Developing Conclusions and Finalizing the Exam
DEVELOPING CONCLUSIONS AND FINALIZING THE EXAM EXAMINATION PROCEDURES
Objective: Formulate conclusions about the adequacy of the bank’s BSA/AML compliance program, relative to its risk profile, and the bank’s compliance with BSA regulatory requirements; develop an appropriate supervisory response; and communicate BSA/AML examination findings to the bank.
- Accumulate all pertinent findings from the BSA/AML examination and testing procedures performed.
Formulate conclusions about the adequacy of the bank’s BSA/AML compliance program. Prepare written comments for the ROE covering areas or subjects pertinent to findings and conclusions. Prepare workpapers in sufficient detail to support discussions in the ROE. Reach a preliminary conclusion as to whether:
- The bank understands its ML/TF and other illicit financial activity risks. This may be determined by reviewing the bank’s risk assessment process, including whether the risk assessment provides a comprehensive analysis of the ML/TF and other illicit financial activity risks of the bank and is provided to all business lines across the bank, the board of directors, management, and appropriate staff.
- The BSA/AML compliance program is written, approved by the board of directors, and noted in the board minutes.
- BSA/AML policies, procedures, and processes are reasonably designed to assure and monitor compliance with the BSA and appropriately address higher-risk operations (products, services, customers, and geographic locations). The bank’s practices correspond to the policies, procedures, and processes.
- Internal controls are reasonably designed to manage the bank’s ML/TF and other illicit financial activity risks and to assure compliance with the BSA, especially for higher-risk operations (products, services, customers, and geographic locations).
- Independent testing (audit) is adequate to assess the bank’s compliance with BSA regulatory requirements and assess the overall adequacy of the BSA/AML compliance program. The overall independent testing coverage and frequency are appropriate in relation to the ML/TF and other illicit financial activity risk profile of the bank, as well as any expansionary activity. Transaction testing performed is adequate, particularly for higher-risk banking operations and suspicious activity monitoring systems.
- The designated individual or individuals responsible for coordinating and monitoring day-to-day compliance is competent, has properly executed policies and procedures, and has the appropriate authority, independence, and access to resources.
- Personnel are sufficiently trained to follow legal, regulatory, and policy requirements.
- The board of directors and senior management are aware of BSA/AML regulatory requirements, adequately oversee BSA/AML compliance, and commit, as necessary, to corrective actions that address independent testing or regulatory examination findings and recommendations in a timely manner. The board of directors and senior management clearly communicate the need and support for BSA/AML risk management and internal controls throughout the organization.
- Communication of policies, procedures, and processes is adequate throughout the bank.
- The BSA/AML compliance program is reasonably designed to assure and monitor compliance with the BSA relative to the bank’s overall ML/TF and other illicit financial activity risks.
- Prepare written comments for the ROE documenting any deficiencies or violations identified. Prepare written comments for workpapers regarding any supervisory response that may be appropriate. The written comments should discuss the nature, duration, and severity of the deficiencies or violations and the necessary remediation by the bank. Note whether deficiencies or violations were previously identified by the bank or independent testing, or were only identified as a result of an examination.
Discuss preliminary findings with the examiner-in-charge or the examiner responsible for the BSA/AML examination. Specifically, discuss any findings that have been or will be discussed with the bank, such as:
- A conclusion regarding the adequacy of the bank’s BSA/AML compliance program and the bank’s compliance with BSA regulatory requirements.
- Any identified deficiencies or violations, and an assessment of the severity of the issues.
- Actions needed by the bank to correct violations or deficiencies.
Preliminary recommendations for a supervisory response, if necessary.
- If the agency may need to take either an informal or formal enforcement action to address violations of BSA regulatory requirements, examiners should discuss this fact with appropriate agency supervision management and legal staff.
|< Previous Page
Developing Conclusions and Finalizing the Exam
|Next Page >
Customer Identification Program