(a) Anti-money laundering program requirements for banks regulated by a Federal functional regulator, including banks, savings associations, and credit unions. A bank regulated by a Federal functional regulator shall be deemed to satisfy the requirements of 31 U.S.C. 5318(h)(1) if it implements and maintains an anti-money laundering program that:
(1) Complies with the requirements of §§ 1010.610 and 1010.620 of this chapter;
(2) Includes, at a minimum:
(i) A system of internal controls to assure ongoing compliance;
(ii) Independent testing for compliance to be conducted by bank personnel or by an outside party;
(iii) Designation of an individual or individuals responsible for coordinating and monitoring day-to-day compliance;
(iv) Training for appropriate personnel; and
(v) Appropriate risk-based procedures for conducting ongoing customer due diligence, to include, but not be limited to:
(A) Understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile; and
(B) Conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information. For purposes of this paragraph, customer information shall include information regarding the beneficial owners of legal entity customers (as defined in § 1010.230 of this chapter); and
(3) Complies with the regulation of its Federal functional regulator governing such programs.
(b) Anti-money laundering program requirements for banks lacking a Federal functional regulator including, but not limited to, private banks, non-federally insured credit unions, and certain trust companies. A bank lacking a Federal functional regulator shall be deemed to satisfy the requirements of 31 U.S.C. 5318(h)(1) if the bank establishes and maintains a written anti-money laundering program that:
(1) Complies with the requirements of §§ 1010.610 and 1010.620 of this chapter; and
(2) Includes, at a minimum:
(i) A system of internal controls to assure ongoing compliance with the Bank Secrecy Act and the regulations set forth in 31 CFR Chapter X;
(ii) Independent testing for compliance to be conducted by bank personnel or by an outside party;
(iii) Designation of an individual or individuals responsible for coordinating and monitoring day-to-day compliance;
(iv) Training for appropriate personnel; and
(v) Appropriate risk-based procedures for conducting ongoing customer due diligence, to include, but not be limited to:
(A) Understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile; and
(B) Conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information. For purposes of this paragraph, customer information shall include information regarding the beneficial owners of legal entity customers (as defined in § 1010.230); and
(3) Is approved by the board of directors or, if the bank does not have a board of directors, an equivalent governing body within the bank. The bank shall make a copy of its anti-money laundering program available to the Financial Crimes Enforcement Network or its designee upon request.
[85 FR 57137, Sept. 15, 2020]