Skip to main content

Looking for Valuant? You are in the right place!

Valuant is now Abrigo, giving you a single source to Manage Risk and Drive Growth

Make yourself at home – we hope you enjoy your new web experience.

Looking for DiCOM? You are in the right place!

DiCOM Software is now part of Abrigo, giving you a single source to Manage Risk and Drive Growth. Make yourself at home – we hope you enjoy your new web experience.

The 5 pillars of BSA – Why they are important for your AML program

Terri Luttrell, CAMS-Audit, CFCS
January 11, 2022
Read Time: 0 min

Tips for a strong AML program that will lead to a successful exam

The task of building a robust AML program may seem overwhelming, but there is no better place to start than with the five pillars of BSA.

You might also like this infographic showing how to strengthen the five pillars of AML/CFT with help from Abrigo's experts.


For Bank Secrecy Act (BSA) Officers, the task of building a robust anti-money laundering (AML) program may seem overwhelming. Knowing where to begin is the key to a successful project plan when developing a new AML program or revamping an outdated or inefficient program. There is no better place to start than with the foundation of BSA requirements, the five pillars.  


The 5 pillars of BSA

Understanding the pillars will help build a strong AML program

Fortunately for BSA Officers, regardless of experience level, the Federal Financial Institution Examination Council (FFIEC) BSA Examination Manual provides guidance for you to build or restructure your AML program. However, copying and pasting the recommendations into your policies and procedures will not be enough to ensure a solid program. You must understand each of the pillars to manage accordingly and further still, educate those on the front line about the role they will play in bringing it to life.  You must also instill a strong culture of compliance at your institution to ensure long-term success. Let's look at the key takeaways for each of the five pillars:

Internal controls

Many factors make the internal control pillar critical to your AML program. Not only is this a required part of BSA compliance but controls also ensure things are running smoothly and you won't be caught off guard during a regulatory examination. Critical internal controls include: 

  • Policies, procedures, and processes designed to mitigate and manage money laundering and terror financing  
  • Providing timely updates in response to changes in regulations will keep your AML program aligned with regulatory expectations 
  • Incorporating dual controls and the segregation of duties will ensure an essential second management layer  
  • Tight management of technological and human resources will enable you to ensure that all AML responsibilities are met. Or, at the minimum, allow you to make your business case to senior management if resources are deficient
  • Providing for program continuity despite changes in operations, management, or employee structure will ensure that no surprises occur from issues such as a pandemic or other natural disaster. 

Designation of a BSA Officer

The BSA Officer pillar seems intuitive; all successful programs must have a competent leader. A well sought-out appointment is critical. Remember these important key factors when appointing your BSA Officer:    

  • The designated BSA Officer must be approved by the Board of Directors and recorded in meeting minutes 
  • The BSA Officer must have the appropriate background and level of experience for the position. Promoting the head teller of the institution, no matter how great a staff member they may be, will probably not pass regulatory scrutiny
  • The BSA Officer must have the necessary authority, independence, and access to resources to administer an adequate AML compliance program. Independence means that the reporting structure should be outside of the compliance area, and the BSA Officer should be the deciding decision maker with all matters relating to BSA. The title to this position is unimportant from a regulatory perspective, but the authority, independence, and access to resources are critical   

Periodic BSA training

Despite sounding straightforward, it is often not implemented properly and is a common examiner finding. Ongoing training is at the heart of a satisfactory AML compliance program. Be sure to take these steps to fulfill the BSA training requirements:    

  • BSA training is not one size fits all. Training must be tailored to the roles and responsibilities of each employee. The front-line staff is your ultimate line of defense and must have detailed BSA training. However, lenders need to know what is relevant to their job functions, and the board of directors requires high-level training to cover their fiduciary duties 
  • BSA training must be conducted at least annually and more often if you experience deficiencies in implementing policies and procedures. An effective AML program cannot be achieved without all team members having the necessary knowledge
  • Document training modules and dates for every staff member, including the board of directors. If one stubborn executive misses training, you will receive regulatory criticism. Remember to stress a culture of compliance if you run into this situation 

Independent testing

This term is used interchangeably with an audit function and is designed to assess a financial institution's compliance with AML requirements and the overall adequacy of the AML compliance program. An audit before an exam gives you the ability to shore up any gaps in your program before a regulatory exam. Takeaways from this pillar include: 

  • Independent testing should be conducted by the internal audit department, outside auditors, consultants, or other qualified independent parties 
  • The audit must be conducted by those with sufficient knowledge and experience with AML compliance
  • Audits should consider the entire AML program, including AML and OFAC monitoring technical resources. Periodic model validations will also be required to ensure AML software is working as intended and that all critical data sources are feeding into each model identified 

Ongoing customer due diligence (CDD)

The cornerstone of a robust AML compliance program is adopting and implementing risk-based CDD policies, procedures, and processes for all customers, particularly those that present a higher risk for money laundering and terrorist financing. The objective of CDD is to understand the nature and purpose of customer relationships, which may include understanding the types of transactions in which a customer is likely to engage. These processes assist financial institutions in determining when transactions are potentially suspicious. Below are important factors to assess when developing your CDD program: 

  • Each CDD program should begin with a Customer Identification Program (CIP) outlined in the USA PATRIOT Act  
  • CDD should be risk-focused. Not all customers in a higher risk category have equal risk within an institution. Rely on your institution's unique risk assessment to determine how much due diligence is required for each customer type
  • As part of CDD, financial institutions must identify and verify beneficial owners of legal entities with an ownership interest of 25% or more. Beneficial ownership is determined under both a control prong and an ownership prong. Under the control prong, the beneficial owner is a single individual with significant responsibility to control, manage or direct a legal entity customer. Each legal entity customer must identify one beneficial owner under the control prong
  • It's worth noting that the Anti-Money Laundering Act of 2020 has required FinCEN to analyze any changes needed to the CDD legislation once FinCEN establishes the beneficial ownership registry. Keep your eyes open for updates on CDD and beneficial ownership changes 

Essential guides

Adherence to the pillars is crucial for institutions

The five pillars of BSA are essential guides for all AML programs, and regulators look for the implementation and results of each during an examinationOf course, it is crucial to have a successful regulatory examination, but why is adherence to the pillars important for financial institutions? The underlying reasons for following these guidelines are the critical aspects of AML/CTF; detecting and reporting unusual or suspicious activity, avoiding criminal exposure from persons using your institution for illicit purposes, and adhering to safe and sound banking practicesNever forget the importance of these pillars as a means to a successful end result. 

Want to be ready for your next regulatory exam? We can help.

Learn More
About the Author

Terri Luttrell, CAMS-Audit, CFCS

Compliance and Engagement Director
Terri Luttrell is a seasoned AML professional and former director and AML/OFAC officer with over 20 years in the banking industry, working both in medium and large community and commercial banks ranging from $2 billion to $330 billion in asset size.

Full Bio

About Abrigo

Abrigo enables U.S. financial institutions to support their communities through technology that fights financial crime, grows loans and deposits, and optimizes risk. Abrigo's platform centralizes the institution's data, creates a digital user experience, ensures compliance, and delivers efficiency for scale and profitable growth.

Make Big Things Happen.