Now that the economy has significantly recovered and Dodd-Frank Act regulations have been implemented, regulators have the time—and as it appears from recent actions—the inspiration to push BSA and anti-money laundering (AML) issues back to the forefront. Is your BSA compliance program ready?
Beyond harsh civil monetary penalties, a host of recent enforcement actions
(EAs) reveal the issues regulators are citing most. Institutions should take a close look at the below six areas to determine if their existing BSA/AML programs can handle the heightened scrutiny.
- Suspicious Activity: The failure to adequately identify, monitor and report suspicious activity tops the list. Particularly telling are the number of suspicious activity reports (SARs) filed after institutions conducted a look-back review in response to an EA. One national bank holding company, for example, filed 2,357 new SARs.
- BSA Staff and Resources: Deep regulator skepticism about the knowledge, authority and resources of the BSA officer and staff is evident in recent EAs. So, make sure your BSA staff attends up-to-date training, and the level of that staff matches your institution’s risk profile.
- BSA Training for All Staff: Examiners also have been dissatisfied with BSA/AML training beyond the BSA office. Everyone in the organization needs general training, and for such specific roles and business lines as tellers, lenders, and account-opening and wire departments, more in-depth BSA/AML training educates them on ways to consistently recognize and respond to suspicious activity.
- CDD and Customer Identification Program (CIP): A fourth sticking point for regulators was overall bank failure to appropriately identify new customers through their CIP, and adequately investigate and analyze all customers, as dictated by FinCEN’s proposed Customer Due Diligence (CDD) rules.
- Independent Testing: An institution must recognize the risk taken by not selecting a truly independent and qualified internal person or staff to conduct the required annual independent testing of its BSA/AML program. Independent, in this case, means there is no overlap of functions or conflict of interest, and qualified means more than a cursory knowledge of the BSA.
- Risk Assessments and Internal Controls: Steering clear of violations requires a thorough examination of the risks associated with all of your institution’s products, services, customers, subsidiaries, transactions and geographic areas, as well as the subsequent development of appropriate internal controls. Make sure your risk assessment and internal controls are regularly updated to account for changes to the areas above, with findings shared with your board of directors and senior management.
So, as the economy goes in cycles, so do regulatory priorities. Staying attuned to the changing tides of regulatory focus—currently turned toward BSA/AML—by ensuring your program has adequate resources and attention will help your institution pass its next exam without incident.
Amber Goodrich, Consumer Compliance Consultant for CSI Regulatory Compliance, has more than 10 years of financial industry experience. She is a Certified Community Bank Compliance Officer (CCBCO) and Certified Bank Secrecy Act (BSA) Professional (CBAP).