[Federal Register Volume 71, Number 53 (Monday, March 20, 2006)]
[Rules and Regulations]
[Pages 13934-13937]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 06-2629]


=======================================================================
-----------------------------------------------------------------------

FEDERAL RESERVE SYSTEM

12 CFR Part 211

[Regulation K; Docket No. R-1147]


International Banking Operations

AGENCY: Board of Governors of the Federal Reserve System.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: The Board of Governors of the Federal Reserve System (Board) 
has adopted a final rule to require Edge and Agreement corporations and 
U.S. branches, agencies, and representative offices of foreign banks 
supervised by the Board to establish and maintain procedures reasonably 
designed to assure and monitor compliance with the Bank Secrecy Act and 
the regulations issued thereunder.

DATES: This rule is effective April 19, 2006.

FOR FURTHER INFORMATION CONTACT: Nina A. Nichols, Assistant Director, 
(202) 452-2961, Shaswat K. Das, Counsel, (202) 452-2428, or Bridget M. 
Neill, Assistant Director, (202) 452-5235, Division of Banking 
Supervision and Regulation; or Ann E. Misback, Associate General 
Counsel, (202) 452-3788, or Jennifer Sutton, Attorney, (202) 452-3564, 
Legal Division. For users of Telecommunications Devices for the Deaf 
(TDD) only, contact (202) 263-4869.

SUPPLEMENTARY INFORMATION:

I. Background

A. Regulations on Bank Secrecy Act Compliance Programs

    Subchapter II of chapter 53 of Title 31, United States Code, 
commonly known as the ``Bank Secrecy Act,'' generally requires 
financial institutions to, among other things, keep records and make 
reports that have a high degree of usefulness in criminal, tax, or 
regulatory proceedings. Section 1359 of the Anti-Drug Abuse Act of 
1986, Pub. L. 99-570, requires the supervisory agencies to prescribe 
regulations requiring institutions they regulate to establish and 
maintain procedures reasonably designed to assure and monitor 
compliance with the Bank Secrecy Act and to review such procedures 
during the course of their examinations.\1\
---------------------------------------------------------------------------

    \1\ See 12 U.S.C. 1818(s).

---------------------------------------------------------------------------

[[Page 13935]]

    The supervisory agencies' implementing regulations incorporate the 
minimum components of a compliance program as generally set forth in 
the Bank Secrecy Act at 31 U.S.C. 5318(h). These components are: (i) A 
system of internal controls to assure ongoing compliance; (ii) 
independent testing of compliance by the institution's personnel or by 
an outside party; (iii) the designation of an individual or individuals 
responsible for coordinating and monitoring day-to-day compliance; and 
(iv) training for appropriate personnel.\2\
---------------------------------------------------------------------------

    \2\ The Board's implementing regulation is found in Regulation H 
at section 208.63 (12 CFR 208.63).
---------------------------------------------------------------------------

    On May 30, 2003, the Board published a notice of proposed 
rulemaking in the Federal Register (68 FR 32434) to amend Regulation K 
(12 CFR part 211) to require Edge and Agreement corporations and U.S. 
branches, agencies, and representative offices of foreign banks 
supervised by the Board to establish and maintain procedures reasonably 
designed to assure and monitor compliance with the Bank Secrecy Act.

B. Overview of Comments Received

    The Board received five comments regarding the proposed rule. 
Commenters generally supported the clarification provided by the 
proposed rule regarding the Bank Secrecy Act compliance obligations of 
Edge and Agreement corporations and U.S. branches, agencies, and 
representative offices of foreign banks. Specific issues raised by the 
commenters are discussed below.

II. Analysis of Comments

A. Requirement for Program Approval

    The proposed rule would require a branch, agency, or representative 
office of a foreign bank operating in the United States (except for a 
Federal branch, a Federal agency, or a state-chartered branch that is 
insured by the Federal Deposit Insurance Corporation) to establish a 
Bank Secrecy Act compliance program with the approval of the foreign 
bank's board of directors. Two commenters expressed concern regarding 
the proposed approval process. One commenter observed that it is often 
difficult to obtain timely approval of ``local'' U.S. matters by the 
board of directors of the foreign bank in the home country. The other 
commenter noted that a U.S. branch, agency, or representative office 
may not itself have a board of directors and suggested that in such 
situation approval by the entity's senior management in the United 
States should be sufficient. Commenters stated that regulators, in 
other instances, have addressed logistical difficulties of securing 
head office approval by allowing, for example, a local committee, 
advisory board, senior management, or regional headquarters located in 
the United States to perform the functions of a board of directors.
    The Board believes the Bank Secrecy Act program requires attention 
at the highest levels of management. Boards of directors of state 
member banks are not permitted to delegate approval of the Bank Secrecy 
Act compliance program.\3\ U.S. branches, agencies, and representative 
offices of foreign banks generally will not have separate boards of 
directors. Nevertheless, these offices need to be able to establish and 
implement amendments to their Bank Secrecy Act programs as necessary. 
Accordingly, the final rule provides that a foreign bank's board of 
directors may appoint a delegee to approve the required Bank Secrecy 
Act program so long as the delegee is acting under the express 
authority of the board of directors to approve the Bank Secrecy Act 
program.
---------------------------------------------------------------------------

    \3\ See 12 CFR 208.63(b). (``The compliance program shall be 
reduced to writing, approved by the board of directors, and noted in 
the minutes.'')
---------------------------------------------------------------------------

B. Risk-Based Program

    One commenter requested that the Board clarify in the preamble to 
the final rule whether Edge and Agreement corporations and U.S. 
branches, agencies, and representative offices of foreign banks are 
expected to develop risk-based programs under the rule. The Board has 
consistently interpreted Regulation H to require each bank to develop a 
Bank Secrecy Act compliance program that is tailored to address the 
risks presented by its business operations and customer base, provided 
that the minimum requirements set forth in section 208.63 of Regulation 
H are met. Under longstanding existing supervisory practice, as 
reflected in the final rule amending Regulation K, the Board expects 
Edge and Agreement corporations and U.S. branches, agencies, and 
representative offices of foreign banks to develop and implement Bank 
Secrecy Act compliance programs that are risk-based.

C. Text of Regulation H Requirements

    The proposed rule incorporated by reference the minimum 
requirements for Bank Secrecy Act compliance programs that are set 
forth in Regulation H at section 208.63 (12 CFR 208.63). One commenter 
suggested that the rule would be easier to use and more understandable 
if the final rule set forth the full text of the regulatory 
requirements found in Regulation H.
    Many cross-references are made in Board regulations to provisions 
contained elsewhere. For example, the suspicious activity reporting 
rule for state member banks is found at 12 CFR 208.62 and is cross-
referenced in Regulations K and Y at 12 CFR 211.5(k), 211.24(f), and 
225.4(f). Similarly, the Customer Identification Program rule is found 
at 31 CFR 103.121 and is cross-referenced in Regulations H and K at 12 
CFR 208.63(b)(2), 12 CFR 211.5(m)(2), and 211.24(j)(2). The Board 
believes this format is sufficiently clear; as a result, the final rule 
continues to incorporate by reference the text of the minimum 
requirements for Bank Secrecy Act compliance programs found in section 
208.63 of Regulation H.

D. Applicability to Offshore Interests of U.S. Banking Organizations

    The proposed rule by its terms would require Edge and Agreement 
corporations and U.S. branches, agencies, and representative offices of 
foreign banks (except for a Federal branch, a Federal agency, or a 
state-chartered branch that is insured by the Federal Deposit Insurance 
Corporation) to establish Bank Secrecy Act compliance programs. One 
commenter requested that the final rule clarify that it does not apply 
to the investments of U.S. banks or Edge and Agreement corporations in 
offshore entities, whether those investments are subsidiaries, joint 
ventures, or portfolio investments. The definitions of ``financial 
institution'' and ``bank'' in the Bank Secrecy Act and regulations 
thereunder do not encompass foreign offices or foreign investments of 
U.S. banks or Edge and Agreement corporations.\4\ Nevertheless, banks 
are expected to have policies, procedures, and processes in place at 
all their branches and offices to protect against risks of money 
laundering and terrorist financing. Moreover, an enterprise-wide anti-
money laundering compliance program that assesses risk on a 
consolidated basis across all activities, business lines, and legal 
entities may be an essential tool in managing such risks.
---------------------------------------------------------------------------

    \4\ See 31 U.S.C. 5312(a)(2); 31 CFR 103.11(c).
---------------------------------------------------------------------------

III. Regulatory Analysis

A. Regulatory Flexibility Act

    In accordance with section 4(a) of the Regulatory Flexibility Act 
(5 U.S.C. 604(a)), the Board must publish a final regulatory 
flexibility analysis with this rulemaking. The final rule creates a

[[Page 13936]]

uniform regulatory standard for ensuring and examining compliance with 
applicable law and regulation. Institutions covered by the rule, 
whether small or large, are already required to have policies and 
procedures substantially equivalent to those required by the rule. 
Accordingly, the Board certifies that this final rule will not have a 
significant economic impact on a substantial number of small business 
entities.

B. Paperwork Reduction Act

    In accordance with the Paperwork Reduction Act of 1995 (PRA) (44 
U.S.C. 3506; 5 CFR 1320 Appendix A.1), the Board has reviewed the final 
rule under the authority delegated to the Board by the Office of 
Management and Budget (OMB). The collections of information associated 
with this rulemaking are found in 12 CFR 211.5 and 211.24. This 
information is required to evidence compliance with the requirements of 
the Bank Secrecy Act, and the regulations promulgated thereunder. The 
recordkeepers are for-profit financial institutions.
    The Federal Reserve may not conduct or sponsor, and an organization 
is not required to respond to, this collection of information unless it 
displays a currently valid OMB control number. The OMB control number 
is 7100-0310.
    The final rule does not change the collection of information 
requirements set forth in the proposed rule. The final rule applies 
only to Edge and Agreement corporations and U.S. branches, agencies, 
and representative offices of foreign banks supervised by the Board. 
The final rule requires each of those entities to establish a written 
compliance program that includes the following components: (i) A system 
of internal controls to assure ongoing compliance; (ii) independent 
testing of compliance by the institution's personnel or by an outside 
party; (iii) the designation of an individual or individuals 
responsible for coordinating and monitoring day-to-day compliance; and 
(iv) training for appropriate personnel. The compliance program must be 
approved by the board of directors (and noted in the minutes) or by a 
delegee of the foreign bank's board of directors.
    The commenters generally agreed that there would be little burden 
associated with the requirements for establishing a compliance program 
for the Bank Secrecy Act because the measures involved in the program 
are consistent with existing requirements under the Bank Secrecy Act at 
31 U.S.C. 5318(h) and usual and customary business practices. The Board 
continues to believe that the estimated average annual burden of 16 
hours per institution is accurate, because branches, agencies, and 
representative offices of foreign banks and Edge and Agreement 
corporations are currently subject to the program requirements of 
section 5318(h) of the Bank Secrecy Act. Thus, the rule adopted today 
clarifies the existing obligations of these entities under the Board's 
rules. Because the records would be maintained at branches, agencies, 
and representative offices of foreign banks and Edge and Agreement 
corporations, and the records are not provided to the Federal Reserve, 
no issue of confidentiality under the Freedom of Information Act 
arises.
    Estimated number of financial institutions subject to the final 
rule: 520.
    Estimated average annual burden for establishing the written 
compliance program per financial institution: 16 hours (2 business 
days).
    Estimated total annual burden: 8,320 hours.
    The Federal Reserve has a continuing interest in the public's 
opinion of our collections of information. At any time, comments 
regarding any aspect of this collection of information, including 
suggestions for reducing the burden may be sent to: Ms. Jennifer J. 
Johnson, Secretary, Board of Governors of the Federal Reserve System, 
20th Street and Constitution Avenue, NW., Washington, DC 20551; and to 
the Office of Management and Budget, Paperwork Reduction Project (OMB 
No. 7100-0310), Washington, DC 20503.

IV. Use of Plain Language

    Section 722 of the Gramm-Leach-Bliley Act, Pub. L. 106-102, 
requires the Board to use ``plain language'' in all proposed and final 
rules published after January 1, 2000. The Board requested comment on 
whether there were ways to make the proposed rule easier to understand. 
One commenter suggested that the rule would be easier to use if it set 
forth the full text of the regulatory requirements found in section 
208.63. For the reasons discussed above, the Board has determined to 
continue to incorporate by reference the text of the minimum 
requirements for Bank Secrecy Act compliance programs found in section 
208.63 of Regulation H. The Board believes that the final rule is 
written plainly and presented clearly.

List of Subjects in 12 CFR Part 211

    Exports, Federal Reserve System, Foreign banking, Holding 
companies, Investments, Reporting and recordkeeping requirements.


0
For the reasons set forth in the preamble, part 211 of chapter II of 
title 12 of the Code of Federal Regulations is amended as follows:

PART 211--INTERNATIONAL BANKING OPERATIONS (REGULATION K)

0
1. The authority citation for 12 CFR part 211 continues to read as 
follows:

    Authority: 12 U.S.C. 221 et seq., 1818, 1835a, 1841 et seq., 
3101 et seq., and 3901 et seq.; 15 U.S.C. 6801 and 6805; 31 U.S.C. 
5318.


0
2. In Sec.  211.5 add new paragraph (m)(1) to read as follows:


Sec.  211.5  Edge and agreement corporations.

* * * * *
    (m) Procedures for monitoring Bank Secrecy Act compliance.
    (1) Establishment of Compliance Program. Each Edge corporation and 
each agreement corporation shall, in accordance with the provisions of 
Sec.  208.63 of the Board's Regulation H, 12 CFR 208.63, develop and 
provide for the continued administration of a program reasonably 
designed to assure and monitor compliance with the provisions of 
subchapter II of chapter 53 of title 31, United States Code, the Bank 
Secrecy Act, and the implementing regulations promulgated thereunder by 
the Department of the Treasury at 31 CFR part 103. The compliance 
program shall be reduced to writing, approved by the board of 
directors, and noted in the minutes.
* * * * *

0
3. In Sec.  211.24 add new paragraph (j)(1) to read as follows:


Sec.  211.24  Approval of offices of foreign banks; procedures for 
applications; standards for approval; representative office activities 
and standards for approval; preservation of existing authority.

* * * * *
    (j) Procedures for monitoring Bank Secrecy Act compliance.
    (1) Establishment of Compliance Program. Except for a Federal 
branch or a Federal agency or a state branch that is insured by the 
FDIC, a branch, agency, or representative office of a foreign bank 
operating in the United States shall, in accordance with the provisions 
of Sec.  208.63 of the Board's Regulation H, 12 CFR 208.63, develop and 
provide for the continued administration of a program reasonably 
designed to assure and monitor compliance with the provisions of 
subchapter II of chapter 53 of title 31, United States Code, the Bank 
Secrecy Act, and the implementing regulations promulgated thereunder by 
the

[[Page 13937]]

Department of the Treasury at 31 CFR part 103. The compliance program 
shall be reduced to writing, and either:
    (i) Approved by the foreign bank's board of directors and noted in 
the minutes, or
    (ii) Approved by a delegee acting under the express authority of 
the board of directors to approve the Bank Secrecy Act compliance 
program.
* * * * *

    By order of the Board of Governors of the Federal Reserve 
System, March 15, 2006.
Jennifer J. Johnson,
Secretary of the Board.
[FR Doc. 06-2629 Filed 3-17-06; 8:45 am]
BILLING CODE 6210-01-P