31 CFR §1020.210

1. (a)Anti-money laundering program requirements for banks regulated by a Federal functional regulator, including banks, savings associations, and credit unions. A bank regulated by a Federal functional regulator shall be deemed to satisfy the requirements of 31 U.S.C. 5318(h)(1) if it implements and maintains an anti-money laundering program that:
   1. (1)Complies with the requirements of §§ 1010.610 and 1010.620 of this chapter;
   2. (2)Includes, at a minimum:
      1. (i)A system of internal controls to assure ongoing compliance;
      2. (ii)Independent testing for compliance to be conducted by bank personnel or by an outside party;
      3. (iii)Designation of an individual or individuals responsible for coordinating and monitoring day-to-day compliance;
      4. (iv)Training for appropriate personnel; and
      5. (v)Appropriate risk-based procedures for conducting ongoing customer due diligence, to include, but not be limited to:
         1. (A)Understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile; and
         2. (B)Conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information. For purposes of this paragraph, customer information shall include information regarding the beneficial owners of legal entity customers (as defined in § 1010.230 of this chapter); and
   3. (3)Complies with the regulation of its Federal functional regulator governing such programs.
2. (b)Anti-money laundering program requirements for banks lacking a Federal functional regulator including, but not limited to, private banks, non-federally insured credit unions, and certain trust companies. A bank lacking a Federal functional regulator shall be deemed to satisfy the requirements of 31 U.S.C. 5318(h)(1) if the bank establishes and maintains a written anti-money laundering program that:
   1. (1)Complies with the requirements of §§ 1010.610 and 1010.620 of this chapter; and
   2. (2)Includes, at a minimum:
      1. (i)A system of internal controls to assure ongoing compliance with the Bank Secrecy Act and the regulations set forth in 31 CFR Chapter X;
      2. (ii)Independent testing for compliance to be conducted by bank personnel or by an outside party;
      3. (iii)Designation of an individual or individuals responsible for coordinating and monitoring day-to-day compliance;
      4. (iv)Training for appropriate personnel; and
      5. (v)Appropriate risk-based procedures for conducting ongoing customer due diligence, to include, but not be limited to:
         1. (A)Understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile; and
         2. (B)Conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information. For purposes of this paragraph, customer information shall include information regarding the beneficial owners of legal entity customers (as defined in § 1010.230); and
   3. (3)Is approved by the board of directors or, if the bank does not have a board of directors, an equivalent governing body within the bank. The bank shall make a copy of its anti-money laundering program available to the Financial Crimes Enforcement Network or its designee upon request.