How can we determine/identify if an account is an MSB account? And once we identify that it's an MSB account what are the procedures that we have to take as far as filing any paper work and how often do we review if the account still qualifies?

What steps have you already taken?

For example, have you asked?

nothing, I'm new to BSA and I was asked to find out how many MSB accounts we have, need that info. for our risk assessment review.

When the MSB rules first came out, I took several steps to identify potential clients. I asked our branch offices to make a list of commercial clients depositing third-party checks for one week (they already knew most of them). We performed a system search for ACH related transactions which would indicate they were conducting funds transfer or money service business. We also performed a system search of account titles containing words such as "quick" and "cash".

These steps helped us identify most of the MSBs. The ones that filtered in later were customers that might not typically be thought of as an MSB such as furniture stores and bars that were cashing checks. Many of those were eventually identified by branch personnel that remembered their training and notified us of the third-party check deposits after our initial search.

Check the latest MSB registration list for your city or cities in your market. Those are the easy ones that have self-identified. The others you will have to ferret out by their MSB-like behavior.

As far as "reviews", your procedures should be risk based. For example, a grocer that cashes checks for well-known customers would not necessarily have the same risk as the check casher down the street that cashes large volumes of checks many of which are for persons personally unknown to the business.

You reviews should include such factors as: current MSB registration (state and federal), determining identity of individual responsible for program, verification of agent status if applicable, existence of AML program and be info provided should ideally be validated by periodic on-site review where possible. I would also verify the name of the independent auditor for the AML program and inquire as to whether any deficiencies had been identified.

I would be careful to ensure that the review is identifying and verifying the existence of required AML program components, not necessarily whether all components are adequate. You don't want to put yourself in the position of acting as pseudo examiner. That being said, absence or obvious weakness in any of the basic AML program pillars should be cause for concern as it could result in heightened risk for the business and ultimately the bank.

When on-site you should review signage, etc. to help you determine whether there are activities in place that have not been fully disclosed to the Bank. You can also accomplish that by cold calling the business periodically and inquiring as to services provided.

Frequency of review should be risk based and might vary anywhere from 6 months to 18 months.