Thread Options
#311579 - 02/02/05 05:30 PM BSA Audit

I am new as an internal audit and we are getting ready for a FED exam. THey have stressed how important the internal audit function is for BSA. I have performed a BSA audit, but am afraid that I may not have reviewed enough transaction testing. Does anyone have a audit workprogram that I could review and compare to mine?

Return to Top
#311580 - 02/03/05 03:54 PM Re: BSA Audit
J2C Offline
Diamond Poster
Joined: May 2004
Posts: 1,475
Big Brother knows and that's a...
You should use the examiner's handbooks, if available!
My opinion is mine only- not my employer's!

Return to Top
#311581 - 02/03/05 04:05 PM Re: BSA Audit
DeeQ Offline
10K Club
Joined: Dec 2002
Posts: 40,760
Turnpike Exit 10
This is from my latest PERK regarding BSA, maybe it will help you out...

In keeping with our risk-focused examination strategy, we have tailored this request to focus on the key components of the association’s Bank Secrecy Act (BSA)/ Anti-Money Laundering (AML)/ USA PATRIOT Act (USAPA) compliance program and how well it addresses the essential components that the Office of Thrift Supervision expects in a BSA/AML/USAPA compliance program. Specifically, the agency expects a BSA/AML/USAPA compliance program to address six components: Systems, Monitoring, Assessment, Accountability, Response, and Training (S-M-A-R-R-T). Your version of this program may vary depending upon your association’s asset size, business strategy, operational complexity, and staff expertise.

A summary of the information you should provide or make available in conjunction with the examination of your association is listed below. Mail information marked with an “A” to the undersigned at least 10 business days in advance of the date the examination starts. Provide information marked with an “X” to the examiner-in-charge (EIC) at the start of the examination unless otherwise noted. Information marked with an “R” should be available for the examiners’ on site review. Please note that information you provide in response to other requests need not be duplicated here. However, please indicate this when preparing your responses. If you have any questions about these information requests, please contact the EIC.
An officer of the association (or subordinate organization in the case of such information) should sign and date all responses and indicate who prepared the information and the date prepared for each response.

1. Identify BSA Officer and other individual(s) involved in substantial BSA activities such as daily monitoring (not including tellers).
2. Provide a copy of your BSA policy and program. Identify any revisions or modifications made during the exam period.
3. Identify new procedures and measures adopted and implemented by the board to comply with the applicable sections of the USA PATRIOT Act.
4. Provide a copy of your written policies and procedures regarding opening and maintaining accounts for foreign governments, foreign embassies, or foreign political figures.
5. Where you have conducted self-assessments, periodic transaction reviews, or internal/external audits ensuring compliance with the following regulatory areas:
• Bank Secrecy Act.
Include the standards used to govern the review and copies of written reports presented to the board and senior management detailing significant findings, deficiencies, conclusions, and recommendations for corrective action.
6. Provide reports that ensure corrective action recommendations derived from your self-assessments, reviews, or audits were implemented and reviewed for effectiveness.
7. Provide access to work papers and supporting documentation developed through self-assessments, periodic reviews, audits, and/or transactional analyses conducted during the exam period.
8. Where you have not conducted self-assessment reports, periodic transaction reviews, or audits during the exam period covering the following regulatory areas:
• Bank Secrecy Act.
0 Identify controls you apply to ensure that transactions meet regulatory requirements.
0 Provide information requested in supplementary schedule for each regulation not covered by your self-assessment, periodic transaction reviews, or internal/external audit that is applicable to your operations.
0 Identify any deficiencies you self-corrected in your BSA/AML/USAPA compliance performance during the exam period.
9. Provide the following as indicated:
0 A list of all customers without taxpayer identification numbers (TINs).
0 A list of all accountholders and borrowers domiciled outside the United States, including those with U.S. power of attorney.
0 A list of any payable through accounts involving foreign banks or any foreign correspondent accounts.
0 A list of monetary instruments sold.
0 A list of other services that may involve cash transactions.
0 A list of all foreign correspondent accounts, including foreign banks, for which you provide or provided regular services, and the date on which the required information was received (either by completion of a certification or by other means).
0 A list of your foreign branches and the steps you have taken to determine that your accounts with your branches are not used to indirectly provide services to foreign shell banks.
0 A list of all foreign correspondent accounts, and relationships with foreign banks, that have been closed or terminated due to nonconformance with 31 CFR 103.177 (i.e., service to foreign shell banks; records of owners and agents).
0 Requests from a federal law enforcement officer for information regarding foreign correspondent accounts and evidence of compliance.
0 Notices to close foreign correspondent accounts from the Secretary of the Treasury or the U.S. Attorney General and evidence of compliance.
0 A list of all your embassy or consulate accounts, or other accounts maintained by a foreign government, foreign embassy, or foreign political figure.
0 A written description of your rationale for exempting existing customers from your Customer Identification Program (CIP).
0 A list of new accounts covering all product lines (including accounts opened by third parties), and segregating existing customer accounts from new customers, for [Click&type - insert a period of time appropriate for the size/complexity of the savings association].
0 A list of any accounts opened with an application for a TIN.
0 A list of any accounts opened where verification has not been completed or opened with exceptions to your CIP.
0 A list of customers or potential customers where you took adverse action based on your CIP.
0 A list of all documentary and nondocumentary methods the association uses to verify a customer’s identity.
0 A list of accounts that you have identified as high risk for CIP (for example, foreign private banking and trust accounts, accounts of senior foreign political officials, offshore accounts, or out-of-area and non-face-to-face customers).
0 A copy of customer notices and a description of its timing and delivery, by product.
0 If you are using the “reliance provision,” indicate the name of the institution on which you are relying, designate if the institution is subject to a rule implementing the AML compliance program, requirements of 31 USC 5318(h) and is regulated by a federal functional regulator. Provide the following: copies of any contracts signed between the parties, a copy of the CIP or procedures used by the other party, and any certifications made by the other party.
0 If you are using a third party such as an agent or service provider to perform some or all of your CIP on new accounts, indicate the name of the party, provide a copy of any contracts signed between the parties, provide a copy of the CIP or procedures used by the other party, and provide a copy of your policies and procedures for ensuring adequate compliance by the third party.
0 Documentation of any positive match with a § 314(a) request.
0 Copies of any vendor confidentiality agreements regarding § 314(a) services, if applicable.
0 Suspicious Activity Reports (SARs) filed during the review period and documentation supporting them.
0 Any analyses or documentation where a SAR was considered but not filed.
0 Any analyses or documentation where a SAR is under active consideration by the association.
0 Currency Transaction Reports (CTRs) filed during the review period.
0 A list of accounts exempted from CTR filing and the documentary support for the exemption.
0 Any records of verification and review of CTR exemptions.
0 Correspondence with the IRS or Financial Crimes Enforcement Network (FinCEN) regarding CTRs, CTR exemptions, or other filings.
0 A list of high cash volume business accounts that you have not established as exempt.
0 Records of Currency and Monetary Instrument Reports (CMIRs) (Form 4790).
0 Records of Reports of Foreign Financial Accounts (RFFAs) (Form 90-22).
0 Records of wire transfers, including incoming, intermediary, and outgoing transfers of $3,000 or more.
0 Records of sales of monetary instruments between $3,000 and $10,000 (if maintained with individual transactions, provide samples of the record made in connection with the sale of each type of monetary instrument).
0 Records aggregating multiple transactions and monitoring structured transactions.
10. Provide monitoring reports of the following as indicated:
0 Wire transfers of $3,000 or more.
0 Sales of monetary instruments between $3,000 and $10,000.
0 Multiple common party or possible structured transactions.
0 Suspected kiting activity.
0 CTR reporting.
0 SAR filings.
0 CMIR filings.
0 RFFA filings.
0 Aggregation of multiple transactions and monitoring of structured transactions.
Get your facts first, then you can distort them as you please. - Mark Twain

Return to Top
#311582 - 02/09/05 09:42 PM Re: BSA Audit

Thank you so much for the great info!

Return to Top

Moderator:  Andy_Z