On June 22, 2022, the Financial Crimes Enforcement Network (FinCEN) issued a Statement on Bank Secrecy Act Due Diligence for independent ATM owners and operators.  The purpose of the statement is to “provide clarity to banks on how to apply a risk-based approach to conducting customer due diligence (CDD) on independent Automated Teller Machine (ATM) owners or operators, consistent with the requirements set out in FinCEN’s 2016 CDD Rule.”

Under FinCEN’s 2016 CDD Rule, banks are required to establish and maintain written policies and procedures reasonably designed to identify and verify “beneficial owners of legal entity customers.”   This Rule extends to conducting CDD on independent ATM owners and operators who maintain bank accounts to supply cash for their ATMs and to settle the electronic funds transfers used to process ATM transactions.

FinCEN’s recently issued-Statement provides guidance on how banks should conduct CDD of independent ATM owners and operators.  Specifically, FinCEN states that banks should adopt a risk-based approach that allows banks to: “(i) understand the nature and purpose of customer relationships for the purpose of developing a customer risk profile, and (ii) conduct ongoing monitoring to identify and report suspicious transactions.”  FinCEN provides several facts and circumstances banks should consider in applying a risk-based approach to comply with FinCEN AML and reporting requirements.  These include.:

  • Transaction volume;
  • Location of the ATMs and location where the independent ATM owner or operator customer is organized, and where they maintain their place of business, including locations of owned or operated ATMs;
  • Source of funds to replenish the ATMs if the bank account is not used to replenish
  • Organizational structure, including key principals and management;
  • Information pertaining to the operating policies, procedures, and internal controls of the ATM owner or operator;
  • ATM currency servicing arrangements, contracts, and responsibilities; and
  • Description of expected and actual ATM activity levels, including currency transactions

FinCEN also reminds banks that along with CDD, bank accounts held by independent ATM owners or operators are subject to  Bank Secrecy Act/Anti-Money Laundering (BSA/AML) regulatory requirements, including requirements related to customer identification, beneficial ownership of legal entity customers, currency transaction reporting, and suspicious activity reporting.

FinCEN’s statement parallels previous guidance it issued on Money Services Businesses (MSBs).  On March 30, 2005, FinCEN and the Federal Banking Agencies issued a joint statement focusing on the importance of ensuring that MSBs that comply with the law have access to banking services.  In that statement, FinCEN advised that banks should apply the BSA requirements to MSBs on a risk-assessed basis.  On April 26, 2005, FinCEN and the Federal Banking Agencies published joint guidance as a follow-up to their statement which further clarified the requirements of the BSA with respect to MSBs.  Similar to FinCEN’s statement on independent ATM owners or operators, the joint guidance advised banks to consider facts and circumstances when evaluating potential MSB customers such as the locations the MSB serves, whether it offers international services, the market it targets, and estimated transaction amounts.

In its Statement, FinCEN notes that independent ATM owners and operators do not automatically present a higher risk for money laundering or other illicit financial activity.  Indeed, FinCEN states that these entities provide important financial services, including to persons in underserved markets.  Accordingly, FinCEN encourages banks to properly manage customer relationships and mitigate risks based on those relationships rather than outright decline banking services to independent ATM owners or operators.