BSA/AML/CIP Compliance Audit or Review

We are a small (<$100 million) rural community bank and have offices in three small towns. I am the bank's compliance officer, training officer, and CRA officer. I am also charged with maintaining current policies and procedures (on both the compliance and safety & soundness sides). I also have to do due diligence on one of our MSB customers because of our BSA officer's relationship to that customer. My concern is that I'm not distanced enough from the BSA function to meet the BSA exam requirements.

Here's the question: How many small (<$100 million) banks have outside auditors in to determine compliance with the BSA related regulations? Is this an annual audit? Is it conducted at the same time as other audits?

Any constructive comments and suggestions will be helpful.

Thanks

We are a 400M bank. (branch of foreign bank).....

Our BSA audit is performed in an annual basis in a standalone format.
We have outsourced all our auditing needs.....

An annual audit covering all the requirements (testintg, review of all compliance components, employee knowledge testing) has so far satisfied the examiners.......

Sounds like we are in the same boat, although I only have one office to worry about, not three! We have our BSA audit done by an outside auditor, they conduct it annually, and they generally do it in conjunction with a few other smaller audits. Ours conducts the overview of BSA/AML including policy and procedures in one quarter, and then comes back in to do transactional testing in another quarter.

Ditto Titanic and ABrown above for several different national and state banks (some with branches) in Texas -- with assets ranging from $50mm to $250mm. Some audits are performed stand-alone ... and others are performed in connection with another engagement. The regulators appear to be satisfied as long as the outside auditors are qualified and receive BSA-related training.

One of the 4 requirements for an effective BSA compliance program is an independent examination. It could be done either by internal audit staff or outsourced to an outside audit firm. We are a 500 Million community bank with 1 internal auditor who performs regular reviews of different components of the program and we also contract for an annual BSA audit by an outside firm.

Thanks everyone for your comments. That's the way that I was leaning and management wanted to know what some other banks were doing. Looks like we'll be doing the same. Yea!!!

We have an outside audit for all phases of the business, BSA being one area audited. We have them done quarterly; rotating what is reviewed. Each area is done during the year.

I have broken down the BSA/AML/CIP into three separate audit scopes conducted each quarter. By doing it that way, I get to look at the whole program more often and with more current information. The examiners have accepted the idea of a quarterly rolling scope.