Back to The Basics: BSA Training – Part Two
Build A Strong Program – BSA Training
This is the second of a two part series that recaps our recent webinar, “BSA Foundation Training: Back to Basics.” View part one of the blog series here.
Suspicious Activity Monitoring
A very important piece of a BSA program outside of the five pillars is suspicious activity monitoring. Your suspicious activity monitoring may be manual or automated. Recently, the trend seems to be that regulators are suggesting automation even for smaller institutions. Commonly, many institutions do a combination of both: an automated system and some manual process. It can be beneficial to let automation do as much as it can and manually perform the rest.
If you have parameters in your suspicious activity monitoring system, use your data to review and tweak them periodically. Suspicious activity monitoring is not a one-size-fits-all situation. They should be customized to your institution and its risks. Solutions that are “out of the box” likely will not satisfy regulators during an exam.
SAR Completion and Filing
FinCEN expects SARs to be filed in a timely manner: within 30 days. The 30-day clock begins when you have made the determination that something is suspicious. Some software, including BAM+, gives you the flexibility to determine when the 30-day timeline begins, based on the process that you decide is best. Since the 30 days need to be used wisely, the most important thing is to document this process in the policies and procedures and stick to it.
SAR quality is extremely important, including the non-critical boxes and the narrative. For narratives, remember the basic questions: “who, what, when, where, how and why?” Law enforcement will want a thorough, concise summary upfront.
Your risk assessment should be an ongoing, dynamic document. On an enterprise-wide basis, this detailed document needs to identify all inherent risks, mitigating factors and residual risks. It should have a summary page with the institution’s overall rating (the example on the exam manual is a good example of a summary page). Furthermore, a risk assessment should identify specific risk categories such as products and services, customers and entities, and geographic locations. Any identified risk area will need a deep dive, often including charts and supplemental information.
A risk assessment should be performed at least annually, given that there are no major institutional changes such as a merger or acquisition, a core or teller system conversion, and so on. These would cause a need for a new risk assessment to be performed. The risk assessment should be fluid – growing and changing with you.
Regulatory Hot Buttons
At Banker’s Toolbox, we have the privilege of working with financial institutions all over the country, made up of various sizes and risk profiles. Because of that, we have insight into regulatory trends. At a high level, these are some regulatory “hot buttons” that we have seen recently.
- CDD onboarding processes
- Higher risk customer documentation and review
- Procedures do not match board-approved policy
- Risk assessment is not thorough enough or not current
- No optimization (tuning) of suspicious activity monitoring parameters
- No model validation performed on an automated system
- Repeat findings or inaction from the institution
If you feel that these or any of the requirements above are weaknesses at your institution, don’t panic! There are third parties, such as the Consulting Services at Banker’s Toolbox, who are certified, experienced, and dedicated to helping you get your program on track.
Another way to stay on top of all of the requirements and regulations of the BSA world is to be proactive. Continuing education is critical to the learning process, especially if you’re new. Attend conferences and user groups, read FinCEN’s email newsletters and guidance, etc. Remember, you’re not alone. There are resources out there that are intended to help you be successful.
The above items are only a brief recap of what was discussed in the webinar, “BSA Foundations Training.” Additional topics included data integrity, model validations, monetary instrument logs, and more. To access the full webinar, click here to view it for free. As always, email [email protected] with questions.