In the middle of an audit and looking for a Policy on Human Trafficking. Would greatly appreciate it.

Why is the audotor asking for or telling you it is necessary?

Agreed, you don't need a policy on human trafficking any more than you need a policy on any other type of illegal activity.

Tell them you don't need a policy for something that you don't do

This is about the third thing you have asked for and Special Measures is the only one of the three that I see probably actually needs to be addressed in your policy.

I'm with devsfan on this- you've posted three different policy questions that are coming from your auditors. Have the auditors provided you a cite for this requirment?

There is no requirement to have a Human Trafficking policy or a De-Risking policy. It may be appropriate to mention either of these items in the context of suspicious activity review and EDD, respectively. But neither are requred to have their own policy statement.

I can't help but snicker and think of a Policy that says:

XYZ Bank is opposed to Human Trafficking.





Next topic?

Sorry guys they came in here yesterday telling me that I had to have something written up in my policy addressing these issues. I am fairly new at this BSA Officer stuff so I'm still learning the ropes of the trade. I figured getting on here was the best way of me finding things out. Thank you for all inputs.

When you are offered criticisms like these from a third party ask for a citation or a source of authority for the recommendation in writing. That should synthesize the conversation.

A suggestion that you address 311 Special Measures (one of your other questions) in your policy is simply reasonable. Although there is nothing that says it must be addressed in your policy, it's the subject of one of the "core" examination procedures listed in the BSA/AML manual. A suggestion that you should have a policy on each core examination procedure that actually affects your bank is a good one.

The other two things you mentioned, "de-risking" and "human trafficking" are both things that your bank should be familiar with; i.e. incorporate into your planning and training, but there is no need for a policy on either.

As another poster indicated, your bank's policy on human trafficking would be like its policy on financial exploitation of the elderly, wire transfer fraud, structuring, account takeover, etc. You are opposed to it. You will train your employees to look for it. If you see it, you will attempt to put a stop to it and report it as the law requires you to.

"De-risking" is a reference to a current regulatory hot button. (Ten years ago it was called "discontinuance.") You could identify customers whose status is a concern to you in your risk assessment and from there reach any necessary conclusions in your policy regarding what circumstances you will supply services to them. Currently, the term would better describe a criticism you are trying to avoid rather than the object of a policy.

P.S. If your auditor cannot support a suggestion, it's okay to say you flatly disagree until such time as support is offered. Say it in writing and support your position.

Thank you Ken appreciate it. Yeah, he and I seem to be going round and round.

If you have to go round and round with a auditor on these sorts of issues and this is a third party auditor - then I suggest the Bank has picked the wrong person or firm to assist you and further engagements with this person or firm should be looked at very carefully. If it is an individual auditor from a firm, it is probably time to make a call to the managing partner and explain that you are not interested in personal opinions that are unsupported by regulation or other written regulatory guidance.

The idea is that the audit function should help you make sure you are meeting the established regulatory compliance responsibilities and not create make-work for the institution.

^^^^THIS^^^^

Wholeheartedly agree with Randy. Make them show you any citation in the regulation before you agree to any make-work. Also, having been an auditor in a previous life, you always have to remember that unless a regulation or your own policy is cited, anything else is a 'recommendation' which you can adopt, adapt, or choose to ignore.

There is an auditor/consultant in TN that is notorious for micro-managing banks' BSA programs and convincing the banks to do more work than is necessary. That same auditor/consultant was at BSA school last week in Nashville. I suspect that is where this advice to VMcKinsey is coming from......

Then the area banks should make sure that this auditor becomes a very lonely person Who needs to pay someone good money for that sort of advice and attitude???

Agreed. We don't use that person, and won't as long as I'm here.

VMcKinsey, listen to Randy about audit's function. It's your program. Don't let an auditor tell you how to run it. Go back to the exam manual for requirements, and use these threads to gain knowledge. Good luck!

Thanks everyone, you're really helping to learn about this position and I'm picking up on alot of advice that I can use in my new role. And yes Dani York they were at the training in Nashville last week.

Check your PM for a message and a little help.