Customer Due Diligence for Independent ATMs

FinCEN recently released a Statement on Bank Secrecy Act Due Diligence for independent ATM owners or operators to clarify that the money laundering / terrorist financing level of risk varies from customer to customer. In this statement, FinCEN provides guidance to financial institutions on applying risk-based approaches to conducting customer due diligence (CDD) on independent ATMs owners or operators, consistent with FinCEN’s 2016 CDD Rule.

ATMs provide easy access to cash and are important in providing financial services to consumers and businesses alike; however, some independent ATM owners and operators have expressed trouble in gaining access to banking services, due to the presumed risk involved in banking these customers. Independent ATMs are those not owned by financial institutions and may be found in a variety of public spaces. An independent ATM operator is an individual or business that owns, leases, manages, or otherwise controls access to the interior (including cash) of an ATM. Independent ATMs may be owned and operated by separate individuals or businesses.

Understanding the risk a customer presents to the financial institution enables institutions comply with BSA/AML requirements by crafting and applying policies, procedures, and processes to manage and reduce risk. The CDD rule does not require that financial institutions conduct additional due diligence or institute any special due diligence processes specifically for independent ATM owners or operators. In addition to CDD, the BSA/AML regulations require customer identification, beneficial ownership of legal entity customers, currency transaction reporting, and suspicious activity reporting.

Financial Institutions should apply a risk-based approach in developing the risk profiles of their customers. More specifically, banks must adopt appropriate risk-based procedures for conducting CDD that, among other purposes, enable banks to both understand the nature and purpose of customer relationships, and conduct regular monitoring to identify suspicious transactions. These risk-based procedures should also be used as a part of regular monitoring to update customer information when changes occur.

According to FinCEN there is no specific type of customer that automatically presents a higher risk of money laundering, terrorist financing, or other illicit financial activity. Instead, the risk or potential risk to a bank depends on a variety of factors. The BSA/AML risk for independent ATM owners or operators can vary depending on the facts and circumstances specific to the customer’s relationship with the financial institution, such as ATM location, transaction volume, and the source of funds replenishing the ATMs.

Although regulation does not require the collection of this specific information, the following customer information provided by FinCEN may be useful in making risk determinations on independent ATM owners or operators: a) organizational structure; b) operating policies, procedures, and internal controls; c) ATM currency servicing arrangements, contracts, and responsibilities; d) the source of funds used to replenish the ATM; e) location where the customer is organized and where they maintain their places of business; f) locations of owned or operated ATMs; g) expected and actual ATM activity levels; and h) whether ATM operations are the primary business of the ATM owner or operator.