strengths & weaknesses noted in recent examinations september 16, 2016
TRANSCRIPT
BSA/AML Compliance Program
Strengths & Weaknesses noted in recent examinations
September 16, 2016
Three main elements◦ Products and services◦ Customers and entities◦ Geographic locations
Drivers:◦ Nature and extent of internal controls◦ Scope of independent testing◦ BSA Officer skills required◦ Training
Risk Assessment and Risk Assessment Process
Positives:◦ Annual review◦ Addressing the three main elements, OFAC (either separate or
joint), supplementary risk assessments
Room for improvement:◦ Not restricted to only an annual update
Updates for significant events Dynamic approach
◦ Staffing- turnover, expertise/experience, vacancies, growth◦ Analyzing the updated transaction volume numbers
Trend analysis◦ Consideration of geographic location of transactions (e.g.
frequent wire locations)◦ Coordination and collaboration with other departments
Risk Assessment and Risk Assessment Process
Training
Positives:◦ Training based on roles & responsibilities◦ Internal referral systems / forms in place◦ Multiple individuals involved
Room for Improvement:◦ Documentation◦ Complete narratives◦ Too heavy reliance on automated systems
Suspicious Activity Identification, Documentation and Monitoring
Documentation◦ When and why activity was initially flagged◦ Items reviewed as part of the investigation◦ Date decision rendered◦ Hard copy or electronic
Narratives (not filed)◦ All factors reviewed and considered◦ How activity is explained, or determined not
suspicious◦ Plans for ongoing monitoring
Suspicious Activity Identification, Documentation and Monitoring
Narratives (filed)◦ What◦ When◦ Where◦ Why
Ongoing monitoring◦ Documented timeline◦ Continuous SARs prior to maximum deadline
Suspicious Activity Identification, Documentation and Monitoring
Too heavy reliance on systems◦ Does not replace CDD and EDD efforts
Federal Reserve SR 11-7 and OCC Bulletin 2012-12: Guidance on Model Risk Management
Key elements of guidance◦ IV. Model development◦ V. Model Validation◦ VI. Governance, Policies, and Controls
Suspicious Activity Monitoring Systems
Model Validation◦ Ongoing process ◦ Independent◦ Commensurate with: overall use, complexity and
materiality of model, and size and complexity of institution
◦ Initial validation of all models◦ Ongoing monitoring◦ Determination if most current validation remains
sufficient (at least annually)
Suspicious Activity Monitoring Systems
Vendor models◦ Vendor management program◦ Recommend obtaining documentation from
vendor◦ Customization should be documented and
validation◦ Use of default settings should be supported
Internal Audit ◦ Evaluating framework
Suspicious Activity Monitoring Systems
Positives:◦ BSA Officer; policies, procedures, internal
controls; training
Areas for improvement:◦ Review of engagement letter◦ Review of audit workprograms and workpapers
Internal Audit
Contact information:◦ Gabriela Webber◦ Federal Reserve Bank of Boston◦ 600 Atlantic Ave, Boston, MA 02210◦ (617) 973-3377◦ [email protected]
Questions?