Red Flags and BSA/AML programs involve twelve critical functions, do you know what they are?
Question: We know that there is overlap between Red Flags and BSA/AML but what are the common functions?
Answer: Both of these compliance programs are aimed at different objectives, but many of the functions are common and may be combined:
- Customer Screening/CIP - Both programs require effective new customer screening, but AML/CIP requirements are more comprehensive.
- Risk-based Assessments - While BSA/AML requires account risk assessment that includes consideration of customer characteristics, products/services used, and location risks; Red Flags requirements include assessment of only customer and products/services risks.
- CIF Scrubbing - Red Flags doesn't involve OFAC-CIF scrubbing, but there are indicators, such as duplicate SSNs that should be included in a periodic review of CIF records.
- Fraud Account Activity Monitoring - An comprehensive existing fraud prevention program may already include analysis of account activity that satisfies Red Flags requirements.
- AML/EDD Account Activity Monitoring - While also incorporating analysis of traditional fraud risks, AML/EDD focuses on credit and transfer activities that may be part of identity theft attacks.
- Case Management - Red Flags indicators may come from several sources (account opening, credit agency, customer reports, and account activity monitoring) and many indicators are not necessarily conclusively fraud. Consequently, monitoring, tracking, administration, management and reporting can be critical functions.
- SAR/CTR Reporting - Red Flags requirements include SAR reporting, but not CTRs. Combined Red Flags and AML reporting may avoid duplication.
- Risk Change Management/Review - Both programs require that periodic reviews be performed to re-evaluate and update risk assessments.
- Management Reporting - Reports to managers are called for by both programs, including at minimum, annual reports to the Board.
- Records/History Retention - Red Flags requirements for "continued administration" suggest that records of ID Theft related events, activities, reports, etc. by retained for review by examiners.
- Data Reference Maintenance - Both Red Flags and AML require access to varied reference information to support activities such as address verification, SSN checking, phone number screening, etc. Up-to-date maintenance of this data is critical to the accuracy of the programs.
- Staff Training - Perhaps the area of greatest overlap is training. There are several Red Flags that rely solely on the ability of branch personnel to observe, detect, recognize and perform compliance actions. Training in these areas is critical, but may already be included in AML training programs.
BANKDetect has developed a Free Webinar covering these and other Red Flags compliance subjects. A draft policy document model is also available. BANKDetect has been supporting client's fraud prevention and AML compliance for over a decade with advanced, integrated analytical solutions for the full range of requirements from account opening to risk assessment and activity monitoring. Contact BANKDetect TODAY.
First published on BankersOnline.com 9/22/08
First published on 09/22/2008