Cindy Williams, vice president of regulatory compliance for PolicyWorks, gives tips and tricks on anti-money laundering for small financial institutions Monday at the CUNA/NASCUS BSA Conference. (CUNA Photo)

BSA Conference: Well-defined AML program essential for small FIs

November 17, 2015

FORT LAUDERDALE, Fla. (11/17/15)--Small financial institutions have as much obligation to enact anti-money laundering (AML) programs as other financial institutions, though they face different challenges.

Cindy Williams, vice president of regulatory compliance at PolicyWorks, gave some compliance tips and tricks for small credit unions Monday during a presentation at the CUNA/National Association of State Credit Union Supervisors Bank Secrecy Act (BSA) conference.

The BSA was passed in 1970 to require financial institutions to assist government agencies and law enforcement in detecting and preventing money laundering. AML statutes were created to augment the BSA in 1986 with the Money Control Act.

“The [Money Control] Act imposed criminal liability for knowingly assisting in money laundering or structuring transactions to avoid reporting them,” Williams said. "It also directed financial institutions to establish and maintain procedures designed to ensure compliance with the BSA.”

According to Williams, an effective BSA/AML program must be written, approved by the board of directors (and noted in the meeting’s minutes), commensurate with the institution’s risk profile and contain the required “pillars.”

Those pillars are:

  • A system of internal controls to ensure ongoing compliance;
  • Independent testing of the program’s compliance;
  • Designated individual(s) responsible for managing BSA compliance;
  • A member identification program; and
  • Employee training.

Employee training should include: informing tellers when and how to file a Currency Transaction Report (CTR), the structure and process of filing a Suspicious Activity Report (SAR) and how to note and report suspicious activity.

Williams also recommended credit unions create a “high-risk members report,” in which members deemed to be a high risk have their activity periodically reviewed for unusual spikes.

Part of establishing this report includes creating a form of record keeping, which can be as simple as an Excel spreadsheet.

Williams said a quota for “high risk members” is not a regulatory expectation because the high-risk members levels are different for every credit union.

Institutions should plan to conduct an annual risk assessment, and the results of that assessment should be used to focus the BSA program going forward.

(Editor’s note: For more coverage of CUNA’s BSA Compliance Conference, see the following stories in today’s issue: BSA Conference: FinCEN enforcement designed to educate, not just punish; BSA Conference: Exploring benefits, pitfalls of remote deposit capture; BSA Conference: Finding red flags for trade-based money laundering; and, BSA Conference: Self-assessment crucial for strong cybersecurity framework.)