E N D
1. BSA/AML Examinations What You Need to Know FDIC Presentation
January 19, 2005
3. BSA/AML in the News Recent Enforcement Actions
AmSouth Bank
Riggs National Bank
News Headlines
Bank of America
Bank of New York - again
4. BSA/AML Regulations Dept. of Treasury’s Financial Recordkeeping and Reporting Regulation - 31 C.F.R. 103
BSA FDIC Regulation - Part 326
SAR FDIC Regulation - Part 353
USA PATRIOT Act
5. BSA/AML Regulations Part 326 of FDIC R&R has four minimum requirements:
System of Internal Controls
Designation of Officer Responsible for Compliance
Regular Independent Testing
Training for All Appropriate Personnel
6. BSA/AML Regulations Also, as of 10/01/2003, Section 326 of USA PATRIOT Act became effective, written into regulation under 31 C.F.R. 103.121 and Section 326.8(b) of the FDIC R&R
This is the Customer Identification Program (CIP)
7. BSA/AML Regulations CIP must be risk based
CIP must be in writing and approved by the Board. (Procedures may be separate)
CIP should be part of the overall BSA/AML program
8. BSA/AML Regulations CIP MUST have risk-based procedures for verifying customer identity.
Procedures MUST be based on the bank’s assessment of the relevant risks, including those presented by:
- Account Type
- Method of Account Opening
- Types of Identifying Info Available
- Bank Size, Location, and Customer Base
9. EXAM PROCEDURES
10. Exam Procedures Off-Site Review
Assess risk: Bank’s size, location, market, and services
Obtain BSA information from FinCEN
Review prior regulatory and audit reports for weaknesses and corrective action
11. Exam Procedures Assess the adequacy of the written BSA/AML Program
Risk Based
CIP
Internal Controls
Training
Independent Testing
Qualified BSA Officer
Transaction testing to ensure policy guidelines are effectively administered
12. Exam Procedures Risk Assessment
Ensure management has performed a risk assessment of the bank’s high-risk customers and services.
High-risk customers should receive increased due diligence and these accounts should be monitored on a regular basis.
Might include businesses not familiar to the bank, businesses in high-risk locations, MSBs, entities not eligible for exemption (travel agencies, import/export)
CIP
Test to ensure policy and procedures are being implemented.
13. Exam Procedures Internal Controls
Currency Transaction Reporting
Suspicious Activity Monitoring and Reporting
Exemptions
Customer Due Diligence (KYC)
Recordkeeping Requirements - Wire Transfers and Monetary Instruments
14. Exam Procedures Internal Controls – continued
OFAC
Information Sharing – Section 314(a) & (b)
Other relevant Provisions of the BSA/USA PATRIOT Act
CMIR
FBAR
Record Retention
Private Bank
Foreign Shell Banks
15. Exam Procedures Training
Risked based
Include all employees
On-going for certain employees
Maintain adequate documentation
Ensure training is comprehensive and appropriate for employees
Signatures and dates of training
16. Exam Procedures Independent Testing
Audit procedures must be comprehensive
Adequate testing and workpapers
Internal auditors must be independent of BSA function
Internal auditors must have expertise
Track exceptions and corrective action
Performed at least annually
17. Exam Procedures BSA Officer
Must be designated by the Board of Directors
Senior officer with policy-making authority
Can delegate day-to-day compliance
Requires training and full support of BOD and management
18. Exam Procedures Transaction Testing and Sampling
Corrective Action of Prior Weaknesses
Expanded Procedures (if necessary)
Procedures Available on Website:
www.fdic.gov
19. BSA/AML Program Consider
Risks to reputation, capital, and potentially collateral (if assets are seized by government)
AML software not required, but many banks are considering
Use reports already available
In-house reports (Large Currency Transaction Reporting system, Loans Secured by Cash, Kiting Reports, etc.)
Lower threshold on the Large CTR system to $5M and monitor suspicious cash activity
20. BSA/AML Program Other Reports to Review for AML:
Review CTRs, Wire Transfers, and $3M -$10M Money Instrument Records for suspicious activity
New accounts
Accounts with foreign addresses
Accounts with similar addresses, phone numbers, etc.
21. Frequent Findings Lack of Board Oversight
No risk assessments
Should not be a static document; would evolve as bank enters new markets, offers new products, etc.
CTRs - not completed properly; not being used to detect suspicious activity
SARs - no monitoring systems; inadequate narratives; late filings
22. Frequent Findings Continued
Exemptions - files are not adequately documented; late filings/reviews
Independent Testing - does not sufficiently test software used in BSA/AML compliance and monitoring
KYC - no occupations recorded; no expected activity; no registration of MSBs.
Repeat Criticisms - apparent violations or recommendations
23. REGULATORY OVERSIGHT Continue to be reviewed at each S&S exam
State examiners conducting full scope exams
New examination procedures pending
New procedures stress transaction testing and sampling
Supplemental CIP examination procedures issued July 2004
MOU with FinCEN in October 2004
24. REGULATORY OVERSIGHT MOU – Federal Banking Agencies (FBAs) and FinCEN
Sets forth procedures for the exchange of certain BSA examination information between FBAs and FinCEN
Increased reporting by FBAs to FinCEN
Assists FinCEN in fulfilling its role as administrator of the BSA
Assists the FBAs in fulfilling their roles as bank supervisors
Annual and quarterly reports to FinCEN
Notify FinCEN during exam of significant BSA/AML weaknesses
Enhance training for all Risk Management Examiners/Professional staff
25.
Questions?