Presentation of MSB Compliance Inc. before the Third Party Payment Processors Association conference in Phoenix, AZ on November 19, 2015.

1. Reasonably Designed
Strengthen and protect your banking relationships by better
understanding and executing upon BSA/AML compliance
and risk mitigation expectations.
November 19, 2015

2. Who and What Are You?
•Know Yourself
•Third Party Payment Processor?
•Money Transmitter?
•Are State Money Transmitter Licenses required?

3. Money Transmitter
31 CFR 1010.100(ff)(5)
(5) Money transmitter—(i) In general. (A) A person that provides money
transmission services. The term “money transmission services” means the
acceptance of currency, funds, or other value that substitutes for currency from
one person and the transmission of currency, funds, or other value that substitutes
for currency to another location or person by any means. “Any means” includes,
but is not limited to, through a financial agency or institution; a Federal Reserve
Bank or other facility of one or more Federal Reserve Banks, the Board of
Governors of the Federal Reserve System, or both; an electronic funds transfer
network; or an informal value transfer system; or
(B) Any other person engaged in the transfer of funds.

4. Facts & Circumstances
Limitations
(ii) Facts and circumstances; Limitations. Whether a person is a money transmitter
as described in this section is a matter of facts and circumstances. The term “money
transmitter” shall not include a person that only:
(A) Provides the delivery, communication, or network access services used by a
money transmitter to support money transmission services;
(B) Acts as a payment processor to facilitate the purchase of, or payment of a bill for,
a good or service through a clearance and settlement system by agreement with the
creditor or seller;
(C) Operates a clearance and settlement system or otherwise acts as an
intermediary solely between BSA regulated institutions. This includes but is not
limited to the Fedwire system, electronic funds transfer networks, certain registered
clearing agencies regulated by the Securities and Exchange Commission (“SEC”),
and derivatives clearing organizations, or other clearinghouse arrangements
established by a financial agency or institution;

5. (D) Physically transports currency, other monetary instruments, other commercial
paper, or other value that substitutes for currency as a person primarily engaged
in such business, such as an armored car, from one person to the same person
at another location or to an account belonging to the same person at a financial
institution, provided that the person engaged in physical transportation has no
more than a custodial interest in the currency, other monetary instruments, other
commercial paper, or other value at any point during the transportation;
(E) Provides prepaid access; or
(F) Accepts and transmits funds only integral to the sale of goods or the provision
of services, other than money transmission services, by the person who is
accepting and transmitting the funds.
More…
Facts & Circumstances
Limitations

6. State Money Transmitting Licenses
• Concerned with “Safety and Soundness” and “Consumer
Protection”
• Typically apply when receive and hold consumer funds with promise
to make available / deliver elsewhere
• Felony under 18 USC § 1960 to operate without license when
required
• Agent of Payee exemption: California, Nevada, New York, North
Carolina, Ohio, Texas, Virginia
• Agent of Payee may potentially not be exempt in: Arkansas, the
District of Columbia, Florida, Illinois and Washington

7. Culture of Compliance
FinCEN Advisory FIN-2014-A007 was released August 11, 2014. It is instructive in
clearly laying out expectations and identifying foundational issues which can
prevent or lead to problems.
It is another tool you can use to influence your organization’s leadership…
to help them live and breathe BSA/AML the same way that you do.
“Based on the enforcement cases I have seen time and time again, both during my
time as a prosecutor at the U.S. Department of Justice and now as Director of
FinCEN, I can say without a doubt that a strong culture of compliance could
have made all the difference. If I were to find myself responsible for BSA/AML
compliance within any financial institution, my first order of business would be to
pay attention to these core, fundamental concepts. Because once you have a
strong culture in place, including the support of your institution’s leadership, you
have a firm foundation on which to build an effective program.”
Jennifer Shasky Calvery, Director, FinCEN
FIBA, Anti-Money Laundering Conference
February 20, 2014

8. What might compliance look like?
Knowing what you are required to do and getting it done
• A Culture of Compliance
• Ethical Conduct
• Know Your Customer
• Secure and verify customer ID
• Report cash transactions as required
• Be alert for, monitor activity and report Suspicious Activity
• Effective oversight of third parties
• Effective corporate governance practices - accountability

9. 6 Ways to Strengthen Any Program
A financial institution can strengthen its BSA/AML compliance program by ensuring:
• Engaged Leadership
“its leadership actively supports and understands compliance efforts”
• Compliance not compromised
“efforts to manage and mitigate BSA/AML deficiencies and risks are not
compromised by revenue interests”
• Lines of Communication
“relevant information from the various departments within the organization is shared
with compliance staff to further BSA/AML efforts”
• Human and Technological Resources
“the institution devotes adequate resources to its compliance function”
• Competent Independent Testing
“the compliance program is effective by, among other things, ensuring that it is
tested by an independent and competent party”
• Purpose
“its leadership and staff understand the purpose of its BSA/AML efforts and how its
reporting is used”

10. AML Regulations NOT meant to shut
legitimate business out of the
financial system
“Just because a particular customer may be considered high risk does not mean
that it is ‘unbankable’ and it certainly does not make an entire category of
customer unbankable. Banks and other financial institutions have the ability to manage
high risk customer relationships.
It is not the intention of the AML regulations to shut legitimate business out of the
financial system. I think we can all agree that it is not possible for financial institutions
to eliminate all risk. Rather, the goal is to provide banking services to legitimate
businesses by understanding the applicable risks and managing them
appropriately.”
Jennifer Shasky Calvery, Director, FinCEN
FIBA, Anti-Money Laundering Conference
February 20, 2014

11. Decisions of Board
& Senior Management
are Critical
“The fact is, when we look at the issues underlying BSA infractions, they
can almost always be traced back to decisions and actions of the
institution’s Board and senior management.”
Deficiencies fall into four (4) areas:
• Culture of Compliance
• Resources Committed to BSA compliance
• Strength of Information Technology and monitoring processes
• Quality of risk management
Thomas J. Curry
Comptroller of the Currency
ACAMS, March 17, 2014

12. Walk the Talk
Board and senior management must send right message AND also
“walk the talk”
• by ensuring that there is an alignment between good compliance practices and
the financial system’s system of compensation and incentives.
• by providing increased resources
• by increasing the authority and status of the BSA Officer within the organization
• by ensuring proper incentives are incorporated throughout the organization
Thomas J. Curry
Comptroller of the Currency
ACAMS, March 17, 2014

13. Quick Primer:
The Basics

14. “Bank Secrecy Act”
TPPPs are partners with other FIs and Law
Enforcement
Protect our nation, communities and families from money
laundering, terrorist financing and illicit activities.

15. 15
The “4 Pillars”
1. Development of Internal Policies,
Procedures and Controls
Risk focused policies
Procedures for each area or function
Controls to Ensure Compliance
Monitoring and Reporting Systems
2. Designation of Compliance Officer
Sufficient time, resources and authority
3. Training Program
Content based on current procedures and
systems
Relevant to specific audience position and
responsibilities
Documentation
4. Independent Testing
Sufficient scope and testing
Reporting to the Board of Directors
Timely action to address any concerns or
weaknesses

16. 16
Customer Identification
and Due Diligence
Is the customer who they
claim to be?
What is normal, reasonable
and expected?
How much potential risk
does a customer represent?

17. Assess, Monitor,
Investigate, Report, Terminate
• Assess Risk
• Understand which customers present higher
potential risk
• Do more where warranted
• Transaction Monitoring
• Reporting
• Disciplinary Action and Termination

18. Independent
Review
Required AND Valuable
Helps Protect TPPP, Staff, Management and
shareholders
Critical to protecting bank relationship
Many banks setting requirements to accept reviews
ACAMS - CAMS; ACFCS-CFCS, FIBA-FIU -
CP/AML; former regulator
Scope and frequency commensurate with risk of the
financial services
Identify deficiencies, evaluate compliance
Detailed, written report - share with bank

19. Unfair Deceptive and
Abusive Acts or
Practices (UDAAP)
The term “UDAP” (Unfair or Deceptive Acts or Practices) has been around for several
years. Section 5(a) of the Federal Trade Commission (FTC) Act prohibits “unfair or
deceptive acts or practices in or affecting commerce”. The FTC standards are broad and
apply to any unfair or deceptive practices affecting consumers or commercial businesses.
The Dodd-Frank Act introduced UDAAP and directs the Consumer Financial Protection
Bureau (CFBP) to issue regulations designed to prevent UDAAP. The additional “A” adds
the term “abusive” to the mix. The CFPB’s role is to supervise financial institutions’
consumer products and services. Even though the old UDAP standards applied to
commercial and consumer commerce, UDAAP will concentrate on products and services
directed towards consumers.

20. The practice causes or is likely to cause
substantial injury.
The injury cannot reasonably be avoided.
The injury is not outweighed by any benefits.
What is “unfair”?

21. The practice misleads or is likely to mislead.
A “reasonable” consumer would be misled.
The presentation, omission or practice is
material.
What is “deceptive”?

22. What is “abusive”?
The practice materially interferes with the
consumers ability to understand a term or
condition of a product or service.
The practice takes unreasonable advantage of
a consumer’s lack of understanding of the
risk, costs and conditions of a products or
service.

23. Pass Through Risk from
Customer Transaction Activity
TPPPs and banks serving TPPPs could have potentially significant pass
through risk from UDAAP issues. Any consumer product or service has the
potential of being criticized for possible UDAAP violations.
Ones receiving a lot of attention include:
high interest small loans, e.g. payday lending
Loan payment processing
Debt restructuring / payment services
Loans with balloon payments
Credit life and disability insurance sales

24. Financial Product UDAAP Risk
Financial institutions subject to regulations such as UDAAP should evaluate their risks and
mitigate the impact violations may have on their organization. Proactive steps FIs can take
include:
Regularly review features of consumer products and services. Evaluate product
features and promotional materials and determine if any terms fall within the broad
definition of UDAAP.
Evaluate new products for features that could be misunderstood or ones that have
been omitted.
Review revenue streams for trends that may suggest abusive practices.
Evaluate written and oral methods of communicating product features to customers.
Review third-party service provider agreements to develop a clear understanding of
their practices surrounding the service being provided.
Review all bank policies and procedures for practices that suggest unfair, deceptive,
or abusive practices.
Create a consumer-friendly culture within your organization.
Evaluate customer complaints for signs of more serious systemic problems.

25. Regulatory Expectations
for Your Bank
Policies and procedures for banking TPPPs
Reasonable understanding of TPPP risks and process to risk
rate
Meaningful additional action on higher potential risks
Effective supervision/monitoring of TPPP accounts and
activity
SAR filing.
Disciplinary Action and Termination, as appropriate.

26. Potential Risks of TPPP
Relationships to Banks
• Liquidity: TPPPs may require large dollar transfers to/from their account.
Bank must monitor volumes and be prepared to deal with potentially large
fluctuations.
• Fraud: Merchant fraud, unauthorized transactions, abusive transactions,
etc. may occur. Vigilance over TPPP relationship, their customer
relationships, and monitoring of returns and customer complaints is a
necessity.
• Compliance: BSA/AML/OFAC, ACH rules, Reg CC, Reg E, etc.
• Consumer Protection and Liability: Bank could have liability if a TPPP
processes transactions for illegal activity. UDAP (FTC), UDAAP (CFPB)
• Reputation: Public and regulators may perceive poor safety and soundness
if not managed well, loss or action against TPPP
• Credit: Overdrawn accounts due to excessive returns and chargebacks may
become uncollectible.

27. Maintain and Build
Banking Relationships
Establish and Maintain a Strong
Compliance Program and Culture
Respect and Partner with bank to
ensure mutual risk mitigation
requirements and regulatory
requirements are effectively met
Maintain open communications

28. Jay Postma, CAMS
President
MSB Compliance Inc.
Jay.Postma@MSBComplianceInc.com
(678) 389-9068
www.LinkedIn.com/in/jaypostma
www.MSBComplianceInc.com
www.Twitter.com/MSBCompliance
Weekly newsletter:
www.paper.MSBComplianceInc.com