Compliance & BSA

Compliance and BSA: Too Hot to Skimp

Celeste Burton, Compliance Practice Director

While credit risk, interest rate risk and other Safety & Soundness concerns will always be high on examiners’ agenda, there has been a steady rise in recent years in attention given to compliance risk. There are some regulations now being subjected to particularly intense scrutiny, such as Consumer Lending (Regulation Z), Flood Insurance, the Home Mortgage Disclosure Act and Fair Lending. In-depth compliance audits are essential to satisfying the expectations of customers and the requirements of regulators – and to allowing your Directors and senior executives to sleep at night.

The following list, while not exhaustive, includes most of the regulations of greatest concern to financial institution Compliance Managers in the operational and lending arenas. We have a very full library of updated audit programs for all of these regulations, and many others as well:

  • Compliance Program Management, Policies and Training
  • Regulation B – Equal Credit Opportunity Act
  • Regulation C – Home Mortgage Disclosure Act
  • Regulation D – Excessive Withdrawals
  • Regulation E – Electronic Funds Transfer Act
  • Regulation F – Limitations on Interbank Liabilities
  • Regulation H – Bank Protection Act
  • Regulation O – Insider Lending
  • Regulation P – Privacy of Consumer Financial Information
  • Regulation U – Loans Secured by Margin Stock
  • Regulation W – Transactions with Affiliates
  • Regulation Z – Truth in Lending
  • Regulation AA – Credit Practices
  • Regulation BB – Community Reinvestment Act
  • Regulation CC – Expedited Funds Availability Act
  • Regulation DD – Truth in Savings
  • Regulation GG – Prohibition on Funding of Unlawful Internet Gambling
  • Fair Credit Reporting Act (including FACT Act – Identity Theft Program)
  • Fair Housing Act
  • FIRREA – Appraisals
  • Flood Disaster Protection Act
  • Real Estate Settlement Procedures Act
  • Right to Financial Privacy Act
  • Secure and Fair Enforcement of Mortgage Licensing (S.A.F.E.) Act
  • Unfair, Deceptive or Abusive Acts or Practices (UDAAP) Controls
  • Fair Lending
  • Community Reinvestment Act
  • A growing range of additional, applicable regulations for those institutions with mortgage loan exposure
  • State-specific Financial Codes

Anti-Money Laundering and the Bank Secrecy Act (BSA) are separately covered within the scope of Safety & Soundness examinations and are best covered in a separate and focused audit engagement. The risk profile for BSA is high for most banks and has earned itself a separate examination manual from the regulators, last released as an interagency reference guide at 439 pages by the Federal Financial Institutions Examination Council (FFIEC) in 2010. The manual explicitly requires periodic independent audit testing and even describes the required scope of those independent tests. AuditOne has developed a well-honed approach to BSA audits based on the requirements of the FFIEC manual. We carefully adjust the scale and scope of each audit depending on the money laundering risk profile of the institution being audited. Minimum required elements of an independent testing program cover the following elements:

  • Assessment of BSA/AML Program
  • Money Laundering Risk Assessment
  • Customer Identification Program
  • Customer Due Diligence/Enhanced Due Diligence
  • Suspicious Activity Monitoring and Reporting  
  • Adequacy of Staff/Board Training
  • Currency Transaction Reporting
  • USA PATRIOT Act Information Sharing (Sections 314(a) and (b))
  • Office of Foreign Asset Control
  • Other BSA Recordkeeping and Reporting Requirements
  • Automated AML System including Account Rating System
  • Other Higher Risk Activities, including:
    • Trade Finance
    • Cash Secured Loans
    • Remote Deposit Capture
    • Non-Resident Aliens
    • Professional Service Companies
    • Non-Deposit Financial Institutions (including Money Service Businesses)
    • Foreign Correspondent Banks
    • Privately Owned ATMs
    • Marijuana Related Businesses
    • International ACH Transactions (IAT)
    • Non-Governmental Organizations

Also in the BSA arena, we now perform many Validations of automated AML monitoring systems, something that regulators have come to give particular emphasis.  Our audit program follows not just the suspicious activity monitoring requirements of the FFIEC’s BSA Manual but also the emerging model risk management guidelines released by regulators over the past few years.  Our approach includes rigorous testing of the data feeds from the core system into the monitoring software.

AuditOne’s Compliance team brings to the table many, many years of combined experience in a hands-on capacity across all of these and other regulations. And being part of the AuditOne team means being able to draw on our collective experience performing many scores of Compliance and BSA audits every year. We know what regulators are looking for … and we know what works in addressing their concerns.