When regulators talk about the root causes of the problems in a financial institution’s Bank Secrecy Act and Anti-Money Laundering programs, invariably the cause that comes out at the top of their list is a weak culture of compliance. FinCEN is well aware of the problem, and has issued several documents outlining their ideal compliant culture.
Regulatory agencies have found that poor BSA performance is as much about the culture of a financial institution as it is about the products, services, customers, and geographic location of the business. FinCEN highlights six hallmarks of an institution with a sound compliance culture:
Leadership
A successful compliance culture starts with the board and senior management actively support and understand the institution’s compliance efforts. This can include the board of directors, senior and executive management, owners, and operators. FinCEN stated, “for a BSA/AML compliance program to be effective, it should have the demonstrable support of the leadership.” To demonstrate that support, an organization’s leaders should receive periodic BSA/AML training tailored to their roles. Leaders should have a sound understanding of BSA/AML obligations and trending state so as to make informed decisions.
Uncompromised
The second trend of a successful compliance culture is an institution making efforts to manage and mitigate BSA/AML deficiencies, and risks are not compromised by revenue interests. Compliance staff should be empowered with sufficient authority and autonomy to implement a strong AML program without the influence of revenue. An effective structure allows for BSA/AML compliance to work independently.
Communication
Thirdly, relevant information from the various departments within the organization is shared with compliance staff to further BSA/AML efforts. Several recent enforcement actions noted that the offending institutions had relevant information in their passion, however it was not made available to the BSA/AML compliance staff. This mistake can result from a lack of an appropriate sharing mechanism, a lack of appreciation of the significance of the information to BSA/AML compliance, or even an intentional decision to prevent compliance officers from having access to information. But more often than not, there is information in various departments within a financial institution that may be useful and should be shared with the compliance staff.
Resources
The fourth hallmark of an institution with a sound compliance culture is one that devotes adequate resources to its compliance function. A successful compliance program has designation of an individual responsible for coordinating and monitoring the day-to-day compliance with the BSA. The resources allotted depend on leadership; leaders should devote sufficient staff to BSA/AML compliance function, and promote a sense of importance within their institution.
Independently Tested
Fifth, an independent and competent party should test system effectiveness. This again calls for the investment of leadership in the BSA/AML program. Strong testing should include proper ongoing risk assessment, sound risk-based customer due diligence, appropriate detection and reporting of suspicious activity, and independent program testing.
Understanding
And the final hallmark is that leadership and staff understand the purpose of the institution’s BSA/AML efforts and how its reporting is used. The understanding and commitment of not only the leadership is needed, but also that of the employees. As the responsibilities fall on the employees, the need to understand they are not simply generating reports for the sake of compliance, but rather recognize the purpose that BSA reports serve, and how the information is used. Among other benefits, the reporting that financial institutions provide assist in the fight against transnational criminal organizations, including those involved in drug trafficking and massive fraud schemes targeting the U.S. government, businesses, and people.
A Deeper Look
Of course, it’s a good idea to consider how your institution’s compliance culture measures up to all six of these standards. However, let’s take a closer look at two of them, the leadership and understanding, because these both have to do with making sure BSA compliance starts at the top with BSA leadership, and by that we mean senior management and the board, not just with the compliance officer.
Institutions with weak BSA/AML programs invariably suffer from a lack of support from the top. It just isn’t considered a priority. When a BSA compliance culture is properly established in the top ranks, it trickles down throughout the institution, and personnel exhibit confidence that their institution is committed to doing what it takes to achieve compliance, regardless of its circumstances.
A Good Example
So what does that commitment from the top look like? Rate your institution against the following attributes to see how effective your board and senior management are at setting a strong foundation for BSA compliance. Our board and senior management establish a strong BSA/AML compliance culture by:
- Establishing the institution’s attitude toward and approach to compliance
- Ensuring the program includes quantitative analytics
- Appointing a qualified and supported compliance officer
- Ensuring proper staffing levels and institution-wide responsiveness to the compliance department
- Requiring thorough reporting and review of key reports
- Making certain that compliance risk assessments are updated
- Ensuring independent tests are completed and reviewed when appropriate
- Ensuring corrective action is taken as needed
- Being ultimately responsible for making sure that your institution has an effective BSA/AML program that includes suspicious activity monitoring and reporting
If your institution’s top leadership can perform all these duties, then your institution will be well on its way to a culture of compliance. And remember, a good program provides reasonable assurance of compliance—not perfection—and is geared toward meeting the requirements of applicable laws and regulations in the most efficient manner possible.
Coppelia Padgett is senior analyst and resident SCRA Act expert for AffirmX. She began her career as a compliance examiner for the FDIC working primarily out of Los Angeles. She left the FDIC to found Triac in 1992. This consulting firm grew to serve the compliance needs of hundreds of financial institutions in the Los Angeles metropolitan area and around the United States. In 2011, Ms. Padgett joined AffirmX as a researcher, senior analyst, and writer. She graduated magna cum laude from the University of Tulsa with a degree in Economics.
