As we all know, the Bank Secrecy Act (BSA) is kind of a big deal. It is a good idea to review some of the major parts of the regulation on occasion just to make sure we are still pointed in the right direction. Sometimes, without us really noticing, changes in our bank can cause shifts in our program. Turnover in personnel, changes in Board philosophy and the like can create ripples throughout the bank. Fortunately, the regulators sorted the BSA into five convenient pillars.
The first pillar of BSA is a system of internal controls. This is referring to our policies, procedures and processes that guide the program through the maze of compliance. Our risk assessment and culture are included in the internal controls. The risk assessment should drive the program and the banks culture will drive the risk assessment. This pillar is often noted as the most important.
The second pillar is independent testing. We need to be sure that our program is complete and thorough. In order to achieve this, we will need to have someone take a look at the program to provide an assessment. Above all, this person needs to be independent of the process and possess enough BSA knowledge to be qualified to perform the review. We can’t have the head teller that completes all of the CTRs for the bank verifying that the CTR process is complete and thorough. I have also heard that this is the most important pillar.
The third pillar is having a Compliance Officer. We need to have a qualified individual to execute the Board’s plan for BSA compliance. We need to make sure that the Compliance Officer is qualified to complete this task. They will also need to have the authority to run the program. The Board shouldn’t just pick the guy who isn’t in the room and can’t say “no”. Personally, I think this is the most important pillar.
The fourth pillar is training. BSA training should occur annually and, ideally, be tailored to the tasks that the personnel are responsible for in the bank. Commercial lenders should be trained on customer identification and beneficial ownership. While it won’t hurt them to train on CTRs, despite their calls to the contrary, it’s probably not essential. This pillar is known to be the most important.
The fifth pillar is due diligence, this pillar is fairly new and currently in a state of flux. Originally, Beneficial Ownership was a big part of this pillar. As a follower of Compliance Alliance, you are probably aware that FinCEN is currently in the process of changing how Beneficial Ownership is handled, with two of three final rules already published and a third final rule anxiously anticipated at some point in the future. However, there is more to this pillar than just beneficial ownership. The bank needs to understand the nature and purpose of the customer relationship and conduct ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information. FinCEN has a FAQ on this – the most important pillar of BSA.