Your Bank Secrecy Act (BSA) examination is coming up. What should you do to prepare?
She detailed what credit unions should review and update in advance of the exam, and identified areas credit unions often overlook that might need some attention before the examiner walks through the door.
Williams cited a long list of common BSA/anti-money laundering (AML) enforcement findings, including:
“This is stuff we know and should be doing," Williams says. "We all know we should be doing it.”
Williams identified another typical enforcement finding: The financial institution’s BSA department ”lacks resources and expertise.”
The good news in that case, she says, is that BSA “is one of the few regulatory compliance issues where your examiner can help you if additional resources are needed.”
Williams offers these tips on exam preparation:
►Ensure your risk assessment is up-to-date (completed within the last 12 months);
►Review your policies to make sure they're current and comprehensive;
►Practice internal controls by identifing all credit union operations, including high-risk operations;
►Maintain documentation of training content and results for employees and your board;
►Review prior-year audit and exam reports, and ensure you've taken corrective actions;
►Ensure that the scope of your independent testing is adequate;
►Confirm your Member Identification Program works and you're obtaining the proper type of documentation at account opening;
►Ask whether your credit union employs adequate processes to identify suspicious activity across all lines of business?
►Review your 314(a) information-sharing procedures and maintain documentation to show required records are being searched;
►Review 314(b) processes, if applicable, to ensure the notification form you filed with FinCEN contains an effective date within the last 12 months;
►Determine that reports and internal controls identify all transactions subject to currency transaction reporting (CTR);
►Review CTR exemption processes and procedures;
►Make sure you have an adequate process for identifying and monitoring high-risk members; and
►Determine whether you've conducted a data validation test of your BSA/AML software.
Williams adds a final point of preparation: Although BSA regulations don't cover the Office of Foreign Asset Control (OFAC), make sure you've checked all your transactions against all appropriate lists before you meet with your examiners.