Skip to main content

Help Staff Your BSA/AML Program with Third-Party Vendors

Mallory Harrington, CAMS, CFCS
May 9, 2022
Read Time: 0 min

Best Practices for Third-Party BSA/AML Assistance

Collaborating with a third-party BSA/AML vendor can save time and money when it comes to sanctions compliance.

Would you like other articles like this in your inbox?

Critical Responsibility
Increasing sanctions and your BSA/AML program

Financial crime detection and prevention are increasing in complexity for BSA/AML professionals as new technologies and challenges arise each year. The COVID-19 pandemic has substantially increased the need for fraud detection across the country, with hard dollar losses keeping financial organizations on their toes. Since the Russian invasion of Ukraine, the sanctions burden has seemingly doubled. The Office of Foreign Asset Controls (OFAC) updates sanctions almost daily, sometimes several times a day, and banks need to be prepared to address these updates immediately.

Considering these new threats, a lack of human or technical resources to combat crime is unacceptable regardless of budget constraints—yet financial institutions report staffing issues and shortages. A recent and notable consent order shows the dangers of turning to an unqualified or inept third-party institution to perform some or all BSA/AML duties to meet regulations. But when best practices are followed and due diligence is completed, seeking third-party assistance is a sound business practice for ensuring that all BSA requirements are met within an AML program. Collaboration can help financial institutions save time and money, allowing them to forgo expensive hiring and onboarding processes and utilize a team with years of expertise for immediate assistance.

Additional Staff
When to hire a third-party BSA/AML team

Conducting a staffing assessment can strengthen an institution's overall culture of compliance. The 2014 FinCEN guidance on "Culture of Compliance" states that "an institution's interest in revenue should not compromise efforts to manage and mitigate BSA/AML deficiencies and risks. An effective governance structure should allow the BSA/AML compliance function to work independently and take appropriate actions to address and mitigate any risks arising from an institution's business line."

Once a staffing assessment is complete, the results should be shared with senior management, documenting the process and the need for additional staff if identified. If a need for staffing increases is indicated, don't rush to hire more full-time employees without analyzing the situation. Is the current demand or backlog you are experiencing due to seasonal customer activity, or an employee on short-term medical leave? Perhaps the recent wrap-up of an exam has left your institution with clean-up requirements or other enhancement steps for your program. 

Stay up to date with BSA/AML best practices.

In cases where staffing issues are not permanent, or where training new staff is too large a burden, hiring a team with BSA/AML expertise can be beneficial and make good business sense.

Vetting Vendors
Due diligence for third-party BSA/AML assistance

When hiring a third party to perform BSA/AML responsibilities, financial institutions are responsible for ensuring that their assets are kept safe, and no suspicious activity goes undetected or unreported. Vetting and due diligence measures performed on a third party should be completed and documented before hiring. The skillset and experience level of every contractor working within an AML program should be commensurate with the job duties required.

The hiring institution is ultimately responsible for ensuring the work done by the third party follows the bank's policy and procedures and meets all BSA regulations. Quality control measures should be well documented, and BSA officers should ensure testing of each duty performed by the third-party resource. Be sure to share these results and any findings with management. It is sometimes acceptable for in-depth quality control to be completed by a third party and reported to institution management, but only if the financial institution performs a sample review of those results to prove the validity of the quality control program. As with everything else in the FinCrime profession, thorough documentation is critical in establishing that the financial institution understands the ultimate responsibility of the AML program management.

All third-party vendors should be reviewed and vetted just as you would any new employee. As a matter of sound risk management, you would not turn a new employee loose without vetting their qualifications or checking their work. The same is true for a new vendor.

When vetting a potential vendor, there are several essentials to verify before any agreement is reached:

  • What experience does the vendor have? Contract staff must have experience working as part of a BSA/AML or fraud team.
  • What qualifications do the team members hold? There are many credentials, including CAMS, CFCS, and CFE, and these certifications are essential to show the required expertise of each contractor.
  • Do the individual contractors have the skill set needed for AML or fraud investigations? Are they analytic in thinking while still possessing strong written and verbal communication skills?
Successful Collaboration
What to look for in a partnership

Financial institutions need a vendor that will serve as an extension of their BSA/AML team. Successful third parties will spend time getting to know your institution's needs and processes, display professionalism, and adapt to any situation. The contracted team should demonstrate system-agnostic capabilities, offer thoughts on improvements, and provide accountability, coming alongside your institution to solve problems.

Utilizing a third-party vendor can better leverage an institution's overall BSA/AML program, helping it tackle its workload while mitigating regulatory criticism. A third-party partnership is often a wise business decision for short-term solutions to staffing deficiencies. If collaborating with a vendor is the right choice for your institution, creating policies and procedures around these best practices, performing quality control, and documenting your decisions will set your institution up for success when it comes to regulatory examinations.

Get the latest on sanctions compliance in 2022.

Keep me informed Watch Webinar
About the Author

Mallory Harrington, CAMS, CFCS

Senior Financial Crimes Investigator
Mallory Harrington brings over 11 years of retail banking experience to Abrigo having worked with small and mid-sized institutions in a variety of roles, including retail banking, accounting, deposit and loan operations, and BSA/AML compliance.  Mallory currently serves as Senior Financial Crimes Investigator working with Abrigo’s Financial Crime advisory department

Full Bio

About Abrigo

Abrigo enables U.S. financial institutions to support their communities through technology that fights financial crime, grows loans and deposits, and optimizes risk. Abrigo's platform centralizes the institution's data, creates a digital user experience, ensures compliance, and delivers efficiency for scale and profitable growth.

Make Big Things Happen.

 

Looking for Banker’s Toolbox? You are in the Right Place!

Banker’s Toolbox is now Abrigo, giving you a single source for all your enterprise risk management needs. Use the login button here, or the link in the top navigation, to log in to Banker’s Toolbox Community Online.

Make yourself at home!

Looking for MainStreet Technologies? You are in the Right Place!

MainStreet Technologies is now Abrigo, giving you a single source for all your enterprise risk management needs. Use the contact us button here, or the link in the top navigation, to reach product support for your MST products.

Make yourself at home!

Looking for Sageworks? You are in the Right Place!

Sageworks is now Abrigo, giving you a single source for all your enterprise risk management needs. Use the login button here, or the link in the top navigation, to log in to your Sageworks products.

Make yourself at home!

Looking for Farin? You are in the Right Place!

Farin is now Abrigo, giving you a single source for all your enterprise risk management needs. Use the login button here, or the link in the top navigation, to log in to your Farin client portal.

Make yourself at home!

Abrigo acquires construction loan management solutions

Coupled with our lending suite, Construct and +Pay from BankLabs enable end-to-end automated residential/commercial construction loans.

Read the press announcement

BankLabs Logo Abrigo Logo