Assessing the BSA/AML Compliance Program


Objective: Confirm that the bank has developed a BSA/AML training program and delivered training to appropriate personnel.

Banks must provide training for appropriate personnel.[20]12 CFR 208.63(c)(4) (Federal Reserve); 12 CFR 326.8(c)(4) (FDIC); 12 CFR 748.2(c)(4) (NCUA); 12 CFR 21.21(d)(4) (OCC). Training should cover the aspects of the BSA that are relevant to the bank and its risk profile, and appropriate personnel includes those whose duties require knowledge or involve some aspect of BSA/AML compliance. Training should cover BSA regulatory requirements, supervisory guidance, and the bank’s internal BSA/AML policies, procedures, and processes. Training should be tailored to each individual’s specific responsibilities, as appropriate. In addition, targeted training may be necessary for specific ML/TF and other illicit financial activity risks and requirements applicable to certain business lines or operational units, such as lending, trust services, foreign correspondent banking, and private banking. An overview of the purposes of the BSA and its regulatory requirements are typically provided to new staff during employee orientation or reasonably thereafter. The BSA compliance officer and BSA compliance staff should receive periodic training that is relevant and appropriate to remain informed of changes to regulatory requirements and changes to the bank’s risk profile.

The board of directors and senior management should receive foundational training and be informed of changes and new developments in the BSA, including its implementing regulations, the federal banking agencies’ regulations, and supervisory guidance. While the board of directors may not require the same degree of training as banking operations personnel, the training should provide board members with sufficient understanding of the bank’s risk profile and BSA regulatory requirements. Without a general understanding of the BSA, it is more difficult for the board of directors to provide adequate oversight of the BSA/AML compliance program, including approving the written BSA/AML compliance program, establishing appropriate independence for the BSA/AML compliance function, and providing sufficient BSA/AML resources.

Periodic training for appropriate personnel should incorporate current developments and changes to BSA regulatory requirements; supervisory guidance; internal policies, procedures, and processes; and the bank’s products, services, customers, and geographic locations. Changes to information technology sources, systems, and processes used in BSA compliance may be covered during training for appropriate personnel. The training program may be used to reinforce the importance that the board of directors and senior management place on the bank’s compliance with the BSA and that all employees understand their role in maintaining an adequate BSA/AML compliance program.

Training programs should include examples of money laundering and suspicious activity monitoring and reporting that are tailored, as appropriate, to each operational area. For example, training for tellers should focus on examples involving large currency transactions or suspicious activities, and training for the loan department should provide examples involving money laundering through lending arrangements. The bank should provide training for any agents who are responsible for conducting BSA-related functions on behalf of the bank. If the bank relies on another financial institution or other party to perform training, appropriate documentation should be maintained.[21]For more information on collaborative arrangements, see “Interagency Statement on Sharing Bank Secrecy Act Resources,” issued by Federal Reserve, FDIC, FinCEN, NCUA, and OCC, October 3, 2018.

Banks should document their training programs. Training and testing materials (if training-related testing is used by the bank), and the dates of training sessions should be maintained by the bank. Additionally, training materials and records should be available for auditor or examiner review. The bank should maintain documentation of attendance records and any failures of personnel to take the required training in a timely manner, as well as any corrective actions taken to address such failures. 

Examiners should determine whether all personnel whose duties require knowledge of the BSA are included in the training program and whether materials include training on BSA regulatory requirements, supervisory guidance, and the bank’s internal BSA/AML policies, procedures, and processes.


< Previous Page
BSA Compliance Officer - Examination Procedures
Next Page >
BSA/AML Training - Examination Procedures