The agencies are in the process of publishing new examination procedures for the new components of anti-money laundering programs generated by the USA PATRIOT Act. The process of new examinations will begin soon, if it hasn't already. Anti-money laundering is an area in which we cannot afford to become complacent and this concern will be reflected in your examinations.
Even though BSA is not new, and the aspects of the USA PATRIOT Act coming into play are really just enhancements, the agencies are taking an aggressive approach to examinations.
All of the regulators represented at the ABA's 2003 Anti-Money Laundering Conference stated that anti-money laundering is an examination priority. The agencies are under heavy pressure from Congress to produce results. Unfortunately, when looked at from the outside in, results tend to be measured by violations identified. It is the easiest way for examiners to prove that they looked hard. We've been down this road with fair lending. Be prepared for the BSA examination.
In addition to Congress, some of the agencies have been examined from within. The FDIC's Inspector General (the internal audit arm of any federal agency) has reviewed FDIC's anti-money laundering activities and recommended that FDIC take more steps, including issuing its own guidance to examiners.
The result of these pressures is that you should expect your next BSA examination to be not unlike the zero-based budgeting process. Everything will be looked at from bottom to top and back down again. This is likely to include affiliates and will definitely include subsidiaries.
As explained by Dan Stipano, OCC, at, examiners are being instructed to focus first on policies, procedures, and controls. If - and only if - they have concerns from this step, they may expand the examination to conduct transaction reviews. However, expect the review to be thorough.
The promise that examiners will start and stop with policies, procedures and controls if they find them satisfactory can be illusory. The problem for examiners is how to determine that policies, procedures and controls are sufficient. They usually need to prove it to themselves by testing transactions. So don't be surprised if they start reviewing teller records!
A key element in the examiner's approach to your institution will be the level of satisfaction or concern with how you identified and assessed risk. This will be the starting point for the examiner and will become the foundation of their approach to the examination.A key measurement of your program will be how many transactions did or did not slip through. Even though the examiners don't start with transaction reviews, your internal BSA audit must include detailed transaction reviews.
OCC is continuing its program of targeted examinations. However, as explained by Tom Flemming, the targeting is based not on risk assessed in the institution's operations but on the risk that the market presents to the institution. OCC will use a list of risk criteria and compare banks to that list. Using this approach, OCC will identify banks for a targeted examination.
If your institution is targeted, don't get paranoid; use the opportunity to work with your regulator. After all, if you are targeted, it means that the OCC believes your market presents you with high risk.
Get there first. The best way to prepare for your next BSA examination is to take these steps before the examiners get there. The key element in influencing examiners is likely to be the extent to which the institution has been effective in evaluating risk and developing a program that responds to that risk. You can demonstrate this by going beyond the development and implementation of a strong program to evaluate it and fine-tune your program based on findings. Review transactions, correct any problems, and re-design your program to prevent similar problems from occurring. Also look at your controls - and whether they fell short. Fix any weaknesses. In short, know the problems and have answers before the examiners get there.
- Look again at how you evaluated risk in developing your CIP. Decide whether this was done well enough. If you have concerns, revise the risk assessment.
- Discuss CIP with your front line to find out how it is working. Ask questions that are broader than CIP, such as structuring and other suspicious activity.
- Schedule an independent audit of your BSA program. Be sure that the auditors look carefully at a good sample of transactions.
- Train, train, and train again.
- Make sure that the scope of your independent audit covers all anti-money laundering laws and OFAC rules.
- Ask the independent auditor to evaluate your risk assessment and make suggestions.
Copyright © 2003 Compliance Action. Originally appeared in Compliance Action, Vol. 8, No. 12, 11/03
First published on 11/01/2003