LAS VEGAS (10/30/14)--An adequate Bank Secrecy Act (BSA) compliance program makes life easier for everybody--for credit unions, their staff, their members and the National Credit Union Administration, said the agency's Judy Graham.
|Judy Graham, left, a program officer in the NCUA's Office of Examination and Insurance who comes each year to answer compliance questions from the audience at the CUNA Bank Secrecy Act Conference, talks to credit union representatives about some of the complexities involved. (CUNA Photo)|
Speaking at the Credit Union National Association BSA Conference Wednesday, Graham, a program officer in the NCUA's Office of Examination and Insurance, gave an update about what the agency expects to see from credit union BSA programs.
The annual conference is co-sponsored by the National Association of State Credit Union Supervisors.
The NCUA is required by law to conduct a review of the BSA compliance program at each examination of a federally insured credit union.
Part 748 of the agency's rules and regulations describes the requirements of such a program, which must:
According to Graham, the regulation itself requires credit unions to provide training, but does not set a specific time frame for how often it should be conducted.
"The general rule of thumb is every 12 to 18 months, but that depends on your risk profile, your products, your services," she said.
"Some of the larger credit unions that may be taking on higher-risk products and services might be doing periodic or ongoing training on a quarterly basis. Some of our smaller, lower-risk institutions without a lot of products and services might consider a year, up to 18 months." But, Graham warned her audience, "Our examiners aren't going to let anyone go on much longer than that."
The cornerstone of internal controls for a credit union is customer due diligence.
"Customer due diligence is part of the foundation of your BSA compliance program. If you don't do your customer due diligence when you open accounts and ongoing customer due diligence, how can you adequately monitor those accounts for suspicious activities?" Graham said.
She emphasized, "If you don't know what the norm is for the account, how can you tell when something suspicious is happening?"
So what are credit unions doing wrong? According to the NCUA, the most common violations found during examinations involve:
"This all might sound pretty heavy, and pretty onerous for a credit union, but a lot of the information you're gathering is not just for BSA compliance, it's going to help you with other day-to-day operations, such as making sure you have current phone numbers and other contact information," Graham said. "This will help you out in those other areas."
Graham also recommended several "enhanced due diligence" strategies, including recording the purpose of an account and the source of a member's funds; tracking beneficial owners signatories of guarantors; noting the proximity of a member's residence, place of employment or business to the credit union; and keeping on file a description of a member's business operations, anticipated volume and activity.
Graham is a regular speaker, bringing the NCUA and examiners' perspective each year to the BSA Conference, which draws hundreds of credit union representatives. This year's conference ended Wednesday.