As any health-conscious person knows, regular physical exams are the key to identifying potential problems while they are still manageable in order to stay at the top of their game. Similarly, for financial institutions to do the same, a “physical” is needed for every aspect of compliance, especially the regulatory behemoth: the Bank Secrecy Act. Recently, I had an opportunity to spend some time at the NCUA headquarters, and was able to discuss top concerns related to BSA with some of their principal people (and when folks at the top are concerned about particular issues, those concerns generally translate into instructions to the examiners). To ensure that your institution is prepared for its next physical, let me share with you the two areas we discussed as well as an additional area that I believe with be important, based on discussions with some of my credit union colleagues.
Money Services Businesses
First, NCUA is concerned that credit unions are opening or maintaining accounts for money services businesses (MSBs) without fully understanding the MSB business model and the additional risks this model can pose. Furthermore, they are unsure if institutions understand the additional scrutiny that should apply to the transactions conducted by MSB accountholders. NCUA will be expecting your BSA policy and procedures to identify whether your credit union is offering accounts to MSBs and, if you are, NCUA will look for specific procedures regarding the documentation you require to open these accounts. In addition, you will want to ensure that your membership applications include questions sufficient to allow you to understand the ownership structure of the MSBs and the nature of their services and customary transactions with the credit union. Lastly, you may be asked whether your current tracking and monitoring procedures enable you to identify potential MSBs and what steps are to be taken if an individual or business is identified as an MSB after the account is opened.
BSA Compliance Training Programs
The next area has to do with your training. There are hosts of products and services from online training programs to webinars to seminars that credit unions can use to educate their staff and Board members about the requirements of the Bank Secrecy Act. However, NCUA’s concern is that while these programs generally do a very good job of defining the specific regulatory requirements, they don’t and can’t provide training on your internal procedures. NCUA views internal procedures as a critical component of your BSA training program—and so should you—so you will want to document the training you conduct on your internal procedures.
Suspicious Activity Tracking and Monitoring
Last of all, I’m hearing from my colleagues that the NCUA is continuing to focus on the adequacy of each individual credit union’s tracking and monitoring systems and procedures. Many credit unions are now using software products (such as Verafin and Yellow Hammer) for this process, so (according to what I’ve heard from compliance officers) examiners are beginning to ask whether you have had your tracking program validated. In other words, examiners want to see that you have undergone a process to determine whether the risk parameters set within the program are appropriate and effective for your products and services and your demographic profile. Although the exact content of BSA exams varies from examiner to examiner and from exam to exam, you would be well-served to anticipate that many examiners will focus on these three areas in your next examination. Paying extra attention to them will help keep your BSA program in shape and assure a successful examination.
AffirmX offers BSA Independent Reviews as a standalone product or as part of its patented Risk Intel Center platform of compliance services. For further information, please contact Alberto Gamez at firstname.lastname@example.org.