Thread Options
|
#119479 - 10/02/03 02:33 PM
bsa annual audit
|
Member
Joined: Apr 2003
Posts: 79
southeast
|
Probably like all auditors, I have always been under the assumption that BSA required annual audits. In performing a BSA audit, I was discussing training with the BSA Officer. When looking at the regulation, specifically FDIC reg 326.8(c)(2) which states The complaince program shall provide for independent testing for complaince to be conducted by bank personnel or by an outside party. I could not find anywhere in the reg where it required annual. While I know that the examiners want you to do this annually, where is this required by regulation?
|
Return to Top
|
|
|
|
#119481 - 10/03/03 01:17 PM
Re: bsa annual audit
|
Diamond Poster
Joined: Jan 2003
Posts: 1,454
metsuretsu
|
For me BSA is audited at least annually because it is considered to be a high risk audit area. If it was not audited annually, the OCC lead examiner I work with would be asking me a lot of questions come time for the next exam.
_________________________
I have many opinions; some are good, some are bad, and some don't contradict.
|
Return to Top
|
|
|
|
#119482 - 10/03/03 01:50 PM
Re: bsa annual audit
|
10K Club
Joined: Oct 2000
Posts: 27,752
On the Net
|
I believe kansayaku nailed it. Unless you have zero risk in this area you have to recognize that it is a highly scrutinized and detailed regulation as well as having some degree of subjectivity. Risk-based rules will dictate an annual or more frequent review, IMHO.
_________________________
AndyZ CRCM My opinions are not necessarily my employers. R+R-R=R+R Rules and Regs minus Relationships equals Resentment and Rebellion. John Maxwell
|
Return to Top
|
|
|
|
#119483 - 10/07/03 07:16 PM
Re: bsa annual audit
|
New Poster
Joined: Jul 2003
Posts: 13
Wisconsin
|
The one thing you don't want is for the federal or state examiners to come in and find you have a problem with BSA. You want to find it and correct it first. We didn't have a BSA audit for over a year and in that time we had a new BSA Officer. Let's just say that when the examiners found problems and the BSA Officer's excuse was that he wasn't aware of specifics of the regulation, they were not impressed in the least. We now have a new BSA Policy and BSA procedures that are followed religiously. We also have BSA training for all employees on a quarterly basis. I am the Bank's Auditor and I complete a BSA/Suspicious Activity Audit on a semi-annual basis. I hope to one day have to complete this audit on an annual basis. But, as long as I find even minor problems with BSA, our management will insist that the audit remains at least semi-annually. If problems develop, I have been informed that the audits could become as frequent as monthly. Count you lucky stars if you do it once a year, there are those of us out here that don't have that luxury. lol. By the way, the BSA Officer we had, is no longer with the bank. Thought you might want to know that tidbit of information. And we were very lucky to not be fined, but were allowed to correct the problems. It was the first bad BSA exam we had so they were a bit easy on us, but we know they won't be next time. There is absolutely no way a bank wants to be found to have a pattern or practice of BSA violations and with the bad exam on our record it could easily happen. The more frequent audits keep everyone on their toes and hopefully in compliance.
_________________________
Kat
|
Return to Top
|
|
|
|
#119484 - 10/10/03 06:10 PM
Re: bsa annual audit
|
Member
Joined: Apr 2003
Posts: 79
southeast
|
While I agree with everything that has been stated, in my risk assessment, my BSA did not come at the top of the list - it is about middle ways. There were more riskier areas which needed to come before BSA. I know that Examiner's like to see BSA done on an annual basis (I used to be an FDIC examiner), but my point was it does not say anything in the regulation itself, only in the examiner's manual.
This brings up a point about annual audits. Now that the regulators want to see a risk assessment performed for the audit departments schedule, the risk assessment might not produce the results that BSA, Invesments, ALM, Trust, IS be audited once a year. I have spoken to examiners about this and they just say that they would like to see some auditing performed on certain areas within these required fields.
Anyway, I was just curious about the regulation not specifically stating that BSA has to be audited annually. While my risk assessment does not show BSA to be audited annually, we have done certain parts of BSA this year. My point being, the purpose of the risk assessment is to identify those areas with the greatest risk so they can be audited first. When I spend time with the limited staff that we have auditing those areas that do not have the greatest risk in my insitiution, less time is spent on the areas that have the greatest risk.
I guess I will find out when we get examined.
|
Return to Top
|
|
|
|
#119485 - 01/20/04 09:37 PM
Re: bsa annual audit
|
New Poster
Joined: Jan 2004
Posts: 16
|
As a previous Examiner, I would say contact your regulatory agency and ask for their interpretation of the regulation. The regulatory agency I was with first said it was a rolling 18 months, but more recently has gone to every 12 months. Since the reg does not say specifically, I would go directly to the regulator.
|
Return to Top
|
|
|
|
#119486 - 01/20/04 09:50 PM
Re: bsa annual audit
|
Anonymous
Unregistered
|
I think Andy and the other responders bring up the best point -- which is that an annual assessment has come to be expected, so you do it.
I'm more on the IT-related side and the lead examiner during an IT examination mentioned during an exit discussion with my boss and a division head present that no "annual" information security review of any type, nor any "annual" review of disaster preparedness status was being performed or "reported" to the Board. I, like you, protested that nowhere did it say "annual", but later the division head pulled me aside and said, "They're holding all the aces, so you don't question the condition of the deck". In other words, when a regulatory issue is "hot" -- which BSA/AML/PATRIOT/OFAC is -- you are expected to target that area as a high-risk area.
|
Return to Top
|
|
|
|
#119487 - 01/21/04 02:02 AM
Re: bsa annual audit
|
10K Club
Joined: Dec 2000
Posts: 21,293
|
Quote:
While I agree with everything that has been stated, in my risk assessment, my BSA did not come at the top of the list - it is about middle ways. There were more riskier areas which needed to come before BSA. I know that Examiner's like to see BSA done on an annual basis (I used to be an FDIC examiner), but my point was it does not say anything in the regulation itself, only in the examiner's manual.
Depending upon the size and complexity of your bank, and your regulator, you may see your risk ranking of BSA come under fire. How do you rate possible multi-million dollar fine and criminal liability, etc. lower down the risk scale? If you are wrong on BSA, the reputation risk alone can kill you. It is very near the top of our risk ranking. Right where the OCC wants it..and I agree with them.
|
Return to Top
|
|
|
|
#119488 - 01/21/04 12:10 PM
Re: bsa annual audit
|
Power Poster
Joined: Oct 2003
Posts: 2,548
Southeast
|
What could present more risk than losing your FDIC insurance and your charter? That's what can happen if the bank is convicted of money laundering, and that can happen if your BSA/AML program is so weak that it allows a money laundering scheme to go undetected.
_________________________
Politicians are like diapers. They need to be changed often and for the same reason.
|
Return to Top
|
|
|
|
#119490 - 01/21/04 03:21 PM
Re: bsa annual audit
|
10K Club
Joined: Dec 2002
Posts: 40,766
Turnpike Exit 10
|
And just to throw my worthless 2 cents in, our Internal Audit department reviews BSA/AML/CIP forms, reports and logs on a quarterly basis and I perform a full blown annual review. The examiners (Nov 2003)were happy with this approach.
_________________________
Get your facts first, then you can distort them as you please. - Mark Twain
|
Return to Top
|
|
|
|
#119491 - 01/21/04 03:46 PM
Re: bsa annual audit
|
Member
Joined: Apr 2003
Posts: 79
southeast
|
I think this has expanded from the original post of "surprised that the BSA regulation did not require an annual audit".
However, the whole reason for an audit department to perform a risk assessment is to evaulate YOUR BANK as to the areas which pose the most risk. Not every bank will be the same. Depending on what type of controls are in place in YOUR BANK - you may rate an area less if there are adequate controls in place. For example, wire transfer was on the top of my list from concerns as to the internal controls that were in place surrounding this area. With only two auditors in my department (including me)in a $650 million bank, the only way to schedule is by risk assessment.
I agree that BSA is a HOT topic - but you also have to access the geographical area of your Bank. If you State is listed as low for having money laundering activity and you feel that your controls in place for BSA are very adequate, and other areas in your bank pose more risk - then I think that is ample enough reason not to have BSA listed at the top of your risk assessment.
|
Return to Top
|
|
|
|
#119494 - 01/29/04 09:09 PM
Re: bsa annual audit
|
Member
Joined: Apr 2003
Posts: 79
southeast
|
So how would they site an 'indefensible violation of law' if it does not state (in the FDIC Regulations) that BSA requires an annual audit. While I do perform an annual audit of BSA (at least parts of it) - I am just playing devils advocate. In order to site a violation of law, they have to have a law for citing it. While they may strongly recommend that you do one - or they could site you for lack of safety and soundness standards (Under FDIC's 364) in not performing annual audits - I do not see how they could cite it on Part 326.
|
Return to Top
|
|
|
|
#119496 - 01/30/04 07:45 PM
Re: bsa annual audit
|
Power Poster
Joined: Oct 2003
Posts: 2,548
Southeast
|
You are probably right about the violation of law or regulation, but look at it this way. You can go along for years with no BSA problems, and no annual BSA reviews, but if somewhere down the line something goes wrong, the first place they will zero in are your policies and your periodic reviews.
_________________________
Politicians are like diapers. They need to be changed often and for the same reason.
|
Return to Top
|
|
|
|
#119500 - 02/02/04 09:56 PM
Re: bsa annual audit
|
Platinum Poster
Joined: Jun 2002
Posts: 771
South
|
I had completed the audit/exit interview and had submitted the draft audit report when the examiners were present at my bank during the 3rd qtr. of 2003. They reviewed my workpapers and concurred with my findings. But they also performed their BSA audit procedures also.
_________________________
CAMS
|
Return to Top
|
|
|
|
|
|