recordkeeping and reporting requirements. Such a program can help protect a bank against possible criminal and civil penalties and asset forfeitures. At a minimum, a bank’s internal compliance program must be written, approved by the board of directors and noted as such in the board meeting minutes. The program must include at least the following elements: • A system of internal controls to assure ongoing compliance. • Independent testing of compliance. • Daily coordination and monitoring of compliance by a designated person. • Training for appropriate personnel. • Risk-based customer due diligence/beneficial ownership procedures. Internal Controls Senior management is responsible for assuring an effective system of internal controls for the BSA, including suspicious activity reporting, and must demonstrate its commitment to compliance by: • Establishing a comprehensive program and set of controls, including account opening, monitoring and currency reporting procedures. • Requiring that senior management be kept informed of compliance efforts, audit reports, identified compliance deficiencies and corrective action taken — to assure ongoing compliance. • Making BSA compliance a condition of employment. • Incorporating compliance with the BSA and its implementing regulations into job descriptions and performance evaluations of bank personnel. Independent Testing of Compliance The bank’s internal or external auditors should be able to: • Attest to the overall integrity and effectiveness of management systems and controls, and BSA technical compliance. • Test transactions in all areas of the bank with emphasis on high-risk areas, products and services to ensure the bank is following prescribed regulations. • Assess employees’ knowledge of regulations and procedures. • Assess the adequacy, accuracy and completeness of training programs. • Assess the adequacy of the bank’s process for identifying suspicious activity. Internal review or audit findings should be incorporated after each assessment into a board and senior management report and reviewed promptly. Appropriate follow-up should be ensured. Regulators increasingly expect the BSA audit or testing program to also include these elements: • Confirmation of the integrity and accuracy of management information reports used in the anti-money laundering (AML) compliance program. • Overall integrity and effectiveness of the program. • Evaluation of management’s efforts to resolve violations and deficiencies. • Evaluation of the effectiveness of the suspicious activity monitoring systems. • Review of the BSA risk assessment for reasonableness given the bank’s risk profile. BSA Compliance Officer A bank or thrift must designate a qualified bank employee as its BSA compliance officer, who has day-to-day responsibility for managing all aspects of the BSA compliance program and compliance with all BSA regulations. The BSA compliance officer may delegate certain BSA compliance duties to other employees but not compliance responsibility. The bank’s board of directors and senior management must ensure that the BSA compliance officer has sufficient authority and resources — time, funding, staffing — to administer effectively a comprehensive BSA compliance program. And, the BSA officer must have a direct reporting channel to the board of directors. Board of Directors The board must ensure that it exercises supervision and direction of the BSA/AML program. This involves making sure that the institution develops sound BSA/AML policies, procedures and processes that are approved by the board and implemented by management. The board also has to ensure that the bank maintains a designated BSA officer with qualifications commensurate with the bank’s situation. As noted above, the BSA officer must report directly to the board and be vested with sufficient authority, time and resources. The board must provide for adequate independent testing of BSA/AML compliance. The board should bear in mind that it has the ultimate responsibility for the institution’s BSA compliance. Training Financial institutions must ensure that appropriate bank personnel are trained in all aspects of the regulatory requirements of the BSA and the bank’s internal BSA compliance and AML policies and procedures. An effective training program includes provisions to ensure that all bank personnel, including senior management, those who have contact with customers (whether in person or by phone), those who see customer transaction activity or those who handle cash in any way, receive appropriate training. Board members also need to receive regular BSA/AML training, though 19 In Touch
RkJQdWJsaXNoZXIy ODQxMjUw