Resource Documents Board of Governors of the Federal Reserve System Federal Deposit Insurance Corporation National Credit Union Administration Office of the Comptroller of the Currency Office of Thrift Supervision Financial Crimes Enforcement Network Office of Foreign Assets Control

Examination Procedures Core Procedures Expanded Procedures

Bank Secrecy Act Anti-Money Laundering Examination Manual

Backward | Table of Contents | Forward

EXAMINATION PROCEDURES

Suspicious Activity Reporting

Objective.  Assess the bank’s policies, procedures, and processes, and overall compliance with statutory and regulatory requirements for monitoring, detecting, and reporting suspicious activities.

Review of Policies, Procedures, and Processes

1. Review the bank’s policies, procedures, and processes for identifying, researching, and reporting suspicious activity.  Determine whether they include the following:

• Lines of communication for the referral of unusual activity to appropriate personnel.
• Designation of individual(s) responsible for identifying, researching, and reporting suspicious activities.
• Monitoring systems used to identify unusual activity.
• Procedures to ensure the timely generation of, review of, and response to reports used to identify unusual activities.
• Procedures for reviewing and evaluating the transaction activity of subjects included in law enforcement requests (e.g., grand jury subpoenas, section 314(a) requests, or National Security Letters (NSLs)) for suspicious activity.  NSLs are highly confidential documents; as such, examiners will not review or sample specific NSLs.  Instead, examiners should evaluate the policies, procedures, and processes for:
• Responding to NSLs.
• Evaluating the account of the target for suspicious activity.
• Filing Suspicious Activity Reports (SARs), if necessary.
• Handling account closures.
• Procedures for documenting decisions not to file a SAR.
• Procedures for considering closing accounts as a result of continuous suspicious activity.
• Procedures for completing, filing, and retaining SARs and their supporting documentation.
• Procedures for reporting SARs to the board of directors, or a committee thereof, and senior management.
• Procedures for sharing SARs with head offices and controlling companies.

Evaluating Suspicious Activity Monitoring Systems

2. Review the bank’s monitoring systems and how the system(s) fits into the bank’s overall suspicious activity monitoring and reporting process.  Complete the appropriate examination procedures that follow.  When evaluating the effectiveness of the bank’s monitoring systems, examiners should consider the bank’s overall risk profile (high-risk products, services, customers, and geographic locations), volume of transactions, and adequacy of staffing.

Manual Transaction Monitoring

3. Review the bank’s transaction monitoring reports.  Determine whether the reports capture all areas that pose money laundering and terrorist financing risks.  Examples of these reports include: currency activity reports, funds transfer reports, monetary instrument sales reports, large item reports, significant balance change reports, nonsufficient funds (NSF) reports, and nonresident alien (NRA) reports.

4. Determine whether the bank’s monitoring systems use reasonable filtering criteria whose programming has been independently verified.  Determine whether the monitoring systems generate accurate reports at a reasonable frequency.

Automated Account Monitoring

5. Identify the types of customers, products, and services that are included within the automated account monitoring system.

6. Identify the system’s methodology for establishing and applying expected activity or profile filtering criteria and for generating monitoring reports.  Determine whether the system’s filtering criteria are reasonable.

7. Determine whether the programming of the methodology has been independently validated.

8. Determine that controls ensure limited access to the monitoring system and sufficient oversight of assumption changes.

Evaluating the SAR Decision-Making Process

9. Evaluate the bank’s policies, procedures, and processes for referring unusual activity from all business lines to the personnel or department responsible for evaluating unusual activity.  The process should ensure that all applicable information (e.g., criminal subpoenas, NSLs, and section 314(a) requests) is effectively evaluated.

10. Determine whether policies, procedures, and processes require appropriate research when monitoring reports identify unusual activity.

11. Determine whether the bank’s SAR decision process appropriately considers all available customer due diligence (CDD) information.

Transaction Testing

Evaluating SAR Quality

12. On the basis of a risk assessment, prior examination reports, and a review of the bank’s audit findings, sample the SARs downloaded from the BSA reporting database or the bank’s internal SAR records.  Review the quality of SAR data to assess the following:

• SARs contain accurate information.
• SAR narratives are complete and thorough, and clearly explain why the activity is suspicious.
• If SAR narratives from the BSA reporting database are blank or contain language, such as “see attached,” ensure that the bank is not mailing attachments to the Internal Revenue Service (IRS) Detroit Computing Center.⁷²

Testing the Suspicious Activity Monitoring System

Transaction testing of suspicious activity monitoring systems and reporting processes is intended to determine whether the bank’s policies, procedures, and processes are adequate and effectively implemented.  Examiners should document the factors they used to select samples and should maintain a list of the accounts sampled. The size and the sample should be based on the following:

• Weaknesses in the account monitoring systems.
• The bank’s overall BSA/AML risk profile (e.g., number and type of high-risk products, services, customers, and geographic locations).
• The quality and extent of review by audit or independent parties.
• Prior examination findings.
• Recent mergers, acquisitions, or other significant organizational changes.
• Conclusions or questions from the review of the bank’s SARs.

Refer to Appendix O (“Examiner Tools for Transaction Testing”) for additional guidance.

13. On the basis of a risk assessment, prior examination reports, and a review of the bank’s audit findings, sample specific customer accounts to review the following:

• Suspicious activity monitoring reports.
• CTR download information.
• High-risk banking operations (products, services, customers, and geographic locations).
• Customer activity.
• Subpoenas received by the bank.
• Decisions not to file a SAR.

14. For the customers selected previously, obtain the following information, if applicable:

• Customer Identification Program (CIP) and account-opening documentation.
• CDD documentation.
• Two to three months of account statements covering the total customer relationship and showing all transactions.
• Sample items posted against the account (e.g., copies of checks deposited and written, debit or credit tickets, and funds transfer beneficiaries and originators).
• Other relevant information, such as loan files and correspondence.

15. Review the selected accounts for unusual activity.  If the examiner identifies unusual activity, review customer information for indications that the activity is typical for the customer (i.e., the sort of activity in which the customer is normally expected to engage).  When reviewing for unusual activity, consider the following:

• For individual customers, whether the activity is consistent with CDD information (e.g., occupation, expected account activity, and sources of funds and wealth).
• For business customers, whether the activity is consistent with CDD information (e.g., type of business, size, location, and target market).

16. Determine whether the manual or automated suspicious activity monitoring system detected the activity that the examiner identified as unusual.

17. For transactions identified as unusual, discuss the transactions with management.  Determine whether the account officer demonstrates knowledge of the customer and the unusual transactions.  After examining the available facts, determine whether management knows of a reasonable explanation for the transactions.

18. Determine whether the bank has failed to identify any reportable suspicious activity.

19. From the results of the sample, determine whether the manual or automated suspicious activity monitoring system effectively detects unusual or suspicious activity.  Identify the underlying cause of any deficiencies in the monitoring systems (e.g., inappropriate filters, insufficient risk assessment, or inadequate decision-making).

Evaluating the SAR Decision-Making Process

20. On the basis of a risk assessment, prior examination reports, and a review of the bank’s audit findings, select a sample of management’s research decisions to determine the following:

• Whether management decisions to file or not file a SAR are supported and reasonable.
• Whether documentation is adequate.
• Whether the decision process is completed and SARs are filed in a timely manner.

21. On the basis of examination procedures completed, including transaction testing, form a conclusion about the ability of policies, procedures, and processes to meet regulatory requirements associated with monitoring, detecting, and reporting suspicious activity.

 

 

 

Backward | Table of Contents | Forward