How to Ace Your BSA Exam & Risk Assessment

Similar documents
Bank Secrecy Act and OFAC Compliance Board of Directors Training

ANTI-MONEY LAUNDERING IN

BSA Excellence: Officer Training

BSA/AML & OFAC Volunteer Compliance Training. Agenda

Anti-Money Laundering. How to set up a strong Compliance Program

BSA/AML/OFAC for Bankers Jennifer Morrison Education Chair, COAFP for Buckeye Financial Forum, April 24, 2017

Bank Secrecy Act Errors & Exceptions: How Does Your Credit Union Compare?

BSA/AML Excellence and the Role of Governance NEW JERSEY BANKERS ASSOCIATION ANNUAL CONFERENCE MAY 2017

Bank Secrecy Act. CUNA Must Know Mondays. November 17, 2014

TokenLot, LLC BSA Officer TokenLot, LLC Board of Directors

Bank Secrecy Act (BSA)/Anti-Money Laundering (AML) Employee & Agent Training

Bank Secrecy Act for Directors

Bank Secrecy Act OFAC FinCEN

Bank Secrecy Act & Anti-Money Laundering for Directors. Mike Lee Director of Regulatory Advocacy

2016 BSA/AML/OFAC Training Series

CITIZENS, INC. BANK SECRECY ACT/ ANTI-MONEY LAUNDERING POLICY AND PROGRAM

Bank Secrecy Act for Operations Staff

Identify and Monitor High- Risk and Money Service Businesses Accounts. Presented by Lynn English Lafayette Federal Credit Union

Bank Secrecy Act OFAC FinCEN

BSA/AML Hot Topics and UIGEA Daniel Hastings Financial Institution Examiner - FDIC

Bank Secrecy Act. The board establishes adequate policies and procedures in accordance with anti-money laundering laws and regulations.

Sanctions Risk Management Symposium

for Boards 2015 Spring Leadership Development Conference

Bank Secrecy Act for Volunteers Southeast Leadership Development Conference Destin, Florida November 5, 2015

2015 Bank Secrecy Act

Bank Secrecy Act Hot Topics!

Trans-Fast Remittance LLC. AML Compliance Training for Agents

10 ESSENTIAL TERMS FOR BITCOIN REGULATION

Definitions AML/BSA Risks Assess Your Risks Identify the Risks Mitigate the Risks Scenario Questions?

Bank Secrecy Act 101 Fall Colleen Kelly & Valerie Moss CUNA Compliance

Anti-Money Laundering and Terrorist Financing Prevention Compliance Program Creation Guide

Anti-Money Laundering and Terrorist Financing Prevention Compliance Program Creation Guide

THE LINE IN THE SAND: FRAUD AWARENESS, PREVENTION, & DETECTION THE FOUR COMPONENTS OF A SUSPICIOUS ACTIVITY PROGRAM

Bank Secrecy Act. Presented by: Martin (Marty) Mitchell, CRCM Managing Director, ProBank Austin

BSA/AML Literacy Test 1

Introduction. Background on Money Laundering. Background on Terrorist financing. Bank Secrecy Act (Regulations)

Anti-Money Laundering and Counter Terrorism

UNITED STATES OF AMERICA DEPARTMENT OF THE TREASURY COMPTROLLER OF THE CURRENCY CONSENT ORDER

Practical Suggestions for an Effective AML/OFAC Compliance Function

UNITED STATES OF AMERICA DEPARTMENT OF THE TREASURY FINANCIAL CRIMES ENFORCEMENT NETWORK

Beneficial Ownership Rules. Iowa Bankers Association

ANTI-MONEY LAUNDERING AND COUNTER TERRORISM FINANCING PROCEDURE MANUAL. Fcorp Services Ltd

CUSTOMER DUE DILIGENC

ACFE and ACAMS South Florida Chapter 2015 AML/Fraud Conference

Bank Secrecy Act Credit Union Training for Board Members and other Volunteers. Overview. Overview. Overview of Money Laundering and Financial Crime

by: Stephen King, JD, AMLP

Preparing for Your BSA Compliance Exams. Ted Dreyer, Senior Attorney Wolters Kluwer

was either an actual or potential victim of a criminal violation, or series of criminal violations, or that the

Developments in Anti-Money Laundering Regulation for Investment Advisers and Funding Portals. May 2016

ANTI-MONEY LAUNDERING COMPLIANCE GUIDE

Oklahoma Agent Compliance Training Guide

Bank Secrecy Act for Consumer Lending Staff

New BSA Officer Training Community Bankers Webinar Network June 2017

Government Personnel Mutual Life Insurance Company. Anti-Money Laundering (AML) Program; Including Suspicious Activity Reports

FXPRIMUS ANTI-MONEY LAUNDERING ("AML") POLICY

FEDERAL DEPOSIT INSURANCE CORPORATION WASHINGTON, D.C. ) ) ) ) ) ) ) ) ) )

DEPOSIT INSURANCE CORPORATION WASHINGTON, D.C.

PRESIDENTIAL LIFE INSURANCE COMPANY

Member Identification Program

Do You Know Your Customer? 2017 Asset Management & Operations Servicer Workshop

United States Agent Compliance Training Guide

BSA/AML/OFAC Training Series

Heather Jones September 2016 Carma Parrish September 2016 POLICY: BSA Risk Assessment Policy BOD Approved Date: September 2016

ANTI-MONEY LAUNDERING PROGRAM Applicable to:

AUTO-OWNERS ASSOCIATES CREDIT UNION POLICY AND PROCEDURES MANUAL

Detecting Hidden Risks:

Bank Secrecy Act OFAC FinCEN

Bank Secrecy Act Anti-Money Laundering Examination Manual

Foreign Financial Institutions Anti-Money Laundering Questionnaire

COMPLIANCE MANAGEMENT: THE ART OF BOARD REPORTING

Bank Secrecy Act/ Anti-Money Laundering Examination Manual

Understanding the Bank Secrecy Act

NOTICE: THIS IS ONLY A SAMPLE. DO NOT USE THIS DOCUMENT WITHOUT FIRST CONSULTING WITH LEGAL COUNSEL.

New Member Interview: CIP, CDD

Bank Secrecy Act- USA Patriot Act Compliance

BSA CDD/EDD and Beneficial Ownership and other BSA Hot Topics

Bank Secrecy Act (BSA) and Anti-Money Laundering (AML) Policy and Program for BancStar, Inc. Affiliated Banks

8300/OFAC COMPLIANCE. Aka: What you don t know can hurt you. Presented by: Robert Frimet, CAMS

Money Laundering and Terrorist Financing Risks in the E-Money Sector

Jamie L. Howell, CUCE

OCC Policy Statement on Tax Refund-Related Products

BSA/AML Compliance: Current Issues in Identifying and Reporting Suspicious Activity

Bank Secrecy Act Examination Procedures. Sections 313, 314, and 319(b) of the USA PATRIOT Act (31 CFR , , , 103.

Audit Planning PRESENTED BY: MICHAEL L. FORTMAN, CPA SENIOR MANAGER BROK A. LAHRMAN, CPA SENIOR MANAGER

RE: Customer Due Diligence Requirements for Financial Institutions, Docket No. FINCEN

OFAC Compliance Officer Responsibilities. OFAC Regulations. Transactions Subject to OFAC. Reviewed by and Date:

New Coordinates. Boards of Directors Face Growing AML Accountability By Saverio Mirarchi

The Arizona Bankers Association and The Phoenix FBI presents The Financial Institutions Fraud and Security Seminar

Liberty Bankers Life Insurance Company

UNITED STATES OF AMERICA DEPARTMENT OF THE TREASURY FINANCIAL CRIMES ENFORCEMENT NETWORK

Customer Identification Procedures for Brokers

Agent Compliance Manual. For Caribbean Airmail, Inc. Bank Secrecy Act Anti Money Laundering OFAC USA PATRIOT ACT CFPB July 2014

A Risk-Based Program

UNITED STATES OF AMERICA DEPARTMENT OF THE TREASURY FINANCIAL CRIMES ENFORCEMENT NETWORK ASSESSMENT OF CIVIL MONEY PENALTY

Developing and Implementing an AML- CFT Compliance Program. Sarah Green, Senior Director, Enforcement and BSA Policy November 2015

Federal Bank Secrecy Act / Anti-Money Laundering (BSA/AML) Oversight

SECTION 3 THE BANK SECRECY ACT

Regulatory Compliance Update

C- To perfectly know the entire Bank s customers by capturing, examining and continuously monitoring all the information related to them.

Act 3 Anti-Money Laundering (Amendment) Act 2017

Transcription:

How to Ace Your BSA Exam & Risk Assessment LeVar Anderson, CAMS, AAP Auditor, Carolinas Credit Union League Agenda NCUA Examiners review compliance with BSA as part of every exam cycle using examination procedures contained in the FFIEC s Bank Secrecy Act/Anti-Money Laundering Examination Manual. During this presentation, we will look at some of the examiners hot spots for BSA which include Risk Assessments, Customer Due Diligence, OFAC, and Training requirements. The goal is to help you be successful in your BSA/AML/OFAC compliance and feel more confident when exam time comes around. Risk Assessment An AML/BSA exam must begin with a review of the Credit Union s Risk Assessment. Effective assessments identify and document products, services, customers, and geographic locations of members that present a higher risk of money laundering and terrorist financing. Examiners want to see that the assessment covers all lines of business and includes any new products, services, or locations that have been added in recent months. Levels of risk can be broken down into the following levels: Prohibited, High-Risk, Medium-Risk, or Low-Risk. 1

Board approval of Risk Assessment Risk Assessment is updated annually and reviewed by the Board of Directors within the last 12 months. Document whenever the Board reviews the Risk Assessment within the Board minutes NCUA expects that discussions about BSA/AML risk is conducted at all levels, including Board & Senior Management. This includes the review and approval of the Risk Assessment, annual review of the BSA/AML policy, and the review of the Independent Audit BSA/AML report. Assessment not reviewed by the Board of Directors on an annual basis Assessment not specific and unique to the Credit Union Assessment consists of a series of spreadsheets, difficult to read, lacks a clear narrative Fails to consider all major categories of risk Not all products and/or services are included Products and Services Per FFIEC Examination Manual: Certain products and services may pose a higher risk of money laundering. Such products and services may facilitate a higher degree of anonymity (e.g. prepaid cards or online banking), or involve the handling of high volumes of currency. Examiners will evaluate the types of products/services offered. Consideration should be given to the actual number of members that are actually using the products/services. For example, Remote Deposit Capture (RDC) is considered higher risk than ACH. However, Credit Union will have more ACH transactions than RDC transactions on any given day. New products/services pose a higher risk because of the level of uncertainty as to how each product/service may be used and the potential for misuse. 2

Examples of higher-risk products/services Accounts opened through the internet or mail (non branch, non face to face) Originating International ACH Transactions Large number of International wire transfers Remote Deposit Capture Stored value cards Internet/online banking Higher balance business accounts Private banking services Safe deposit box services Customer and Entities Per FFIEC Examination Manual, Identifying individuals and business customers that may create AML risk based on occupation, reasons for accounts, or currency activity in accounts. Risk Assessment should clearly define the nature of the Credit Union s membership base. The Credit Union s position on opening business accounts, cash intensive businesses, and Money Service Businesses (MSBs) should be stated within the Risk Assessment. Examples of higher-risk customers/entities Money Service Businesses (MSBs) Non-Govermental Organizations or Charities Night Clubs Used Car Dealerships Convenience stores Pay Day lenders Political exposed persons (PEPs) Real estate agents Gatekeepers 3

Geographical location Per FFIEC Examination Manual, Identifying geographic locations that may pose a higher risk as essential to a Credit Union s BSA/AML compliance program. Higher-risk locations can be either international or domestic Domestic higher-risk geographic locations include: High Intensity Drug Trafficking Areas (HIDTA) https://www.federalregister.gov/documents/2017/09/29/2017-20937/designation-of-16-counties-as-high-intensity-drug-trafficking-areas High Intensity Financial Crimes Areas (HIFCA) https://www.fincen.gov/hifca Examples of higher-risk geographic locations Branches of significant populations located within a HIDTA or HIFCA Located within a highly diverse metro area Business conducted within high-risk countries Other factors to consider: Number and frequency of CTRs Level of wire transfer activity, domestic and international Level of monetary instrument activity Key employee personnel and level of turnover The number of positive 314(a) or OFAC matches The number of exempt accounts Professional Service Providers (lawyers, accountants) Employee expertise and training OFAC (if there is not a separate OFAC Risk Assessment) 4

Training Per FFIEC Manual, At a minimum, the bank s (Credit Union s) training program must provide training for all personnel whose duties require knowledge of the BSA. Training: one of the basic elements of a BSA/AML program. Note: BSA Officer should receive a higher level of specialized training that is relevant and appropriate to the overall risk of the Credit Union. NCUA expects the BSA Officer to stay informed of new trends and developments. Examiner s interviews with BSA personnel may reveal whether they have been properly trained. Members of the Board of Directors and/or Supervisory Committee did not receive annual training. (All members of the Board of Directors and Supervisory Committee must receive training on an annual basis) Copies of training schedules and attendance records not maintained Training does not include the Credit Union s internal policies and procedures New employees conducting transactions before being trained on BSA risk and internal controls Training content has not been updated Document the training Maintain sign-in sheets and/or certifications of attendance The content of the training should be included in the file for examiners to review Training should be tailored to the person s specific responsibilities Training content updated on an annual basis Train new hires within a period of time from the date of hire Training includes both BSA regulations and the Credit Union s internal policy and procedures 5

Training should include: Basic BSA regulations The Credit Union s internal policy and procedures How to react when faced with a suspicious member or transaction How to escalate suspicious activity to the appropriate departments New account documentation OFAC Penalties for noncompliance with internal policies and regulatory requirements Areas identified as higher risk in the Risk Assessment Independent Testing One of the pillars of a strong AML/BSA compliance program. Key word is Independent Policies should state: The frequency of testing (every 12-18 months based on Credit Union s risk profile) Results are reported directly to the Board of Directors or Supervisory Committee Audit is conducted by Internal Audit, or other qualified independent party Independent testing requirements Independent testing should at a minimum: Be based on the risk profile of the Credit Union Evaluate the overall integrity and effectiveness of the AML/BSA program Evaluate policies pertaining to AML/BSA reporting and recordkeeping requirements Evaluate the adequacy of the Credit Union s training program Evaluate the Credit Union s systems, whether automated or manual for identifying suspicious activity Evaluate the implementation of the CIP/CDD program 6

Individual(s) conducting the audit did not have the knowledge, experience, or skills to properly review and test the BSA program Examiners are putting greater emphasis on the qualifications of the individual performed the BSA Independent testing. Failure to properly address audit issues When an Independent auditor identifies issues, take action. Necessary changes must be implemented. Document the reason you elect not to implement any recommendations by the Independent auditor. Examiners will review and evaluate the Independent Testing. If the auditors scope was detailed, the examiners may not broaden their scope of review. Information Sharing 314(a) Section 314(a) Information Sharing, consists of law enforcement agencies asking financial institutions through FinCEN, to state whether particular individuals, businesses, or organizations (a) maintain a current account with the institution (b) have maintained an account with the institution during the preceding twelve months (c) have been involved in any transactions or transmittal of funds by or through the institution during the preceding six months. Credit Unions are required to search their records and report any positive matches within fourteen (14) calendar days after the date of the request. Credit Union must designate at least one person to be the point of contact regarding all 314(a) requests. (NCUA prefers at least two point of contacts) Information Sharing 314(b) Section 314(b) encourages financial institution s (located in the United States) to share information in order to identify and report activities that may involve terrorist activity or money laundering. Does the Credit Union participate in 314(b) sharing with other financial institutions? NCUA will check that forms filed with FinCEN have an effective date within the last twelve months Credit Unions should save a copy of the FinCEN certificate when registering for Section 314(b) in a confidential file. 7

The most recent call report does not include an accurate point of contact to receive information requests from FinCEN Documentation is not maintained to show records are being searched within fourteen days Lack of clear records in regard to resolution of the search (were there any positive matches?) Searches do not include accounts maintained by the named subject during the preceding 12 months and transactions conducted within the last six months The policy and procedures do not provide information on how the Credit Union will search all records identified for section 314(a) information requests OFAC OFAC regulations are not technically a part of AML/BSA. However, they are linked to AML/BSA for purposes for NCUA examinations. OFAC maintains a watchlist of over 14,000 individuals and entities that no U.S. persons or entities can do business with. NCUA requires Credit Union s to have policies and procedures in place to screen for and identify any potential matches to the OFAC list. OFAC provides this information via the Specially Designated Nationals (SDN) list and various sanctions programs. Are these transactions checked against OFAC? The payee on Credit Union issued cashiers checks The payee of on-us checks cashed in the Credit Union lobbies International ACH transactions The originator or beneficiary of a wire (the one not involving the credit union member) The Credit Union s own employees Note: It is not necessary to check OFAC if (a) a federal agency (b) a known utility company such as Duke Energy (c) a known financial institution. These institutions are regulated by the Federal Government. 8

Lack of clear records in regard to resolution of false positives OFAC checks are not documented at new account opening Failing to use updated lists (be sure your third party provider is utilizing the most current and up to date lists) Credit Union not comparing the SDN list generated by OFAC against the account holder database on a regular basis Individual or business name not entered accurately (the settings on some systems do not allow any error) Unable to provide documentation that an OFAC search was conducted for cashier checks and on us checks cashed in the Credit Union lobby Dollar thresholds The Credit Union may decide to not check OFAC lists on small dollar transactions (e.g. checks cashed on the front line) Be able to discuss with Examiners the reasoning for the decisions on what transactions to check, when to check, and how to check. Document any dollar thresholds within the Risk Assessment. Any decisions based on dollar thresholds must be based on the Credit Union s risk profile. Customer Identification Program (CIP) Customer Identification Program (CIP): The Credit Union must have a reasonable belief that the identity of an individual is known. CIP requires all financial institution s to collect and document a name, date of birth, address, and identification/taxpayer number. A notice must be posted advising the member that the Credit Union will request information to verify identity (lobby, website, or within loan application documents) Required to keep CIP data for five years after the account is closed Procedures for circumstances in which the Credit Union cannot form a reasonable belief that it knows the true identity of a member 9

Customer Due Diligence (CDD) Referred to as Member Due Diligence (MDD) by most NCUA examiners This presentation will refer to Customer Due Diligence (CDD) to keep in line with the FFIEC AML/BSA Examination Manual. Customer Due Diligence (CDD): Credit Unions must predict with relative certainty the types of transactions a member is likely to engage. Procedures should be designed to help the Credit Union obtain sufficient information (beyond the four pieces of CIP information) to develop a level of comfort with it s members expected account activity. CIP vs. CDD CIP: Legal Name Correct permanent address (P.O. Box number is not sufficient) Date of Birth Personal Identification Number contained in an unexpired, official, governmentissued document (driver s license/passport) that has a photograph of the member CDD: Occupation, name of employer Telephone number and email address Confirming the permanent address using an official document (e.g. utility bill, bank statement, or tax assessment) CDD for Business Accounts To determine relevant risk, Examiners will want to see the following information collected for business accounts: Copy of the Certificate of Incorporation Nature of business and purpose of account Expected pattern of activity (volume, nature of transactions, and amounts) Origination and destination of funds Identification of those who have authority to operate the account, including the beneficial owners 10

Records maintained are not clear or easily readable (e.g. drivers license/passports) Credit Union not following it s own internal policies (especially if it goes beyond the CIP requirements) Membership cards missing information, or fields are just not completed Not identifying the business type at account opening (nongovernment organizations, cash intensive businesses, and professional service providers are considered higher-risk) Transaction Monitoring On June 30, 2016, the New York Department of Financial Services issued final rule Part 504 requiring Senior Officials or Board of Directors to certify the effectiveness of AML and OFAC transaction monitoring and filtering programs. While this is a New York state law, other states are closely watching the implementation and may intend to pass similar laws. -ACAMS Today, September-November 2017 What reports are used to discover possible money laundering? Examiners want to know what methods are being used to discover possible money laundering. Examiners may review the following reports during an exam: Daily cash activity over $10,000 Daily cash activity just below $10,000 Cash activity aggregated over a period of time (e.g. 30 days) Monetary instrument logs/reports Wire transfer report/logs (with filters using amounts & geographical factors) Shared branching reports Significant balance change reports 11

Common exam finding: wire transfers Wire transfers are often limited to recordkeeping standards (travel rule) as opposed to the identification of suspicious activity. Wire transfers are considered higher risk by management due to risk of loss perspective but should also be considered higher risk from an AML risk standpoint. Credit Union s should maintain wire transfer logs. Examiners prefer wire logs in an electronic, searchable format that contains sufficient information to better identify risk International wires are suggested to be listed separately from domestic wire transfers due to the higher risk associated with International wires Suspicious activity concerning wires Wire transfer activity to/from higher risk countries Frequent wire transfers with no apparent business reason High volume of wire transfers with low account balances Wire transfers involving currency exceeding $10,000 Large, round dollar amounts Transfers routed through multiple foreign or domestic banks An increase in international wire transfer activity in an account with no history of such activity or where the business of the customer does not warrant it BSA Policies and Procedures The Credit Union s policies and procedures must meet two goals: Stay current with changes in regulations, regulatory guidance, as well as new products/services and new information systems Be accessible to used by employees Requirements: Policy should be reviewed and approved annually by the Board of Directors Address continuity in the Credit Union s BSA staffing (back-up BSA Officer) Specially address the four pillars (internal controls, BSA Officer, training, and Independent testing) 12

Policy not reviewed by the Board of Directors within the past twelve months Policies refer to various procedures; however, the Credit Union is unable to produce the procedures (remove references to procedures that don t exist) Policies and procedures do not reflect current practice or do not indicate the correct individual currently responsible for implementing them Know Your Employee (KYE) Know Your Employee (KYE) is similar to Know Your Customer (KYC). Examiners expect Credit Unions to screen employees as thoroughly as they do a member. A KYE program allows the Credit Union to understand an employees background, conflict of interest, and possible susceptibility to money laundering. Background screening of prospective and current employees, especially for criminal history is essential Management should also have policies that address what to do when a screening uncovers information contrary to what the applicant or employee provided File a SAR for insider abuse in any amount Some of the most common activities cited in SARs involving employee insiders were (per SAR Assessment Report): Teller theft from cash drawer or vault Corporate credit card fraud Engaging in mortgage loan fraud by submitting misrepresentations of borrower s income, employment, credit, etc. Accessing customer funds or using customer credit to purchase items Check kiting 13

Signs of Suspicious Employee Activity Employee frequently overrides internal controls, evades policy, or established approval authority Employee is involved in an excessive number of unresolved exceptions (e.g. accounts cards, CTRs) Employee lives a lavish lifestyle that can not be supported by his or her salary Employee exaggerates the credentials or financial ability of a member in written reports Employee avoids taking periodic vacations Monetary Instrument Recordkeeping Credit Unions are required to verify the identity of persons purchasing monetary instruments for currency in amounts between $3,000 and $10,000, inclusive, and to maintain records of all such sales. Credit Unions may implement a policy requiring customers who are deposit accountholders and who want to purchase monetary instruments in amounts between $3,000 and $10,000 with currency to first deposit the currency into their deposit accounts. Nothing within the BSA or its implementing regulations prohibits a bank from instituting such a policy. However, FinCEN takes the position that when a customer purchases a monetary instrument in amounts between $3,000 and $10,000 using currency that the customer first deposits into the customer s account, the transaction is still subject to the recordkeeping requirements. High-Risk Members Does the Credit Union have any high-risk accounts? If so, a list must be maintained. Examiners may review the current list of high-risk members and verify that the accounts have been reviewed within the last three months Examiners will review the named suspects in all SAR filings. If these are members, verify that they were added to the high-risk list and enhanced due diligence is being performed at least every ninety days Failure to monitor high-risk members is a common exam finding. Be sure to have a process for identifying and monitoring high-risk members 14

CTRs and SARs not completed correctly Failure to fail SARs on a timely basis SARs not reported to the Board of Directors Policies and procedures do not include whether, and/or when, the Credit Union will close an account due to repeated/continuing SAR filings Poor SAR narratives lacking in why the activity is suspicious No documentation that exempt members have been reviewed on an annual basis QUESTIONS??? 15

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback