Regulator Expectations on BSA Programs

The BSA/AML Examination Manual is over 300 pages long. Even if you have years of experience managing a BSA program, there is a lot to consider. Plus, the recent upswing of regulatory scrutiny can add to your list of things to do in order to maintain a successful program.

Do you ever wish someone could just brief you on the highlights? Let you know the steps to take to help your program avoid regulatory penalties? Whether your process is manual or automated, examiners will hold you to a certain standard. Compiled by a team of BSA experts and former regulators, this list incorporates recent trends and takeaways from the world of BSA/AML compliance.

10 Things Regulators Want to See in Your BSA Program:

1. Customization and calibration. If you’re already maintaining a custom set of scenarios and parameters to help highlight suspicious activity, you’re a step ahead of the game. If not, know that there are tools to help minimize manual work and maximize efficiency. Either way, calibration a continuous responsibility. Regulators will be most impressed when the parameters within your scenarios are risk-based, thoroughly documented, and reviewed periodically by a third party. At least once a year is recommended.A system can be returning hundreds of alerts, but in order to catch suspicious activity, the alerts should be meaningful. Too many false positives means you’re wasting time sifting through it all. Too few alerts may mean you’re missing something. When your system is calibrated enough to hit the “sweet spot,” you’ll maximize efficiency and confidence in your system.
2. Adaptability. What if we told you that the program you had in place five years ago may be different than the one you’ll have in five years? With new technology and new regulation changing the landscape of BSA, regulators will want to see that your program is built to withstand change. Here’s an example. The beneficial ownership regulation is just around the corner, and it will result in changes to your customer identification (CIP), customer due diligence (CDD) and enhanced due diligence (EDD) processes. Is your program prepared? Will you be set up to begin collecting and using this information in a way that satisfies regulators? They will start asking these questions sooner rather than later.
   Missed the Banker’s Toolbox webinar “Tick Tock on the Beneficial Ownership Clock?” Click here to view it for free. 
3. Thorough training. Today, there is no one-size-fits-all approach to training. It is mandated as one of the four pillars of a BSA/AML compliance program, but it is sometimes overlooked. Training can be time consuming and costly, but it is incredibly important. More than ever, regulators are taking a comprehensive look at training procedures. Does training reflect risk? Is computer-based training adequate anymore? Is the training customized to the audience? Regulators will want to see that your training, like the rest of your program, is customized and periodically revisited. 
4. Quality control. Even if you have the most thorough and efficient parameters in place, they are only as good as the action you (do or don’t) take on them. Recently, regulators have been focusing more attention than ever on quality control. Who is monitoring your program? Are they qualified to clear alerts? Especially if you’re low on BSA experts and resources, this can be a challenge. Sometimes you simply can’t do it all alone. If you do find yourself in this situation, there are options available for short-term or long-term relief. 
5. A holistic perspective. A BSA Officer has more responsibilities than others may realize. Running reports, working alerts and closing cases is a large part of their job, but there’s also more to it. When exam time comes around, a BSA Officer will need to speak to examiners about all areas of their program, including the technical element of their software, if applicable. An examiner may ask to see certain reports, scenarios, the way that data flows to and from the system and so on. For that reason, it is crucial that BSA Officers are able to speak confidently and knowledgeably about all areas of their BSA/AML monitoring. 
6. Flexibility toward growth. More often than not, growth is a good thing. It means that an institution has naturally increased accounts or possibly experienced a merger/acquisition. But sometimes growth can come with new sets of challenges. When growth occurs, regulators will expect your program’s scope to adjust. Just because you soared through a regulatory exam ten years ago doesn’t mean you necessarily will today. You may have acquired new areas of risk and possibly an increased workload. These factors need to be accounted for in many areas of your BSA program including CDD, EDD and so on. 
7. Ongoing CDD/EDD. On the topic of CDD – BSA Officers know that it’s crucial to “know your customer.” However, today, it is not enough to simply have a CIP in place. Many institutions are doing CIP well, but regulators are diving deeper into actual vs. expected transactions, enhanced due diligence on high-risk customers, and more. As was mentioned earlier, beneficial ownership may throw a new curveball into your CDD/EDD processes. 
8. Integration into other departments. BSA Officers have to work with nearly every department at their institution. They’re on a first name basis with the fraud investigators, head teller, branch managers, loan operators and more. Sometimes these roles even overlap. Because of that, there is a current trend toward pairing BSA/AML monitoring with other areas of the bank – specifically fraud. Regulators will be glad to see a thorough and robust program that looks for many types of suspicious activity. Plus, you’ll be minimizing losses in the meantime. 
9. Timely and accurate SARs and CTRs. This is nothing we haven’t heard before. The timely and accurate filing of SARs and CTRs is a fundamental area of BSA/AML compliance. Especially with the recent cases of personal liability, regulators are making it known that there is little room for error or negligence in filing them with FinCEN. There are plenty of resources from FinCEN and other regulatory agencies on how and when to file a SAR or CTR. If you still have questions, a consultant can also help guide you. 
10. A strong culture of compliance. Though it may sometimes feel like it, fighting financial crime through BSA/AML compliance is not a one-person show. A culture of compliance starts from the top down, including everyone from upper management to new employees on their first few days of training. Regardless of your institution’s size, it is important to communicate the importance of BSA/AML monitoring into everybody, making it part of their daily activities. The most successful BSA/AML programs are the ones that get support from everybody – from the top down.
    View the Banker’s Toolbox webinar “Building a Strong Culture of Compliance from the Top Down” for free here.

BSA Officers have one of the most critical roles at an institution. With that comes a lot of responsibility, and it can be a bit overwhelming. But remember, you don’t have to do it all alone. At Banker’s Toolbox, our goal is to help you be successful in your BSA/AML monitoring. We are sharing these industry insights to help you analyze your current system and feel more confident when exam time comes around.

To learn more about the software and services from Banker’s Toolbox, visit bankerstoolbox.com.