BSA: New Exam Procedures
The revised and uniform BSA examination procedures are scheduled to be published on June 30, 2005. While the procedures will be new, they should also be familiar. The changes are not dramatic but are intended to bring uniformity and consistency to the examination process. They represent the views and concerns of all of the involved BSA enforcement agencies, including FinCEN. The procedures have been field tested and are considered "final" by the agencies.
The procedures continue to rely on the core elements of a BSA program. The institution should have all of the core elements in place and functioning effectively. These include risk assessment, account opening procedures, due diligence and enhanced due diligence, risk-based monitoring systems, and policies and procedures for informed decision making and suspending account activity.
The core elements have not changed but the techniques for evaluating their effectiveness have evolved. The new procedures rely heavily on risk assessment. Examiners will begin by evaluating the institution's risk assessment and then use their findings to set the scope of the examination.
In preparing for the BSA examination, the examiners will also look at the self-assessments performed by the institution, giving special attention to independent testing and transaction analysis. Examiners will also review previous examination findings, something that is routine for almost any examination.
The agencies describe the new procedures as a technique for evaluating an enterprise-wide BSA compliance program. The procedures and how each procedure is used by the examiner are based on an analysis of the institution's products and services and the extent to which the institution recognizes risk and manages that risk.
Where and how to analyze risk has been the big question. The procedures provide some guidance. For example, in looking at the enterprise, examiners will identify products and services that are higher risk. These may include correspondent banking, private banking, and certain types of lending activities.
When reviewing the examination procedures, remember that any lists, such as the types of products and services that may be considered higher risk, is not a list of products or services to avoid. Instead, it is a list of products and services to carefully manage. The list identifies where risk may lie. Take the list in that context and use it as a source for assessing your institution's risk.
Other sources of risk will include the types and activities of customers. The obvious example here is a money service business. The message is now clear: MSBs may be high risk. This does not mean that you must close the account. It means that you must give the customer attention in your risk assessments and due diligence procedures.
The new procedures will contain useful tools for compliance self assessments. There are charts to help with risk assessment and checklists to identify what an examination or self-assessment should cover. These tools provide valuable guidance not only for your audit procedures but also for the design and focus of your BSA compliance program.
If you feel intimidated by examinations, especially when the procedures are new, remember one very important thing. When it comes to the BSA examination, both you and the examiner are looking for the same problems and the same people. In short, you are truly on the same team. View the examiner as a resource and the examination as an opportunity to learn. Also remember that you can contact your examiner even without an exam being scheduled.
Copyright © 2005 Compliance Action. Originally appeared in Compliance Action, Vol. 10, No. 7, 6/05
First published on 06/01/2005