To view or print PDF content, download the free Adobe Acrobat Reader.
April 26, 2005
Interagency Interpretive Guidance on Providing Banking Services to Money Services Businesses Operating in the United States
The Financial Crimes Enforcement Network (“FinCEN”), along with the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration, the Office of the Comptroller of the Currency, and the Office of Thrift Supervision (collectively, the “Federal Banking Agencies”), issue this interpretive guidance to clarify further the requirements of the Bank Secrecy Act and its implementing regulations (including the parallel provisions issued by the Federal Banking Agencies) for banking organizations when providing banking services to money services businesses operating in the United States.
As a follow-up to the joint statement issued on March 30, 2005, this guidance sets forth the minimum steps that banking organizations should take when providing banking services to money services businesses. Additionally, this guidance provides assistance to banking organizations in assessing and minimizing the risk of money laundering posed by individual money services business customers. While banking organizations are expected to manage risk associated with all accounts, including money services business accounts, banking organizations will not be held responsible for their customers’ compliance with the Bank Secrecy Act and other applicable federal and state laws and regulations.
By clarifying our expectations, FinCEN and the Federal Banking Agencies are confirming that banking organizations have the flexibility to provide services to a wide range of money services businesses while remaining in compliance with the Bank Secrecy Act. This guidance will be reflected in the forthcoming interagency Bank Secrecy Act/Anti-Money Laundering examination procedures.
Concurrent with this document, FinCEN is also issuing guidance to money services businesses to emphasize their Bank Secrecy Act regulatory obligations and to notify them of the type of information that they may be expected to produce to a banking organization in the course of opening or maintaining an account relationship. Through regular supervisory processes and through dissemination of additional information, FinCEN and the Federal Banking Agencies will continue to provide guidance to assist banking organizations on issues related to money services businesses, such as providing indicators to banking organizations that would help in identifying entities that may be operating as money services businesses when those entities have not disclosed the nature of their business to the banking organizations and guidance on appropriate due diligence when maintaining accounts for foreign providers of money services.
Under existing Bank Secrecy Act regulations, FinCEN has defined money services businesses to include five distinct types of financial services providers and the U.S. Postal Service: (1) currency dealers or exchangers; (2) check cashers; (3) issuers of traveler’s checks, money orders, or stored value; (4) sellers or redeemers of traveler's checks, money orders, or stored value; and (5) money transmitters. There is a threshold requirement for businesses in the first four categories – a business that engages in such transactions will not be considered a money services business if it does not engage in such transactions in an amount greater that $1,000 for any person on any day in one or more transactions. See 31 CFR 103.11(uu).
With limited exceptions, money services businesses are subject to the full range of Bank Secrecy Act regulatory controls, including the anti-money laundering program rule, suspicious activity and currency transaction reporting rules, and various other identification and recordkeeping rules.1 Additionally, existing FinCEN regulations require certain money services business principals to register with FinCEN.2 Many money services businesses, including the vast majority of money transmitters in the United States, operate through a system of agents. While agents are not presently required to register with FinCEN, they are themselves money services businesses that are required to establish anti-money laundering programs and comply with the other recordkeeping and reporting requirements described above. Finally, many states have established anti-money laundering supervisory requirements, often including the requirement that a money services business be licensed with the state in which it is incorporated or does business.
The money services business industry is extremely diverse, ranging from Fortune 500 companies with numerous outlets worldwide to small, independent “mom and pop” convenience stores in communities with population concentrations that do not necessarily have access to traditional banking services or in areas where English is rarely spoken.
The range of products and services offered, and the customer bases served by money services businesses, are equally diverse. In fact, while they all fall under the definition of a money services business, the types of businesses are quite distinct. In addition, many money services businesses only offer money services as an ancillary component to their primary business, such as a convenience store that cashes checks or a hotel that provides currency exchange. Other money services businesses offer a variety of services, such as check cashing and stored value card sales.
I. Minimum Bank Secrecy Act Due Diligence Expectations
FinCEN and the Federal Banking Agencies expect banking organizations that open and maintain accounts for money services businesses to apply the requirements of the Bank Secrecy Act, as they do with all accountholders, on a risk-assessed basis. As with any category of accountholder, there will be money services businesses that pose little risk of money laundering and those that pose a significant risk. It is essential that banking organizations neither define nor treat all money services businesses as posing the same level of risk. Put simply, a local grocer that also cashes payroll checks for customers purchasing groceries cannot be equated with a money transmitter specializing in cross-border wire transfers to jurisdictions posing heightened risk for money laundering or the financing of terrorism, and therefore the Bank Secrecy Act obligations on a banking organization will differ significantly.3
Registration with FinCEN, if required, and compliance with any state-based licensing requirements represent the most basic of compliance obligations for money services businesses; a money services business operating in contravention of registration or licensing requirements would be violating Federal and possibly state laws.4 As a result, it is reasonable and appropriate for a banking organization to insist that a money services business provide evidence of compliance with such requirements or demonstrate that it is not subject to such requirements.
Based on existing Bank Secrecy Act requirements applicable to banking organizations, the minimum due diligence expectations associated with opening and maintaining accounts for money services businesses are:
The Appendix to this guidance explains FinCEN’s registration and state-based licensing requirements and outlines steps that banking organizations can take to confirm and document the registration, licensing, or agent status of a money services business.
Basic Bank Secrecy Act/Anti-Money Laundering Risk Assessment
While the extent to which banking organizations should perform further due diligence beyond the minimum compliance obligations set forth above will be dictated by the level of risk posed by the individual customer, it is not the case that all money services businesses will always require further due diligence. In some cases, no further customer due diligence will be required. In other situations, the further due diligence required will be extensive. In all cases, the level of due diligence applied will be dictated by the risks associated with the particular customer.
Accordingly, as with any business account, in determining how much, if any, further due diligence would be required for any money services business customer, the banking organization should consider the following basic information:• Types of products and services offered by the money services business
In order to properly assess risks, banking organizations should know the categories of money services engaged in by the particular money services business accountholder. In addition, banking organizations should determine whether the money services business is a “principal” (with a fleet of agents) or is itself an agent of another money services business. Other relevant considerations include whether or not the money services business is a new or established operation, and whether or not money services are the customer’s primary or ancillary business (such as a grocery store that derives a small fraction of its overall revenue from cashing checks).• Location(s) and market(s) served by the money services business
Money laundering risks within a money services business can vary widely depending on the locations, customer bases, and markets served by the money services business. Relevant considerations include whether markets served are domestic or international, or whether services are targeted to local residents or broad markets. For example, a convenience store that only cashes payroll checks generally presents lower money laundering risks than a check casher that cashes any type of third-party check or cashes checks for commercial enterprises (which generally involve larger amounts).• Anticipated account activity
Banking organizations should ascertain the expected services that the money services business will use, such as currency deposits or withdrawals, check deposits, or funds transfers. For example, a money services business may operate out of one location and use one branch of the banking organization, or may have several agents making deposits at multiple branches throughout the banking organization’s network. Banking organizations should also have a sense of expected transaction amounts.• Purpose of the account
Banking organizations should understand the purpose of the account for the money services business. For example, a money transmitter might require the bank account to remit funds to its principal U.S. clearing account or may use the account to remit funds cross-border to foreign-based agents.
To further assist banking organizations in determining the level of risk posed by a money services business customer, set forth below are examples that may be indicative of lower and higher risk, respectively. In determining the level of risk, a banking organization should not take any single indicator as determinative of the existence of lower or higher risk. Moreover, the application of these factors is fact-specific, and a conclusion regarding an account should be based on a consideration of available information. An effective risk assessment should be a composite of multiple factors, and depending upon the circumstances, certain factors may be weighed more heavily than others.
Examples of potentially lower risk indicators: The money services business –
Examples of potentially higher risk indicators: The money services business –
II. Due Diligence for Higher Risk Customers
A banking organization’s due diligence should be commensurate with the level of risk of the money services business customer identified through its risk assessment. If a banking organization’s risk assessment indicates potential for a heightened risk of money laundering or terrorist financing, it will be expected to conduct further due diligence in a manner commensurate with the heightened risk. This is no different from requirements applicable to any other business customer and does not mean that a banking organization cannot maintain the account.
Depending on the level of perceived risk, and the size and sophistication of the particular money services business, banking organizations may pursue some or all of the following actions as part of an appropriate due diligence review or risk management assessment of a money services business seeking to establish an account relationship. Likewise, if the banking organization becomes aware of changes in the profile of the money services business to which banking services are being provided, these additional steps may be appropriate. However, it is not the expectation of FinCEN or the Federal Banking Agencies that banking organizations will uniformly require any or all of the actions identified below for all money services business customers:
As with any other accountholder that is subject to anti-money laundering regulatory requirements, the extent to which a banking organization should inquire about the existence and operation of the anti-money laundering program of a particular money services business will be dictated by the banking organization’s assessment of the risks of the particular relationship. Given the diversity of the money services business industry and the risks they face, banking organizations should expect significant differences among anti-money laundering programs of money services businesses. However, FinCEN and the Federal Banking Agencies do not expect banking organizations to act as the de facto regulators of the money services business industry.
III. Identification and Reporting of Suspicious Activity
Existing regulations require banking organizations to identify and report known or suspected violations of law or/and suspicious transactions relevant to possible violations of law or regulation. Risk-based monitoring of accounts maintained for all customers, including money services businesses, is a key element of an effective system to identify and, where appropriate, report violations and suspicious transactions. The level and frequency of such monitoring will depend, among other things, on the risk assessment and the activity in the account.
Based on the banking organization’s assessment of the risks of its particular money services business customers, monitoring should include periodic confirmation that initial projections of account activity have remained reasonably consistent over time. Account activity would typically include deposits or withdrawals of currency, deposits of checks, or funds transfers. The mere existence of variances does not necessarily mean that a problem exists, but may be an indication that additional review is necessary. Furthermore, risk-based monitoring generally does not include “real-time” monitoring of all transactions flowing through the account of a money services business, such as a review of the payee or drawer of every deposited check.
Examples of potential suspicious activity within money services business accounts, generally involving significant unexplained variations in transaction size, nature, or frequency through the account, include:
One recurring question has been the obligation of a banking organization to file a suspicious activity report on a money services business that has failed to register with FinCEN or failed to obtain a license under applicable state law. Given the importance of the licensing and registration requirement, a banking organization should file a suspicious activity report if it becomes aware that a customer is operating in violation of the registration or state licensing requirement.9 This approach is consistent with long standing practices of FinCEN and the Federal Banking Agencies under which banking organizations file suspicious activity reports on known or suspected violations of law or regulation.
Finally, banking organizations are not expected to terminate existing accounts of money services businesses based solely on the discovery that the customer is a money services business that has failed to comply with licensing and registration requirements (although continuing non-compliance by the money services business may be an indicator of heightened risk). There is no requirement in the Bank Secrecy Act regulations that a banking organization must close an account that is the subject of a suspicious activity report. The decision to maintain or close an account should be made by a banking organization’s management under standards and guidelines approved by its board of directors. However, if an account is involved in a suspicious or potentially illegal transaction, the banking organization should examine the status and history of the account thoroughly and should determine whether or not the institution is comfortable maintaining the account. If the banking organization is aware that the reported activity is under investigation, it is strongly recommended that the banking organization notify law enforcement before making any decision regarding the status of the account.
IV. Existing Accounts for Known Money Services Businesses
This guidance is not a directive to banking organizations to conduct immediately a review of existing accounts for known money services businesses for the sole purpose of determining licensing or registration status. However, the guidance does not affect a banking organization’s existing anti-money laundering compliance program obligations to assess risk, including periodic risk assessments of existing money services business accounts to update risk factors such as licensing and registration status.
V. 314(b) Voluntary Information Sharing
Section 314(b) of the USA PATRIOT Act of 2001 allows certain financial institutions, after providing notice to FinCEN, to voluntarily share information with each other for the purpose of identifying and, where appropriate, reporting possible money laundering or terrorist financing under protection of legal safe harbor.10
Banks and money services businesses can utilize Section 314(b) information sharing to work together to identify money laundering and terrorist financing. While participation in the 314(b) information sharing program is voluntary, FinCEN and the Federal Banking Agencies encourage banking organizations and their money services business customers to consider how voluntary information sharing could enable each institution to more effectively discharge its anti-money laundering and suspicious activity monitoring obligation.
Any banking organizations that have questions on this guidance are encouraged to contact FinCEN or their primary federal regulator.
Additional Resources• www.msb.gov – FinCEN website dedicated to money services business regulations and guidance, such as FinCEN rulings and answers to frequently asked questions. This website also contains a list of registered money services businesses.
Frequently Asked Questions on Providing Banking Services to Money Services Businesses
Registration and Licensing
1. What are the FinCEN registration requirements for Money Services Businesses?As set forth in 31 CFR 103.41, all money services business must register with FinCEN (whether or not licensed as a money services business by any state) except:
A branch office of a money services business is not required to file its own registration form. Those money services businesses required to register must complete and submit to the Internal Revenue Service – Enterprise Computing Center-Detroit a form [www.msb.gov/pdf/msbregform01102004.pdf] that identifies the following: (1) the name, location, and taxpayer identification number of the business; (2) information concerning the owners of the business; (3) the location(s) of operation and the number of branch locations and number of agents; (4) the products and services offered; (5) information about the primary transaction account; and (6) the location of supporting documentation.
Additionally, under existing FinCEN regulations, a money services business has 180 days in which to register from the time that it begins performing the functions that subject it to the money services business regulations.11 Therefore, it is possible that a money services business will appropriately seek banking services before completing the registration process with FinCEN, but still be in full compliance with the law.
2. What resources are available for banking organizations to use to confirm registration or licensing status of a money services business?
Regarding FinCEN registration, a banking organization may rely on the correspondence received by the money services business from the Internal Revenue Service – Enterprise Computing Center-Detroit as confirmation that the money services business has registered with FinCEN. All registered money services businesses will have such correspondence and should be prepared to provide it to the banking organization. Note that it may take 60 days or more after a money services business files its registration form for the business to receive an acknowledgment letter from the Internal Revenue Service. The acknowledgment letter from the Internal Revenue Service will be the only confirmation received by the money services business. As an alternative, if the money services business has filed its registration but has not yet received its acknowledgement letter, the banking organization may rely on a copy of the registration form submitted by the money services business until such time as the money services business either receives its acknowledgement letter or appears on the money services business registration list published by FinCEN (accessible at www.msb.gov). FinCEN seeks to assist banking organizations by assembling, preparing and forwarding information on the money services business industry and applicable Bank Secrecy Act requirements on FinCEN’s website dedicated to the money services business industry, www.msb.gov.
Regarding state licensing requirements, individual state regulatory authorities offer a variety of information. Also, FinCEN is working with state regulators on a variety of information-sharing initiatives that will enhance cooperation with respect to anti-money laundering regulatory issues. One initiative will be to identify and promote resources where banking organizations and others can go to learn about state anti-money laundering requirements applicable to money services businesses as well as the status of individual money services businesses.
3. How can a banking organization confirm that a money services business is an agent that is not required to register with FinCEN?
A money services business that is an agent of a principal money services business will generally have contracts and agreements with the principal money services business, and agents should be expected to provide these documents to a banking organization upon request. Additionally, many large money services businesses list information about their agents on their public web sites.
4. How should a banking organization document its review of registration, licensing, or agent status of a money services business?
Banking organizations should document their review of the applicable registration, licensing, or agent status of a money services business customer, but are not required to maintain copies of actual documentation received from a money services business. Banking organizations should also consider the availability of public information regarding licensing, registration, or agent status for money services businesses. For example, many states make licensing information publicly available, and many large money services businesses list their agents on their public web sites.
5. After applying the Customer Identification Program, and confirming registration, licensing, and agent status, as applicable, and when a banking organization’s risk assessment of a money services business customer indicates a low risk of money laundering or other illicit activity for the particular customer, is a banking organization required to perform further due diligence?
No. After assessing basic information of a particular money services business customer, including: (1) the products and services offered by the money services business; (2) the locations and markets served by the money services business; (3) anticipated account activity; and (4) purpose of the account, if a banking organization determines that its relationship with the particular money services business constitutes a low risk of money laundering or other illicit activity, a banking organization is not routinely expected to perform further due diligence. Banking organizations should consider and perform further due diligence, such as a review of a money services business’s anti-money laundering program, if the banking organization’s risk assessment of a relationship with a particular money services business indicates heightened risks.
However, banking organizations are reminded that risk-based monitoring of all accounts, regardless of the amount of due diligence performed for a particular customer, is a key element of an effective system to identify, and where appropriate, report suspicious activity. Discovery of suspicious activity in transactions with a money services business initially deemed to represent low risk may necessitate further due diligence.
6. Can a banking organization open or maintain an account for a money services business that has not registered or obtained a state license because the customer was unaware of applicable requirements? Should a banking organization file a suspicious activity report in such instances?
Yes. Banking organizations are not required to refuse to open new accounts for money services businesses that have failed to comply with registration or licensing requirements. Similarly, there is no requirement in the Bank Secrecy Act regulations that a banking organization terminate existing accounts of customers based solely on the discovery that the customer is a money services business that has failed to comply with licensing and registration requirements. The decision to maintain or close an account should be made by a banking organization’s management under standards and guidelines approved by its board of directors.
However, continued noncompliance by a customer with applicable licensing, registration or other regulatory requirements after learning of such requirements would likely be an indicator of heightened risk. Banking organizations should file suspicious activity reports if they become aware that customers are operating in violation of the registration or state licensing requirements.
7. Do FinCEN and the Federal Banking Agencies have an expectation that banking organizations should educate money services businesses about any requirements of the Bank Secrecy Act?
No. The Bank Secrecy Act does not require, and neither FinCEN nor the Federal Banking Agencies expect, banking organizations to serve as the de facto regulators of the money services businesses for which they maintain accounts. Accordingly, banking organizations are not expected to educate money services businesses about the Bank Secrecy Act requirements that apply to the industry. However, when a banking organization is conducting due diligence with respect to its money services business customers, questions will inevitably arise. In such cases, banking organizations can direct inquiries by money services businesses about applicable Bank Secrecy Act requirements to existing regulatory resources such as www.msb.gov or FinCEN’s Regulatory Helpline at 1-800-949-2732.
In addition, there are several ways for banking organizations to obtain free educational materials produced by FinCEN for money services businesses:• Submit an online order form through www.msb.gov (fastest option)