Skip to content

Level of Account Monitoring to Comply w/BSA/AM

Answered by: 

Question: 
BSA / AML CIP procedures using a risk based approach. One of the regulatory requirements of "Know Your Customer" is that the Bank becomes familiar with the normal transactions of our customers. The purpose of which is to be able to readily identify those abnormal transactions that may occur. One of the results of the risk based evaluation is to ascertain the level and/or frequency of account monitoring justified by the various levels of acceptable risk. The question is what (and how) level of account monitoring is sufficient to comply with this section of the reg? Larger institutions are more equipped to automate the account monitoring process while the smaller institutions (like us) have a more stringent "cost - benefit" hurdle to overcome.
Answer: 

Documenting a good faith risk assessment is your first step. Without it, you are defenseless to criticisms regarding the adequacy of your reviews.

From what I have seen so far, examiners absolutely do take into account the institution's size and EDP capabilities in evaluating the frequency and depth of account monitoring. I don't have any specific information regarding your institution, its clientele or its location so I can't make any responsible comment about what might be adequate.

"Bare bones" would look like:

  1. you have or can produce on demand a list of high risk customers.
  2. you have a transaction profile for each high risk customer.
  3. you update your profiles annually based on a review of 30-60 days of activity.
  4. you monitor activity daily and can demonstrate that unusual transactions are noticed. What's "usual" for high risk customers falls within a band established in their profile. What's unusual for other customers is less clearly defined, but it still gets noticed.



First published on BankersOnline.com 6/06/05

First published on 06/06/2005

Filed under: 
Filed under security as: 

Search Topics