective, risk-based, and reasonably designed AML/CFT program to ensure and monitor compliance with the requirements of the BSA and applicable Treasury regulations. 12 U.S.C. 1818(s)(3) provides that the OCC shall issue a cease-and-desist order if it determines that a national bank or federal savings association fails to establish and maintain the required program.

7. Special circumstances that would cause an information collection to be conducted in a manner inconsistent with 5 CFR part 1320:

With one exception, these recordkeeping and reporting requirements are conducted in a manner consistent with the requirements of 5 CFR part 1320. The exception is the reporting of suspicious activity on a SAR, which may occur more frequently than quarterly depending on the frequency of the activity. This information must be reported in a timely manner to enable law enforcement to take appropriate action. Records must be kept for five years because substantive violations of the law that may be indicated by the suspicious activity are generally subject to statutes of limitations of longer than three years. To ensure that documents are available for prosecutions, reporting institutions must retain original evidentiary documents for five years.

8. Efforts to consult with persons outside the agency:

The OCC published a notice of proposed rulemaking on August 09, 2024, 89 FR 65260.

9. Payment or gift to respondents:

None.

10. Any assurance of confidentiality:

The information is kept private to the extent permitted by law.

11. Justification for questions of a sensitive nature:

There are no questions of a sensitive nature.

12. Burden estimate:

Citation and Burden Type	Information Collection Requirements	Number of Respondents and Responses or Records	Average Hours Per Response	Estimated Burden Hours
12 CFR 21.2 and 21.4; 12 CFR 168.2 and 168.4 Recordkeeping	Minimum Security Devices and Procedures § 21.2 and 168.2 – Designation of security officer – The board of directors of each national bank and federal savings association shall designate a security officer who must develop and administer a written security program. § 21.4 and 168.4 – Report – The security officer for a national bank and federal savings association shall report at least annually to the institution’s board of directors on the effectiveness of the security program. The substance of such report must be reflected in the board minutes.	1,044 recordkeepers 1,044 records	.5 hour	522 hours
12 CFR 21.11(a) and 163.180(d)(1) Reporting 12 CFR 21.11(g) and 163.180(d)(8) Recordkeeping	Reports of Suspicious Activities § 21.11(a) and 163.180(d)(1) – Suspicious Activity Report – Purpose and scope – National banks and federal savings associations are required to file a SAR when they detect a known or suspected violation of federal law or a suspicious transaction related to a money laundering activity or a violation of the BSA. This section applies to all national banks and federal savings associations as well as any branches and agencies of foreign banks licensed or chartered by the OCC. § 21.11(g) and 163.180(d)(8) – Suspicious Activity Report – Retention of records – A national bank and federal savings association shall maintain a copy of any SAR filed and the original or business record equivalent of any supporting documentation for a period of five years from the date of the filing of the SAR. Supporting documents shall be identified and maintained by the national bank or federal savings association as such, and shall be deemed to have been filed with the SAR.	1,044 respondents 518,103 responses 1,044 recordkeepers 1,044 records	1 hour 1.5 hours	518,103 hours 1,566 hours
12 CFR 21.21(b) and (c) Recordkeeping	Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) program requirements. Establish AML/CFT Program – (Implementation) 12 CFR 21.21(b) and (c) (Mandatory). Maintain AML/CFT Program – (Ongoing) 12 CFR 21.21(b) and (c) (Mandatory). Each national bank and federal savings association would be required to establish, implement, and maintain an effective, risk-based, and reasonably designed AML/CFT program to ensure and monitor compliance with the requirements of the BSA and applicable Treasury regulations. The AML/CFT program and each of its components, as required under § 21.21(b)(2)(i) through (vi), would be required to be documented and approved by the board of directors.	1,044 recordkeepers .3333 (number of responses per respondent) 1,044 recordkeepers 1 (number of responses per respondent)	32 hours 8 hours	11,136 hours 8,352 hours
12 CFR 21.11(m) and 163.180(f)	Request for Exemption from the Requirements of Suspicious Activity Report National banks, federal savings associations, and service corporations may request exemption from the requirements of the Suspicious Activity Report.	5	50 hours	250 hours
Total				539,929 hours

Note: The agencies reviewed the methodology used to estimate the recordkeeping burden found in the currently approved information collections (§21.21 of the OCC’s currently approved collection) and determined that the OCC, FDIC, and NCUA included activities that are better classified as other types of burden and beyond the scope of recordkeeping burden in their burden estimates. The Board limited its burden estimate to recordkeeping activities. The agencies acknowledge those existing burdens in the currently approved information collections but the OCC, FDIC, and NCUA have determined much of those ongoing burdens are not specifically related to recordkeeping. The agencies are taking this opportunity to revise and align the burden estimation methodology and assumptions used for this information collection to show only recordkeeping activities that the agencies assume are not affected by the size of the respondent institution. The agencies assume that the recordkeeping requirements in the proposed rule encompass two distinct activities: (1) the one-time burden associated with documenting the required AML/CFT program and creating its necessary policies and training and testing materials and (2) the ongoing occasional burden of documenting (a) revisions to policies, (b) required periodic reviews of the risk assessment and independent testing, (c) compliance with training requirements, and (d) Board of Directors oversight of the AML/CFT program as would be required by the proposed rule.

Cost of Hour Burden

539,929 x $129.40 = $69,866,813

To estimate wages the OCC reviewed May 2023 data for wages (by industry and occupation) from the U.S. Bureau of Labor Statistics (BLS) for credit intermediation and related activities (NAICS 5220A1).  To estimate compensation costs associated with the rule, the OCC uses $129.40 per hour, which is based on the average of the 90th percentile for six occupations adjusted for inflation (4.3 percent as of Q1 2024), plus an additional 34.6 percent for benefits (based on the percent of total compensation allocated to benefits as of Q4 2023 for NAICS 522: credit intermediation and related activities).

13. Estimate of total annual costs to respondents (excluding cost of hour burden in Item #12):

None.

14. Estimate of annualized costs to the federal government:

Not applicable.

15. Change in burden:

Former Burden:

615,380 burden hours.

New Burden:

539,929 burden hours.

Difference:

- 75,451 hours.

The decrease in the burden is due to the proposed regulation.

16. Information regarding collections whose results are to be published for statistical use:

The OCC has no plans to publish the information for statistical purposes.

17. Reasons for not displaying OMB approval expiration date:

Not applicable.

18. Exceptions to the certification statement:

None.

B. Collections of Information Employing Statistical Methods.

Not applicable.

File Type	application/vnd.openxmlformats-officedocument.wordprocessingml.document
File Title	Supporting Statement
Author	OCC
File Modified	0000-00-00
File Created	2024-10-27