Circular Letter No. 11 (2009)

June 29, 2009


All Persons, Firms, Associations, or Other Entities Licensed, Authorized, Registered, Certified, or Approved Pursuant to the New York Insurance Law (collectively, “Licensees”)


Compliance with the Federal Bank Secrecy Act, Foreign Corrupt Practices Act, and Office of Foreign Assets Control Requirements

STATUTORY REFERENCE: N.Y. Insurance Law §§ 107, 201, 301, 308; Bank Secrecy Act (“BSA”), 31 U.S.C. §§ 5311–5330 (2009); Foreign Corrupt Practices Act (“FCPA”), 15 U.S.C. §§ 78dd-1 - 78dd-3 (2009); and the Office of Foreign Assets Control (“OFAC”), 31 U.S.C. § 313(a)(6)(c) (2009).

The purpose of this Circular Letter is to set forth the Superintendent’s expectations regarding compliance by licensees with regard to three federal laws: the Bank Secrecy Act (“BSA”), 31 U.S.C. §§ 5311–5330 (2009); Foreign Corrupt Practices Act (“FCPA”), 15 U.S.C. §§ 78dd-1 - 78dd-3 (2009); and the Office of Foreign Assets Control (“OFAC”), 31 U.S.C. §313(a)(6)(c) (2009). Although supervision and enforcement of these statutes resides with national regulators, compliance with these laws is consonant with prudent risk management. Further, policies that licensees develop and adopt to comply with these acts should prove effective in detecting violations of New York law. See, e.g., N.Y. Penal Law §§ 470.05 - 470.20 and 176.05 (McKinney Supp. 2009) (pertaining to money laundering and insurance fraud, respectively). Accordingly, licensees should assess their business models and circumstances to determine the extent to which they should formulate or revisit their policies to ensure proper compliance with these federal laws.

As part of its future examination processes, the Department may make limited inquiry into a licensee’s compliance function to assess how well the licensee takes into consideration the risks of money laundering, bribery of foreign persons, and recognition of federal economic sanctions. The review will be done within the normal review of a company's overall compliance function. To assess how a licensee’s compliance function policies incorporate compliance with these federal laws, the Department, consistent with risk-focused surveillance, may specifically ask the members of a licensee’s senior most governing body or senior management about those policies.

A licensee’s policies should be commensurate with its assessment of the risk that its products or operations could be used to launder money, finance terrorism, bribe foreign persons, or violate national economic sanctions. Accordingly, at minimum, the policies should:

  • establish that the licensee will adopt procedures and internal controls that are, in its opinion, reasonably designed to enable the licensee to comply with the requirements of the referenced regulatory regimes;
  • identify a specific person responsible for the design and implementation of procedures and internal controls commensurate with the risks presented;
  • ensure that the procedures and internal controls are updated as changes in the law and circumstances warrant, and that those modifications are communicated in a timely manner to all appropriate personnel;
  • ensure that where the licensee’s business, circumstances, or risks warrant, the procedures and controls are subject to independent testing and monitoring by internal audit and/or external audit; and
  • ensure that procedures are in place to apprise senior management of non-compliance with regulations and compliance policies.

The Department may review a licensee’s policies addressing any of the above items as part of its examination process to ensure that prudent policies have been established.

I. Bank Secrecy Act

With regard to the anti-money laundering prohibitions of the Bank Secrecy Act, this Circular Letter supplements and updates the Department’s previous advice. See Circular Letter No. 10 (2002); Supplement No. 1 to Circular Letter No. 10 (2002); Supplement No. 2 to Circular Letter No. 10 (2002); and Supplement No. 3 to Circular Letter No. 10 (2005). The advice set forth in this Circular Letter also parallels the practices adopted by the National Association of Insurance Commissioners in its Financial Examiners Handbook, see Exhibit G, “Consideration of Fraud,” at, and is consistent with the American Institute of Certified Public Accountants’ Statement on Auditing Standards, see No. 99, “Consideration of Fraud in Financial Statement Audit,” at

The United States Department of the Treasury (“Treasury”) requires each insurance company to develop a written anti-money laundering program reasonably designed to prevent its “covered products” from being used to facilitate the financing of terrorist activities. See 31 C.F.R. § 103.137 (2009). Federal laws define “covered products” as those that possess features that make them susceptible for use to launder money or finance terrorism, and include a permanent life insurance policy (other than that issued to a group), an annuity contract (other than that issued to a group), or any other insurance product with features of cash value or investment. See 31 C.F.R. § 103.137(a)(4) (2009). Examples of activities that may indicate financing of terrorist activities include: individuals paying into policies or annuities, with cash equivalents from multiple sources and repeated loans taken against, or surrender of, those policies or annuities to the economic detriment of the annuity owner; large dollar withdrawals made shortly after the issuance of the policy or contract; and surrenders of annuities with return-of-premium guarantees. See Insurance Industry Suspicious Activity Reporting: An Assessment of Suspicious Activity Report Filings, Financial Crimes Enforcement Network, United States Treasury (April 2008), at The program should be designed to detect and monitor such events as large dollar withdrawals made shortly after the issuance of the policy or contract, or surrenders of annuities with return-of-premium guarantees.

Forms for making proper reports in accordance with the Bank Secrecy Act are available at In addition, the Treasury’s Financial Crimes Enforcement Network (FinCEN) has established a regulatory helpline at (800) 949-2732.

II. Foreign Corrupt Practices Act

The United States Securities and Exchange Commission (“SEC”), which, with the United States Department of Justice, is charged with enforcing the Foreign Corrupt Practices Act, has stated that FCPA prosecutions are a “growth area,” and has noted that “[i]n fiscal year 2008, the SEC filed 15 FCPA cases. Since January 2006, the SEC has brought 38 FCPA enforcement actions — more than were brought in all prior years combined since FCPA became law in 1977.” See Press Release, U.S. Securities and Exchange Commission, SEC Announces Fiscal 2008 Enforcement Results (Oct. 22, 2008), at Further, the United States Supreme Court recently let stand a conviction under the FCPA for payments “obtaining or retaining business” – that is, payments to government officials aimed at achieving a reduction in import taxes and duties – which may suggest that the federal courts will increasingly interpret FCPA’s scope in a broad fashion. See U.S. v. Kay, 513 F.3d 432 (5th Cir. 2007), cert. denied, 129 S.Ct. 42 (2008).

The FCPA’s anti-bribery provisions pertain to “domestic concerns,” which include “any individual who is a citizen” of the United States and “any corporation . . . which has its principal place of business in the United States.” See 15 U.S.C. § 78dd-2(a) (2009). Under the statute, payments to foreign persons or entities may violate the FCPA where a person or instrumentality of interstate commerce pays, offers, or promises to pay, or authorizes or directs the payment of money or anything of value, to any foreign official, political party, political party official, or candidate for office, or any person acting as an intermediary, with corrupt intent, to influence an official act or decision of that official, in order to obtain or retain business or secure an improper advantage. See 15 U.S.C. § 78dd-2(a) (2009).

The Department of Justice has published guidance regarding compliance with the FCPA, which is available at


In furtherance of national security, foreign policy, and United States’ economic objectives, the Office of Foreign Assets Control (OFAC) administers and enforces economic sanctions against specific foreign nations or regimes, terrorists and terrorist organizations, and persons engaging in, or aiding in, the proliferation of weapons of mass destruction, drug trafficking, or other activities. See 31 C.F.R. Pt. 501 (2009). OFAC acts pursuant to authority granted by the Congress of the United States to the President under the International Emergency Economic Powers Act, 50 U.S.C. §§ 1701 - 1707 (2009), and other laws. OFAC reports directly to Treasury’s Undersecretary for Terrorism and Financial Crimes, see 31 U.S.C. § 313(a)(6)(c) (2009), and oversees the civil investigation and enforcement of economic sanctions, and, where appropriate, coordinates activities with state regulators and other law enforcement agencies.

No United States-based underwriter, broker, agent, primary insurer, reinsurer, or United States citizen employee of a foreign insurance firm may engage in any transaction, including an investment transaction, not licensed by the Office of Foreign Assets Control that involves any person or entity designated a Specially Designated National (“SDN”). See OFAC Regulations and the Insurance Industry, Office of Foreign Assets Control, U.S. Department of the Treasury (Apr. 29, 2004), at Licensees also should avoid engaging in transactions with SDNs and must freeze any asset (including any insurance policy) in which an SDN has a direct or indirect interest, and timely report such action to OFAC. See id. OFAC maintains a list of SDNs on its website that licensees should monitor closely..

OFAC maintains a list of “frequently asked questions” from the insurance industry, which is available at: Additional information concerning OFAC is available at

* * * *

Please direct any comments or questions regarding this Circular Letter to James Everett at New York State Insurance Department, One Commerce Plaza, Albany, NY 12257, or [email protected].


Eric R. Dinallo