[Federal Register: March 20, 2006 (Volume 71, Number 53)]
[Rules and Regulations]
[Page 13934-13937]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr20mr06-4]
=======================================================================
-----------------------------------------------------------------------
FEDERAL RESERVE SYSTEM
12 CFR Part 211
[Regulation K; Docket No. R-1147]
International Banking Operations
AGENCY: Board of Governors of the Federal Reserve System.
ACTION: Final rule.
-----------------------------------------------------------------------
SUMMARY: The Board of Governors of the Federal Reserve System (Board)
has adopted a final rule to require Edge and Agreement corporations and
U.S. branches, agencies, and representative offices of foreign banks
supervised by the Board to establish and maintain procedures reasonably
designed to assure and monitor compliance with the Bank Secrecy Act and
the regulations issued thereunder.
DATES: This rule is effective April 19, 2006.
FOR FURTHER INFORMATION CONTACT: Nina A. Nichols, Assistant Director,
(202) 452-2961, Shaswat K. Das, Counsel, (202) 452-2428, or Bridget M.
Neill, Assistant Director, (202) 452-5235, Division of Banking
Supervision and Regulation; or Ann E. Misback, Associate General
Counsel, (202) 452-3788, or Jennifer Sutton, Attorney, (202) 452-3564,
Legal Division. For users of Telecommunications Devices for the Deaf
(TDD) only, contact (202) 263-4869.
SUPPLEMENTARY INFORMATION:
I. Background
A. Regulations on Bank Secrecy Act Compliance Programs
Subchapter II of chapter 53 of Title 31, United States Code,
commonly known as the ``Bank Secrecy Act,'' generally requires
financial institutions to, among other things, keep records and make
reports that have a high degree of usefulness in criminal, tax, or
regulatory proceedings. Section 1359 of the Anti-Drug Abuse Act of
1986, Pub. L. 99-570, requires the supervisory agencies to prescribe
regulations requiring institutions they regulate to establish and
maintain procedures reasonably designed to assure and monitor
compliance with the Bank Secrecy Act and to review such procedures
during the course of their examinations.\1\
---------------------------------------------------------------------------
\1\ See 12 U.S.C. 1818(s).
---------------------------------------------------------------------------
[[Page 13935]]
The supervisory agencies' implementing regulations incorporate the
minimum components of a compliance program as generally set forth in
the Bank Secrecy Act at 31 U.S.C. 5318(h). These components are: (i) A
system of internal controls to assure ongoing compliance; (ii)
independent testing of compliance by the institution's personnel or by
an outside party; (iii) the designation of an individual or individuals
responsible for coordinating and monitoring day-to-day compliance; and
(iv) training for appropriate personnel.\2\
---------------------------------------------------------------------------
\2\ The Board's implementing regulation is found in Regulation H
at section 208.63 (12 CFR 208.63).
---------------------------------------------------------------------------
On May 30, 2003, the Board published a notice of proposed
rulemaking in the Federal Register (68 FR 32434) to amend Regulation K
(12 CFR part 211) to require Edge and Agreement corporations and U.S.
branches, agencies, and representative offices of foreign banks
supervised by the Board to establish and maintain procedures reasonably
designed to assure and monitor compliance with the Bank Secrecy Act.
B. Overview of Comments Received
The Board received five comments regarding the proposed rule.
Commenters generally supported the clarification provided by the
proposed rule regarding the Bank Secrecy Act compliance obligations of
Edge and Agreement corporations and U.S. branches, agencies, and
representative offices of foreign banks. Specific issues raised by the
commenters are discussed below.
II. Analysis of Comments
A. Requirement for Program Approval
The proposed rule would require a branch, agency, or representative
office of a foreign bank operating in the United States (except for a
Federal branch, a Federal agency, or a state-chartered branch that is
insured by the Federal Deposit Insurance Corporation) to establish a
Bank Secrecy Act compliance program with the approval of the foreign
bank's board of directors. Two commenters expressed concern regarding
the proposed approval process. One commenter observed that it is often
difficult to obtain timely approval of ``local'' U.S. matters by the
board of directors of the foreign bank in the home country. The other
commenter noted that a U.S. branch, agency, or representative office
may not itself have a board of directors and suggested that in such
situation approval by the entity's senior management in the United
States should be sufficient. Commenters stated that regulators, in
other instances, have addressed logistical difficulties of securing
head office approval by allowing, for example, a local committee,
advisory board, senior management, or regional headquarters located in
the United States to perform the functions of a board of directors.
The Board believes the Bank Secrecy Act program requires attention
at the highest levels of management. Boards of directors of state
member banks are not permitted to delegate approval of the Bank Secrecy
Act compliance program.\3\ U.S. branches, agencies, and representative
offices of foreign banks generally will not have separate boards of
directors. Nevertheless, these offices need to be able to establish and
implement amendments to their Bank Secrecy Act programs as necessary.
Accordingly, the final rule provides that a foreign bank's board of
directors may appoint a delegee to approve the required Bank Secrecy
Act program so long as the delegee is acting under the express
authority of the board of directors to approve the Bank Secrecy Act
program.
---------------------------------------------------------------------------
\3\ See 12 CFR 208.63(b). (``The compliance program shall be
reduced to writing, approved by the board of directors, and noted in
the minutes.'')
---------------------------------------------------------------------------
B. Risk-Based Program
One commenter requested that the Board clarify in the preamble to
the final rule whether Edge and Agreement corporations and U.S.
branches, agencies, and representative offices of foreign banks are
expected to develop risk-based programs under the rule. The Board has
consistently interpreted Regulation H to require each bank to develop a
Bank Secrecy Act compliance program that is tailored to address the
risks presented by its business operations and customer base, provided
that the minimum requirements set forth in section 208.63 of Regulation
H are met. Under longstanding existing supervisory practice, as
reflected in the final rule amending Regulation K, the Board expects
Edge and Agreement corporations and U.S. branches, agencies, and
representative offices of foreign banks to develop and implement Bank
Secrecy Act compliance programs that are risk-based.
C. Text of Regulation H Requirements
The proposed rule incorporated by reference the minimum
requirements for Bank Secrecy Act compliance programs that are set
forth in Regulation H at section 208.63 (12 CFR 208.63). One commenter
suggested that the rule would be easier to use and more understandable
if the final rule set forth the full text of the regulatory
requirements found in Regulation H.
Many cross-references are made in Board regulations to provisions
contained elsewhere. For example, the suspicious activity reporting
rule for state member banks is found at 12 CFR 208.62 and is cross-
referenced in Regulations K and Y at 12 CFR 211.5(k), 211.24(f), and
225.4(f). Similarly, the Customer Identification Program rule is found
at 31 CFR 103.121 and is cross-referenced in Regulations H and K at 12
CFR 208.63(b)(2), 12 CFR 211.5(m)(2), and 211.24(j)(2). The Board
believes this format is sufficiently clear; as a result, the final rule
continues to incorporate by reference the text of the minimum
requirements for Bank Secrecy Act compliance programs found in section
208.63 of Regulation H.
D. Applicability to Offshore Interests of U.S. Banking Organizations
The proposed rule by its terms would require Edge and Agreement
corporations and U.S. branches, agencies, and representative offices of
foreign banks (except for a Federal branch, a Federal agency, or a
state-chartered branch that is insured by the Federal Deposit Insurance
Corporation) to establish Bank Secrecy Act compliance programs. One
commenter requested that the final rule clarify that it does not apply
to the investments of U.S. banks or Edge and Agreement corporations in
offshore entities, whether those investments are subsidiaries, joint
ventures, or portfolio investments. The definitions of ``financial
institution'' and ``bank'' in the Bank Secrecy Act and regulations
thereunder do not encompass foreign offices or foreign investments of
U.S. banks or Edge and Agreement corporations.\4\ Nevertheless, banks
are expected to have policies, procedures, and processes in place at
all their branches and offices to protect against risks of money
laundering and terrorist financing. Moreover, an enterprise-wide anti-
money laundering compliance program that assesses risk on a
consolidated basis across all activities, business lines, and legal
entities may be an essential tool in managing such risks.
---------------------------------------------------------------------------
\4\ See 31 U.S.C. 5312(a)(2); 31 CFR 103.11(c).
---------------------------------------------------------------------------
III. Regulatory Analysis
A. Regulatory Flexibility Act
In accordance with section 4(a) of the Regulatory Flexibility Act
(5 U.S.C. 604(a)), the Board must publish a final regulatory
flexibility analysis with this rulemaking. The final rule creates a
[[Page 13936]]
uniform regulatory standard for ensuring and examining compliance with
applicable law and regulation. Institutions covered by the rule,
whether small or large, are already required to have policies and
procedures substantially equivalent to those required by the rule.
Accordingly, the Board certifies that this final rule will not have a
significant economic impact on a substantial number of small business
entities.
B. Paperwork Reduction Act
In accordance with the Paperwork Reduction Act of 1995 (PRA) (44
U.S.C. 3506; 5 CFR 1320 Appendix A.1), the Board has reviewed the final
rule under the authority delegated to the Board by the Office of
Management and Budget (OMB). The collections of information associated
with this rulemaking are found in 12 CFR 211.5 and 211.24. This
information is required to evidence compliance with the requirements of
the Bank Secrecy Act, and the regulations promulgated thereunder. The
recordkeepers are for-profit financial institutions.
The Federal Reserve may not conduct or sponsor, and an organization
is not required to respond to, this collection of information unless it
displays a currently valid OMB control number. The OMB control number
is 7100-0310.
The final rule does not change the collection of information
requirements set forth in the proposed rule. The final rule applies
only to Edge and Agreement corporations and U.S. branches, agencies,
and representative offices of foreign banks supervised by the Board.
The final rule requires each of those entities to establish a written
compliance program that includes the following components: (i) A system
of internal controls to assure ongoing compliance; (ii) independent
testing of compliance by the institution's personnel or by an outside
party; (iii) the designation of an individual or individuals
responsible for coordinating and monitoring day-to-day compliance; and
(iv) training for appropriate personnel. The compliance program must be
approved by the board of directors (and noted in the minutes) or by a
delegee of the foreign bank's board of directors.
The commenters generally agreed that there would be little burden
associated with the requirements for establishing a compliance program
for the Bank Secrecy Act because the measures involved in the program
are consistent with existing requirements under the Bank Secrecy Act at
31 U.S.C. 5318(h) and usual and customary business practices. The Board
continues to believe that the estimated average annual burden of 16
hours per institution is accurate, because branches, agencies, and
representative offices of foreign banks and Edge and Agreement
corporations are currently subject to the program requirements of
section 5318(h) of the Bank Secrecy Act. Thus, the rule adopted today
clarifies the existing obligations of these entities under the Board's
rules. Because the records would be maintained at branches, agencies,
and representative offices of foreign banks and Edge and Agreement
corporations, and the records are not provided to the Federal Reserve,
no issue of confidentiality under the Freedom of Information Act
arises.
Estimated number of financial institutions subject to the final
rule: 520.
Estimated average annual burden for establishing the written
compliance program per financial institution: 16 hours (2 business
days).
Estimated total annual burden: 8,320 hours.
The Federal Reserve has a continuing interest in the public's
opinion of our collections of information. At any time, comments
regarding any aspect of this collection of information, including
suggestions for reducing the burden may be sent to: Ms. Jennifer J.
Johnson, Secretary, Board of Governors of the Federal Reserve System,
20th Street and Constitution Avenue, NW., Washington, DC 20551; and to
the Office of Management and Budget, Paperwork Reduction Project (OMB
No. 7100-0310), Washington, DC 20503.
IV. Use of Plain Language
Section 722 of the Gramm-Leach-Bliley Act, Pub. L. 106-102,
requires the Board to use ``plain language'' in all proposed and final
rules published after January 1, 2000. The Board requested comment on
whether there were ways to make the proposed rule easier to understand.
One commenter suggested that the rule would be easier to use if it set
forth the full text of the regulatory requirements found in section
208.63. For the reasons discussed above, the Board has determined to
continue to incorporate by reference the text of the minimum
requirements for Bank Secrecy Act compliance programs found in section
208.63 of Regulation H. The Board believes that the final rule is
written plainly and presented clearly.
List of Subjects in 12 CFR Part 211
Exports, Federal Reserve System, Foreign banking, Holding
companies, Investments, Reporting and recordkeeping requirements.
0
For the reasons set forth in the preamble, part 211 of chapter II of
title 12 of the Code of Federal Regulations is amended as follows:
PART 211--INTERNATIONAL BANKING OPERATIONS (REGULATION K)
0
1. The authority citation for 12 CFR part 211 continues to read as
follows:
Authority: 12 U.S.C. 221 et seq., 1818, 1835a, 1841 et seq.,
3101 et seq., and 3901 et seq.; 15 U.S.C. 6801 and 6805; 31 U.S.C.
5318.
0
2. In Sec. 211.5 add new paragraph (m)(1) to read as follows:
Sec. 211.5 Edge and agreement corporations.
* * * * *
(m) Procedures for monitoring Bank Secrecy Act compliance.
(1) Establishment of Compliance Program. Each Edge corporation and
each agreement corporation shall, in accordance with the provisions of
Sec. 208.63 of the Board's Regulation H, 12 CFR 208.63, develop and
provide for the continued administration of a program reasonably
designed to assure and monitor compliance with the provisions of
subchapter II of chapter 53 of title 31, United States Code, the Bank
Secrecy Act, and the implementing regulations promulgated thereunder by
the Department of the Treasury at 31 CFR part 103. The compliance
program shall be reduced to writing, approved by the board of
directors, and noted in the minutes.
* * * * *
0
3. In Sec. 211.24 add new paragraph (j)(1) to read as follows:
Sec. 211.24 Approval of offices of foreign banks; procedures for
applications; standards for approval; representative office activities
and standards for approval; preservation of existing authority.
* * * * *
(j) Procedures for monitoring Bank Secrecy Act compliance.
(1) Establishment of Compliance Program. Except for a Federal
branch or a Federal agency or a state branch that is insured by the
FDIC, a branch, agency, or representative office of a foreign bank
operating in the United States shall, in accordance with the provisions
of Sec. 208.63 of the Board's Regulation H, 12 CFR 208.63, develop and
provide for the continued administration of a program reasonably
designed to assure and monitor compliance with the provisions of
subchapter II of chapter 53 of title 31, United States Code, the Bank
Secrecy Act, and the implementing regulations promulgated thereunder by
the
[[Page 13937]]
Department of the Treasury at 31 CFR part 103. The compliance program
shall be reduced to writing, and either:
(i) Approved by the foreign bank's board of directors and noted in
the minutes, or
(ii) Approved by a delegee acting under the express authority of
the board of directors to approve the Bank Secrecy Act compliance
program.
* * * * *
By order of the Board of Governors of the Federal Reserve
System, March 15, 2006.
Jennifer J. Johnson,
Secretary of the Board.
[FR Doc. 06-2629 Filed 3-17-06; 8:45 am]
BILLING CODE 6210-01-P