REGISTER

email 14 48

Resources

AberdeenGroup

 

Report Title: IT GRC: Managing Risk, Improving Visibility, and Reducing Operating Costs. Download Free Copy

Report Description

The rise in importance of IT governance, risk management and compliance ("IT GRC") reflects the increasing recognition that the strategic value of IT lies not in the mere technology itself (which is generally accessible to everyone), but in how it is applied and managed most effectively. The point is not to be good at the process of compliance, or governance, or risk management for its own sake - the point is to harness IT more effectively in support of achieving business objectives and managing financial, strategic, and operational risks.

Product Centre

  • Governance
  • Risk Management
  • Security

The official title of the USA PATRIOT Act is "Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act of 2001." To view this law in its entirety, click on the USA PATRIOT Act link below.

The purpose of the USA PATRIOT Act is to deter and punish terrorist acts in the United States and around the world, to enhance law enforcement investigatory tools, and other purposes, some of which include:

  • To strengthen U.S. measures to prevent, detect and prosecute international money laundering and financing of terrorism;
  • To subject to special scrutiny foreign jurisdictions, foreign financial institutions, and classes of international transactions or types of accounts that are susceptible to criminal abuse;
  • To require all appropriate elements of the financial services industry to report potential money laundering;
  • To strengthen measures to prevent use of the U.S. financial system for personal gain by corrupt foreign officials and facilitate repatriation of stolen assets to the citizens of countries to whom such assets belong.

Below is a brief, non-comprehensive overview of the sections of the USA PATRIOT Act that may affect financial institutions.

Section 311: Special Measures for Jurisdictions, Financial Institutions, or International Transactions of Primary Money Laundering Concern

This Section allows for identifying customers using correspondent accounts, including obtaining information comparable to information obtained on domestic customers and prohibiting or imposing conditions on the opening or maintaining in the U.S. of correspondent or payable-through accounts for a foreign banking institution.

Section 312: Special Due Diligence for Correspondent Accounts and Private Banking Accounts

This Section amends the Bank Secrecy Act by imposing due diligence & enhanced due diligence requirements on U.S. financial institutions that maintain correspondent accounts for foreign financial institutions or private banking accounts for non-U.S. persons.

Section 313: Prohibition on U.S. Correspondent Accounts with Foreign Shell Banks

To prevent foreign shell banks, which are generally not subject to regulation and considered to present an unreasonable risk of involvement in money laundering or terrorist financing, from having access to the U.S. financial system. Banks and broker-dealers are prohibited from having correspondent accounts for any foreign bank that does not have a physical presence in any country. Additionally, they are required to take reasonable steps to ensure their correspondent accounts are not used to indirectly provide correspondent services to such banks.


Section 314: Cooperative Efforts to Deter Money Laundering

Section 314 helps law enforcement identify, disrupt, and prevent terrorist acts and money laundering activities by encouraging further cooperation among law enforcement, regulators, and financial institutions to share information regarding those suspected of being involved in terrorism or money laundering.

Section 319(b): Bank Records Related to Anti-Money Laundering Programs

To facilitate the government's ability to seize illicit funds of individuals and entities located in foreign countries by authorizing the Attorney General or the Secretary of the Treasury to issue a summons or subpoena to any foreign bank that maintains a correspondent account in the U.S. for records related to such accounts, including records outside the U.S. relating to the deposit of funds into the foreign bank. This Section also requires U.S. banks to maintain records identifying an agent for service of legal process for its correspondent accounts.

Section 325: Concentration Accounts at Financial Institutions

Allows the Secretary of the Treasury to issue regulations governing maintenance of concentration accounts by financial institutions to ensure such accounts are not used to obscure the identity of the customer who is the direct or beneficial owner of the funds being moved through the account.

Section 326: Verification of Identification

Prescribes regulations establishing minimum standards for financial institutions and their customers regarding the identity of a customer that shall apply with the opening of an account at the financial institution.

Section 351: Amendments Relating to Reporting of Suspicious Activities

This Section expands immunity from liability for reporting suspicious activities and expands prohibition against notification to individuals of SAR filing. No officer or employee of federal, state, local, tribal, or territorial governments within the U.S., having knowledge that such report was made may disclose to any person involved in the transaction that it has been reported except as necessary to fulfill the official duties of such officer or employee.

Section 352: Anti-Money Laundering Programs

Requires financial institutions to establish anti-money laundering programs, which at a minimum must include: the development of internal policies, procedures and controls; designation of a compliance officer; an ongoing employee training program; and an independent audit function to test programs.

Section 356: Reporting of Suspicious Activities by Securities Brokers and Dealers; Investment Company Study

Required the Secretary to consult with the Securities Exchange Commission and the Board of Governors of the Federal Reserve to publish proposed regulations in the Federal Register before January 1, 2002, requiring brokers and dealers registered with the Securities Exchange Commission to submit suspicious activity reports under the Bank Secrecy Act.

Section 359: Reporting of Suspicious Activities by Underground Banking Systems

This amends the BSA definition of money transmitter to ensure that informal/underground banking systems are defined as financial institutions and are thus subject to the BSA.

Section 362: Establishment of Highly Secure Network

Requires FinCEN to establish a highly secure network to facilitate and improve communication between FinCEN and financial institutions to enable financial institutions to file BSA reports electronically and permit FinCEN to provide financial institutions with alerts.

Top Business/Technology Issues Survey Results

by ISACA

In May 2008, ISACA conducted a survey of members, managers and above to identify current business issues, supported by technology. Responses were classified by industry, geographic area and constituency (assurance, IT management and security management). This report summarizes the findings of the survey and provides a concise view of the most prevalent current business/technology issues. Read More

Enterprise Risk Management: The Art of Avoiding Unpleasant Surprises

By Aberdeen Group

Report Description: The two fundamental purposes of this report are first, to identify the strategies, high-level tactics, internal capabilities and frameworks, technologies, and services that top performing companies are employing to realize substantial business benefits from their Enterprise Risk Management (ERM) programs. Secondly, to provide a roadmap of actionable analysis and recommendations that both companies planning to develop an ERM program for the first time, and companies seeking to augment and optimize an existing initiative can leverage to improve their performance in assessing and managing risks strategically across the enterprise.

Best Practices: Implementing A Governance, Risk, And Compliance Program

By Chris McClean, Forrester

Software applications for managing governance, risk, and compliance (GRC) continue to mature with impressive features and functions. Even more impressive are the organizational and strategic advancements companies are making by closely linking these three traditionally distinct functions; benefits include reduced risk exposure, lower audit costs, better overall compliance, and more informed decision-making. To identify the best practices for implementing a GRC program and realizing these benefits, Forrester interviewed 21 professionals who have demonstrated success in this area and 23 software vendors that market GRC products. To replicate similar success in your GRC program, you will need to focus on selling GRC value, practicing good GRC project management, and embedding GRC into corporate culture. To obtain a complimentary copy of this report, click here.

Key Issues for Information Archiving and Retention,2007

Kenneth Chin, Carolyn DiCenzo. Gartner

Well managed information archives are crucial as organizations strive to meet new compliance and discovery requirements. Gartner identifies five key issues for consideration during 2007 for information archiving and retention management technologies. Read More

The Office of Foreign Assets Control ("OFAC") of the US Department of the Treasury administers and enforces economic and trade sanctions based on US foreign policy and national security goals against targeted foreign countries and regimes, terrorists, international narcotics traffickers, those engaged in activities related to the proliferation of weapons of mass destruction, and other threats to the national security, foreign policy or economy of the United States. OFAC acts under Presidential national emergency powers, as well as authority granted by specific legislation, to impose controls on transactions and freeze assets under US jurisdiction. Many of the sanctions are based on United Nations and other international mandates, are multilateral in scope, and involve close cooperation with allied governments.

 

eMedia 

Increase Educational Brand Awareness in the IT GRC Forum! 

In addition to our event production services, the IT GRC Forum publishes topical media from Industry Experts and leading Solution Providers. If you're interested in our publishing options please contact This email address is being protected from spambots. You need JavaScript enabled to view it. to request a media kit.

Please click on the links below to access our media archive:

Coming to grips with IT risk

A report from the Economist Intelligence Unit sponsored by SAP

What is the greatest risk to any large business? Most executives would say it is information technology (IT) failure. Companies fear IT collapse more than they do terrorism, natural disasters, financial risk or regulatory constraints-and with good reason, for IT failure can make any business go into a tailspin. Read More

The Bank Secrecy Act of 1970 (or BSA, or otherwise known as the Currency and Foreign Transactions Reporting Act) requires U.S.A. financial institutions to assist U.S. government agencies to detect and prevent money laundering. Specifically, the act requires financial institutions to keep records of cash purchases of negotiable instruments, file reports of cash transactions exceeding $10,000 (daily aggregate amount), and to report suspicious activity that might signify money laundering, tax evasion, or other criminal activities. It was passed by the Congress of the United States in 1970. The BSA is sometimes referred to as an "anti-money laundering" law ("AML") or jointly as “BSA/AML”. Several anti-money laundering acts, including provisions in title III of the USA PATRIOT Act, have been enacted up to the present to amend the BSA. (See 31 USC 5311-5330 and 31 CFR 103.)

Bank Secrecy Act (BSA) Statute

Codified Bank Secrecy Act (BSA) Regulations

The Federal Register contains final regulations issued after the date of codification, as well as the Notices of Proposed Rulemaking.

The Risk Intelligent CIO: Becoming a Front-Line IT Leader in a Risky World

By Lee Dittmar
Principle, Deloitte Consulting LLP

Issue No. 6 in the Risk Intelligence Series

The responsibilities facing today's chief information officer (CIO) are more demanding than ever, and CIOs are increasingly aware that informaton technology (IT)-related problems can come at a staggering cost to their organization's bottom line and reputation. Perceptive CIOs realize that simply managing technology risks - however effectively they do so - is insufficient. They understand the imperative to exploit technology to manage risk across the entire enterprise, not merely within the IT department.

With heightened sensitivities around the issue of risk management, CIOs and IT professionals face both challenges and opportunities to attain a higher level of risk management, operational excellence and competitive advantage.

The sixth title in our series on risk intelligence provides IT executives with practical guidance on how to leverage technology to intelligently manage the risks they face across the enterprise.

To view the entire paper, click here.

IT Governance in Practice
Advisory and Tax

by PWC

Insight from leading CIOsPricewaterhouseCoopers has interviewed a number of CIOs worldwide to obtain their views on IT Governance,
their experience in implementing IT Governance, and what it takes to make IT Governance work. Read More

MetricStream TPRM

CyberBanner

CyberBanner

CyberBanner

CyberBanner

CyberBanner

Log in

Please Login to download this file

Username *
Password *
Remember Me

CyberBanner

CyberBanner

CyberBanner

CyberBanner

CyberBanner

CyberBanner

CyberBanner

CyberBanner

CyberBanner

MetricStream TPRM

CyberBanner

CyberBanner

Go to top