Resource Documents Board of Governors of the Federal Reserve System Federal Deposit Insurance Corporation National Credit Union Administration Office of the Comptroller of the Currency Office of Thrift Supervision Financial Crimes Enforcement Network Office of Foreign Assets Control

Examination Procedures Core Procedures Expanded Procedures

Bank Secrecy Act Anti-Money Laundering Examination Manual

Backward | Table of Contents | Forward

EXAMINATION PROCEDURES

Developing Conclusions and Finalizing
the Examination

 

Objective.  Formulate conclusions, communicate findings to management, prepare report comments, develop an appropriate supervisory response, and close the examination.

Formulating Conclusions

1. Accumulate all pertinent findings from the BSA/AML examination procedures performed. Evaluate the thoroughness and reliability of any risk assessment conducted by the bank. Determine whether the following requirements are met:

• The BSA/AML compliance program is effectively monitored and supervised in relation to the bank’s risk profile as determined by the risk assessment. The examiner should ascertain if the BSA/AML compliance program is effective in mitigating the bank’s overall risk.
• The board of directors and senior management are aware of BSA/AML regulatory requirements, effectively oversee BSA/AML compliance, and commit, as necessary, to corrective actions (e.g., audit and regulatory examinations).
• BSA/AML policies, procedures, and processes are adequate to ensure compliance with applicable laws and regulations and appropriately address high-risk operations (products, services, customers, entities, and geographic locations).
• Internal controls ensure compliance with the BSA and provide sufficient risk management, especially for high-risk operations (products, services, customers, entities, and geographic locations).
• Independent testing (audit) is appropriate and adequately tests for compliance with required laws, regulations, and policies.
• The designated person responsible for coordinating and monitoring day-to-day compliance is competent and has the necessary resources.
• Personnel are sufficiently trained to adhere to legal, regulatory, and policy requirements.
• Information and communication policies, procedures, and processes are adequate and accurate. All relevant determinations should be documented and explained.

2. Determine the underlying cause of policy, procedure, or process deficiencies, if identified. These deficiencies can be the result of a number of factors, including, but not limited to, the following:

• Management has not assessed, or has not accurately assessed, the bank’s BSA/AML risks.
• Management is unaware of relevant issues.
• Management is unwilling to create or enhance policies, procedures, and processes.
• Management or employees disregard established policies, procedures, and processes.
• Management or employees are unaware of or misunderstand regulatory requirements, policies, procedures, or processes.
• High-risk operations (products, services, customers, entities, and geographic locations) have grown faster than the capabilities of the BSA/AML compliance program.
• Changes in internal policies, procedures, and processes are poorly communicated.

3. Determine whether deficiencies or violations were previously identified by management or audit or were only identified as a result of this examination.

4. Develop findings and conclusions and discuss them with the examiner in charge (EIC) or examiner responsible for reviewing the bank’s overall BSA/AML compliance.

5. Identify actions needed to correct outstanding deficiencies or violations, as appropriate, including the possibility of, among other things, requiring the bank to conduct more detailed risk assessments or taking formal enforcement action.

6. Discuss findings with management and obtain a commitment for improvements or corrective action, if needed.

Preparing the BSA/AML Comments for the Report of Examination

7. Develop a conclusion regarding the adequacy of the bank’s BSA/AML compliance program. Discuss the effectiveness of each of these elements of the bank’s BSA/AML compliance program. Indicate whether the BSA/AML compliance program meets all the regulatory requirements by providing the following:

• A system of internal controls.
• Independent testing for compliance.
• A specific person to coordinate and monitor the BSA/AML compliance program.
• Training of appropriate personnel.

The BSA/AML compliance program must also include a written Customer Identification Program (CIP) appropriate for the bank’s size, location, and type of business.

The examiner should ensure that workpapers are prepared in sufficient detail to support issues discussed in the report of examination (ROE). The examiner does not need to provide a written comment on every one of the following items 8 through 15. Written comments should cover only areas or subjects pertinent to the examiner’s findings and conclusions. All significant findings must be included in the ROE. To the extent that the following items are discussed in the workpapers, but not the ROE, the examiner should ensure that the workpapers thoroughly and adequately document each review, as well as any other aspect of the bank’s BSA/AML compliance program that merits attention, but may not rise to the level of being included in the ROE. As applicable, the examiner should prepare a discussion of the following items.

8. Describe whether the bank’s polices and procedures for law enforcement requests for information under section 314(a) of the Patriot Act (31 CFR 103.100) meet regulatory requirements.

9. If the bank maintains any foreign correspondent or private banking accounts for non-U.S. persons, describe whether the bank’s due diligence policies, procedures, and processes meet regulatory requirements under section 312 of the Patriot Act (31 CFR 103.176 and 103.178).

10. Describe the board of directors’ and senior managements’ commitment to BSA/AML compliance. Consider whether management has the following:

• A strong BSA/AML compliance program fully supported by the board of directors.
• A requirement that the board of directors and senior management are kept informed of BSA/AML compliance efforts, audit reports, any compliance failures, and the status of corrective actions.

11. Describe whether the bank’s policies, procedures, and processes for SAR filings meet the regulatory requirements and are effective.

12. Describe whether the bank’s policies, procedures, and processes for large currency transactions meet the requirements of 31 CFR 103.22 and are effective.

13. If applicable, describe whether the bank’s policies, procedures, and processes for Currency Transaction Report (CTR) exemptions meet regulatory reporting requirements, appropriately grant exemptions, and use the correct forms.

14. Describe whether the bank’s funds transfer policies, procedures, and processes meet the requirements of 31 CFR 103.33(e) and (g). Briefly discuss whether the policies, procedures, and processes include effective internal controls (e.g., separation of duties, proper authorization for sending and receiving, and posting to accounts), and provide a means to monitor transfers for CTR reporting purposes.

15. Describe the bank’s recordkeeping policies, procedures, and processes. Indicate whether they meet the requirements of 31 CFR 103.

Preparing an Appropriate Supervisory Response

16. Identify violations and assess the severity of those violations. As appropriate, record violations in internal databases or the ROE.

17. On the basis of overall findings and conclusions, confer with the EIC to formulate appropriate ratings.

18. As appropriate, develop recommendations for supervisory actions by conferring with the EIC, supervisory management, and legal staff.

19. Organize and reference workpapers.

Backward | Table of Contents | Forward