Red Flags overlaps BSA/AML, do you know where to look?
Question: Can BSA/AML programs satisfy Red Flags compliance?
Answer: Compliance costs, so you should always avoid duplication of effort.. The Red Flags and the BSA/AML requirements include a number of overlaps for defining, documenting, approving, monitoring, the programs and providing staff training. Unfortunately, you do need to develop two separately documented and implemented programs. But at the functional level you can combine your activities, reduce complexity and save resources.
Check these five areas to look for duplication:
- Customer Identification Program. Your CIP program should provide an umbrella process that can detect and manage all of the Red Flags identity, as well as, products and services risks. Address verification should already be included under the CIP.
- Account Activity Monitoring (Fraud and EDD). Your process for monitoring account transaction activity for AML enhanced due diligence (EDD) should provide the ability to detect Red Flags. Automated analysis should be able to adapt easily to both requirements - to include monitoring accounts with recent discrepancy reports, address changes and card replacement.
- Risk Assessment. Both AML and Red Flags require risk assessments for both the account and the institution. Many of the risks involved are common and you should design a program that integrates this function for both programs. Consider automating this process and integrating it with Account Monitoring.
- Case Management/Tracking. You should have a process for managing, documenting and tracking your risk accounts. You can combine both AML risk issues as well as Red Flag risks like discrepancy reports, address changes and verification, and card replacement requests. Records of your management of these issues are required. Training. Training is always critical and a challenge to maintain. Several of the Red Flags can only be detected through human observation during account opening. Since the AML program should also be screening for terrorism financing-related fraud (which may include identity theft and fraud), integrating the training requirements for both programs should be considered.
?The guidelines clarify that a covered entity need not create duplicate policies and procedures and may incorporate into its Program, as appropriate, its existing processes that control reasonably foreseeable risks to customers or to the safety and soundness of the financial institution or creditor from identity theft, such as those already developed in connection with the entity?s fraud prevention program.? (ID Theft Red Flags regulation, Page 102).
Is the opposite of duplication ... INTEGRATION?
BANKDetect has been a major provider of fraud prevention and risk compliance solutions to the financial industry since 1996. The company offers the widest selection of integrated solutions available for addressing BSA/AML, ID Theft Red Flags and traditional fraud requirements. The company offers integrated solutions for:: account opening identity screening, CIP compliance analysis, risk assessment, case management, account activity analysis (for fraud, Red Flags, and AML), OFAC/OSFI screening, electronic SAR/CTR reporting, address discrepancy management, and more. BANKDetect also offers consulting and risk analysis support to its clients. Contact BANKDetect at www.bankdetect.com | 410 867 8217.
First published on BankersOnline.com 7/29/08
First published on 08/21/2013
Last updated on 07/29/2008