On a recent conference call, a number of regulatory bodies were represented, primarily from the northeastern area of the United States; such as the Federal Reserve of Philadelphia, Federal Reserve of New York, New Jersey Department of Banking, FDIC and the OCC. During the call, they agreed that the Bank Secrecy Act (BSA) continued to be one of the most frequent challenges listed by regulators in recent citations. Of those deficiencies; staff turnover, adequate and appropriate use of software, and improving risk assessments were among the most frequently mentioned concerns. In this article, we’ll cover those concerns and some ways to limit your risk associated to each concern.
Staff
The regulator’s (collectively and broadly speaking) say that MRA’s (matter(s) requiring attention) increase when an FI (financial institution) loses their BSA Officer specifically. Regulators seemed to be most concerned that staff turnover typically resulted in a gap of knowledge or understanding of a bank’s BSA program. There are at least two measures you can implement to address this.
First, when it comes to attracting or retaining a BSA officer, it will often come down to recognizing what the employee wants and what the market demands, which often translates to the salary and overall benefits package. Of course this will vary depending on institution and your budget but remaining aware and competitive in the market, especially with non-financial benefits, will go a long way with your employees. For more information on hiring and retaining quality AML (anti-money laundering) professionals, click here.
If your institution can consider reviewing the salary and benefits package for your BSA Officer, that’s a good starting point. If you’re not in that position, a good back-up plan is training a back-up BSA Officer. If you train a back-up it can provide you a number of things:
- It can provide some business security and limit risk by having someone else who is trained in administering your BSA program should an “act of God” happen.
- It can boost your BSA Officer’s morale because they may not feel so overwhelmed that they can use those personal days you’ve given them.
- It can boost your trainee’s morale because they may see the value in learning more and the potential for internal job growth.
Regardless what you decide, having a succession plan for your personnel can help avoid an MRA because of staff turnovers.
Adequate and Appropriate Use of Software
When it comes to the use of an FI’s transaction monitoring software, regulators stressed a couple of things. First, they said FI’s need to continue monitoring their systems once they’ve been implemented to ensure they remain robust. It’s not enough to “set it and forget it”. Products and services change, your customers evolve, and the market grows so your system needs to be able to respond to any new developments. Your rules/scenarios may change and then need to be adjusted accordingly. Conducting an AML model validation is a good way to measure the difference between what you say you’re doing and what your system is actually doing. Further, adhering to this is simply adhering to the second pillar of BSA/AML compliance of independent testing (FFIEC online manual).
Second, continue to fine tune the system based on CDD (customer due diligence) requirements, and furthermore, the new CDD requirements as it relates to beneficial ownership to be implemented by 2018 (Financial Crimes Enforcement Network, 2016). You can read the final rule here.
Finally, FI’s need to be sure they’re using adequate software based on their risk assessment. In some institutions their risk requires a more robust or complex software solution to monitor the risks of their customers despite budgetary constraints.
Improving Risk Assessments
The third most frequently mentioned concern was that of an FI’s risk assessment. Given that an FI’s AML program is based on their risk assessment; including their policies and procedures, the appropriate level of software, and staffing needs; it is imperative that it be accurate and complete. All risks associated to the bank from an AML perspective must be reviewed and addressed in a way to mitigate that risk. A perfect example of this was assessing the appropriateness of new lines of business offered by the bank as well as the level of risk. A thorough risk assessment should include a heat map demonstrating the risk and comparative notes to the industry, peer banks by geography, and risk level. One way to ensure you’re properly assessing your risk is to outsource your risk assessment every couple of years for an independent review and then review it internally in between to make sure it’s still accurate.
Conclusion
Overall, not one representative from the Federal Reserve of Philadelphia, Federal Reserve of New York, New Jersey Department of Banking, FDIC and the OCC indicated that MRA’s are increasing year-over-year for BSA but more so that the reasons for each were for one or more of the aforementioned deficiencies. The risk of each can be mitigated through a number of ways, and a couple were outlined in this article. In the end, retaining a quality BSA officer or having a succession plan in place in the absence of one, implementing the appropriate software, and conducting an adequate risk assessment will help keep your FI out of hot water.
References:
FFIEC Online Manual. https://www.ffiec.gov/bsa_aml_infobase/pages_manual/OLM_008.htm
Financial Crimes Enforcement Network: Customer Due Diligence Requirements for Financial Institutions. (2016, May 11). https://www.gpo.gov/fdsys/pkg/FR-2016-05-11/pdf/2016-10567.pdf
If you would like to know more about ARC Risk and Compliance, or current BSA updates please contact us.