The full text on this page is automatically extracted from the file linked above and may contain errors and inconsistencies.
FRB: SR 97-19 (SUP)
1 of 13
https://web.archive.org/web/20000918061729/https://www.federalreser...
BOARD OF GOVERNORS
OF THE
FEDERAL RESERVE SYSTEM
WASHINGTON, D. C. 20551
DIVISION OF BANKING
SUPERVISION AND REGULATION
SR 97-19 (SUP)
June 30, 1997
TO THE OFFICER IN CHARGE OF SUPERVISION
AT EACH FEDERAL RESERVE BANK
SUBJECT: Private Banking Activities
Private banking activities, which involve, among other things, personalized
services such as money management, financial advice, and investment services for high net
worth clients, have become an increasingly important aspect of the operations of some large,
internationally active banking organizations. The Federal Reserve has traditionally reviewed
private banking activities in connection with regular on-site examinations. In 1996 and 1997,
the Federal Reserve Bank of New York undertook a comprehensive review of private
banking activities at approximately 40 domestic and foreign banking organizations in the
Second District in order to enhance the Federal Reserve's understanding about private
banking operations. Examiners focused principally on assessing each institution's ability to
recognize and manage the potential reputational and legal risks that may be associated with
inadequate knowledge and understanding of its clients' personal and business backgrounds,
sources of wealth, and uses of private banking accounts. In carrying out the reviews,
examiners considered the parameters of an appropriate control infrastructure that is suited to
support the effective management of these risks.
The reviews indicated that there are certain essential elements associated with
sound private banking activities, and these elements are described in a paper, prepared by the
Federal Reserve Bank of New York, entitled "Guidance on Sound Risk Management
Practices Governing Private Banking Activities". A copy of the sound practices paper is
attached for the use of your examiners, and we are requesting that you provide copies to each
domestic and foreign banking organization in your District that conducts private banking
activities. A suggested transmittal letter is also attached.
The sound practices paper provides banking organizations with guidance
regarding the basic controls necessary to minimize reputational and legal risk and to deter
illicit activities, such as money laundering. The essential elements associated with sound
private banking activities are, in brief outline, as follows:
• Management Oversight. Senior management's active oversight of private banking
activities and the creation of an appropriate corporate culture are crucial elements of a
sound risk management and control environment. Goals and objectives must be set at
high levels, and senior management must be proactive in overseeing compliance with
corporate policies and procedures.
8/23/2024, 10:58 AM
FRB: SR 97-19 (SUP)
2 of 13
https://web.archive.org/web/20000918061729/https://www.federalreser...
• Policies and Procedures. All well run private banking operations have written "Know
Your Customer" policies and procedures, consistent with guidance provided by the
Federal Reserve over the past several years, that require banking organizations to
obtain identification and basic background information on their clients, describe the
clients' source of wealth and lines of business, request references, handle referrals, and
identify red flags and suspicious transactions. They also have adequate written credit
policies and procedures that address, among other things, money laundering-related
issues, such as lending secured by cash collateral.
• Risk Management Practices and Monitoring Systems. Sound private banking
operations stress the importance of the acquisition and retention of documentation
relating to their clients, as well as due diligence regarding obtaining follow-up
information where needed to verify or corroborate information provided by a customer
or his or her representative. Inherent in sound private banking operations is the
retention of beneficial owner information in the United States for accounts opened by
financial advisors or through the use of off-shore facilities. Adequate management
information systems capable of, among other things, monitoring all aspects of an
organization's private banking activities are also stressed. These include systems that
provide management with timely information necessary to analyze and effectively
manage the private banking business and systems that enable management to monitor
accounts for suspicious transactions and to report any such instances to law
enforcement authorities and banking regulators as required by the regulators'
suspicious activity reporting regulations.
• Segregation of Duties, Compliance, and Audit. Because private banking activities are
generally conducted through relationship managers, banking organizations need to
have an effective system of oversight by senior officials and by board committees, as
well as guidelines pertaining to the segregation of duties to prevent the unauthorized
waiver of documentation requirements, poorly documented referrals, and overlooked
suspicious activities. Likewise, strong compliance and internal audit programs are
essential to ensure the integrity of the risk management and internal control
environment established by senior management and the board of directors.
Other Related Projects and Products
The lessons learned from the private banking reviews will be incorporated
into a new examination manual for private banking activities. The manual will be in two
parts: one which describes the examination procedures for a comprehensive, top to bottom
review of a private banking operation; and the other, a set of "risk focused" guidelines aimed
at assisting examiners in determining which procedures should be followed depending, for
example, on the level of private banking activity, any noted deficiencies, management's
responsiveness in implementing corrective action, and the sufficiency of the organization's
internal audit program. We expect to start field testing these new procedures within the next
three months.
In the next few weeks, the Federal Reserve will also distribute an updated
Bank Secrecy Act examination manual. The updated version will include examination
procedures relating to recent additions and changes to the Bank Secrecy Act, as well as
updated sections related to anti-money laundering initiatives.
Staff is in the process of developing a draft regulation that would require
banking organizations to establish "Know Your Customer" policies and procedures. The
8/23/2024, 10:58 AM
FRB: SR 97-19 (SUP)
3 of 13
https://web.archive.org/web/20000918061729/https://www.federalreser...
results of the private banking reviews will be incorporated into the proposed regulation. In
moving forward with this initiative, the Federal Reserve will coordinate its efforts with the
other federal banking agencies regarding the breadth and scope of the rules in order to ensure
that all banking organizations in the United States operate under the same standards.
In the event you have any questions regarding the attached sound practices
paper, please contact Ms. Nancy Bercovici, Senior Vice President, Federal Reserve Bank of
New York, at (212) 720-8227, or Mr. Richard A. Small, Special Counsel, Division of
Banking Supervision and Regulation, at (202) 452-5235. Other questions can be directed to
Mr. Small.
Richard Spillenkothen
Director
Attachments
Suggested Transmittal Letter
to the Chief Executive Officer or General Manager of
Each State Member Bank, Bank Holding Company, and
U.S. Branch and Agency of a Foreign Bank
That Conducts Private Banking Activities
Subject: "Sound Practices" For Private Banking Activities
Dear ______________________:
Private banking activities, which involve, among other things, personalized
services such as money management, financial advice, and investment services for high net
worth clients, have become an increasingly important aspect of the operations of some large,
internationally active banking organizations. The Federal Reserve has traditionally reviewed
private banking activities in connection with regular on-site examinations. In 1996 and 1997,
the Federal Reserve Bank of New York undertook a comprehensive review of private
banking activities at approximately 40 domestic and foreign banking organizations in the
Second District in order to enhance the Federal Reserve's understanding about private
banking operations. Examiners focused principally on assessing each institution's ability to
recognize and manage the potential reputational and legal risks that may be associated with
inadequate knowledge and understanding of its clients' personal and business backgrounds,
sources of wealth, and uses of private banking accounts. In carrying out the reviews,
examiners considered the parameters of an appropriate control infrastructure that is suited to
support the effective management of these risks.
The reviews indicated that there are certain essential elements associated with
sound private banking activities, and these elements are described in a paper, prepared by the
Federal Reserve Bank of New York, entitled "Guidance on Sound Risk Management
8/23/2024, 10:58 AM
FRB: SR 97-19 (SUP)
4 of 13
https://web.archive.org/web/20000918061729/https://www.federalreser...
Practices Governing Private Banking Activities". A copy of the sound practices paper is
attached for your information.
The sound practices paper provides you with guidance regarding the basic
controls necessary to minimize reputational and legal risk and to deter illicit activities, such
as money laundering. The essential elements associated with sound private banking
activities are, in brief outline, as follows:
• Management Oversight. Senior management's active oversight of private banking
activities and the creation of an appropriate corporate culture are crucial elements of a
sound risk management and control environment. Goals and objectives must be set at
high levels, and senior management must be proactive in overseeing compliance with
corporate policies and procedures.
• Policies and Procedures. All well run private banking operations have written "Know
Your Customer" policies and procedures, consistent with guidance provided by the
Federal Reserve over the past several years, that require banking organizations to
obtain identification and basic background information on their clients, describe the
clients' source of wealth and lines of business, request references, handle referrals, and
identify red flags and suspicious transactions. They also have adequate written credit
policies and procedures that address, among other things, money laundering-related
issues, such as lending secured by cash collateral.
• Risk Management Practices and Monitoring Systems. Sound private banking
operations stress the importance of the acquisition and retention of documentation
relating to their clients, as well as due diligence regarding obtaining follow-up
information where needed to verify or corroborate information provided by a customer
or his or her representative. Inherent in sound private banking operations is the
retention of beneficial owner information in the United States for accounts opened by
financial advisors or through the use of off-shore facilities. Adequate management
information systems capable of, among other things, monitoring all aspects of an
organization's private banking activities are also stressed. These include systems that
provide management with timely information necessary to analyze and effectively
manage the private banking business and systems that enable management to monitor
accounts for suspicious transactions and to report any such instances to law
enforcement authorities and banking regulators as required by the regulators'
suspicious activity reporting regulations.
• Segregation of Duties, Compliance, and Audit. Because private banking activities are
generally conducted through relationship managers, banking organizations need to
have an effective system of oversight by senior officials and by board committees, as
well as guidelines pertaining to the segregation of duties to prevent the unauthorized
waiver of documentation requirements, poorly documented referrals, and overlooked
suspicious activities. Likewise, strong compliance and internal audit programs are
essential to ensure the integrity of the risk management and internal control
environment established by senior management and the board of directors.
In the event you have any questions regarding the attached sound practices
paper, please contact Ms. Nancy Bercovici, Senior Vice President, Federal Reserve Bank of
New York, at (212) 720-8227, or Mr. Richard A. Small, Special Counsel, Division of
Banking Supervision and Regulation, Board of Governors of the Federal Reserve System, at
(202) 452-5235.
8/23/2024, 10:58 AM
FRB: SR 97-19 (SUP)
5 of 13
https://web.archive.org/web/20000918061729/https://www.federalreser...
Sincerely,
Enclosure
Guidance on Sound Risk Management Practices
Governing Private Banking Activities
Prepared by the
Federal Reserve Bank of New York
July 1997
Guidance on Sound Risk Management Practices Governing Private Banking Activities
This paper presents the observations of examiners of the Federal Reserve Bank
of New York regarding sound risk management and internal control practices with respect to
private banking activities. Findings are based on a year-long cycle of on-site examinations of
the risk management practices of approximately forty institutions in the Second Federal
Reserve District that are engaged in the provision of financial services to high net worth
individuals, which is commonly referred to as private banking. These examinations
represented a cross section of commercial banks, Edge Act corporations, trust companies,
8/23/2024, 10:58 AM
FRB: SR 97-19 (SUP)
6 of 13
https://web.archive.org/web/20000918061729/https://www.federalreser...
and U.S. branches of foreign banks. Our examiners found varying degrees of sophistication
and depth in private banking activities. And, we recognize that what constitutes sound
practice may vary according to the particulars of each organization's business.
The guidance presented in this paper is not a regulation and should not be
interpreted as such. The sound practices reflect the type of information banks need to have to
satisfy existing legal requirements as well as transactions testing performed by examiners,
and the types of controls essential to minimize reputational and legal risk and deter money
laundering. The goal of the paper is to ensure that banks are aware of the major issues
currently under review by regulatory and legal authorities and to further the dialogue with
institutions engaged in private banking.
Heightened supervisory interest in private banking activities primarily reflects
market developments. Recently, domestic and foreign banking organizations have been
increasing their private banking activities and their reliance on income from this business
line. Several large institutions reported plans to increase sharply the net contribution of
private banking to their organizations' earnings. Additionally, the target market for private
banking -- high net worth individuals -- is growing and becoming more sophisticated and
diverse with regard to product and service preferences and risk appetites. As the target
market for private banking is growing, so is the level of competition among institutions that
provide private banking services. Banking organizations are experiencing competition for
private banking clients from non-bank financial institutions, including securities dealers, and
asset management and brokerage firms. Accordingly, there are increased pressures on the
relationship managers and marketing officers of banking organizations to obtain new clients,
increase their assets under management, and contribute a greater percentage to the net
income of their organizations.
The reviews underlying this paper focused primarily on assessing each banking
institution's ability to recognize and manage the potential reputational and legal risks that
may be associated with inadequate knowledge and understanding of the clients' personal and
business background, source of wealth and use of their private banking accounts. Also
considered were the essential characteristics of an appropriate control infrastructure that is
suited to support the effective management of these risks.
To varying degrees, the sound practices identified here either are currently in
place or are in the process of being implemented in most institutions, although it is
recognized that practices observed in the United States may differ from global practices. The
discussion is structured as follows: (I) management oversight, (II) policies and procedures,
(III) risk management practices and monitoring systems, and (IV) segregation of duties,
compliance and audit.
I
Management Oversight of Private Banking
Senior management's active oversight of private banking activities and the
creation of an appropriate corporate culture are crucial elements of a sound risk management
and control environment. Senior management is responsible for identifying clearly the
purpose and objectives of the organization's private banking activities. A statement that
describes the target client base, the range of services offered to clients, and the financial
objectives and risk tolerances should be approved by senior management and establish
accountability for risk management and control functions. Well-developed goals and
objectives not only describe the target client base in terms of factors such as minimum net
worth, investable assets and the types of products and services sought, but specifically
8/23/2024, 10:58 AM
FRB: SR 97-19 (SUP)
7 of 13
https://web.archive.org/web/20000918061729/https://www.federalreser...
indicate the types of clients the institution will and will not accept, and establish multiple and
segregated levels of authorization for new client acceptance. Institutions that follow such
sound practices will be better positioned to design and deliver products and services that
match their clients' needs, while reducing the likelihood that unsuitable clients will be
accepted.
Senior management should be actively involved in strategic planning for the
private banking operation. Sound strategic planning should involve not only setting targets
such as revenue, assets under management, and the number of new accounts, but also include
the establishment of control and risk management goals, such as satisfactory audit and
compliance reviews. The most control-conscious institutions have passed these and other
specific qualitative goals through to relationship managers. In some cases, they have
included these factors in employee compensation schemes, thus promoting accountability
and responsibility for risk management and control processes.
The culture that exists within the private banking operation invariably reflects
senior management's level of commitment to controls and risk management. A focused,
integrated, "top-down" approach to embracing risk management and control concepts will
most effectively foster an environment in which managers and staff are knowledgeable and
aware of the risks in their portfolio. This approach to private banking activities will help
ensure that staff members apply consistent practices, communicate effectively, and assume
responsibility and accountability for controls.
Each organization should ensure that its policies and procedures for conducting
private banking activities are evaluated and updated regularly, and that there is a clear
delineation of roles, responsibilities and accountability for implementing such policies and
procedures.
II
Policies and Procedures
As a private banking operation frequently functions as a "bank within a bank,"
there are different policies and procedures needed to govern its activities and operations.
This paper focuses primarily on the significance of sound Know Your Customer ("KYC")
policies and procedures in managing the reputational and legal risks inherent in private
banking activities.
Know Your Customer Policies and Procedures
Nearly all of the institutions examined had written KYC policies and procedures
-- most of which captured the spirit of sound KYC guidelines. These institutions have taken
a reasonable approach to including essential components of a sound KYC policy in their
written policies, such as: obtaining identification and basic background information on the
clients, describing the clients' source of wealth and line of business, requesting references,
handling referrals and identifying red-flags or suspicious transactions. Policies also should
require that the clients' source of wealth and funds be corroborated and include specific
guidelines on how to corroborate information provided by the client. Sound policies also
define acceptable KYC information for different types of account holders, such as
individuals, operating companies, personal investment companies ("PICs"), trusts, clients of
financial advisers or other intermediaries, and financial advisers. These policies also should
recognize that contact/visitation reports written by private bankers, which document their
meetings with clients in their home countries and places of business, are an important
8/23/2024, 10:58 AM
FRB: SR 97-19 (SUP)
8 of 13
https://web.archive.org/web/20000918061729/https://www.federalreser...
component to the KYC process.
Additionally, sound policies require that the type and volume of transactions
expected to be passing through the clients' accounts be documented, with actual flows
monitored to assist in detecting suspicious or unusual transactions. Accountability for
following up on suspicious activities and making such reports as may be required should also
be clearly assigned.
Compliance with policies should be expected by senior management as a matter
of course; waivers should be the exception, not the rule, and reasons for any exception should
be documented. Moreover, all waivers should be handled by authorized personnel -- thus
reinforcing senior management's oversight of the risk management process. Clearly, the best
written policies and procedures will not work unless they are implemented effectively and
modified appropriately to reflect changing industry practices.
Credit Policies and Procedures
Lending to high net worth individuals and their business concerns often takes on
unique banking characteristics. The majority of private banking lending is fully secured -often by cash, securities and other assets held by the private banking function. Thus, the
extensions of credit to high net worth individuals on a secured basis should not result in
compromising sound underwriting standards. If credit is extended based on collateral, even
if the collateral is cash, repayment is not assured. For example, collateral derived from illicit
activities may be subject to government forfeiture. Accordingly, when extending secured
private banking loans, institutions should be satisfied as to the source and legitimacy of the
client's collateral, the borrower's intended use of the proceeds and the source of repayment.
Some institutions have appropriately recognized that, when lending to high net worth
individuals, whether on a secured or unsecured basis, the creditworthiness determination is
bolstered by a thorough and well-structured KYC process.
III
Risk Management Practices and Monitoring Systems
Effective risk management practices and systems that carry out the KYC policies
are the foundation of a sound risk management process. These practices should be wellintegrated within the organization and reassessed on an ongoing basis. Additionally, relevant
personnel should recognize their roles in the process, as well as their accountability.
Documentation and Due Diligence
Virtually all institutions perform more due diligence on relationships established
currently than on accounts that were opened in the past. They are supplementing basic
account- opening information, such as identification through passports and national identity
cards and other basic personal and business data, including the client's mailing address,
profession, and estimated net worth, with more detailed and substantive information. Sound
practice requires institutions to obtain references on their clients from reliable, independent
sources, such as other financial institutions, the client's business associates, attorneys or
accountants. Independent references that describe the capacity in which the referring party
knew the client and the nature of their relationship are important components of the KYC
process, and institutions routinely should seek to obtain these references. Furthermore, if
internal references from personnel that serve the client from an affiliated office are used, such
references should be accompanied by detailed, well-supported documentation.
8/23/2024, 10:58 AM
FRB: SR 97-19 (SUP)
9 of 13
https://web.archive.org/web/20000918061729/https://www.federalreser...
Institutions employ a wide array of sound practices to corroborate a client's
source of wealth and business activities, in addition to obtaining references. For example,
some institutions have obtained private credit agency reports on their clients' businesses,
including those in foreign countries. Private bankers have also sought out public information
on high profile clients in the press, periodicals and through standard database searches.
Sound practice also suggests that private bankers obtain financial statements, marketing
brochures, and annual reports of clients' businesses as additional corroboration sources.1
Examinations have confirmed that there are relatively easy and unobtrusive ways to
corroborate a private banking client's source of wealth, whether that client is from the United
States or abroad.
A concerted effort should be made to embrace these due diligence practices with
prospective and existing private banking clients to assure that a client's source of funds is
legitimate. While most institutions emphasized the significance of documentation and due
diligence during the client acceptance process, it is equally important to ensure that client
profiles are appropriately updated throughout the relationship with the client.
Most banking institutions maintain and manage accounts for PICs in their U.S.
offices; in fact, frequently PICs are established for the client -- the beneficial owner of the
PIC -- by one of the institution's affiliated trust companies in an offshore secrecy
jurisdiction. The majority of these institutions employ the sound practice of applying the
same general KYC standards to PICs as they do to personal private banking accounts -- they
identify and profile the beneficial owners. Most institutions had KYC documentation on the
beneficial owners of the PICs in their U.S. files.
The beneficial owners of PICs have a legitimate right to protect their financial
privacy, and some high net worth private clients may have a special and legitimate need for
confidentiality -- because of their public prominence, for example. The needed
confidentiality in these cases may be afforded by promulgating special protections as to
access to the records revealing the identity of a beneficial owner of a PIC. However, the
ability to make proper identification of the beneficial owner remains an important control
within the banking organization. First, without this control, the banking organization cannot
satisfy its compliance obligations with respect to legal process served on the banking
organization, which might reach property owned or controlled by a particular beneficial
owner, including the PIC itself. If the banking organization has structured its records in a
way that makes it impossible to comply with such process, this could cause the organization
serious compliance problems. Second, the lack of transparency may be an impediment to the
banking organization's understanding of its overall relationship with a particular beneficial
owner; and the existence of accounts for one or more PICs could confuse the organization
about the nature and depth of the overall relationship if the identity of the beneficial owner is
masked within management information systems. Finally, there is no legal impediment to
maintaining appropriate records. The law in the foreign jurisdiction where the PIC is
organized ordinarily should present no obstacle to recording the beneficial owner in a record
that the banking organization maintains with respect to a PIC account in the United States.
KYC standards for the beneficial owners of PICs (and similarly for those of
offshore trusts and foundations) should be no different from those of other personal private
banking accounts. Further, institutions maintaining such accounts in the United States should
be able to make available, within a reasonable period of time, the identities and full KYC
profiles of the beneficial owners when requested by supervisors performing test-checks of
their KYC programs.2
8/23/2024, 10:58 AM
FRB: SR 97-19 (SUP)
10 of 13
https://web.archive.org/web/20000918061729/https://www.federalreser...
Use of "Omnibus" and "Concentration" Accounts
Sound practice calls for each private banking client to have its own account(s) at
the bank, through which all of the client's transactions are directed. Private banking
operations should have the policies and controls in place to confirm that a client's funds flow
into and out of the client's account(s), and not through any other account, such as the
organization's suspense, omnibus or concentration accounts. Generally, it is inadvisable from
a risk management and control perspective for institutions to allow their clients to direct
transactions through the organization's suspense account(s). Such practices effectively
prevent association of the clients' names and account numbers with specific account activity,
could easily mask unusual transactions and flows, the monitoring of which is essential to
sound risk management in private banking, and could easily be abused.
Management Information Systems
The management information systems ("MIS") associated with private banking
activities were reviewed with a focus on the utility, thoroughness, timeliness and accuracy of
data reported to management and responsible individuals. While the size and complexity of
the private banking operation at each organization will affect the resources devoted to MIS,
private banking operations should make effective use of current technology to support their
risk management framework. The level of MIS support given to private banking frequently
was weaker than the support given to other areas of the same banking organization. In such
cases, institutions should develop specific plans to change or upgrade their MIS.
MIS should be migrating towards providing management with timely
information necessary to analyze and manage effectively the private banking business. The
types of reports that may meet this objective are those that reflect each client's holdings,
including those held through PICs and any affiliated accounts; any missing account opening
documentation; transactions made through a client's accounts that are unusual; and the
private banking function's profitability. Institutions that manage private banking activities on
a decentralized, functional basis may face challenges in uneven implementation of policies
and procedures and in aggregating a client's total relationship with the institution, as the
client's account balances might be recorded on disparate systems. Institutions with integrated
management of private banking activities have more success in capturing and reporting a
client's complete relationship. Management's ability to measure and analyze each client's
complete relationship with the organization is a key element for sound risk management, and
MIS should support that objective.
MIS should be capable of monitoring accounts for unusual and potentially
suspicious activities. Many institutions are developing or enhancing systems which will
identify transactions that warrant explanation and evaluation because of their size, volume,
pattern, source or destination. Systems that identify individual transactions on an exception
basis, for example those that are above established thresholds in dollar amount and volume,
are more appropriate in the detection of aberrations in transactional behavior than systems
that only recognize net balance changes. There is a wide array of thresholds used to initiate
exception reports -- some institutions use a dollar minimum for each transaction, regardless
of the type of client or activity, while others segregate their client base and establish different
dollar/volume thresholds for transactions pertaining to each client grouping or to each
individual client account. Each institution should implement exception reporting that makes
sense and provides appropriate information within the context of its particular business. It
should recognize that the systems and reports are valuable only if there are individuals who
are responsible for receiving, analyzing and acting on the information generated.
8/23/2024, 10:58 AM
FRB: SR 97-19 (SUP)
11 of 13
https://web.archive.org/web/20000918061729/https://www.federalreser...
Reporting Suspicious Activity
Procedures established to investigate and, if necessary, report suspicious private
banking activity also were reviewed. If legal, reputational, and other risks are to be
controlled, there must be a heightened focus on preventing and detecting money laundering
and other unlawful activity. Financial institutions clearly have a key responsibility in that
process. The Federal Reserve's Suspicious Activity Reporting regulations, which became
effective April 1, 1996, and are similar to regulations issued by the OCC, FDIC, OTS,
NCUA and the Treasury, impose a duty to file a Suspicious Activity Report ("SAR") for any
transaction that:
"has no business or apparent lawful purpose or is not the sort in
which the particular customer would normally be expected to
engage, and the institution knows of no reasonable explanation for
the transaction after examining the available facts including the
background and possible purpose of the transaction."
Some institutions with global private banking activities have recognized the
advantages in applying their suspicious activity monitoring procedures globally, as they will
be better equipped to detect and analyze patterns and trends of suspicious transactions within
their organizations. Private banking senior management should ensure that sound practices
are being followed throughout their organization. Management should ensure there is a
proactive approach and well-established procedures covering the SAR process and that
accountability exists within their organization for the analysis and follow-up of internally
identified suspicious activity, for the decision-making process as to whether or not to file a
SAR, and for maintaining or closing an account. Because there is a legal requirement to
report suspicious transactions, it is essential for banking organizations to maintain internal
programs that ensure compliance.
IV
Segregation of Duties, Compliance and Audit
Ensuring effective implementation of established policies and procedures is a
significant challenge to many private banking operations. Institutions that evidence ongoing
progress towards conformity with stated policies and procedures are those that recognize the
importance of segregation of duties and provide adequate attention, direction and support to
the individuals responsible for compliance and internal audit.
Segregation of Duties
Adequate segregation of duties in the KYC process is of critical importance.
Institutions should not rely exclusively on any individual relationship manager or immediate
supervisor to, for example, waive documentation required to open an account, approve the
client profile, authorize a new client relationship, fully identify (or "know") the client, and
monitor client accounts for unusual transactions. The more control-conscious institutions
ensure that an independent unit -- such as compliance, risk management or senior
management -- also has responsibility for these functions. Some institutions have segregated
KYC duties in a KYC committee comprised of relationship managers, compliance, and
senior management to determine, prior to the acceptance of any new client, if the potential
client's profile meets the institution's KYC standards. Many institutions have also introduced
the concept of "back-up relationship managers" or "client teams" to minimize the risk of a
single relationship manager having exclusive knowledge and control over individual
8/23/2024, 10:58 AM
FRB: SR 97-19 (SUP)
12 of 13
https://web.archive.org/web/20000918061729/https://www.federalreser...
relationships.
Segregation of duties clearly facilitates the private banking operation's
compliance with policies and procedures and, consequently, minimizes reputational and legal
risk. Institutions that have not already established independent control over the abovementioned activities are urged to introduce such measures as soon as possible.
Compliance
Compliance functions are most effective if they are proactive in ensuring the
integrity of the control infrastructure of the private banking operation, as opposed to being
reactive to specific, isolated events. They should ensure that policies and procedures are
being followed by conducting frequent ad hoc reviews and tests that measure how different
groups within the private banking function are complying with the policies and procedures.
Some institutions assign to compliance the responsibility for reviewing all prospective client
profiles to determine if the relationship managers have satisfied the institutions' profiling
requirements, obtained necessary documentation and taken appropriate action where
problems arise. Compliance functions should also be in a position to recognize promptly any
client activity that may be unusual, to question relationship managers about the nature of
potentially suspicious activities, and to follow through on their inquiries and suspicions.
Compliance functions work effectively only when they have senior management
commitment and sufficient resources to accomplish their mission.
In creating a culture that follows best practices of risk management and internal
control, institutions should conduct frequent training of personnel that is reinforced at regular
intervals, particularly in providing the "how to" of client profiling, conducting due diligence,
preparing customer call reports and detecting and responding to unusual activities. In some
cases, KYC training has been incorporated into the overall marketing and sales training
programs. This serves to integrate the concepts of knowing the client's personal and business
background, and source and legitimacy of wealth with those relating to the selling of
appropriate products and services that meet the client's needs and interests. The majority of
institutions provide training on money laundering and documentation requirements for their
compliance staff. Institutions also should incorporate this training into programs conducted
for their relationship managers.
Internal Audit
Comprehensive private banking audit programs are based on risk ratings that
apply an appropriate weighting to the major risks of the business, such as reputational and
legal risk, and audits that are conducted with sufficient frequency and involve adequate
transaction testing to determine the effectiveness of the internal control environment. KYC
testing, for example should be a critical element.
As internal audit plays a crucial role in independently evaluating the risk
management and controls, management should ensure that audit functions are staffed
adequately with individuals who are well-versed in private banking. In addition, auditors
should be proactive in following-up on their findings and criticisms.
Conclusion
The purpose of this paper is to provide sound practice guidance to institutions
that are engaged in private banking, while at the same time contribute to the ongoing national
8/23/2024, 10:58 AM
FRB: SR 97-19 (SUP)
13 of 13
https://web.archive.org/web/20000918061729/https://www.federalreser...
and international discussion of the difficult challenges of implementing effective Know Your
Customer policies and procedures. Banks face a major responsibility with their affirmative
legal obligation to prevent money laundering. This is particularly true in light of the general
expectation that private banking will grow significantly in size, complexity and diversity
over the next several years, with the result that business practices, policies and procedures
will need to be reviewed and revised to ensure effective risk management. We look forward
to continuing our dialogue with banks engaged in private banking.
Footnotes
1 Note that dealings with certain types of entities -- pension funds or public entities such as
municipalities -- require additional procedures. When dealing with a pension fund certain
disclosure requirements of ERISA may apply, and a knowledge of relevant statutes or
regulations may be required when dealing with public entities.
2 Similarly, KYC standards should be no different than those applicable to private banking
accounts when the institution deals with a financial adviser or other type of intermediary
acting on behalf of a client. In order to perform its KYC responsibilities, the institution
should identify the beneficial owner of the account (usually the intermediary's client, but, in
rare cases, the intermediary itself) and perform its KYC analysis with respect to the
beneficial owner. The imposition of an intermediary between the institution and the counter
party should not lessen the private bank's KYC responsibilities.
Return to top
Home | SR letters | 1997
To comment on this site, please fill out our feedback form.
Last update: July 1, 1997 5:00 PM
8/23/2024, 10:58 AM