Skip to content
BOL Conferences
Thread Options
#358272 - 05/11/05 04:45 PM SAR to external auditors
Anonymous
Unregistered

Hi...our external auditors is requesting to review our SARs?

Are they permitted to review them?
Any advise would be great.
Thanks.

Return to Top
BSA/AML/CIP/OFAC Forum
#358273 - 05/11/05 04:51 PM Re: SAR to external auditors
David Dickinson Offline
10K Club
David Dickinson
Joined: Nov 2000
Posts: 18,762
Central City, NE
If you want the auditors to provide an independent test of your BSA program, they will need to see the SAR's. I am the president of Banker's Compliance Consulting. We conduct BSA reviews and request SAR's as part of our review. We list in our report that we reviewed SARs and have never had any criticism for this procedure before.
_________________________
David Dickinson
http://www.bankerscompliance.com

Return to Top
#358274 - 05/11/05 05:07 PM Re: SAR to external auditors
Anonymous
Unregistered

Dave,

Thank you for the response. They are external auditors from a financial standpoint. Apologies for not being clear.

Is it still okay for them to review? There was a Fraud issue that needed to be disclosed and required a SAR filing.

Thanks.

Return to Top
#358275 - 05/11/05 10:50 PM Re: SAR to external auditors
David Dickinson Offline
10K Club
David Dickinson
Joined: Nov 2000
Posts: 18,762
Central City, NE
I'm not sure what you mean by "They are external auditors from a financial standpoint."

We are external auditors that are engaged by financial institutions to conduct compliance reviews. We review SARs without any problems.
_________________________
David Dickinson
http://www.bankerscompliance.com

Return to Top
#358276 - 05/11/05 11:52 PM Re: SAR to external auditors
Anonymous
Unregistered

Dave,

"External auditors" that audit/attest our financial statements. The CPA's, KPMG, E&Y, D&T, etc.
Non consulting and non internal audit.

Hope that clarifies my usage and terminology of external auditors.

I thought SARs were confidential and even at a "need to know" basis only within the institution.

Your assistance and input is appreciated.

Return to Top
#358277 - 05/12/05 02:18 AM Re: SAR to external auditors
complianceman Offline
Platinum Poster
complianceman
Joined: Mar 2005
Posts: 687
New Albany, IN
David,

I would have to disagree with you. Once a SAR is filed with the federal agencies, such disclosure of these materials to non-authorized legal entities is a violation of the Act unless you can provide me with guideance that states differently. The FDIC examiners have actually been asking whom has reviewed SAR materials. We do not even disclosure name or information to our Board of Directors or the Audit Committee of the Board of Directors. Just the number of SARs filed in a particular time period.
_________________________
The opinion stated here is what it is, My Opinion.

Return to Top
#358278 - 05/12/05 03:20 AM Re: SAR to external auditors
Kathleen O. Blanchard Offline

10K Club
Kathleen O. Blanchard
Joined: Dec 2000
Posts: 21,293
I particularly don't see why a financial auditor would need to see SARs. We would not allow that. BSA isn't even covered under SOX and if it were, they would be auditing the controls around the process, not the documents themselves.)
_________________________
Kathleen O. Blanchard, CRCM "Kaybee"
HMDA/CRA Training/Consulting/Mapping
The HMDA Academy
www.kaybeescomplianceinsights.com

Return to Top
#358279 - 05/12/05 04:15 AM Re: SAR to external auditors
Al Miller Offline
Diamond Poster
Al Miller
Joined: Oct 2000
Posts: 2,416
Pleasanton CA USA
Take a look at this thread:

http://www.bankersonline.com/ubbthreads/...=true#Post68149

Also, do a search back at least 3 years on redact


Al
_________________________
Al Miller, CRCM
Opinions expressed are my own and not necessarily shared by my employer.

Return to Top
#358280 - 05/12/05 05:14 AM Re: SAR to external auditors
Princess Romeo Offline

Power Poster
Princess Romeo
Joined: Jun 2001
Posts: 8,272
Where the heart is
Your BSA auditor will need to review SARs to audit if they are complete and accurate, and if the narrative is sufficient.

Other than for a BSA audit or your legal counsel (and examiners), no one outside the bank should review them.
_________________________
CRCM,CAMS
Regulations are a poor substitute for ethics.
Just sayin'

Return to Top
#358281 - 05/12/05 11:06 AM Re: SAR to external auditors
Elwood P. Dowd Offline
10K Club
Elwood P. Dowd
Joined: Aug 2001
Posts: 21,939
Next to Harvey
Anyone responsible for reviewing BSA compliance needs access to your SARs and SAR filing processes. The AmSouth decree should adequately support that premise.

If a fraud was material to a financial audit, then external auditors would certainly need all pertinent information regarding the fraud. However, they do not need to see the SAR.
_________________________
In this world you must be oh so smart or oh so pleasant. Well, for years I was smart. I recommend pleasant.

Return to Top
#358282 - 05/12/05 07:56 PM Re: SAR to external auditors
David Dickinson Offline
10K Club
David Dickinson
Joined: Nov 2000
Posts: 18,762
Central City, NE
Bonnie and Ken said exactly what I'm trying to state. If you want a review of SAR's (as part of your BSA review), you have to let the auditor see the SAR's. How else can you have an independent audit of BSA?

If the auditors are not reviewing SAR's as part of the scope, then I agree that they should not have access to them.
_________________________
David Dickinson
http://www.bankerscompliance.com

Return to Top
#358283 - 05/13/05 02:10 AM Re: SAR to external auditors
Kathleen O. Blanchard Offline

10K Club
Kathleen O. Blanchard
Joined: Dec 2000
Posts: 21,293
I think the questioner is referring to the bank's EXTERNAL auditors, the public auditing firm auditing the financials, vs AN external firm engaged for a BSA audit. Big difference! If it is the the external financial auditors, this isn't for their edification, so they can peruse SARS. If it is AN external firm you hired to audit BSA, no problem.
_________________________
Kathleen O. Blanchard, CRCM "Kaybee"
HMDA/CRA Training/Consulting/Mapping
The HMDA Academy
www.kaybeescomplianceinsights.com

Return to Top
#358284 - 05/13/05 07:39 AM Re: SAR to external auditors
Anonymous
Unregistered

thank's kaybee....
just one question
can or can't the EXTERNAL auditors review the SARs due to fraud? The reason I'm asking is because you stated " this isn't for their edification, so they can peruse SARS..."

Thanks to everyone

Return to Top
#358285 - 05/13/05 01:44 PM Re: SAR to external auditors
David Dickinson Offline
10K Club
David Dickinson
Joined: Nov 2000
Posts: 18,762
Central City, NE
Quote:

I think the questioner is referring to the bank's EXTERNAL auditors, the public auditing firm auditing the financials, vs AN external firm engaged for a BSA audit. Big difference! If it is the the external financial auditors, this isn't for their edification, so they can peruse SARS. If it is AN external firm you hired to audit BSA, no problem.



Here's the original post:
Hi...our external auditors is requesting to review our SARs?
Are they permitted to review them?
Any advise would be great.
Thanks.
-----------------------------------------------------------
You might be right kaybee, but I didn't see anything that said this was for a public auditing firm auditing the financials, vs AN external firm engaged for a BSA audit. I consider Banker's Compliance Consulting to be "external auditors" yet we conduct BSA reviews.
_________________________
David Dickinson
http://www.bankerscompliance.com

Return to Top
#358286 - 05/13/05 03:41 PM Re: SAR to external auditors
Kathleen O. Blanchard Offline

10K Club
Kathleen O. Blanchard
Joined: Dec 2000
Posts: 21,293
I agree, the original post didn't make that clear. A subsequent post said:


""External auditors" that audit/attest our financial statements. The CPA's, KPMG, E&Y, D&T, etc.
Non consulting and non internal audit.

Hope that clarifies my usage and terminology of external auditors."

I don't let KPMG review our SARs. I do allow the outside firm that conducts our BSA audit review them. If KPMG or EY were conducting our BSA audit, they could. My comment on perusal meant that KPMG can't troll through confidential files just because they are curious. There is a need to know standard.
_________________________
Kathleen O. Blanchard, CRCM "Kaybee"
HMDA/CRA Training/Consulting/Mapping
The HMDA Academy
www.kaybeescomplianceinsights.com

Return to Top
#358287 - 05/13/05 03:47 PM Re: SAR to external auditors
David Dickinson Offline
10K Club
David Dickinson
Joined: Nov 2000
Posts: 18,762
Central City, NE
I stand corrected. Sorry that I didn't catch the "audit/attest our financial statements" info. You are right that these people don't have a need or right to see the SARs. You also mention that you do allow the BSA auditors to see your SAR's.

Sounds like we're on the same page.
_________________________
David Dickinson
http://www.bankerscompliance.com

Return to Top
#358288 - 05/13/05 05:12 PM Re: SAR to external auditors
Jay-Risk Offline
Gold Star
Joined: May 2004
Posts: 274
New England
I would agree with David and others here who state that you should not provide the actual SAR form (e.g., For FDIC it's OMB No. 3064-0077, for OCC OMB No. 1557-0180, for OTS OMB No. 1550-0003, etc.) to the external CPAs as part of an attestation. However, there is a dilemma which requires a degree of flexibility and thinking outside of the proverbial box: The auditors must attest that there is no intentional misapplication of GAAP; no falisification of accounting records or documents; must certify that there are no misstatements arising from any misappropriation of assets; and must attest to your institution's board of directors that nothing has occurred, such as a theft, which has materially caused the financial statements not to be fairly presented. They must, therefore, address Statement of Auditing Standards No. 99, Consideration of Fraud in a Financial Statement Audit. www.aicpa.org/antifraud www.cpa2biz.com

There is nothing wrong with your providing other documents, such as report narratives and other information which do not constitute the SAR form. Many institutions' investigative reports and anti-fraud processes are in separate reports. Though conducted in juxtaposition with the SAR completion, these separate documents can and should be shared with external attestation auditors. The CPAs would probably not be concerned with matters related to external BSA currency issues under 31 CFR Part 103, but they would certainly be concerned with the materiality to the financial statements of a computer intrusion, a large commercial loan fraud, a significant embezzlement, insider fraud, and other matters which obviously relate to their fiduciary duty to attest to the control systems preventing, detecting, and mitigating fraud in the institution.

Using a degree of flexibility will allow you to find a way to share substantive data about fraud matters with them, without getting hung up on the SAR issue. Most third party anti-fraud prefessionals know now not to ask for "the SAR" itself, but merely ask for a listing of any financial frauds and a narrative -- but not the SAR -- identifying the status and resolution of the fraud matter.

In the post-Enron/Worldcom environment resulting in the creation of the Public Company Accounting Oversight Board (PCAOB), a request by a CPA (who, after all, is acting as fiduciary) for the disclosure of fraud information and its resolution -- but not the SAR form itself -- is a very reasonable and necessary request.

Return to Top
#358289 - 05/13/05 06:41 PM Re: SAR to external auditors
samsara Offline
100 Club
Joined: Mar 2004
Posts: 102
New York
The external auditors preparing the financial statements do not normally do a BSA audit. That would be a specific assignment for auditors qualified to do compliance audits, which would not include most CPA firms doing the annual audit.

Return to Top
#358290 - 05/13/05 08:03 PM Re: SAR to external auditors
Jay-Risk Offline
Gold Star
Joined: May 2004
Posts: 274
New England
Quote:

The external auditors preparing the financial statements do not normally do a BSA audit. That would be a specific assignment for auditors qualified to do compliance audits, which would not include most CPA firms doing the annual audit.




Although your statements are correct, the original anon appears to be questioning the appropriateness of releasing to the attestation auditors a copy of a SAR that was completed as part of a fraud investigation. The anon qualifies in post 362679 that his/her institution did sustain a fraud.

We all agree: Don't provide a copy of the actual SAR.

Forgetting for a moment the SAR, there is the matter of a fraud having occurred. I don't see anywhere where the anon mentions a BSA audit, a compliance audit, or any other type of audit other than a financial attestation. This means that the CPAs have a duty to attest to the status of material fraud in the institution. For the record, we don't know if the CPAs actually said, "Let us see the SAR", or if they said, "May we see internal reports related to the detection and resolution of the fraud". There are numerous regulatory issuances stating, specifically, that attestation auditors may see reports of examination and other reports of condition, so it is proper that they view reports associated with a fraud. This is not that complex.

(For the record, many Big-4 audit and third-party audit firms employ CRCMs and CAMS and have very large BSA audit units, such as KPMG and PricewaterhouseCoopers, so the SAR confidentiality issue is not a foreign subject to these firms).

Return to Top

Moderator:  Andy_Z