[Federal Register Volume 70, Number 212 (Thursday, November 3, 2005)]
[Rules and Regulations]
[Pages 66754-66761]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 05-21917]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF THE TREASURY

31 CFR Part 103

RIN 1506-AA70


Financial Crimes Enforcement Network; Amendment to the Bank 
Secrecy Act Regulations--Anti-Money Laundering Programs for Insurance 
Companies

AGENCY: Financial Crimes Enforcement Network, Treasury.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: The Financial Crimes Enforcement Network is issuing this final 
rule to prescribe minimum standards applicable to insurance companies 
pursuant to the provision in the Bank Secrecy Act that requires 
financial institutions to establish anti-money laundering programs and 
to define the companies and insurance products that are subject to that 
requirement.

DATES: Effective Date: December 5, 2005.
    Applicability Date: May 2, 2006. See 31 CFR 103.137(b) of the final 
rule contained in this document.

FOR FURTHER INFORMATION CONTACT: Financial Crimes Enforcement Network, 
Regulatory Policy and Programs Division on (202) 354-6400 (not a toll-
free number).

SUPPLEMENTARY INFORMATION: 

I. Background

A. Statutory Provisions

    The Bank Secrecy Act, Public Law 91-508, as amended, codified at 12 
U.S.C. 1829b, 12 U.S.C. 1951-1959, and 31 U.S.C. 5311-14, 5316-5332, 
authorizes the Secretary of the Treasury to issue regulations requiring 
financial institutions to keep records and file reports that are 
determined to have a high degree of usefulness in criminal, tax, and 
regulatory matters, or in the conduct of intelligence or counter-
intelligence activities, including analysis, to protect against 
international terrorism, and to implement anti-money laundering 
programs and compliance procedures.\1\ Regulations implementing Title 
II of the Bank Secrecy Act appear at 31 CFR Part 103. The authority of 
the Secretary to administer the Bank Secrecy Act has been delegated to 
the Director of the Financial Crimes Enforcement Network.
---------------------------------------------------------------------------

    \1\ Language expanding the scope of the Bank Secrecy Act to 
intelligence or counter-intelligence activities, including analysis, 
to protect against international terrorism was added by section 358 
of the Uniting and Strengthening America by Providing Appropriate 
Tools Required to Intercept and Obstruct Terrorism Act of 2001 (the 
USA PATRIOT Act), Public Law 107-56.
---------------------------------------------------------------------------

    On October 26, 2001, the President signed into law the USA PATRIOT 
Act. Section 352 of the USA PATRIOT Act, which became effective on 
April 24, 2002, amended 31 U.S.C. 5318(h) to require anti-money 
laundering programs for all financial institutions defined in 31 U.S.C. 
5312(a)(2). At a minimum, the anti-money laundering programs are 
required to include:

    (A) The development of internal policies, procedures, and 
controls; (B) the designation of a compliance officer; (C) an 
ongoing employee training program; and (D) an independent audit 
function to test programs. 31 U.S.C. 5318(h)(1).

Section 352(c) of the USA PATRIOT Act directs the Secretary to 
prescribe regulations for anti-money laundering programs that are 
``commensurate with the size, location, and activities'' of the 
financial institutions to which such regulations apply. Section 
5318(h)(2) permits the Secretary to exempt from this anti-money 
laundering program requirement those financial institutions not 
currently subject to the Financial Crimes Enforcement Network's 
regulations implementing the Bank Secrecy Act. Section 5318(a)(6) 
further provides that the Secretary may exempt any financial 
institution from any Bank Secrecy Act requirement. Taken together, 
these provisions authorize the issuance of anti-money laundering 
program regulations that may differ with respect to certain kinds of 
financial institutions, and that may exempt certain financial 
institutions from the requirements of section 5318(h)(1).
    Although insurance companies have long been defined as financial 
institutions under the Bank Secrecy Act (see 31 U.S.C. 5312(a)(2)(M)), 
we, prior to the notice of proposed rulemaking preceding this final 
rule,\2\ had neither defined ``insurance companies'' for purposes of 
the Bank Secrecy Act nor issued regulations regarding insurance 
companies. In April 2002, we deferred the anti-money laundering program 
requirement contained in 31 U.S.C. 5318(h) that would have applied to 
the insurance industry.\3\ The deferral

[[Page 66755]]

allowed us time to study the insurance industry and to consider how 
anti-money laundering controls could best be applied to that industry, 
considering differences in size, location, and services within the 
industry.
---------------------------------------------------------------------------

    \2\ See 67 FR 60625 (Sept. 26, 2002).
    \3\ See 31 CFR 103.170, as codified by interim final rule 
published at 67 FR 21110 (Apr. 29, 2002), as amended at 67 FR 67547 
(Nov. 6, 2002) and corrected at 67 FR 68935 (Nov. 14, 2002).
---------------------------------------------------------------------------

    Published elsewhere in a separate part of the Federal Register is a 
final rule requiring insurance companies to file Suspicious Activity 
Reports. That final rule applies to the same universe of insurance 
companies and covered products as this final rule.\4\
---------------------------------------------------------------------------

    \4\ The limited definition of insurance company for purposes of 
this rule, as well as the final rule requiring insurance companies 
to file Suspicious Activity Reports, is not intended to limit the 
kinds of financial institutions that may voluntarily report 
suspicious activity under the protection of the safe harbor from 
liability contained in 31 U.S.C. 5318(g)(3).
---------------------------------------------------------------------------

B. Insurance Company Regulation and Money Laundering

    The statutory mandate that all financial institutions establish 
anti-money laundering programs is a key element in the national effort 
to prevent and detect money laundering and the financing of terrorism. 
The mandate recognizes that financial institutions other than 
depository institutions, which have long been subject to Bank Secrecy 
Act requirements, are also vulnerable to money laundering.
    The application of anti-money laundering measures to non-depository 
institutions generally, and to insurance companies in particular, also 
has been emphasized by the international regulatory community as a key 
element in combating money laundering. One of the central 
recommendations of the Financial Action Task Force,\5\ of which the 
United States is a member, is that financial institutions, including 
insurance companies, establish anti-money laundering programs. See 
Financial Action Task Force Forty Recommendations (Recommendation 15 
and Glossary).
---------------------------------------------------------------------------

    \5\ The Financial Action Task Force is an inter-governmental 
body whose purpose is the development and promotion of policies to 
combat money laundering. Originally created by the G-7 nations, its 
membership now includes Argentina, Australia, Austria, Belgium, 
Brazil, Canada, Denmark, Finland, France, Germany, Greece, Hong 
Kong, Iceland, Ireland, Italy, Japan, Luxembourg, Mexico, the 
Kingdom of the Netherlands, New Zealand, Norway, Portugal, Russia, 
Singapore, South Africa, Spain, Sweden, Switzerland, Turkey, the 
United Kingdom, and the United States, as well as the European 
Commission and the Gulf Cooperation Council.
---------------------------------------------------------------------------

    This final rule applies only to insurance companies offering 
covered products, as defined in the rule. Insurance companies offer a 
variety of products aimed at transferring the financial risk of a 
certain event, from the insured to the insurer. These products include 
life insurance policies, annuity contracts, property and casualty 
insurance policies, and health insurance policies. These products are 
offered through a number of different distribution channels. Some 
insurance companies sell their products through direct marketing in 
which the insurance company sells a policy directly to the insured. 
Other companies employ agents, who may either be captive or 
independent. Captive agents generally represent only one insurer or one 
group of affiliated insurance companies; independent agents may 
represent a variety of insurance carriers. A customer also may employ a 
broker (i.e., a person who searches the marketplace for insurance in 
the interest of the customer) to obtain insurance.
    This final rule focuses on those covered insurance products 
possessing features that make them susceptible to being used for money 
laundering or the financing of terrorism. For example, life insurance 
policies that have a cash surrender value are potential money 
laundering vehicles. Cash value can be redeemed by a money launderer or 
can be used as a source of further investment of tainted funds'for 
example, by taking out loans against such cash value. Similarly, 
annuity contracts also pose a money laundering risk because they allow 
a money launderer to exchange illicit funds for an immediate or 
deferred income stream or to purchase a deferred annuity and obtain 
clean funds upon redemption.\6\ These risks do not exist to the same 
degree in term life insurance products, group life insurance products, 
group annuities, or in insurance products offered by property and 
casualty insurers or by title or health insurers.
---------------------------------------------------------------------------

    \6\ For an example of money laundering involving the fraudulent 
conversion of money in an insurance premium trust account, see U.S. 
v. Boscarino, Aulenta, and Mangurten, No. 02 CR 0086 (N.D. Ill. ED 
2002) (Superseding Indictment).
---------------------------------------------------------------------------

    The international community has focused on life insurance policies 
and those insurance products with investment features as the 
appropriate subjects of anti-money laundering programs for insurance 
companies. In defining the kinds of insurance companies that should 
establish anti-money laundering programs, the Financial Action Task 
Force Forty Recommendations focuses on those businesses involved in the 
``[u]nderwriting and placement of life insurance and other investment 
related insurance.'' See Glossary and Recommendation 15.
    A 2002 federal grand jury indictment illustrates the money 
laundering risks associated with insurance products and the 
corresponding need for vigilance in the insurance industry.\7\ That 
indictment charged five Colombian nationals with conspiring to launder 
millions of dollars originating from the illicit sale of cocaine. The 
scheme involved the purchase and subsequent redemption of life 
insurance policies.
---------------------------------------------------------------------------

    \7\ United States of America v. Rodrigo Jose Murillo, Alexander 
Murillo, Jaime Eduardo Rey Albornoz, Arturo Delgado, and Esperanza 
Romero, Mag. Docket No. 02-21007 (S.D. FL. 2002) (Grand Jury 
Indictment).
---------------------------------------------------------------------------

    According to court documents and interviews related to that 
indictment, federal law enforcement officials have discovered that in 
recent years Colombian drug cartels bought life insurance policies in 
continental Europe, the United Kingdom, and in smaller jurisdictions 
such as the Isle of Man, to launder the proceeds of drug trafficking. 
Using narcotics proceeds from the United States and Mexico, the 
traffickers purchased 250 life insurance policies in the Isle of Man 
alone. The insurance policies, worth as much as $1.9 million each, were 
sometimes taken out in the names of cartel associates and members of 
their families. The traffickers would typically cash out all or part of 
the Isle of Man policies prematurely, in some cases after only a year, 
paying penalties of 25 percent or more. The penalties, however, merely 
represented a ``business cost'' of using the insurance products to 
launder the illicit narcotics proceeds. Thus far, federal law 
enforcement officials have seized more than $9.5 million in Florida in 
connection with the investigation. If the insurance companies in the 
relevant jurisdictions had been subject to anti-money laundering 
controls, they might have detected the money laundering scheme because 
the policyholders were authorizing unrelated third parties to withdraw 
money from the cash value of their policies or were frequently cashing 
out their policies early.
    A review of the Suspicious Activity Reports filed with the 
Financial Crimes Enforcement Network also reveals instances in which 
financial institutions have reported the suspected use of insurance 
products for the purpose of laundering the proceeds of criminal 
activity. During the past five years, a number of Suspicious Activity 
Reports were filed that reference the use of an insurance product in 
suspected money laundering activity. For example, several reports 
describe as suspicious the large, lump-sum purchase of annuity 
contracts, followed almost immediately

[[Page 66756]]

by several withdrawals of those funds. In some cases, the entire 
balance of the annuity contract was withdrawn shortly after the 
purchase of the contract. Other reports detail suspicious loans taken 
out against an annuity contract and life insurance premiums being paid 
by unrelated third parties.

II. Notice of Proposed Rulemaking

    On September 26, 2002, we published a notice of proposed 
rulemaking, 67 FR 60625, that would extend the requirement to establish 
an anti-money laundering program to insurance companies. The comment 
period for the proposed rule ended on November 25, 2002. We received 
over 50 comments from insurance companies and agents, banks, trade 
associations, attorneys, and a government agency addressing issues 
raised by either the proposed rule or by a related proposed rule, 67 FR 
64067 (October 17, 2002), that would require insurance companies to 
report suspicious transactions.

III. Summary of Comments

    Most of the comments focused on the following matters: (1) The 
potential application of an anti-money laundering program requirement 
to agents and brokers of insurance companies, rather than just their 
insurance company principals; (2) the training of agents and brokers 
concerning their responsibilities under an insurance company's anti-
money laundering program; and (3) the appropriate scope of the products 
that cause an entity to be defined as an insurance company for purposes 
of the rule. These comments are discussed below. Other significant 
comments are discussed in the section-by-section analysis.

A. Treatment of Agents and Brokers

    In the proposed rule, we proposed that an insurance company, but 
not its agents or brokers, establish an anti-money laundering program. 
Under the proposed rule, an insurance company would be responsible for 
obtaining customer information from all relevant sources, including 
from its agents and brokers, necessary to make its anti-money 
laundering program effective. We specifically sought comments on 
whether an insurance company's agents and brokers should be subject to 
a direct obligation to establish anti-money laundering programs. 
Commenters were almost evenly divided on this issue. Several agreed 
with the approach taken in the proposed rule, stating that the benefit 
of requiring tens of thousands of insurance agents and brokers to 
independently establish an anti-money laundering program would be 
outweighed by the costs. Other commenters argued that a direct 
obligation is necessary because insurance companies lack sufficient 
control over their distribution channels to integrate these elements 
into an adequate anti-money laundering compliance program.
    After careful consideration of all the views expressed, we are 
adopting the approach set forth in the proposed rule. Under the terms 
of the final rule, the obligation to establish an anti-money laundering 
program applies to an insurance company, and not its agents or 
brokers.\8\ Nevertheless, because insurance agents and brokers are an 
integral part of the insurance industry due to their direct contact 
with customers, the final rule requires each insurance company to 
establish and implement policies, procedures, and internal controls 
reasonably designed to integrate its agents and brokers into its anti-
money laundering program and to monitor their compliance with its 
program. An insurance company's anti-money laundering program also must 
include procedures for obtaining all relevant customer-related 
information necessary for an effective program, either from its agents 
and brokers or from other sources.
---------------------------------------------------------------------------

    \8\ Certain agents of insurance companies are required under 
separate rules to establish anti-money laundering programs. See 
infra note 10.
---------------------------------------------------------------------------

    The final rule imposes a direct obligation only on insurance 
companies, and not their agents or brokers, for a number of reasons. 
First, whether an insurance company sells its products directly or 
through agents, we believe that it is appropriate to place on the 
insurance company, which develops and bears the risks of its products, 
the responsibility for guarding against such products being used to 
launder unlawfully derived funds or to finance terrorist acts. Second, 
insurance companies, due to their much larger size relative to that of 
their numerous agents and brokers, are better able to bear the costs of 
compliance connected with the sale of their products.\9\ Finally, 
numerous insurers already have in place compliance programs and best 
practices guidelines for their agents and brokers to prevent and detect 
fraud. We believe that insurance companies largely will be able to 
integrate their anti-money laundering programs into their existing 
compliance programs and best practices guidelines.
---------------------------------------------------------------------------

    \9\ Although some agents work within large structures, only a 
small fraction of agencies employ more than a handful of people. 
According to one commenter, there are ``independent agents who 
operate on their own or in offices with just a few of their 
independent agent colleagues and thus comprise the quintessential 
notion of a small business operation.'' Letter from the American 
Council of Life Insurers, Nov. 25, 2002, at 4.
---------------------------------------------------------------------------

    Insurance agents and brokers will play an important role in the 
effective operation of an insurance company's anti-money laundering 
program. By not placing an independent regulatory obligation on agents 
and brokers, we do not intend to minimize their role and we intend to 
assess the effectiveness of the rule on an ongoing basis. If it appears 
that the effectiveness of the rule is being undermined by the failure 
of agents and brokers to cooperate with their insurance company 
principals, we will consider proposing appropriate amendments to the 
rule. We also expect that an insurance company, when faced with a non-
compliant agent or broker, will take the necessary actions to secure 
such compliance, including, when appropriate, terminating its business 
relationship with such an agent or broker.

B. Training of Agents and Brokers

    Several commenters requested that the final rule incorporate some 
flexibility regarding an insurance company's training of its agents and 
brokers. At least one commenter suggested that we add language to the 
rule to avoid the duplicative training of independent agents that sell 
products on behalf of more than one insurance company.
    We agree with these comments. Consequently, the final rule gives an 
insurance company the flexibility of directly training its agents and 
brokers. Alternatively, an insurance company may satisfy its training 
obligation by verifying that its agents and brokers have received the 
training required by the rule from another insurance company or from a 
competent third party with respect to the covered products offered by 
the company. Such training courses are already being developed and 
offered. A competent third party can include another financial 
institution that is required to establish an anti-money laundering 
program.\10\ It is left to the discretion of an insurance company to 
determine whether the training of its agents by

[[Page 66757]]

another party is adequate. We do not intend to certify, license, or 
otherwise prospectively approve training programs.
---------------------------------------------------------------------------

    \10\ For example, variable life insurance contracts and variable 
annuities (variable insurance products) are securities under the 
Securities Exchange Act of 1934 and therefore may be sold only by 
registered broker-dealers, who are required to have anti-money 
laundering programs pursuant to rules issued by the Financial Crimes 
Enforcement Network and the National Association of Securities 
Dealers and the New York Stock Exchange, two of the securities 
industry's self-regulatory organizations. In addition, other covered 
products, including fixed annuities, are sold by banks, which are 
also subject to anti-money laundering program requirements. See 
infra note 19.
---------------------------------------------------------------------------

C. Covered Products

    Under the proposed rule, the issuing, underwriting, or reinsuring 
of a life insurance policy, an annuity contract, or any product with 
investment or cash value features, would have caused an insurance 
company to fall within the scope of the rule. A company that offered 
exclusively other kinds of insurance products, such as a property and 
casualty insurance policy, would not have been required to establish an 
anti-money laundering program. The overwhelming majority of commenters 
agreed with the distinction that we made between higher-risk and lower-
risk insurance products.\11\ Some of those commenters requested that we 
take the additional step of further excluding other kinds of insurance 
contracts and products relating to life insurance and annuities, such 
as reinsurance, group life insurance policies, group annuities, and 
term life insurance policies.
---------------------------------------------------------------------------

    \11\ See, e.g., Joint Letter from the Independent Insurance 
Agents and Brokers of America and the National Association of 
Professional Insurance Agents, Nov. 25, 2002, at 1 (``This 
distinction [between life insurance and property and casualty 
insurance] is legitimate and provides relief from the administrative 
and regulatory burdens of the proposed rule for the segments of the 
insurance industry that are at very low risk of money 
laundering.'').
---------------------------------------------------------------------------

    We, not having been informed or otherwise having learned of 
examples to the contrary, agree that some of these contracts and 
products pose little or no risk of being used for money laundering. For 
example, reinsurance and retrocession contracts and treaties are 
arrangements between insurance companies by which they reallocate risks 
within the insurance industry and do not involve transactions with 
customers. Similarly, group life insurance policies and group annuities 
are typically issued to a company, financial institution, or 
association, and generally restrict the ability of an individual 
insured or participant to manipulate their investment. These products 
pose low money laundering risks. Consequently, the final rule does not 
include in its coverage reinsurance or retrocession contracts or 
treaties, group life insurance, or group annuities.
    After careful consideration of the comments, we also have decided 
to exclude term life (which includes credit life) insurance policies at 
this time. Given the operating characteristics of these products--e.g., 
the absence of a cash surrender value and the underwriting scrutiny 
given to term policies, especially those with large face amounts--we 
believe that it would be impractical to launder money through term life 
insurance policies, and that the corresponding money laundering risks 
associated with such products are not significant. Nevertheless, as 
with all new exclusions, we will reconsider this position if 
circumstances warrant.
    While some insurance companies that offer a diversity of insurance 
products may decide to adopt company-wide anti-money laundering 
programs, regardless of the kinds of products they offer, we wish to 
emphasize that the final rule does not require that an insurance 
company adopt a company-wide anti-money laundering program applicable 
to all of its insurance products. The anti-money laundering program 
requirement applies only to covered products, as defined in the final 
rule, offered by the insurance company.

IV. Section-by-Section Analysis

A. 103.137(a)--Definitions

    Section 103.137(a) defines the key terms used in the final rule. In 
response to comments seeking clarification of certain terms used in the 
proposed rule, the final rule includes definitions of the terms 
``annuity contract,'' ``bank,'' ``broker-dealer in securities,'' 
``covered product,'' ``group annuity contract,'' ``group life insurance 
policy,'' ``insurance agent,'' ``insurance broker,'' and ``permanent 
life insurance policy.''
    The final rule defines an annuity contract as ``any agreement 
between the insurer and the contract owner whereby the insurer promises 
to pay out a fixed or variable income stream for a period of time.'' 
For purposes of the rule, contracts of indemnity, as well as workers 
compensation insurance and structured settlements, are not annuity 
contracts.
    The definition of an insurance company reflects our determination 
that an anti-money laundering program should be imposed only on those 
products that pose a significant risk of money laundering or terrorist 
financing. Thus, an ``insurance company'' includes any person engaged 
within the United States as a business in the issuing or underwriting 
of a covered product. The term ``as a business'' is intended to exclude 
those persons that offer annuities or another covered product as an 
incidental part of their non-insurance business.\12\ At this time, we 
believe that such persons present a much lower risk of being used for 
money laundering or terrorist financing than those persons that offer a 
covered product as an integral part of their business. We leave open 
the possibility of revisiting this issue in a future rulemaking if 
circumstances warrant.
---------------------------------------------------------------------------

    \12\ For example, a tax-exempt organization that offers 
charitable gift annuities (as defined in section 501(m)(5) of the 
Internal Revenue Code, 26 U.S.C. 501(m)(5)) as a vehicle for planned 
charitable giving to the tax-exempt organization, and that would not 
otherwise fall within the definition of an insurance company, 
generally would not be considered an insurance company under the 
final rule.
---------------------------------------------------------------------------

    The final rule contains an explicit exception to the definition of 
an insurance company. That exception clarifies that insurance agents 
and insurance brokers are not required under the final rule to 
establish an anti-money laundering program. However, as explained 
below, an insurance company is responsible for integrating its agents 
and brokers into its anti-money laundering program and for monitoring 
their compliance with the requirements of its program. In addition, the 
definition of an insurance company refers only to the business of 
issuing or underwriting certain kinds of insurance products, and 
therefore does not cover the reinsuring or retrocession of insurance 
products.
    The term ``covered product'' is defined to mean: (i) A permanent 
life insurance policy, other than a group life insurance policy; (ii) 
any annuity contract, other than a group annuity contract; and (iii) 
any other insurance product with features of cash value or investment. 
Permanent life insurance and annuity products are covered products, 
with the exception of group life insurance and group annuities. The 
definition also incorporates a functional approach, and encompasses any 
insurance product having the same kinds of features that make permanent 
life insurance and annuity products more at risk of being used for 
money laundering. To the extent that term life insurance, property and 
casualty insurance, health insurance, and other kinds of insurance do 
not exhibit these features, they are not products covered by the rule.
    Some commenters suggested that we should adopt a dollar threshold 
exemption for life insurance policies, particularly in the context of 
term life insurance policies. For example, commenters requested that we 
exempt from the scope of the anti-money laundering program requirement, 
term life insurance policies with face values below $10,000. As stated 
above, term life insurance is not covered by this final rule. In 
addition, we expect, as we do with all of anti-money laundering rules, 
that an insurance company will take a risk-based approach when 
developing its anti-money laundering

[[Page 66758]]

program. Such an approach should consider a number of factors, 
including, but not limited to, the dollar amount involved in the 
issuing or underwriting of certain products. Consequently, we believe 
that a dollar threshold exemption for purposes of establishing an anti-
money laundering program is not warranted.

B. 103.137(b)--Anti-Money Laundering Program Requirements for Insurance 
Companies

    Section 103.137(b) requires that, not later than May 2, 2006, each 
insurance company issuing or underwriting a covered product develop and 
implement an anti-money laundering program reasonably designed to 
prevent the insurance company from being used to facilitate money 
laundering or the financing of terrorist activities. In response to 
comments requesting that we clarify the breadth of the program 
requirement, language has been added to clarify that the anti-money 
laundering program is only required with respect to covered products 
issued or underwritten by an insurance company. The anti-money 
laundering program must be in writing and must be approved by senior 
management. An insurance company's written program also must be made 
available to the Department of the Treasury, the Financial Crimes 
Enforcement Network, or their designee upon request. Minimum 
requirements for the anti-money laundering program are set forth in 
section 103.137(c). Beyond these minimum requirements, however, the 
final rule is intended to give insurance companies the flexibility to 
design their programs to meet the specific risks associated with their 
particular business.

C. 103.137(c)--Minimum Requirements

    Section 103.137(c) sets forth the minimum requirements of an 
insurance company's anti-money laundering program. Section 
103.137(c)(1) requires the anti-money laundering program to incorporate 
policies, procedures, and internal controls based upon the insurance 
company's assessment of the money laundering and terrorist financing 
risks associated with its covered products. As noted above, an 
insurance company's assessment of customer-related information, 
including methods of payment, is a key component of an effective anti-
money laundering program. Thus, an insurance company is responsible for 
integrating its agents and brokers into its anti-money laundering 
program, for obtaining relevant customer-related information from them, 
and for using that information to assess the money laundering risks 
presented by its business and to identify any ``red flags''.\13\ The 
specific procedures for conducting such a program are left to the 
discretion of the insurance company. Insurance companies must use the 
expertise that they possess about their industry and their particular 
lines of business to develop a program that meets the requirements of 
the rule.
---------------------------------------------------------------------------

    \13\ See infra note 18 and accompanying text.
---------------------------------------------------------------------------

    In developing a risk-based anti-money laundering program, an 
insurance company must consider all relevant factors affecting the 
risks inherent in its covered products. For example, an insurance 
company should consider the extent and circumstances under which its 
customers use cash or cash equivalents to purchase a covered product, 
and whether the insurance company issues or underwrites covered 
products to persons in a jurisdiction: (1) Whose government has been 
identified by the State Department as a sponsor of international 
terrorism under 22 U.S.C. 2371; \14\ (2) that has been designated by 
the Financial Action Task Force as non-cooperative with international 
anti-money laundering principles; \15\ or (3) that has been found by 
the Secretary of the Treasury or the Director of the Financial Crimes 
Enforcement Network as warranting special measures due to money 
laundering concerns.\16\
---------------------------------------------------------------------------

    \14\ See http://www.state.gov/s/ct/rls/pgtrpt/.
    \15\ See http://www1.oecd.org/fatf/NCCT_en.htm.
    \16\ Information about such jurisdictions can be found at http://www.ustreas.gov/.
---------------------------------------------------------------------------

    When assessing risks associated with particular distribution 
channels for its covered products, an insurance company should 
consider, among other things, whether an agent or broker is required to 
establish its own anti-money laundering program pursuant to another 
requirement in 31 CFR Part 103. Some commenters suggested excluding 
from an insurer's anti-money laundering program covered products sold 
by, for example, broker-dealers in securities or banks because they are 
already subject to an anti-money laundering program requirement. 
Although we do not believe that a complete exclusion is appropriate, 
the insurance company could generally rely on the agent's own program 
requirements to address issues at the time of the sale if reasonable 
(i.e., the insurer knows of no defect in the agent's program), while 
the insurer's program should focus on the ongoing administration of the 
covered product.
    Policies, procedures, and internal controls also must be reasonably 
designed to ensure compliance with applicable Bank Secrecy Act 
requirements. The only Bank Secrecy Act regulatory requirement 
currently applicable to insurance companies is the obligation to report 
on Form 8300 the receipt of cash or certain non-cash instruments 
totaling more than $10,000 in one transaction or in two or more related 
transactions. As noted above, we today are also publishing a final rule 
requiring insurance companies to file Suspicious Activity Reports, 
which will apply to transactions occurring after May 2, 2006.\17\ If 
insurance companies become subject to additional Bank Secrecy Act 
requirements, their anti-money laundering programs will need to be 
updated accordingly.
---------------------------------------------------------------------------

    \17\ When voluntarily filing reports of suspicious transactions, 
insurance companies should use the Suspicious Activity Report by 
Insurance Companies (SAR-IC) form being developed specifically for 
use by the insurance industry. This form will be made available on 
the Financial Crimes Enforcement Network website at http://www.fincen.gov. In the interim, insurance companies should use the 
Suspicious Activity Report by Securities and Futures Industries.
---------------------------------------------------------------------------

    Insurance companies typically conduct their sales operations 
through agents. Some elements of the compliance program will be best 
performed by these agents, in which case it is permissible for an 
insurance company to make appropriate arrangements with an agent to 
perform those aspects of its anti-money laundering program. Any 
insurance company that arranges for its agent to perform aspects of its 
anti-money laundering program, however, remains responsible for the 
effectiveness of the program, as well as for ensuring that the 
appropriate examiners have access to information and records relating 
to the anti-money laundering program and are able to inspect the agent 
or the third party for purposes of the program. An insurance company's 
compliance with this regulation includes: Taking reasonable steps to 
identify the aspects of its operations that may give rise to applicable 
Bank Secrecy Act regulatory requirements or that are vulnerable to 
money laundering or terrorist financing activity; developing and 
implementing a program reasonably designed to achieve compliance with 
such regulatory requirements and to prevent such activity; and 
monitoring the effectiveness of its program. For example, it would not 
be sufficient for an insurance company simply to obtain a certification 
from its delegee that the company ``has a satisfactory anti-money 
laundering program.''
    Section 103.137(c)(2) requires that an insurance company designate 
a compliance officer to be responsible for administering the anti-money 
laundering program. An insurance

[[Page 66759]]

company may designate a single person or committee to be responsible 
for compliance. The person or persons should be competent and 
knowledgeable regarding applicable Bank Secrecy Act requirements and 
money laundering risks, and should be empowered with full 
responsibility and authority to develop and enforce appropriate 
policies and procedures. The role of the compliance officer is to 
ensure that: (1) The program is being implemented effectively, 
including monitoring compliance by the company's insurance agents and 
insurance brokers with their obligations under the program; (2) the 
program is updated as necessary; and (3) appropriate persons are 
trained in accordance with section 103.137(c)(3). The compliance 
officer also should ensure that employees of the insurance company have 
appropriate resources to which they can address questions regarding the 
application of the program in light of specific facts.
    Section 103.137(c)(3) requires that an insurance company provide 
training for appropriate persons. Training is an integral part of any 
anti-money laundering program. In order for the anti-money laundering 
program to be effective, employees of an insurance company with 
responsibility under the program must be trained in the requirements of 
the program and money laundering risks generally so that ``red flags'' 
associated with covered products can be identified.\18\ Such training 
could be conducted by outside or in-house seminars, and could include 
computer-based training. The nature, scope, and frequency of the 
training will depend upon the functions performed. However, those 
persons with obligations under the anti-money laundering program must 
be sufficiently trained to carry out their responsibilities effectively 
and should receive periodic updates and refreshers regarding the anti-
money laundering program.
---------------------------------------------------------------------------

    \18\ Some examples of ``red flags'' include, but are not limited 
to, the following: The purchase of an insurance product inconsistent 
with the customer's needs; unusual payment methods, such as cash, 
cash equivalents (when such a usage of cash or cash equivalents is, 
in fact, unusual), or structured monetary instruments; early 
termination of a product, especially at a cost to the customer, or 
where payment is made by, or the refund check is directed to, an 
apparently unrelated third party; the transfer of the benefit of a 
product to an apparently unrelated third party; a customer who shows 
little concern for the investment performance of a product, but much 
concern about the early termination features of the product; a 
customer who is reluctant to provide identifying information when 
purchasing a product, or who provides minimal or seemingly 
fictitious information; and a customer who borrows the maximum 
amount available soon after purchasing the product.
---------------------------------------------------------------------------

    An insurance company also must provide for the training of its 
insurance agents and brokers concerning their responsibilities under 
the company's anti-money laundering program. An insurance company may 
satisfy this requirement by directly training its agents and brokers or 
by verifying that its agents and brokers have received the required 
training by another insurance company or by a competent third party 
with respect to covered products offered by the company. For purposes 
of the rule, a competent third party can include a third-party vendor 
as well as another financial institution that is subject to an anti-
money laundering program requirement, such as a broker-dealer in 
securities or a bank. Some commenters suggested that we establish and 
maintain a central registry for certifications of agent training. 
Although we would not object to the establishment of a privately 
maintained registry, we will not establish such a registry for a number 
of reasons, including the fact that it could be interpreted as an 
endorsement of the adequacy of such training.
    Section 103.137(c)(4) requires that an insurance company provide 
for independent testing of the program on a periodic basis to ensure 
that it complies with the requirements of the rule and that the program 
functions as designed.\19\ An outside consultant or accountant need not 
perform the test. A single employee of the insurance company, or a 
committee comprised of more than one employee, may perform the 
independent testing, as long as the tester is not the compliance 
officer or otherwise involved in administering the program. The 
frequency of the independent testing will depend upon the insurance 
company's assessment of the risks associated with its covered products. 
Any recommendations resulting from such testing should be implemented 
promptly or submitted to senior management for consideration.
---------------------------------------------------------------------------

    \19\ As noted above, an employee or agent of an insurance 
company who also is a registered representative of a broker-dealer 
in securities or an employee of a bank would be subject to the 
broker-dealer's or bank's anti-money laundering program, including 
its testing. In such a case, the insurance company would not have to 
independently test those relevant parts of the broker-dealer's or 
bank's program, as long as it confirms that such testing has 
occurred and the insurance company reviews the relevant portion of 
any report produced.
---------------------------------------------------------------------------

D. 103.137(d)--Insurance Companies That Are Registered Broker-Dealers 
in Securities

    The proposed rule contained a provision stating that an insurance 
companythat is required to register with the Securities and Exchange 
Commission shall be deemed to have satisfied the requirements of this 
section for those activities regulated by the Securities and Exchange 
Commission to the extent that the company complies with the anti-money 
laundering program requirements applicable to such activities that are 
imposed by the Securities and Exchange Commission or by a self-
regulatory organization registered with the Securities and Exchange 
Commission. This provision, which was intended to avoid an insurance 
company being subject to two different anti-money laundering rules 
regarding the same activities, has been retained in simplified form in 
the final rule. It would apply to an insurance company that is 
registered (or is required to register) with the Securities and 
Exchange Commission as a broker-dealer in securities. To the extent 
such a company already is required to establish and has established an 
anti-money laundering program pursuant to 31 CFR 103.120, it shall be 
deemed to be in compliance with this final rule. However, to the extent 
that this final rule imposes requirements with respect to activities 
not covered by 31 CFR 103.120 and the registered broker-dealer 
insurance company has adopted an anti-money laundering program that 
addresses only its broker-dealer activities, the company would not be 
deemed in compliance with this rule. In addition, this provision 
applies only to an insurance company that is itself registered or 
required to register with the Securities and Exchange Commission as a 
broker-dealer in securities,\20\ and not to a registered broker-dealer 
that distributes an insurance company's products as agent.\21\
---------------------------------------------------------------------------

    \20\ We are currently aware of only one such insurance company, 
although there may be others.
    \21\ We have not expanded this provision to also apply to 
broker-dealers with anti-money laundering programs distributing an 
insurance company's products as agent, as requested by a commenter. 
The final rule's application to such broker-dealers is discussed in 
Part IV.C. above.
---------------------------------------------------------------------------

E. 103.137(e)--Compliance

    A new subsection (e) has been added to specifically state that the 
Financial Crimes Enforcement Network or its delegee shall examine the 
insurance company for compliance with this regulation, and that failure 
to comply may violate the Bank Secrecy Act and the final rule.

V. Executive Order 12866

    The final rule contained in this document is not a significant 
regulatory action for purposes of Executive Order

[[Page 66760]]

12866. Accordingly, a regulatory impact analysis is not required.

VI. Regulatory Flexibility Act

    It is hereby certified, pursuant to the Regulatory Flexibility Act 
(5 U.S.C. 601 et seq.), that the final rule contained in this document 
is not likely to have a significant economic impact on a substantial 
number of small entities. Most insurance companies are not small 
businesses. In addition, the costs associated with the establishment 
and implementation of anti-money laundering programs are attributable 
to the mandatory nature of 31 U.S.C. 5318(h)(1). The final rule 
provides for substantial flexibility in how each insurance company may 
comply with that statutory mandate. This flexibility is designed to 
account for differences among insurance companies, including size. In 
this regard, the costs associated with developing and implementing an 
anti-money laundering program will be commensurate with the size of an 
insurance company. If a company is small, the burden of complying with 
the final rule should be correspondingly small. Consistent with the 
principles of the Regulatory Flexibility Act, we did consider exempting 
small insurance companies from some or all of the requirements of the 
final rule. We do not believe that such an exemption is appropriate, 
given the flexibility provided in the final rule to account for, among 
other things, differences in size and resources, and that money 
laundering can also occur through small insurance companies.

VII. Paperwork Reduction Act

    The collection of information contained in the final rule has been 
approved by the Office of Management and Budget in accordance with the 
Paperwork Reduction Act of 1995 (44 U.S.C. 3507(d)), and assigned 
Office of Management and Budget Control Number 1506-0035. An agency may 
not conduct or sponsor, and a person is not required to respond to, a 
collection of information unless it displays a valid control number 
assigned by the Office of Management and Budget.
    The only requirement in the final rule that is subject to the 
Paperwork Reduction Act is the requirement that an insurance company 
keep a written record of its anti-money laundering program. The 
estimated annual average burden associated with this collection of 
information is one hour per recordkeeper. We received one comment on 
this recordkeeping burden estimate, suggesting that the estimate was 
too low. Consistent with each of the prior rules that we have issued 
implementing 31 U.S.C. 5318(h)(1), we believe that our original 
estimate is accurate.
    Comments concerning the accuracy of this recordkeeping burden 
estimate and suggestions for reducing this burden should be sent 
(preferably by fax on (202) 395-6974) to Desk Officer for the 
Department of the Treasury, Office of Information and Regulatory 
Affairs, Office of Management and Budget, Washington, DC 20503 (or by 
the Internet to [email protected]), with a copy by paper mail to 
Financial Crimes Enforcement Network, P.O. Box 39, Vienna, VA 22183, 
``ATTN: Section 352--Insurance Company AML Regulation'' or by 
electronic mail to [email protected] with the caption 
``ATTN: Section 352--Insurance Company AML Regulation'' in the body of 
the text.

List of Subjects in 31 CFR Part 103

    Administrative practice and procedure, Authority delegations 
(Government agencies), Insurance companies, Currency, Investigations, 
Law Enforcement, Reporting and recordkeeping requirements.

Authority and Issuance

0
For the reasons set forth in the preamble, part 103 of title 31 of the 
Code of Federal Regulations is amended as follows:

PART 103--FINANCIAL RECORDKEEPING AND REPORTING OF CURRENCY AND 
FINANCIAL TRANSACTIONS

0
1. The authority citation for part 103 is revised to read as follows:

    Authority: 12 U.S.C. 1829b and 1951-1959; 31 U.S.C. 5311-5314, 
5316-5332; title III, sec. 314, Pub. L. 107-56, 115 Stat. 307.


0
2. Subpart I of part 103 is amended by adding new Sec.  103.137 to read 
as follows:


Sec.  103.137  Anti-money laundering programs for insurance companies.

    (a) Definitions. For purposes of this section:
    (1) Annuity contract means any agreement between the insurer and 
the contract owner whereby the insurer promises to pay out a fixed or 
variable income stream for a period of time.
    (2) Bank has the same meaning as provided in Sec.  103.11(c).
    (3) Broker-dealer in securities has the same meaning as provided in 
Sec.  103.11(f).
    (4) Covered product means:
    (i) A permanent life insurance policy, other than a group life 
insurance policy;
    (ii) An annuity contract, other than a group annuity contract; and
    (iii) Any other insurance product with features of cash value or 
investment.
    (5) Group annuity contract means a master contract providing 
annuities to a group of persons under a single contract.
    (6) Group life insurance policy means any life insurance policy 
under which a number of persons and their dependents, if appropriate, 
are insured under a single policy.
    (7) Insurance agent means a sales and/or service representative of 
an insurance company. The term ``insurance agent'' encompasses any 
person that sells, markets, distributes, or services an insurance 
company's covered products, including, but not limited to, a person who 
represents only one insurance company, a person who represents more 
than one insurance company, and a bank or broker-dealer in securities 
that sells any covered product of an insurance company.
    (8) Insurance broker means a person who, by acting as the 
customer's representative, arranges and/or services covered products on 
behalf of the customer.
    (9) Insurance company or insurer. (i) Except as provided in 
paragraph (a)(9)(ii) of this section, the term ``insurance company'' or 
``insurer'' means any person engaged within the United States as a 
business in the issuing or underwriting of any covered product.
    (ii) The term ``insurance company'' or ``insurer'' does not include 
an insurance agent or insurance broker.
    (10) Permanent life insurance policy means an agreement that 
contains a cash value or investment element and that obligates the 
insurer to indemnify or to confer a benefit upon the insured or 
beneficiary to the agreement contingent upon the death of the insured.
    (11) Person has the same meaning as provided in Sec.  103.11(z).
    (12) United States has the same meaning as provided in Sec.  
103.11(nn).
    (b) Anti-money laundering program requirements for insurance 
companies. Not later than May 2, 2006, each insurance company shall 
develop and implement a written anti-money laundering program 
applicable to its covered products that is reasonably designed to 
prevent the insurance company from being used to facilitate money 
laundering or the financing of terrorist activities. The program must 
be approved by senior management. An insurance company shall make a 
copy of its anti-money laundering program available to the Department 
of the Treasury, the Financial Crimes Enforcement Network, or their 
designee upon request.

[[Page 66761]]

    (c) Minimum requirements. At a minimum, the program required by 
paragraph (b) of this section shall:
    (1) Incorporate policies, procedures, and internal controls based 
upon the insurance company's assessment of the money laundering and 
terrorist financing risks associated with its covered products. 
Policies, procedures, and internal controls developed and implemented 
by an insurance company under this section shall include provisions for 
complying with the applicable requirements of subchapter II of chapter 
53 of title 31, United States Code and this part, integrating the 
company's insurance agents and insurance brokers into its anti-money 
laundering program, and obtaining all relevant customer-related 
information necessary for an effective anti-money laundering program.
    (2) Designate a compliance officer who will be responsible for 
ensuring that:
    (i) The anti-money laundering program is implemented effectively, 
including monitoring compliance by the company's insurance agents and 
insurance brokers with their obligations under the program;
    (ii) The anti-money laundering program is updated as necessary; and
    (iii) Appropriate persons are educated and trained in accordance 
with paragraph (c)(3) of this section.
    (3) Provide for on-going training of appropriate persons concerning 
their responsibilities under the program. An insurance company may 
satisfy this requirement with respect to its employees, insurance 
agents, and insurance brokers by directly training such persons or 
verifying that persons have received training by another insurance 
company or by a competent third party with respect to the covered 
products offered by the insurance company.
    (4) Provide for independent testing to monitor and maintain an 
adequate program, including testing to determine compliance of the 
company's insurance agents and insurance brokers with their obligations 
under the program. The scope and frequency of the testing shall be 
commensurate with the risks posed by the insurance company's covered 
products. Such testing may be conducted by a third party or by any 
officer or employee of the insurance company, other than the person 
designated in paragraph (c)(2) of this section.
    (d) Anti-money laundering program requirements for insurance 
companies registered or required to register with the Securities and 
Exchange Commission as broker-dealers in securities. An insurance 
company that is registered or required to register with the Securities 
and Exchange Commission as a broker-dealer in securities shall be 
deemed to have satisfied the requirements of this section for its 
broker-dealer activities to the extent that the company is required to 
establish and has established an anti-money laundering program pursuant 
to Sec.  103.120 and complies with such program.
    (e) Compliance. Compliance with this section shall be examined by 
the Department of the Treasury, through the Financial Crimes 
Enforcement Network or its delegees, under the terms of the Bank 
Secrecy Act. Failure to comply with the requirements of this section 
may constitute a violation of the Bank Secrecy Act and of this part.

    Dated: October 28, 2005.
William J. Fox,
Director, Financial Crimes Enforcement Network.
[FR Doc. 05-21917 Filed 11-2-05; 8:45 am]
BILLING CODE 4810-02-P