Insurance companies that issue or underwrite covered products that may pose a higher risk of money laundering must comply with Bank Secrecy Act/anti-money laundering (BSA/AML) program requirements. A covered product includes:
- An annuity contract other than a group annuity contract
- A permanent life insurance policy other than a group life insurance policy
- Any other insurance product with cash value or investment features
Insurance regulations only apply to insurance companies, excluding agents and brokers from the requirements. However, insurance companies are held responsible for compliance with their program, which includes the activities of any agents and brokers. Insurance companies should therefore integrate their agents and brokers into their AML program.
Features of a BSA/AML program
Insurance companies must develop a written, risk-based BSA/AML program addressing the covered insurance products. At a minimum, the program must consist of the following features:
- A designated compliance officer responsible for effectively implementing the program
- Ongoing training of appropriate persons, including insurance agents and brokers
- Policies, procedures and internal controls tailored to the AML risks of the institution
- Independent testing to monitor ongoing compliance, including testing for compliance of insurance agents and brokers
Along with implementing an adequate BSA/AML program, insurance companies are subject to suspicious activity reporting (SAR) requirements. Companies are required to submit a SAR to the Department of Treasury’s Financial Crimes Enforcement Network. Insurance companies must obtain relevant customer information from agents, brokers and any other sources to report such transactions.
Areas of concern to review
Insurance companies face the challenge of developing an AML program that incorporates insurance agents and brokers, and effectively covers the risks proportionate to its specific products offered. Any areas of concern can be addressed by conducting the following reviews:
- Policies and procedures: Evaluate policies and procedures to determine adequacy given the institutions’ risks and current industry regulatory requirements
- AML risk assessments: Assess the inherent and residual AML risks related to products, services, customers and geographic exposure
- Model validations and AML automated system data validation: Determine if the appropriate AML models and systems are effectively implemented
- Independent audits: Conduct independent reviews and detailed AML transactional testing to ensure the program’s ongoing compliance
- Training: Review staff training programs to ensure adequate coverage of relevant responsibilities under the program
- Risk-based review: Determine and assess the total effectiveness of AML-related processes and internal controls in relation to the specific products, services, customers and geographies of the company, including staffing levels and expertise, customer due diligence processes, effectiveness of the monitoring processes in place to identify and report suspicious activities, and the integration of insurance agents and brokers into the program
- Independent/outsourced due diligence and sanctions screening: Identify beneficial ownership structures, negative news and sanctions screening for customers, vendors and transaction parties