ACAMS Meeting Summary “Meeting the Regulators” June 2015

AuditOne Regulatory Advisory

From Bud Genovese, Chairman

In our ongoing efforts to keep you abreast of news in the regulatory environment, we periodically issue AuditOne Regulatory Advisories.

The article below is written by AuditOne’s Co-CEO Kevin Watson. Kevin, who also is CAMS certified, just attended an ACAMS meeting in Long Beach, CA. Please feel free to forward it to the appropriate people in your bank. Thank you, –Bud

ACAMS Meeting Summary: “Meeting the Regulators” June 8, 2015

ACAMS is the largest international membership organization dedicated to enhancing the knowledge, skills and expertise of AML/CTF and financial crime detection and prevention professionals. Members of ACAMS include representatives from a wide range of financial institutions, regulatory bodies, law enforcement agencies and industry sectors. AuditOne is pleased to have multiple employees who have earned the Certified Anti-Money Laundering Specialist (CAMS) certification and are members of ACAMS.

The ACAMS meeting that I attended this June included representatives from the FRBSF, OCC, FDIC and CDBO (California Department of Business Oversight). Summarized below are some of the major points made in the meeting in an easy to track bullet point format. The panelists stressed that these are not necessarily the official views of their organization. However, the points made provide good examples of questions that may be raised in some BSA audits. We hope this information is useful to you and that you can learn from and take action on as applicable:

Common violations cited in Examinations

  • Failure to file SAR
  • Failure to update risk scores and CDD information
  • Failure to risk rate at account opening
  • Inadequate detail on EDD reviews
  • Auditors not customizing test and report for higher risk areas
  • Inadequate depth of audit testing
  • Failure of audit to opine overall and on each scope area

BSA Risk Assessment

  • Should include every product and service offered by the Bank
  • Also include element for employees and regulatory orders
  • Indicate metrics for each element including number and dollar for at least two years
  • Indicate inherent risk for each element
  • Best practice is to explain the specific risks for each element
  • OFAC risk can be embedded in the BSA risk assessment and should indicate history of OFAC hits


  • The FinCEN Advisory on compliance culture was stressed. Examiners and auditors should evaluate the authority, Board access, objectivity and staffing levels.


  • Ensure controls in place to ensure Third Party Payment Processors don’t deviate from agreed upon activities

· Bank should ask for statements for other banks where the TPPP maintains accounts


  • For complex customer account relationships, bank should prepare a master document describing the relationships


  • Customer responses to specific activity questions should make sense


  • Bank should obtain copy of statements for accounts maintained at other banks
  • Out of area and large check deposits should be investigated (bank should ask for CTRs on those)
  • Determine how many remittance transfers to each country, especially the high risk countries
  • Banks should ask for better quality independent audits or reviews completed on the MSBs
  • Ensure MSBs are properly licensed

Automated AML System

  • Validations consider 1) data accuracy 2) model calculations 3) appropriateness of rules and parameters
  • Most validations are being issued in separate reports, but there is no set format
  • Validations should be annual
  • Validate alerts, risk rating, watch list (OFAC) and other important features being used
  • Obtain independent validations from vendor, especially when the formulas supporting risk ratings or alerts are not disclosed


  • BSA Policy should include account closure requirements, stipulating the threshold of repeat filings triggering account closure.
  • New beneficial ownership guideline release date still unknown

Kevin K. Watson, CAMS, is our Co-CEO based in our Buena Park office in Southern California. Kevin can be reached at Contact Us

AuditOne LLC is a risk management firm with sole focus on financial institutions. Mr. Genovese pioneered the concept of providing comprehensive internal audit and credit review services by gathering wide-ranging, extraordinary expertise within one firm. AuditOne now serves over 200 clients throughout the Western United States, and nationally. Contact Kevin Watson, Co-CEO or Jeremy Taylor, Co-CEO how we can deliver to you our cost effective, quality services. Both may also be reached on our Team & Contact page.