Credit unions as “great big member serving products and services delivery machines,” says David Reed, an attorney with Reed and Jolly. during a session at the

From a Bank Secrecy Act (BSA) standpoint, it’s difficult to keep track of all the transaction avenues within the credit union, says Reed, who spoke during a session at the 2018 CUNA Bank Secrecy Act Certification Conference presented with NASCUS. Reed offers insight into some of the avenues that credit unions most often lose sight of from a BSA standpoint:

► Remote deposit capture (RDC). “For every technology that you deploy, you have to know what you’re getting into before you do it,” Reed says. “You have to have policies and procedures that are going to help you track it.”

Among the common issues associated with RDC and BSA compliance:

• Failing to identify and assess the compliance and operational risks associated with RDC prior to implementation.
• Having inadequate internal controls to manage the additional anti-money laundering (AML) risks posed by RDC activity, and insufficient resources for the monitoring of RDC transaction activity.
• Utilizing RDC for processing certain deposit items from non-U.S. correspondent accounts.
• Having insufficient automated transaction monitoring systems that permitted suspicious activity associated with RDC to go undetected and unreported for lengthy periods of time.

Reed says credit union should understand how RDC is employed on their core system and know which members—including business members—have access to RDC. BSA monitoring should capture all RDC activity

► Shared branching. Credit unions must understand how their shared branching agreements reference BSA responsibilities.

Credit unions should understand:

• How shared branching is deployed at the credit union.
• What members have access to shared branching, i.e. business accounts.
• If the BSA monitoring system captures all the shared branching activity.

There are often questions about currency transaction reports and when those reports should be filed regarding shared branching transactions. “When in doubt, fill it out,” Reed says.

► Interest on lawyers trust accounts (IOLTA) and trust accounts. In contrast to escrow accounts that are set up to serve individual clients, professional service provider accounts allow for ongoing business transactions with multiple clients. The credit union has no direct relationship with or knowledge of the beneficial owners of these accounts, who may be a constantly changing group of individuals and legal entities.

When establishing and maintaining relationships with professional service providers, credit unions should adequately assess account risk and monitor the relationship for suspicious or unusual activity.

“Don’t think that law firms are exempt from the Bank Secrecy Act,” Reed says. “Just make sure that you have a higher level of understanding as you bring those people in and establish those relationships.”

► Credit union service organizations (CUSO). “You have to remember that a CUSO is an independent entity,” Reed says. “You have a to make sure they are part of your Bank Secrecy Act screening system.”

Reed says it’s important that the credit union’s BSA officer has an independent relationship from any of the credit union’s CUSOs.

“You have to constantly know what your (credit union) is doing,” Reed says. “What products, what services you offer, what methodologies you are using. You have to make sure all those moving parts are constantly inventoried and plugged into your system so there are no dark corners.”