june 9, 2011
DESCRIPTION
Association of International Bank Auditors BSA/AML Industry Trends Internal Controls and Audit Regina A. Stone Acting First Deputy Superintendent. June 9, 2011. BSA/AML Industry Trends. BSA/AML Compliance Officer. Independent Testing/Internal Audit. Internal Controls. BSA/AML Training. - PowerPoint PPT PresentationTRANSCRIPT
June 9, 2011
Association of International Bank Auditors
BSA/AML Industry TrendsInternal Controls and Audit
Regina A. Stone
Acting First Deputy Superintendent
BSA/AML Industry Trends
BSA/AML Compliance Officer.
Independent Testing/Internal Audit.
Internal Controls.
BSA/AML Training.
BSA/AML Compliance Officer
Insufficient oversight of service providers/affiliates, both domestically and globally.
Limited or no reviews performed on information provided by consultants as to the effects on the overall applicability to the business activities.
Independent Testing/Internal Audit
Incomplete testing of the BSA/AML Program.
Insufficient robust testing for determining if the requirements of the BSA law and regulations are met.
Inadequate oversight of independent testing conducted by global auditors of the global service providers/affiliates.
Internal Controls
Solid foundation needed for the customer risk rating methodology.
Weak definition of risk factors employed in the customer risk rating methodology.
Customer risk rating methodology is inconsistently applied across the customer base.
Internal Controls (Cont’d)
Officers and directors not properly identified nor screened for PEPs and negative news.
Lack interpretation of alerts/cases resulting non-documented closure.
Manual monitoring of transactions is inadequate for identifying unusual activity.
Internal Controls (Cont’d)
No definitive system in place to reconcile transactions from the source system to the transaction monitoring system.
OFAC screening needs improvement in aligning the fuzzy logic with the inherent OFAC risk of the bank’s/branch’s operations.
BSA/AML Training
Inadequate training of the bank’s/branch’s BSA/AML Program requirements resulting in either non-compliance or inconsistent interpretations of the bank’s/branch’s stated requirements.
Insufficient or non-existence of an escalation process to notify senior management of past due employees who have not completed the required annual BSA/AML training.
“Food for Thought”
Emerging Risk Full nature and effects unknown Science/technology, regulatory, social trends
Risk of Uncertainty What if after all risk management there is still
the risk of being wrong Internal Audit
Assessing the Risk Management Gaps Interconnectivity/Interdependence Risk
9
For Discus
sion Purpo
ses Only