Thread Options
|
#1961766 - 09/12/14 08:43 PM
BSA Policy Approval
|
Diamond Poster
Joined: Feb 2004
Posts: 1,110
South
|
What is the frequency that the BSA Policy has to be updated? Is it every 12 to 18 months?
|
Return to Top
|
|
|
|
#1961770 - 09/12/14 08:45 PM
Re: BSA Policy Approval
beegee
|
Power Poster
Joined: Jul 2006
Posts: 4,348
New York City
|
It's usually done every 12 months.
_________________________
"100 victories in 100 battles isnt the most skillful. Subduing the other's military w/o battle is the most skillful." Sun-Tzu
|
Return to Top
|
|
|
|
#1961771 - 09/12/14 08:45 PM
Re: BSA Policy Approval
beegee
|
10K Club
Joined: Jul 2001
Posts: 83,371
Galveston, TX
|
Actually, it only has to be updated whenever there is a change to the policy. There is no annual approval requirement anywhere in the regulations.
_________________________
The opinions expressed here should not be construed to be those of my employer: PPDocs.com
|
Return to Top
|
|
|
|
#1961772 - 09/12/14 08:48 PM
Re: BSA Policy Approval
rlcarey
|
Diamond Poster
Joined: Feb 2004
Posts: 1,110
South
|
Thanks again! I did see a reference in the BSA Exam manual to the risk assessment as follows but nothing about the policy:
it is a sound practice for banks to periodically reassess their BSA/AML risks at least every 12 to 18 months.
|
Return to Top
|
|
|
|
#1961774 - 09/12/14 08:50 PM
Re: BSA Policy Approval
beegee
|
10K Club
Joined: Jul 2001
Posts: 83,371
Galveston, TX
|
Yes, risk assessments should be updated on a regular basis.
_________________________
The opinions expressed here should not be construed to be those of my employer: PPDocs.com
|
Return to Top
|
|
|
|
#1961840 - 09/13/14 11:22 AM
Re: BSA Policy Approval
beegee
|
10K Club
Joined: Aug 2001
Posts: 21,939
Next to Harvey
|
To reinforce the idea that the risk assessment drives the policy, report the risk assessment to the board and then note their review of the policy and any attendant changes in the same meeting. (Doing them months apart is a clear indicator that the risk assessment is perceived as a "regulatory requirement," not a worthwhile exercise.)
As noted "the program regulations" promulgated by the federal functional agencies do not require a periodic review of the BSA/AML/OFAC polcies, but some state departments of banking require documented annual reviews of all major policies.
_________________________
In this world you must be oh so smart or oh so pleasant. Well, for years I was smart. I recommend pleasant.
|
Return to Top
|
|
|
|
#1961845 - 09/13/14 01:48 PM
Re: BSA Policy Approval
Elwood P. Dowd
|
Gold Star
Joined: Apr 2009
Posts: 450
|
We've always timed the risk assessment to be completed around the same time as the annual policy update; but we're often left with a list of issues that need corrective action - some of which may require policy updates. Since we've always finished them at the same time, we often are left saying "We should've put that in as a policy change..."
Ken, in your opinion, is it preferable to target risk assessment completion several months in advance of the policy update? After reading your post, I'm getting the sense that it may be more useful to show the board the risks you've identified, the corrective action you took or are taking, and specifically any policy changes you made as a result of your assessment along with changes in the regulatory landscape.
_________________________
CFE, CAMS
|
Return to Top
|
|
|
|
#1961849 - 09/13/14 03:00 PM
Re: BSA Policy Approval
beegee
|
10K Club
Joined: Jul 2001
Posts: 83,371
Galveston, TX
|
Not Ken, but I would suggest that any weaknesses identified in your risk assessment should automatically trigger a change in the internal controls addressed either within your policy or at the very least, your procedures. I would not expect much of a lag time between the completion of the risk assessment and the required modifications.
I would think that the simultaneous presentation of:
1) A presentation of the new risk assessment in which you would highlight the areas of new or increased risk (notice I did not say approve the risk assessment);
2) A request for the board to approve any new policies changes required to sufficiently address the new or increased risks;
and
3) A discussion regarding the procedural changes that management has implemented to address the risks that do not rise to the level of a policy change (notice I did not say approve the procedural changes).
IMHO it sure ties it all together and it will show the regulators that your front to back risk assessment process is working.
_________________________
The opinions expressed here should not be construed to be those of my employer: PPDocs.com
|
Return to Top
|
|
|
|
#1961890 - 09/15/14 12:54 PM
Re: BSA Policy Approval
rlcarey
|
Power Poster
Joined: Jul 2006
Posts: 4,348
New York City
|
Actually, it only has to be updated whenever there is a change to the policy. There is no annual approval requirement anywhere in the regulations. Thank you Randy, I should have been more precise. We approve it annually, changes or not, simply because it's something a number of our peers do and we don't want to stand out. It's something that takes less than 5 minutes and keeps our regulators happy. I would also agree with Randy's statements on the risk assessment process.
_________________________
"100 victories in 100 battles isnt the most skillful. Subduing the other's military w/o battle is the most skillful." Sun-Tzu
|
Return to Top
|
|
|
|
#1961941 - 09/15/14 02:49 PM
Re: BSA Policy Approval
rlcarey
|
10K Club
Joined: Aug 2001
Posts: 21,939
Next to Harvey
|
notice I did not say approve the risk assessment Agreed. There is nothing to vote on. Its receipt and review needs to be noted in the board minutes, but "approving" it indicates the board is the ultimate rubber stamp. Otherwise, right after the vote on the risk assessment they should vote on a ham sandwich. Not whether they want a ham sandwich, just vote on a ham sandwich to be voting on something.
_________________________
In this world you must be oh so smart or oh so pleasant. Well, for years I was smart. I recommend pleasant.
|
Return to Top
|
|
|
|
|
|