Common Issues and Problems in BSA Enforcement Actions
Written by Shari R. Pogach, Regulatory Paralegal
I attended the 2016 Mid-Atlantic Anti-Money Laundering Conference a couple of weeks ago. This conference is put on and sponsored by law enforcement agencies to share the latest trends in illicit and money laundering cases.
One panel discussion covered compliance challenges the financial industry faces in Bank Secrecy Act (BSA) compliance. During this session a panelist highlighted common issues and problems found in regulatory enforcement actions involving banks. Regulators continue to find issues and problems with weak or poor internal controls, transaction monitoring and suspicious activity reporting such as
Internal Controls
Risk assessments are too narrowly focused.
- Using incorrect customer risk ratings.
- A failure to obtain and verify Customer Identification Program information.
- Lack of documentation of customer due diligence and enhanced due diligence.
Transaction Monitoring/Suspicious Activity Reporting
- Using manual transaction monitoring.
- Institution has outgrown its monitoring systems.
- Model validation issues.
- Using caps on the numbers of alerts.
Regulators have found that institutions purchase expensive monitoring systems but then do not tailor the system to the institution's customer base or transaction size. Often alerts are tweaked in accordance with an institution's staffing levels rather than to its appropriate level of risk. The effectiveness of manual transaction monitoring in terms of an institution's transaction volume is also questionable.
The panel expressed that is acceptable to have alert suppressions with the appropriate justification but such a decision needs to be documented. And, an institution should not continue an alert suppression forever without an update of the analytics or the customer information. What if the parameters have changed?
Although the information presented here comes from the banking side, it still serves as a useful reminder of the more common BSA compliance failings. Credit unions looking for reminders on these points might review the following sections of the Federal Financial Institutions Examination Council's (FFIEC's) Bank Secrecy Act/Anti-Money Laundering (BSA/AML) Examination Manual:
- Risk Assessment-Overview, FFIEC BSA/AML Examination Manual
- Customer Identification Program Overview, FFIEC BSA/AML Examination Manual
- Customer Due Diligence-Overview, FFIEC BSA/AML Examination Manual
- Transaction Monitoring and Systems to Identify, Research, and Report Suspicious Activity sections of the Suspicious Activity Reporting-Overview, FFIEC BSA/AML Examination Manual