The document discusses the four pillars of an effective Bank Secrecy Act/Anti-Money Laundering (BSA/AML) compliance program: a qualified BSA/AML compliance officer; effective internal controls; education and training; and independent testing. It provides details on the qualifications and responsibilities of the compliance officer and emphasizes the importance of risk-based internal controls, ongoing education and training, and independent audits to test the effectiveness of the compliance program.
1. Revisiting the Four Pillars Supporting an Effective BSA/AML Compliance Program Marilyn D. Barker October 6, 2014 ACI Prepaid Card Compliance Conference Chicago
2. Components of an Effective BSA/AML Program: Revisiting the Four Pillars
The Four BSA/AML Compliance Pillars
•Qualified BSA/AML Compliance Officer
•Effective Internal Controls
•Education and Training
•Independent Testing
2
3. Components of an Effective BSA/AML Program: Revisiting the Four Pillars
BSA/AML Compliance Officer
•Board and senior management are responsible for ensuring that the compliance officer has sufficient authority and resources (monetary, staffing, IT and time) to administer an effective BSA/AML compliance program based on the company’s risk profile.
3
4. Components of an Effective BSA/AML Program: Revisiting the Four Pillars
BSA/AML Compliance Officer
•Compliance Officer’s professional qualifications are subject to scrutiny
•Tested for how familiar the officer is with the overall program
•Tested for knowledge of products, services, customers and geographic locations relative to potential BSA/AML risks
•Tested for engagement in the function relative to other responsibilities
4
5. Components of an Effective BSA/AML Program: Revisiting the Four Pillars
BSA/AML Compliance Officer
•Tested for how risk (high, medium or low) is determined in terms of articulation in risk assessment and overall program familiarity
•Should demonstrate how risk categories have been determined
•Should be prepared to articulate (in addition to any previously prepared documentation) any exceptions
5
6. Components of an Effective BSA/AML Program: Revisiting the Four Pillars
BSA/AML Compliance Officer
•Should marshal all information sources to collect data necessary to calibrate and recalibration risks
•Should include data derived from fraud prevention, complaints and other corporate sources --- avoid information silos that prevent data integration
6
7. Components of an Effective BSA/AML Program: Revisiting the Four Pillars
Internal Controls
•Include the company’s policies, procedures and processes designed to limit and control risks and to achieve overall BSA/AML compliance
•Level of sophistication commensurate with the size, structure, risks and complexity of the company
7
8. Components of an Effective BSA/AML Program: Revisiting the Four Pillars
Internal Controls
•Should implement risk- based customer due diligence policies, procedures and process
•Should identify operations more vulnerable to abuse by money launderers, terrorist s or financial criminals
•Should provide for program continuity despite management, personnel or structural changes
8
9. Components of an Effective BSA/AML Program: Revisiting the Four Pillars
Internal Controls
•Should provide for dual controls and segregation of duties
•Should provide sufficient controls for timely detection and reporting of required BSA forms
9
10. Components of an Effective BSA/AML Program: Revisiting the Four Pillars
Internal Controls
•Should demonstrate specific controls, data management strategy and other risk management tools that your organization deploys tied back to articulated risks as contained in formal risk assessments of customers; products and services; and geographies
10
11. Components of an Effective BSA/AML Program: Revisiting the Four Pillars
Internal Controls
•Should demonstrate how risk controls (especially high risk) are distinguished and implemented within control framework and risk management strategy to ensure ongoing compliance, including the detection , monitoring and reporting of suspicious activity
11
12. Components of an Effective BSA/AML Program: Revisiting the Four Pillars
Internal Controls
•Should be reevaluated when unique products, services, markets/ geographies or customers are on- boarded.
•Should be reevaluated when new regulatory rules or guidance is issued or enforcement actions are published
12
13. Components of an Effective BSA/AML Program: Revisiting the Four Pillars
Internal Controls
•Should ensure customer base is properly segmented (high/medium/low) with data from customer due diligence protocols
•Should ensure integrity of data (customer/account transaction data) and monitoring scenarios and then validate the effectiveness of these systems of an ongoing basis
13
14. Components of an Effective BSA/AML Program: Revisiting the Four Pillars
Internal Controls
•To test surveillance systems for effectiveness of generated alerts, suspicious patterns or thresholds or other scenario logic to determine calibration integrity
•Periodically perform quantitative and qualitative analyses to ensure overall surveillance system effectiveness
14
15. Components of an Effective BSA/AML Program: Revisiting the Four Pillars
Education and Training
•Determine how broad and comprehensive BSA/AML education and training needs to be
•Should cover company’s internal BSA/AML policies, procedures and processes at a minimum
•Consider the frequency of education and training which should be ongoing
15
16. Components of an Effective BSA/AML Program: Revisiting the Four Pillars
Education and Training
•Should include Board and senior management so that (i) they can understand and appreciate importance of regulatory requirements; (ii) the ramifications for noncompliance; (iii) and the risks posed to the company to complete oversight responsibilities; (iv) approve aspects of programs; and (v) provide sufficient resources
16
17. Components of an Effective BSA/AML Program: Revisiting the Four Pillars
Education and Training
•Consider appropriate personnel to receive training
•Consider specialized training in addition to any web-based resources
•Should be substantive and involve some tailoring to individual operational units and business lines, especially in high risk areas
17
18. Components of an Effective BSA/AML Program: Revisiting the Four Pillars
Education and Training
•Consider using outside training resources by recognized sources, such as ACI or ACAMS (particularly for BSA/AML or operations staff)
•Document and maintain records of education and training and testing materials, as well as testing designed to determine comprehension
18
19. Components of an Effective BSA/AML Program: Revisiting the Four Pillars
Education and Training
•Should include standards for passing and retesting
•Provide contemporaneous training updates based on new rules or regulations, regulatory guidance, administrative rulings and enforcement cases.
19
20. Components of an Effective BSA/AML Program: Revisiting the Four Pillars
Education and Training
•Education or training can be in person (either one on one, small group or entire business unit) or through a business communique to specifically affected operational units, business lines or reliance partners
20
21. Components of an Effective BSA/AML Program: Revisiting the Four Pillars
Independent Testing of BSA/AML Compliance Program
•Should be thorough and independent (can be performed internally by audit department but should report directly to Board or senior management)
•Independence means that they should not perform any essential compliance functions unless there is appropriate corporate segregation
21
22. Components of an Effective BSA/AML Program: Revisiting the Four Pillars
Independent Testing of BSA/AML Compliance Program
•Auditors should have the appropriate bandwidth with demonstrated experience in prepaid, money services business and payments (banking alone is not sufficient because of the uniqueness of prepaid operations)
22
23. Components of an Effective BSA/AML Program: Revisiting the Four Pillars
Independent Testing of BSA/AML Compliance Program
•Should be performed generally every 12 to 18 months based on company’s risk profile
•Should include onsite visitation with operations and high risk business lines
23
24. Components of an Effective BSA/AML Program: Revisiting the Four Pillars
Independent Testing of BSA/AML Compliance Program
•Should evaluate overall integrity and effectiveness of BSA/AML compliance program
•Should include an assessment of process of identifying/reporting suspicious activity, including a review of SARs for accuracy, timeliness, and completeness for consistency with BSA/AML compliance program
24
25. Components of an Effective BSA/AML Program: Revisiting the Four Pillars
Independent Testing of BSA/AML Compliance Program
•Should include thorough risk-based transaction testing, particularly of management information systems, to determine effectiveness of BSA/AML reporting and recordkeeping
•Should evaluate effectiveness of suspicious activity monitoring systems
25
26. QUESTIONS?? Law Office of Marilyn D. Barker 1425 K Street, NW Washington, DC 301.300.8578
26