BSAAML Examinations What You Need to Know

1. BSA/AML Examinations What You Need to Know FDIC Presentation January 19, 2005

3. BSA/AML in the News Recent Enforcement Actions AmSouth Bank Riggs National Bank News Headlines Bank of America Bank of New York - again

4. BSA/AML Regulations Dept. of Treasury’s Financial Recordkeeping and Reporting Regulation - 31 C.F.R. 103 BSA FDIC Regulation - Part 326 SAR FDIC Regulation - Part 353 USA PATRIOT Act

5. BSA/AML Regulations Part 326 of FDIC R&R has four minimum requirements: System of Internal Controls Designation of Officer Responsible for Compliance Regular Independent Testing Training for All Appropriate Personnel

6. BSA/AML Regulations Also, as of 10/01/2003, Section 326 of USA PATRIOT Act became effective, written into regulation under 31 C.F.R. 103.121 and Section 326.8(b) of the FDIC R&R This is the Customer Identification Program (CIP)

7. BSA/AML Regulations CIP must be risk based CIP must be in writing and approved by the Board. (Procedures may be separate) CIP should be part of the overall BSA/AML program

8. BSA/AML Regulations CIP MUST have risk-based procedures for verifying customer identity. Procedures MUST be based on the bank’s assessment of the relevant risks, including those presented by: - Account Type - Method of Account Opening - Types of Identifying Info Available - Bank Size, Location, and Customer Base

9. EXAM PROCEDURES

10. Exam Procedures Off-Site Review Assess risk: Bank’s size, location, market, and services Obtain BSA information from FinCEN Review prior regulatory and audit reports for weaknesses and corrective action

11. Exam Procedures Assess the adequacy of the written BSA/AML Program Risk Based CIP Internal Controls Training Independent Testing Qualified BSA Officer Transaction testing to ensure policy guidelines are effectively administered

12. Exam Procedures Risk Assessment Ensure management has performed a risk assessment of the bank’s high-risk customers and services. High-risk customers should receive increased due diligence and these accounts should be monitored on a regular basis. Might include businesses not familiar to the bank, businesses in high-risk locations, MSBs, entities not eligible for exemption (travel agencies, import/export) CIP Test to ensure policy and procedures are being implemented.

13. Exam Procedures Internal Controls Currency Transaction Reporting Suspicious Activity Monitoring and Reporting Exemptions Customer Due Diligence (KYC) Recordkeeping Requirements - Wire Transfers and Monetary Instruments

14. Exam Procedures Internal Controls – continued OFAC Information Sharing – Section 314(a) & (b) Other relevant Provisions of the BSA/USA PATRIOT Act CMIR FBAR Record Retention Private Bank Foreign Shell Banks

15. Exam Procedures Training Risked based Include all employees On-going for certain employees Maintain adequate documentation Ensure training is comprehensive and appropriate for employees Signatures and dates of training

16. Exam Procedures Independent Testing Audit procedures must be comprehensive Adequate testing and workpapers Internal auditors must be independent of BSA function Internal auditors must have expertise Track exceptions and corrective action Performed at least annually

17. Exam Procedures BSA Officer Must be designated by the Board of Directors Senior officer with policy-making authority Can delegate day-to-day compliance Requires training and full support of BOD and management

18. Exam Procedures Transaction Testing and Sampling Corrective Action of Prior Weaknesses Expanded Procedures (if necessary) Procedures Available on Website: www.fdic.gov

19. BSA/AML Program Consider Risks to reputation, capital, and potentially collateral (if assets are seized by government) AML software not required, but many banks are considering Use reports already available In-house reports (Large Currency Transaction Reporting system, Loans Secured by Cash, Kiting Reports, etc.) Lower threshold on the Large CTR system to $5M and monitor suspicious cash activity

20. BSA/AML Program Other Reports to Review for AML: Review CTRs, Wire Transfers, and $3M -$10M Money Instrument Records for suspicious activity New accounts Accounts with foreign addresses Accounts with similar addresses, phone numbers, etc.

21. Frequent Findings Lack of Board Oversight No risk assessments Should not be a static document; would evolve as bank enters new markets, offers new products, etc. CTRs - not completed properly; not being used to detect suspicious activity SARs - no monitoring systems; inadequate narratives; late filings

22. Frequent Findings Continued Exemptions - files are not adequately documented; late filings/reviews Independent Testing - does not sufficiently test software used in BSA/AML compliance and monitoring KYC - no occupations recorded; no expected activity; no registration of MSBs. Repeat Criticisms - apparent violations or recommendations

23. REGULATORY OVERSIGHT Continue to be reviewed at each S&S exam State examiners conducting full scope exams New examination procedures pending New procedures stress transaction testing and sampling Supplemental CIP examination procedures issued July 2004 MOU with FinCEN in October 2004

24. REGULATORY OVERSIGHT MOU – Federal Banking Agencies (FBAs) and FinCEN Sets forth procedures for the exchange of certain BSA examination information between FBAs and FinCEN Increased reporting by FBAs to FinCEN Assists FinCEN in fulfilling its role as administrator of the BSA Assists the FBAs in fulfilling their roles as bank supervisors Annual and quarterly reports to FinCEN Notify FinCEN during exam of significant BSA/AML weaknesses Enhance training for all Risk Management Examiners/Professional staff

25. Questions?