August 21, 2014
1:30-3:30
Presented by:
Susan Costonis, C.R.C.M.
Training & Consulting for Financial Institutions
The material used in this text has been drawn from sources believed to be reliable. Every effort has been made to assure the accuracy of the material; however, the accuracy of this information is not guaranteed. The laws are often changed without prior notice from the government. The BSA Training for the Board of directors2014is sold with the understanding that the publisher and the editor are not engaging in the practice of law or accounting. We are not responsible for the actions of your company’s employees.
The text is designed to address most teller compliance issues. However, you will wish to consult your attorney when you are unsure of an answer.
Published by:
Susan Costonis, C.R.C.M.
Training & Consulting for Financial Institutions
All rights reserved. This material may not be reproduced in whole or in part in any form or by any means without written permission from the publisher.
Printed in the United States of America.
INSTRUCTOR
Susan Costonis specializes in compliance management along with deposit and lending regulatory training. Her 36 year career in banking and training began with 20 years at First National Bank in Fort Collins, CO. Susan has been a bank compliance consultant or compliance officer in Louisiana since 1998. She is a Certified Regulatory Compliance Manager and completed the ABAGraduateComplianceSchool. Susan also graduated from the University of Akron with a B.S. and from the GraduateBankingSchool of the University of Colorado.
(e-mail)
TABLE OF CONTENTS
bsa for the board of directors – Overview
bsa- best practices for the board of directors
bsa for the board of directors – exam manual overview
fdic consent decree
board training from the fdic
It begins with money laundering and what it means to your bank?
Mission of fincen
Fincen: Frequently Asked Questions
what is the risk assessment Link to bsa/aml program?
high intensity drug trafficing areas
bsa policy requirements
Currency Transaction Reports
New Ctr Form
Suspicious Activity Reporting
Suspicious Activity Reporting Basics
what is trending now for depository institutions
filings by depository institutions 2012-2013
Customer Monitoring And Due Diligence
mortgage fraud conviction
Structuring
frequently Asked Questions About Filing Suspicious Activity Reports
organized retail theft case
sars lead to recovery of funds derived from medical fraud
fields in the new sar e-form
Due Diligence
What We Need to Know !
Overview of due diligence
Due diligence for loan applications
Enhanced due diligence
Money Service Business Includes:
The Following Money Service Businesses Are Not Required To Register:
Customer Identification Program
Customer Identification Program (CIP): Purpose
Cip Compliance The Big Picture
Identification – Some Suggestions
Office Of Foreign Assets Control (OFAC)
Customer Notice For CIP
Exemptions To CIP & Other Requirements
1
BSA Training for board of directors 2014
bsa for the board of directors – Overview
What are the four “best practices” for Boards of Directors to show compliance with an effective BSA/AML (anti-money laundering) program? What topics should be covered in BSA training sessions for the Board of Directors? What did a community bank learn in a recent enforcement action about effective Board oversight of BSA?
WHAT YOU WILL LEARN:
What does the FFIEC BSA exam manual say about informing the “board of directors” regarding BSA issues? How many times is it mentioned in the exam procedures? What does your regulator expect to find when they review board minutes?
What should the Board know about the annual BSA audit?
What should your Board know about BSA “hot buttons” for third party oversight with remote deposit capture and other issues?
Are there any “free” resources for BSA board training?
What are four “best practices” for BSA?
- Require Periodic and thorough BSA reports
- Devote adequate resources
- Conduct appropriate BSA/AML Risk Assessments
- Set the proper tone
BONUS – participants will receive a manual and power point file for BSA Board Training; including a template for a BSA “Sample Board Report.” The documents can be easily modified with your financial institution’s specific information.
bsa- best practices for the board of directors
Ten years ago, Bank Secrecy Act (BSA)/anti-money laundering (AML) compliance was one of the biggest areas of concern for banks and their regulators. Following September 11 and the heightened regulatory focus on BSA matters, most banks found it necessary to expend significant resources to enhance or even rebuild their BSA/AML programs.
In the past few years, bank regulators have had to focus on other matters, including residential and commercial loan concentrations, adequate capitalization, and even bank failures. Banks also wisely have focused on these matters during these difficult economic times.
It is important, however, that these other matters do not push BSA/AML compliance aside. This article summarizes some of the top BSA-related issues that the Board of Directors of every bank should keep in mind.
Best Practices for the Board
It is easy in difficult financial times for the Board and management to push aside compliance matters, including BSA/AML compliance. Compliance matters can seem less important when one is worried about the bank’s very survival.
Nevertheless, compliance continues to be important. It is critical that the Board stay informed, devote adequate resources to compliance, and set the proper tone for compliance within the organization.
The following are four best practices for Boards of Directors.
1. Require Periodic and Thorough BSA Reports
One of the most important things for the Board to understand about the BSA and AML requirements is that the Board is expected to stay abreast of the institution’s progress and what is working and not working. That means that the Board needs to receive at least annual BSA/AML training, and also needs to receive regular reports on BSA/AML compliance matters from its BSA officer, including on suspicious activity report (SAR) filings and trends.
As a director, be sure to ask any questions you might have and make sure you are really understanding the institution’s full BSA/AML compliance picture. It is important that you are comfortable that these reports are thorough and accurate.
2.Devote Adequate Resources
Banks must dedicate adequate and appropriate resources to BSA/AML compliance. By this we mean all resources – adequate compliance staffing, training, computer and software systems, as well as financial resources generally. This is clearly an expense, but it is part of what all banks must face. In addition, keep in mind that the underlying reason for these laws and corresponding expenses is to protect the institution, and the US financial system generally, from abuse by money launderers, terrorist financiers, and other criminals.
If you encounter compliance weaknesses in examinations, you will find that it costs much more to fix the problem under the tight deadlines imposed by your regulator than it would have cost by addressing the issues before any regulatory criticism, and this is before the possibility of hefty fines.
3.Conduct Appropriate BSA/AML Risk Assessments
Banks are always looking for new and better ways to do business — new technology, new delivery methods, new products and services, and new geographic locations to offer products and services. It is always important to be sure that the bank’s money laundering risk assessment is updated to include all such new products and processes.
Sometimes a bank will find that the BSA/AML-related risks of a new delivery method or product are simply too great. More often, however, the bank will conclude that it simply needs to develop controls and modify its compliance systems to address the changes. If you do not include both pieces — perform a risk assessment and adjust the bank’s processes and systems as necessary to address the risks — you could be creating significant exposure for the bank in the future.
4.Set the Proper Tone
For all compliance matters it is important the Board of Directors clearly convey its expectations that the institution comply with applicable requirements. Regulators often refer to this as establishing a “culture of compliance.” As part of this culture, performance evaluations of all relevant employees should include a BSA/AML compliance component. Those employees who are not taking their training or who otherwise are performing poorly on BSA/AML compliance matters should suffer negative consequences, including with respect to salary, promotion and, for worst cases, even termination.
Some Common Mistakes
One might expect that BSA/AML weaknesses found in banks highly varied and unique to each institutions, but there actually are some clear patterns. Three common failures are summarized below.
1.Failure to Monitor Trends
The money launderers, terrorist financiers and other criminals that the BSA/AML rules are designed to protect against are always devising new ways to beat the system. Banks need to stay on top of those changes so that they are not caught off guard.
In the worst case, you find about the gaps in your system when your examiner discovers them or after your bank is publicly exposed as having facilitated money laundering or terrorist financing. That is not where a bank wants to be.
Every bank should strive to identify (and correct) its potential weaknesses before others do. There are a number of ways to do this. A first step is to conduct internal BSA/AML monitoring on an ongoing basis, in addition to formal periodic independent testing. Such monitoring does not necessarily need to be performed by an independent party, and in fact the BSA officer may be best suited to ensure on an ongoing basis that the bank’s BSA/AML compliance program is functioning properly. It also can be useful to monitor news reports and regulatory notices and guidelines, and to attend BSA conferences and networking events where bankers talk about their experiences. In this way, the institution can learn from others and take the appropriate steps before it is too late.
2.Failure to Assess New Product and Client Risks
There can be a tendency to look at a new line of business or new type of client and decide that the bank must engage in that business or pursue those clients for business reasons, but then to overlook the BSA/AML-related risks involved. This impulse may be particularly strong when it appears that all of your competitors are capturing the business opportunities. All new products, services, and lines of business need a formal risk assessment prior to implementation. This is important not only for BSA/AML reasons, but for all compliance purposes.
The regulators clearly expect each bank to perform risk assessments of their products and services, business lines, geographies and customers in a formal and documented way. This area is a particularly good illustration of the importance of good documentation. It is not enough to do a risk assessment – your records must show that you did it and that you considered appropriate factors. Based on the results of the risk assessment, you must develop and implement appropriate controls related to those products and services, business lines, geographies and customers, as well as perform monitoring that is appropriate given the risks presented.
Bank examiners expect to find a formal, documented risk assessment, and we believe that a well documented and thoughtful risk assessment can facilitate a more thoughtful examination. If your risk assessment or BSA/AML program looks weak or “thin,” the examiners will have to dig deeper. They will be irritated and they will look for things to be wrong. And they usually will find what they want to find.
3.Failure to Monitor System Effectiveness
Sometimes the systems that a bank has set up so carefully do not really do what the bank thinks they are doing. To make a BSA/AML automated monitoring system works, we need to input data and designate parameters for the types and volume (based on quantity and dollar values) of transactions/activity to flag for review. Only then does the review for potentially suspicious activity begin.
Sometimes, however, the systems do not work as intended. The system might be flagging so many transactions that it becomes difficult or impossible for the bank’s BSA team to identify the truly important transactions. Other times it appears at first that the system is working properly but transactions are being missed because of issues with the data fields that are fed into the system or timing of certain transactions.
The only way to identify these weaknesses is through careful audits on an annual or more frequent basis, where the auditor reviews in detail what the bank expects the monitoring system to be doing, and compares it to what is actually being done, culminating in a review of transactions to confirm that the system is flagging the issues that it should be.
Conclusion
BSA compliance, like all compliance efforts, necessarily requires focus, proper resources, and dedication by the institution. This begins and ends with the Board of Directors. Consider the Best Practices and Common Mistakes described above and judge where your institution stands today.
bsa for the board of directors – exam manual overview
Source: FFIEC BSA/AML Examination Manual
April 29, 2010
Includes all references to “Board of Directors”
Examination Plan – page 16
Independent Testing and Audit
However, the person performing the independent testing must not be involved in any part of the bank’s BSA/AML compliance program. The findings should be reported directly to the board of directors or an audit committee composed primarily or completely of outside directors.
BSA/AML Risk Assessment — Overview, pg 22
The risk assessment should provide a comprehensive analysis of the BSA/AML risks in a concise and organized presentation, and should be shared and communicated with all business lines across the bank, board of directors, management, and appropriate staff; as such, it is a sound practice that the risk assessment be reduced to writing.
Developing the Bank’s BSA/AML Compliance Program Based Upon Its Risk Assessment – pg 28
Consolidated information also assists senior management and the board of directors in understanding and appropriately mitigating risks across the organization. To avoid having an outdated understanding of the BSA/AML risk exposures, the banking organization should continually reassess its BSA/AML risks and communicate with business units, functions, and legal entities
Examiner Determination of the Bank’s BSA/AML Aggregate Risk Profile, pg 30
When the risks are not appropriately controlled, examiners must communicate to management and the board of directors the need to mitigate BSA/AML risk.
BSA/AML Compliance Program — Overview, pg 31
The BSA/AML compliance program30 must be written, approved by the board of directors,31and noted in the board minutes. A bank must have a BSA/AML compliance program commensurate with its respective BSA/AML risk profile
Internal Controls, pg 33
The board of directors, acting through senior management, is ultimately responsible for ensuring that the bank maintains an effective BSA/AML internal control structure, including suspicious activity monitoring and reporting. The board of directors and management should create a culture of compliance to ensure staff adherence to the bank’s BSA/AML policies, procedures, and processes. Internal controls should:
- Inform the board of directors, or a committee thereof, and senior management, of compliance initiatives, identified compliance deficiencies, and corrective action taken, and notify directors and senior management of SARs filed.
Independent Testing, pg 35-36
The frequency and depth of each activity’s audit will vary according to the activity’s risk assessment. Risk-based auditing enables the board of directors and auditors to use the bank’s risk assessment to focus the audit scope on the areas of greatest concern. The testing should assist the board of directors and management in identifying areas of weakness or areas where there is a need for enhancements or stronger controls.
Auditors should document the audit scope, procedures performed, transaction testing completed, and findings of the review. All audit documentation and workpapers should be available for examiner review. Any violations, policy or procedures exceptions, or other deficiencies noted during the audit should be included in an audit report and reported to the board of directors or a designated committee in a timely manner. The board or designated committee and the audit staff should track audit deficiencies and document corrective actions.