Melanie Brody

Melanie Brody

Federal antiterrorist legislation enacted last October requires that health insurance companies, along with an array of other financial institutions, should have adopted and implemented programs to combat money laundering by April 24, 2002. Because the health insurance industry has not previously been subject to such requirements, many health insurers are not even aware that this applies to them.

On Oct. 26, 2002, President Bush signed the USA PATRIOT (Providing Appropriate Tools Required to Intercept and Obstruct Terrorism) Act, designed to combat terrorism on several fronts. Title III of the USA PATRIOT Act, referred to as the International Money Laundering Abatement and Anti-Terrorist Financing Act of 2001, contains a series of provisions against money laundering. These are designed to strengthen existing laws by establishing new requirements and expanding the existing obligations to a broader range of institutions.

Insurers not exempted

Depository institutions, which includes banks and savings and loan associations, have been subject to anti-money-laundering requirements for decades. Under the Money Laundering Act, all financial institutions, as defined in the Bank Secrecy Act, are also subject to anti-money-laundering requirements.

The Bank Secrecy Act defines the term financial institution broadly, to include — among others — banks, trust companies, thrift institutions, private bankers, investment bankers, investment companies, loan or finance companies, broker-dealers in securities or commodities, and insurance companies. The act does not define the term insurance company, and thus, on its face, appears to apply to all insurance companies, including health insurers and, possibly, HMOs.

The Money Laundering Act applies to certain financial institutions — specifically, banks, thrifts, trust companies, credit unions, U.S. branches or agencies of foreign banks, and registered broker-dealers. The definition of a "covered financial institution" does not specifically include insurance companies. Accordingly, insurance companies are not subject to the much broader substantive prohibitions imposed on institutions covered under the act.

The act also empowers the secretary of the treasury to exempt certain financial institutions from its anti-money-laundering requirements. Yet, the treasury department had not exempted insurance companies or any other category of financial institution as of press time.

The act also authorizes the department to set minimum standards for programs that would combat money laundering, and requires the department to prescribe regulations that would allow financial institutions some flexibility in developing programs to fight money laundering, commensurate with their size, location, and activities. As of press time, no such regulations had been issued.

Program requirements

Section 352 of the Money Laundering Act requires financial institutions to have developed and instituted anti-money-laundering programs by April 24. The act does not offer detailed guidance on the structure or content of such programs, stating only that each financial institution's anti-money-laundering program must include, at a minimum:

  • Internal policies, procedures, and controls;
  • The designation of a compliance officer;
  • An employee training program; and
  • An independent audit function to test programs.

Because the treasury department has not yet issued regulations indicating how financial institutions should implement these requirements, insurance companies and other institutions will not have the benefit of federal guidance when formulating their programs. In preparing their programs, health insurers may want to keep the following guidelines in mind:

Policies should be tailored to the institution. First, the act's legislative history makes it clear that Congress did not envision a one-size-fits-all program requirement to combat money laundering. Rather, Congress intended each financial institution to have the flexibility to design such a program to fit its size, location, activities, types of accounts, nature of its customer base, and vulnerability to money laundering.

Internal policies, procedures, and controls. Internal measures should be designed in a way that allows the institution to identify suspicious activities that may be indicative of money laundering or other illegal activity.

They should include, among other matters, provisions designed to verify the identity of an insurance company's customers; identify customer-risk indicators that would trigger additional scrutiny (for example, any unusual or disadvantageous early redemption of an insurance policy); and procedures designed to prohibit transactions with individuals, entities, and jurisdictions identified by the office of foreign assets control (OFAC), including those individuals on OFAC's "specially designated nationals and blocked persons" list.

With regard to verifying the identity of customers, Section 326 of the USA PATRIOT Act requires the treasury department to issue regulations establishing minimum know-your-customer procedures.

These regulations, which are to be in place and effective before Oct. 26, 2002, will, at a minimum, require financial institutions to implement, and customers (after being given reasonable notice) to comply with, procedures for: (1) verifying the identity — to the extent reasonable and practicable — of any person who would open an account; (2) maintaining records of the information used to verify a person's identity, and (3) consulting government-provided lists of known or suspected terrorists or terrorist organizations to determine whether a person who wants to open an account appears on any such list.

After the know-your-customer regulations are finalized, insurance companies will need to review their anti-money-laundering programs to ensure that they are in compliance.

Compliance officer. A compliance officer should have sufficient authority to implement and enforce the company's policies and procedures aimed at money laundering. This provides evidence of senior management's commitment to efforts to combat money laundering and, more importantly, provides added assurance that the officer will have sufficient clout to investigate potentially suspicious activities.

Employee training. Training must involve all relevant employees and must be constantly updated. Employees should be able to recognize signs of possible money laundering (suspicious activities) and know what to do once a risk is identified.

Programs will need to be re-evaluated frequently to ensure that employees understand their obligations under the act and its regulations. Updating training programs will be particularly important as regulations that implement the provisions of the act are proposed and adopted.

Audit. Insurance companies must commission an independent audit of their anti-money- laundering programs. The audit, which will review and test implementation of the financial institution's policies and procedures, should take place at least once a year and should cover all aspects of the company's operations.

Because the health insurance industry historically has not been the subject of anti-money-laundering regulations, many health insurers do not have experience with developing and implementing such programs. Insurance companies will need to pay special attention to such developments and be prepared to implement the new requirements.

Melanie Brody is a partner in the Washington, D.C., office of Kirkpatrick & Lockhart LLP.

Managed Care’s Top Ten Articles of 2016

There’s a lot more going on in health care than mergers (Aetna-Humana, Anthem-Cigna) creating huge players. Hundreds of insurers operate in 50 different states. Self-insured employers, ACA public exchanges, Medicare Advantage, and Medicaid managed care plans crowd an increasingly complex market.

Major health care players are determined to make health information exchanges (HIEs) work. The push toward value-based payment alone almost guarantees that HIEs will be tweaked, poked, prodded, and overhauled until they deliver on their promise. The goal: straight talk from and among tech systems.

They bring a different mindset. They’re willing to work in teams and focus on the sort of evidence-based medicine that can guide health care’s transformation into a system based on value. One question: How well will this new generation of data-driven MDs deal with patients?

The surge of new MS treatments have been for the relapsing-remitting form of the disease. There’s hope for sufferers of a different form of MS. By homing in on CD20-positive B cells, ocrelizumab is able to knock them out and other aberrant B cells circulating in the bloodstream.

A flood of tests have insurers ramping up prior authorization and utilization review. Information overload is a problem. As doctors struggle to keep up, health plans need to get ahead of the development of the technology in order to successfully manage genetic testing appropriately.

Having the data is one thing. Knowing how to use it is another. Applying its computational power to the data, a company called RowdMap puts providers into high-, medium-, and low-value buckets compared with peers in their markets, using specific benchmarks to show why outliers differ from the norm.
Competition among manufacturers, industry consolidation, and capitalization on me-too drugs are cranking up generic and branded drug prices. This increase has compelled PBMs, health plan sponsors, and retail pharmacies to find novel ways to turn a profit, often at the expense of the consumer.
The development of recombinant DNA and other technologies has added a new dimension to care. These medications have revolutionized the treatment of rheumatoid arthritis and many of the other 80 or so autoimmune diseases. But they can be budget busters and have a tricky side effect profile.

Shelley Slade
Vogel, Slade & Goldstein

Hub programs have emerged as a profitable new line of business in the sales and distribution side of the pharmaceutical industry that has got more than its fair share of wheeling and dealing. But they spell trouble if they spark collusion, threaten patients, or waste federal dollars.

More companies are self-insuring—and it’s not just large employers that are striking out on their own. The percentage of employers who fully self-insure increased by 44% in 1999 to 63% in 2015. Self-insurance may give employers more control over benefit packages, and stop-loss protects them against uncapped liability.