On October 26, 2001, following the September 11 terrorist attacks, President George W. Bush signed the USA PATRIOT Act into law. Title III of the PATRIOT Act, referred to as the International Money Laundering Abatement and Anti-Terrorist Financing Act of 2001, imposed new anti-money laundering provisions and amendments to the Bank Secrecy Act to make it easier to prevent, detect, and prosecute money laundering and the financing of terrorism. The USA PATRIOT Act brought all financial institutions under regulations. Now, every financial institution defined by the AML regulations—not only depository institutions—must establish a formal anti-money laundering program. The nature of the program and the regulations to which it must conform vary depending on the type of institution.
Although the insurance industry includes companies that ultimately may be exempt from the AML program requirements, it is very clear that issuers of life insurance and annuity products face significant exposure to money laundering and terrorist financing schemes and threats. For these companies, the challenge is to design anti-money laundering programs that fit their businesses and address the potential laundering and terrorist financing risks posed by customers, operations, products, and services.
The portion of the USA PATRIOT Act that extends the federal anti-money laundering requirements to insurance companies follows:
Section 5318(h) of Title 31, United States Code, is amended to read as follows:
- In general.—In order to guard against money laundering through financial institutions, each financial institution shall establish anti-money laundering programs, including, at a minimum
- the development of internal policies, procedures, and controls;
- the designation of a compliance officer;
- an on-going training program; and
- an independent audit function to test programs.
- Regulations.—The Secretary of the Treasury, after consultation with the appropriate Federal functional regulator...may prescribe minimum standards for programs established under (1), and may exempt from the application of those standards any financial institution that is not subject to the provisions of the rules in part 103 of title 31 of the Code of Federal Regulations...
On October 31, 2005, the US Treasury Department issued final regulations with respect to AML programs for insurance companies.
How Life Insurance and Annuity Products Can Be Used for Money Laundering?
To understand why anti-money laundering regulations encompass insurance companies, it is imperative to understand how insurance companies and their products can be used for money laundering.
The most significant money laundering and terrorist financing risks in the insurance industry are found in life insurance and annuity products. These products allow individuals to deposit large amounts of money into the financial system, available for later redemption, with the origin of the funds hidden. Permanent life insurance policies are especially attractive for this purpose: the cash value account is available for surrender, and partial withdrawals or loans are available within a relatively short time after policy issue.
On December 6, 2002, the first known case of money laundering in the insurance industry was reported on the front page of the New York Times. The article “New Hiding Place for Drug Profits: Insurance Policies” reported how Columbian cocaine traffickers used life insurance policies to launder $80 million in drug profits. More than 250 investment-type insurance policies were purchased through brokers and funded with checks and wire transfers submitted by brokers or other third-party entities.
Annuity contracts also pose a significant money laundering risk because they allow a money launderer to exchange illicit funds, in the form of a single premium deposit or multiple premium deposits, for an immediate or deferred income stream. Viatical settlements can also be used to hide and transfer illegal monies. The use of viatical settlements for money laundering purposes would also require the use of a fronting person—in this case, someone with a critical illness.
Property and casualty, title, and health insurance policies do not generally include elements that enable any kind of refund and would not generally come under the umbrella of the anti-money laundering rules. However, to the extent that these products have investment or stored value features with transferability, the anti-money laundering rules would include them. The spotlight of the anti-money laundering regulations is on the ability of a money launderer to use a particular financial product to store and move illicit funds through the financial system. Therefore, any insurance product that enables this type of activity is (as of this writing) included within the reach of the anti-money laundering regulations.
Term life insurance also poses a risk of money laundering because it possesses elements of stored value and transferability that make it attractive to money launderers. For example, a narcotics trafficker based in a foreign country could purchase a term policy from a US insurer with a large, up-front premium composed of illicit funds, using an elderly or ill front person as the insured, and collect the proceeds when the insured dies.
It should be noted that many interested parties have framed the other side of this argument. It has been argued that the issuance of a large term policy on an elderly or ill individual is subject to close scrutiny during underwriting and that, even if such a policy were issued, the criminal would be forced to wait for the insured to die to collect the proceeds.
Nonetheless, it is possible for term insurance to be used to launder money. In fact, US customs officials in Austin, Texas, obtained the forfeiture of illicit drug money that was paid to purchase three term life insurance policies. The purchase was made with a number of structured monetary instruments, followed shortly by an attempt to redeem the policies. (
In the Matter of Seizure of the Cash Value and Advance Premium Deposit Funds, Case No. 2002-5506-000007 [W.D. Tex. 2002])
Non Insurance Fraud and Money Laundering?
Bringing insurance companies and insurance policies into the fold of federal anti-money laundering regulations may appear to be overkill. After all, insurers have long had sophisticated, extensive programs in place to detect and combat fraud. Notably, these measures come into play during the field and policy underwriting phases. However, the risks associated with fraud are not the same as those associated with money laundering.
As the anti-money laundering rules make clear, an insurer's antifraud policy is concerned that premium payment checks clear, not that they are made with structured instruments or derive from suspicious sources.
Similarly, a person who buys a life insurance policy with a single lump-sum premium and shortly thereafter surrenders it for its cash value may not, in so doing, commit any type of fraud or cause harm to the insurance company. However, this same person might have followed this procedure solely for the purpose of laundering illicit funds. An associated fee or penalty is not an issue for money launderers; their objective is simply to transform illegal funds into seemingly legal tender.
After passage of the USA PATRIOT Act, the US Treasury Department, along with the Financial Crimes Enforcement Network (FinCEN)*, the Department of Homeland Security, and the Department of Justice, began drafting regulations that would serve to implement the many revisions of the Bank Secrecy Act.
These regulations are designed to make financial transactions more transparent and provide the government with more information about financial activity in new sectors. They are also intended to fortify the financial industry—and its many segments—as the first line of defense against money laundering, terrorist financing, and other financial crimes.
Broadly, as they apply to all financial institutions, the anti-money laundering regulations require:
- the establishment of an anti-money laundering program;
- the creation of customer identification and verification programs;
- enhanced recordkeeping and reporting; and
- enhanced suspicious activity reporting.
Following are the specifics of these regulations as they apply to insurance companies.
*Note that FinCEN is a bureau of the US Treasury Department that provides US policymakers with strategic analysis of domestic and worldwide money laundering developments, trends, and patterns.
Which Companies Are Included in Anti-Money Laundering Programs?
Only those companies in the insurance industry that pose a significant risk of money laundering and terrorist financing must comply with the anti-money laundering regulations. According to the regulations, an insurance company is:
any person engaged in the United States as a business in (1) the issuing, underwriting, or reinsuring of a life insurance policy; (2) the issuing, granting, purchasing, or disposing of any annuity contract; or (3) the issuing, underwriting, or reinsuring of any insurance product with investment features similar to those of a life insurance policy or an annuity contract, or which can be used to store value and transfer that value to another person.
Which Agents are Excluded?
At this time, the definition of insurance company does not include insurance agents or brokers; consequently, agents and brokers are not, individually or independently, required to implement an anti-money laundering program. For now, the regulatory agencies responsible for drafting the anti-money laundering rules believe insurance companies are in the best position to design effective programs based on the nature of business and the risk assessment they must perform. However, because this risk assessment will be based in part on the company’s distribution system, agents and brokers will likely be involved with their company’s anti-money laundering program because the company must incorporate policies, procedures, and internal controls that address how its products and payment are exchanged in the market.
Insurers that meet the definition for inclusion in the anti-money laundering requirements must develop and implement a company-wide anti-money laundering program. The purpose of the program is to prevent the company, its products, and its agents from being used for money laundering or terrorist financing purposes. To this end, the company must identify the risks it faces based on its products, customers, distribution system, and geographic location.
How to Establish an AML Program?
Given the vast differences between the products, distribution methods, and customer bases of insurance companies, regulators recognize there is no one-size-fits-all anti-money laundering program for insurance companies. Consequently, the regulations provide insurers with a great deal of flexibility so they can design their programs to meet their specific profiles and risks.
Federal law requires insurance companies to establish anti-money laundering programs to prevent money laundering through their products. Life insurance companies are responsible for developing and implementing their own anti-money laundering programs that comply with applicable laws and regulations. They must train all key employees and all insurance agents on the anti-money laundering program in effect.
Each insurance company must develop its own anti-money laundering program because it must be tailored to fit each company’s specific business, practices, and products. The insurance company does, however, have the flexibility to train its agents and brokers directly. Insurance companies may also allow their agents and brokers to receive the required training from another insurance company or competent third party, provided it covers products offered by the insurance company.
Which Products Are Covered by AML Programs?
AML programs must focus on those covered insurance products with features that make them susceptible to use for money laundering or financing terrorists. These are known as
covered products and include the following:
- A permanent life insurance policy, other than a group life insurance policy
- Any annuity contract, other than a group annuity contract
- Any other insurance product with features of cash value or investment
Covered products are those insurance products that are likely to present a higher degree of risk for money laundering. The following are not covered products:
- Term life (including credit life) insurance
- Group life insurance
- Group annuities
- Charitable annuities (i.e., products offered by charitable organizations)
- Reinsurance, retrocession contracts, and treaties
- Contracts of indemnity
- Structured settlements, including workers’ compensation payments
- Insurance products offered by:
- property-casualty insurers,
- title insurers, and
- health insurers
These insurance products are not included because they pose a lower risk for money laundering. Although term life insurance is not identified as a covered product, it should be noted that in 2007–2008, insurance companies filed 37 suspicious activity reports involving noncovered products that were not third-party or other life settlement products. Twenty-two of these (59%) related to term life policies.
The rules focus on covered insurance products with features that make them susceptible to being used for money laundering or for financing terrorism. Consequently, the rules apply to life insurance transactions that include cash value products like whole life, universal life, and annuities. To the extent that term life insurance, property and casualty insurance, health insurance, and other kinds of insurance do not exhibit these features, they are not products covered by the rules.
What Are the Minimum Requirements?
There are minimum requirements to which every insurance company must adhere to and include in their anti-money laundering program:
- The program must be in writing and made available to the US Treasury Department upon request.
- The program must be approved by senior management.
- The program must contain policies, procedures, and internal controls based on the insurer's assessment of the money laundering and terrorist financing risks associated with its specific products, clients, distribution channels, and location.
- The program must ensure that the company facilitates and obtains all the information necessary to make its anti-money laundering efforts successful. This includes collecting and maintaining relevant customer identification information. (The specific means to obtain such information is not mandated, but it is likely that a company's agents and brokers will be required to be actively involved with this stage of the program.)
- The company must designate a compliance officer who will be responsible for the administration, implementation, and upkeep of the program.
The last three items are the core components of the AML program requirement.
According to the regulations, the company's risk assessment (which is to set the foundation for its anti-money laundering program) must include "all relevant information." While this appears quite broad, the following questions can be used as guideposts:
- Does the insurer allow customers to use cash or cash equivalents to purchase its products?
- Can the insurer's products be purchased with a single premium or lump-sum amount?
- Does the design of the insurance company's products permit loans against the products' cash values?
- Does the company transact business with or in a jurisdiction whose government has been identified as a sponsor of international terrorism, has been designated noncooperative with international anti-money laundering principles, or warrants "special measures" per the secretary of the Treasury due to money laundering concerns?
What Policies, Procedures, and Internal Controls Must Be In Place?
On the basis of a risk assessment, the insurer must then construct its specific anti-money laundering program, which would include designing and implementing policies, procedures, and internal controls that ensure compliance with applicable BSA/USA PATRIOT Act requirements.
One of the requirements applicable to insurers is the obligation to make currency transaction reports on IRS Form 8300. A
currency transaction report is generally required when an insurer receives more than $10,000 in cash in one transaction or in two or more related transactions. Any transactions conducted between a payer or his agent and the recipient during a 24-hour period are called
related transactions. Transactions are related even if they occur over more than 24 hours if the recipient knows or has reason to think that each transaction is in a series of connected transactions.
Form 8300 captures:
- the identity of the individual from whom the cash was received;
- the person on whose behalf the transaction was conducted;
- a description of the transaction and the method of payment; and
- the name of the business that received the cash.
Form 8300 may be filed voluntarily for any suspicious transaction for use by FinCEN and the Internal Revenue Service, even if the amount of money involved is less than $10,000. In this context, asuspicious transaction is any activity in which it appears a person is attempting to prevent the filing of Form 8300 or cause a false or incomplete filing, or any transaction in which there is an indication of possible illegal activity.
In September 2012, FinCEN made the following announcement concerning Form 8300:
“Each person who is engaged in a trade or business that, in the course of that trade or business, receives more than $10,000 in cash in one transaction or in two or more related transactions, must file Form 8300. It also may be filed voluntarily for any suspicious transaction, even if the total amount does not exceed $10,000." The information contained in these reports, when added to the FinCEN database, can be cross referenced with other FinCEN reports such as Suspicious Activity Reports and Currency Transaction Reports to establish money trails and expose hidden criminal trends and patterns. Last year, FinCEN received almost 200,000 paper filings of Form 8300.
“E-Filing is a free, Web-based electronic filing system that allows businesses to submit their FinCEN reports through a secure network. Compared with the traditional paper filing process, businesses find E-Filing a faster and more convenient, secure, and cost-effective method of submitting their reports as well as for receiving confirmation of their report’s acceptance. The greater use of the E-Filing system also assists FinCEN in providing important information relating to money laundering and terrorist financing to law enforcement in the quickest manner possible. Almost all FinCEN reports must currently be E-Filed. Paper Form 8300 filings will continue to be accepted for the near future, though businesses are encouraged to begin to take advantage of the benefits of E-Filing now.”
What Are Customer Identification and Verification?
Insurers must conform to the customer identification and verification requirement. The mandate that financial institutions establish a
customer identification program (CIP) was set forth in Section 326 of the USA PATRIOT Act. The rules implementing that requirement have been finalized and are now part and parcel of the Bank Secrecy Act's anti-money laundering compliance program. While each financial institution must develop a CIP tailored to its profile and its specific money laundering risks, every program must contain the following elements.
- Customer identity verification procedures. The customer must provide identifying information and the company must verify the accuracy of the information provided.
- Verification recordkeeping. The information provided by the customer must be recorded and maintained for five years after the account is closed.
- Government list comparison. The company must determine if the customer's name appears on any list of known or suspected terrorist organizations issued by the federal government (the Office of Foreign Assets (OFAC) list) within a reasonable time after the customer's account is opened or a product is purchased.
- Notification to customers. The company must provide customers with adequate notice that it is requesting information to verify their identities.
The policy or contract owner has control over the flow of funds into and out of the insurance contract and, therefore, has the ability to use the insurance product to launder money. AML standards for insurers treat the policy or contract owner as the “customer” for purposes of verifying identity. The information to be collected for identification purposes depends on whether the insurance product is at a low or high risk for money laundering.
Even in the lowest risk situations, insurers must gather and verify basic information about the new owners so the AML program can be effectively implemented. Fairly extensive owner verification procedures might be appropriate for insurance products that are at a high risk for money laundering, such as a high face value permanent life insurance policy or annuity.
What Are the Role of Insurance Agents?
As highlighted in the regulations, insurance companies typically conduct their operations through agents and third-party service providers. Specific elements of the compliance program will best be performed by these people. Insurance companies can delegate the implementation and operation of the customer identification/verification aspect of their anti-money laundering programs, but they may have to modify their current agent and broker agreements to do so. However, this would not negate the insurer's responsibility for enhanced recordkeeping and compliance with BSA regulatory requirements. The company must continue to monitor the operation and effectiveness of its program.
Insurers are required to collect client information from agents and brokers to support their AML programs and to detect and report suspicious transactions. Agents and brokers are critical to this process.
Agents and brokers should collect and retain information needed to assess the risk involved with particular transactions. This would involve information about the source of investment assets, the nature of the client, and the reason why the particular insurance product was purchased.
Agents and brokers must also identify clients in high-risk businesses or high-risk locations.
Agents must not knowingly conduct business with any person or business whose transactions are intended to further, finance, or support terrorist activities. An agent who knows of any facts that indicate suspicious activity must contact the AML compliance officer and report any violations of policy. An agent must comply with all anti-money laundering laws and regulations.
An agent must assist the compliance officer in the gathering of information necessary for reporting requirements. The compliance officer will know on a case-by-case basis what information is needed.
An agent may not let a suspect know that the suspicious activity has been reported.
Another required component of an insurer's anti-money laundering program is a designated compliance officer who is responsible for its administration. The compliance officer may be an individual or a committee. Whoever performs the function should be competent and knowledgeable about BSA requirements and money laundering issues and risks. In addition, the compliance officer must be empowered to develop and enforce appropriate policies and procedures, and ensure that company personnel are appropriately trained and educated. A full-time person is required if the level of risk or the volume of transactions so warrants.
An insurance company's anti-money laundering program must include training for all appropriate persons. In addition to orienting employees to the company's anti-money laundering program, the training should provide an understanding of money laundering risks in general so red flags can be recognized and associated with both existing and potential customers.
The regulations do not prescribe the nature or scope of a training program other than require it to prepare those with anti-money laundering responsibilities and obligations to perform their duties effectively. The training should be ongoing and include periodic updates.
All agents who sell covered products must receive training on money laundering and terrorist financing.Agents and brokers are crucial to preventing and detecting suspicious activity and, therefore, must undergo training on anti-money laundering and their responsibilities.
Each life insurance company will design its own program so characteristics of its particular business may be taken into account. This will include the role that agents and brokers play in conducting business for that company.
Agents and brokers should receive risk-based guidance from each insurer they represent and specific guidance on the business practices and product mix of that particular insurer.
Which Are Exempt Organizations?
If an insurance company is registered with the Securities and Exchange Commission (SEC) (e.g., an insurer that sells variable annuities), it will be deemed to have satisfied the insurance anti-money laundering program requirements to the extent it complies with the anti-money laundering rules applicable to SEC-registered companies and SEC-registered products. To the extent that the insurer issues a product or conducts activity that is not covered by an SEC (or self-regulatory organization) anti-money laundering program rule, then that product or that activity would be subject to the insurance company’s anti-money laundering requirements.
What is Suspicious Transaction Reporting?
Another element of anti-money laundering regulations with which insurance companies must comply is reporting suspicious transactions to the US Treasury Department via FinCEN. These are known as suspicious activity reports (SARs). This reporting requirement was added to the Bank Secrecy Act in October 2002 as an additional measure in creating a strong regulatory force against money laundering activities.
Specifically, the requirement authorizes a financial institution to report any suspicious transaction that is relevant to a possible violation of law or regulation. When such reports are made, the financial institution may not notify the individual involved with the transaction that these activities were reported, nor can the government or its agents make such a disclosure. Additionally, the requirement absolves an institution from any liability it might otherwise face for the disclosure.
As noted in the anti-money laundering regulations, one of the reasons suspicious activity reporting was extended beyond banks to all relevant financial institutions is the intense scrutiny to which banks have been subject. This scrutiny has made it far more difficult for money launderers to use banks for their illicit purposes. However, as measures to counter money laundering are put into place, money launderers revise their methods and turn to nonbank financial institutions. The fact is money laundering requires the involvement of a financial institution either to conceal the illegal funds or to recycle those funds back into the economy. If banks pose too great a risk for the money launderers, they must turn to other financial institutions, such as insurance companies.
Another reason suspicious activity reporting is required of financial institutions is that their officers and employees are more likely than law enforcement officials to know or sense when financial transactions are not as they should be. Those closest to the business are more readily able to evaluate when specific activities or transactions lack a legitimate connection to or use of the company's products, services, or offerings.
Suspicious activity reporting is not confined to financial institutions in the United States. The international community also recognizes such reporting as essential to effective anti-money laundering efforts. The FATF is an intergovernmental organization established in 1989 to develop policies to combat money laundering and terrorist financing. The FATF reports money laundering trends.
In April 1990, less than one year after its creation, the FATF issued a report containing Forty Recommendations, which provide a comprehensive plan of action to fight money laundering. In 2001, the development of standards in the fight against terrorism financing was added to the FATF’s mission. In October 2001, the FATF issued its Eight Special Recommendations to deal with terrorism financing. The continued evolution of money laundering techniques led the FATF to comprehensively revise its standards in June 2003. In October 2004, the FATF published a ninth Special Recommendation, further strengthening the agreed international standards for combating money laundering and terrorism financing with the 40+9 Recommendations.
FATF currently represents 34 countries and territories and 2 regional organizations around the world. One of the FATF recommendations in the international fight against money laundering is as follows: “...if financial institutions suspect that funds stem from a criminal activity, they should be required to report promptly their suspicions to the competent authorities.”
The language in this recommendation was originally more permissive. That FATF revised its position in 1996 to require institutions to report suspicious activity indicates the importance it places on this issue. Then and now, the definition of
financial institution for FATF includes insurance companies.
What is Financial Action Task Force (FATF)?
In February 2012, after more than two years of efforts by member countries, the FATF adopted revisions to its recommendations to strengthen global safeguards and further protect the integrity of the financial system by providing governments with stronger tools to take action against financial crime. At the same time, new standards were adopted that address new priority areas, such as corruption and tax crimes. The recommendations are used by more than 180 governments to combat these crimes.
The revised FATF Recommendations now fully integrate counter-terrorist financing measures with anti-money laundering controls, introduce new measures to counteract the financing of weapons of mass destruction, and better address the laundering of proceeds of corruption and tax crimes. They also strengthen the requirements for higher risk situations and allow countries to take a more targeted, risk-based approach.
During the revision process, the FATF considered a customer due diligence measure for life insurance. The life insurance sector provided feedback that there should be a clear distinction between a beneficiary of a life insurance policy and the beneficial owner, and that verification of beneficiaries may not always be possible at the beginning of the business relationship. These views were accepted by the FATF, and the revisions seek to clarify the customer due diligence measures required and stress that beneficiary verification need only occur at the time of payout. Reasonable measures should be taken to identify and verify the beneficial owner of the beneficiary, including whether or not the beneficial owner is a politically exposed person, at payout.