Hot Topics: How to Prepare for Your Next BSA Exam

Terri Luttrell, CAMS-Audit
June 2, 2021
Read Time: min

Prepare for your BSA exam by following these tips

Getting ready for your upcoming BSA examination takes planning and thinking through several issues. Here's a guide to help.

Want more BSA training and articles emailed to you?

Review Regulatory Material

Guidance to prepare for BSA exams

Regulatory examinations are stressful for financial institutions; that is a fact. Bank Secrecy Act (BSA) exams can be especially difficult, as they often come with serious institutional impact. After all, BSA is generally part of a safety and soundness exam, and one of the more important aspects of an institution’s regulatory relationship.  With that in mind, what steps can help make an exam successful? The outcome should be a satisfactory rating from the examiners, but what preparation should a BSA Officer take to get these highly sought-after results?

Regulatory guidance on BSA exams

The good news is that there is guidance for BSA examination preparation. The most important tool and a BSA Officer’s guide to success is the Federal Financial Institutions Examination Council (FFIEC) BSA Examination manual. This manual is written for examiners and it clearly outlines all review steps that could be taken during a regulatory exam. The FFIEC is an interagency body empowered to prescribe uniform principles, standards, and report forms and is composed of:

  • Board of Governors of the Federal Reserve System (FRB)
  • Federal Deposit Insurance Corporation (FDIC)
  • National Credit Union Administration (NCUA)
  • Office of the Comptroller of the Currency (OCC)
  • Consumer Financial Protection Bureau (CFPB)
  • State Liaison Committee (SLC)

As you can see, these agencies encompass all traditional financial institutions, so this one-stop guide for exam preparation should be used as your primary guide.

Other helpful guidance is from the Financial Crimes Enforcement Network (FinCEN) in conjunction with  the regulatory agencies in their guidance on risk-focused supervision.  This document was also written for examiners and recognizes the exam burden for financial institutions. The guidance emphasizes a risk-focused approach to examinations and refocuses the regulators to scope each exam according to the unique financial institution, not to use a one-size-fits-all approach.

6 Critical Areas

Examiner expectations during BSA exams

Knowing that guidance is available to help you prepare for your exam should help reduce stress prior to your exam. Knowing the examiner expectations is your next step. The following six areas are critical when developing your exam planning:
  • BSA/OFAC Policy integration

    a. Are written procedures up to date and accessible to staff?

    b. Are procedures in line with BSA Policy requirements?

    c. Are processes and practices applied to current procedures?

  • Clearly defined procedures

    a. Is it current, i.e., within the last 12 months?

    b. Does it include or have a separate OFAC Policy?

    c. Is it approved by the board as documented in board minutes?

    d. Does it designate a qualified BSA Officer?

    e. Does it address a “culture of compliance”?

  • Calibration

    a. Has AML software been optimized on a risk-based approach?

    b. Has above-the-line/below-the-line testing been done on alert parameters?

    c. Does documentation justify any scenarios that are not being used for monitoring?

  • Data validation

    a. Have you received a recent independent model validation?

    b. If your model validation is not recent, have you completed internal periodic data validations?

    c. Is all BSA relevant data available for accurate transaction monitoring?

  • Training

    a. Have all employees received BSA training within the past 12 months?

    b. Has the board of directors received training during the past 12 months?

    c. Is training designed uniquely for each employee role?

    d. Are training records organized and up to date?

  • Staffing

    a. Have you recently completed a staffing assessment?

    b. Is staff appropriately qualified and trained for their job position?

    c. Is staff sufficient to ensure that ALL BSA/AML program requirements are satisfied accurately and in a timely manner?

If the answer to any of these questions is no, it is time to tighten things up prior to your exam. This list is quite extensive and time-consuming and will take several months to complete. Exam prep is an ongoing undertaking and should be planned early and looked at often.
Build confidence before your next exam.
Download the BSA Examination Checklist.
Download
Tactical & Strategic Tips

BSA exam preparation steps

Initial Communication

The BSA Officer’s initial conversation with the examiner in charge is important for setting the tone of the exam. If this is a new relationship, you’ll want it to start with open and honest communication, and you’ll want to foster it with the same style of communication. If it is a new relationship, this is also a great time to show your confidence and organizational skills. The initial communication will most likely be led by the examiner, but don’t hesitate to show your interest in the process by discussing the following important aspects of the exam:

  • Exam logistics – what should you expect?
  • Determine scope – on what risk-based level will you be reviewed?
  • Required documentation - obtain a request letter outlining any pre-exam documentation to send to the exam team

Develop a plan

Having a defined plan helps your team gain confidence and be fully prepared for your examination. Following these steps will help you get there and may help set a positive tone for the exam:

  • Identify a point person. One central contact for all examination questions keeps the stress level down and prevents unprepared information from being given to your examiners.
  • Arrange for nice accommodations. As much as it may be tempting, try not to put your exam team in a basement once they are back on site. A nice conference room is a much more pleasant work environment and may give way to happy examiners.
  • Commit resources. Set aside plenty of time for communicating with examiners, answering questions, and gathering requested documentation in a timely manner.
  • The point person should not have to do everything, even though the communication comes through them. Delegating tasks such as gathering documentation and creating reports can help spread the burden of exam time.
  • Frequent communication is helpful in knowing ahead of time how the exam is going and if any clarifying information is needed. Daily touch points are good for both the BSA and the exam teams.

BSA examination prep checklist

Along with the steps addressed above, certain self-testing should by conducted prior to your next exam:

  • Review and update risk assessment (including OFAC)
  • Evaluate independent testing documentation (audit)
  • Ensure your BSA training is up to date and documented
  • Complete transaction testing
  • Have updated data validation (or model validation)
  • Evaluate your model risk
  • Review and remediate former areas of concern
  • Review Board reports
  • Review transaction monitoring program
  • Optimize AML software if applicable
  • Update BCP – including COVID related fraud detection

Download a BSA Examination Prep Checklist to help in your planning.

All Institutions Must Have

Culture of compliance

FinCEN issued an advisory in 2014 highlighting the importance of a strong culture of compliance for senior management, leadership, and owners within financial institutions. The advisory states that regardless of its size and business model, a financial institution with a poor culture of compliance is likely to have shortcomings in its BSA/AML program. This includes compliance from top, to middle, to frontline leadership. A financial institution can strengthen its BSA/AML compliance culture by following these six FinCEN critical aspects of a culture of compliance: .

1. Leadership must actively support and understand compliance efforts

2. Efforts to manage and mitigate BSA/AML deficiencies and risks must not be compromised by revenue interests

3. Relevant information from the various departments within the organization is shared with compliance staff to further BSA/AML efforts

4. The institution devotes adequate resources to its compliance function

5. The compliance program is tested by an independent and competent party

6. Leadership and staff understand the purpose of its BSA/AML efforts and how its reporting is used

Although this advisory is dated 2014, it is top-of-conversation among regulators even today. Adding a section for the culture of compliance in your written BSA Policy will show that your institution is on board, assuming policy is adhered to and those not following are held accountable.
Review in Preparation

Hot BSA exam topics

Several common themes continue to show in recent examination criticisms. Some have entered the landscape this past year, but others are not new, and your plan should include being prepared in these areas to avoid the following types of criticism:

  • CDD onboarding processes insufficient: Ensure your front line is obtaining all know your customer and other customer due diligence information according to written policy and procedures.
  • Incomplete higher risk customer documentation and review. Be sure your enhanced due diligence efforts are thorough, comprehensive, and completed periodically on a risk-focused basis.
  • Procedures do not match board-approved policy: Look and compare the two documents to confirm they are aligned.
  • Risk assessment is not thorough enough or not current: Ensure that your enterprise-wide risk assessment includes all areas of risk and dives into deep analysis where inherent risk is higher.
  • No optimization of suspicious activity monitoring parameters: Be sure that your AML software is calibrated at the optimum level so that suspicious activity is not missed, and false positives are minimized.
  • No model validation performed on an automated system: This is a must for AML software in all but very small financial institutions.
  • Repeat findings or inaction from the institution: This is a sure way to have a written program criticism. Ensure all past audit and exam findings are remediated.
  • Missing COVID fraud detection procedures: If you haven’t already, include COVID-related fraud, such as Paycheck Protection Program loan fraud, in your procedures for detection and mitigation.
Conclusion

The keys to success

Being proactive and intentional in your examination planning shows examiners that you are confident in your BSA/AML program and that your team takes compliance responsibilities seriously. To recap the tops steps for a successful exam:

  • Designate centralized communication
  • Be forthcoming about all aspects of your BSA/AML program
  • Build relationships with your BSA examiners based on trust and aligned goals
  • Keep promises and follow through to examiners and senior management
  • Be responsive to your examiners with answers and requested documentation
  • Cooperate and choose your battles when necessary

Once your exam prep plan is in place, start working the steps immediately so that it doesn’t become overwhelming. Delegate duties, ask for help. Preparing for all aspects of your BSA/AML program for review should avoid any serious criticism. After all, the requirements for an exam are written in the FFIEC BSA Examination Manual, so there should be no surprises. Use the manual as your outline and you and your financial institution will be set up for success.

Learn more by watching the webinar, "BSA Exam Prep 101: Hot Topics"
keep me informed Watch Webinar
About the Author

Terri Luttrell, CAMS-Audit

Compliance and Engagement Director
Terri Luttrell is a seasoned AML professional and former director and AML/OFAC officer with over 20 years in the banking industry, working both in medium and large community and commercial banks ranging from $2 billion to $330 billion in asset size.

Full Bio

About Abrigo

Abrigo enables U.S. financial institutions to support their communities through technology that fights financial crime, grows loans and deposits, and optimizes risk. Abrigo's platform centralizes the institution's data, creates a digital user experience, ensures compliance, and delivers efficiency for scale and profitable growth.

Make Big Things Happen.

 

Looking for Banker’s Toolbox? You are in the Right Place!

Banker’s Toolbox is now Abrigo, giving you a single source for all your enterprise risk management needs. Use the login button here, or the link in the top navigation, to log in to Banker’s Toolbox Community Online.

Make yourself at home!