The bank has a subsidiary mortgage company of which we do not monitor for BSA purposes. They are their own company with their own EIN. We fund the mortgage company for the loans that they sell to the secondary market. The mortgage company will keep them on their books for approx 30 - 60 until they are sold on the secondary market. They are required to obtain 2 forms of identification but they are not using any software to verify those documents. Of course they pull credit reports and use that as a means of identification as well. They also have procedures in place in case there is a fraud alert on the report. My auditors are of the opinion that as the bank we should be responsible for reviewing their procedures and polices in relation to BSA and require them to perform a 314a scan. Any comments as to how much the bank is required to do?

As a subsidiary, I believe that it is the banks responsibility to go in annually to assess their processes to ensure compliance with all laws and regulations. Ultimately, the bank owns them and it is their responsibility to know where their problems and risks are in all of their business units.

Think about reviewing for an Identity Theft Red Flag program as well.

My bank is in the same spot - we own a mortgage co, insurance co, title co, trust co. The Board and exec managment made a decision 2 years ago to make my department enterprise-wide in it's responsibility (pages 150-151 of the BSA/AML Manual). Yes, they will need to run 314(a) on their customers. The fortunate thing with our company is that the mortgage customers are on our main banking system, so we only have to check one place for their compliance and ours. As far as whose responsibility it is to run 314a or review procedures, that is an executive management decision. Prior to 2 years ago, each of our subsidiaries had their own processes, BSA Officer, etc. I would read carefully the pages mentioned above from the BSA/AML Manual, or pass it on to whoever the decision makers are. Also, it doesn't sound like they are running OFAC?? That is a must!