Best Practices for AML/BSA Compliance
AML/ BSA Best Practices • Banks should implement following programs : – Customer Identification Program (CIP) – Customer Due Diligence (CDD) Program – Bank Secrecy Act/Anti-Money Laundering Risk Assessment – Identification and Reporting of Suspicious Activity
Customer Identification Program (CIP) • CIP is a requirement as defined in The USA PATRIOT Act having following activities developed which needs to be a written board-approved CIP including procedures for: – Reasonable level verification of customer’s true identity – Defined methodologies to be used in the verification process – Appropriate records to be maintained during the collection and verification of customer’s identity – Verification of a customer’s name against specified terrorist lists – Adequate notice that the bank is requesting identification to verify their identities
Customer Identification Program (CIP) • For non-U.S. persons, the bank must obtain one or more of the following identification numbers: – Customer’s TIN – Passport number and country of issuance – Alien identification card number – Number and country of issuance of any other (foreign) governmentissued document evidencing nationality or residence and bearing a photograph or similar safeguard
• All required customer identifying information obtained in the account opening process must be retained for five years after the account is closed.
Customer Due Diligence (CDD) Program • Banks need to adopt and implement comprehensive CDD policies, procedures, and processes for all customers, particularly focus on persons who might present a higher risk for money laundering and terrorist financing • A robust CDD program can aid in: – Detecting and reporting unusual or suspicious transactions that potentially expose the bank to financial loss, increased expenses, or reputational risk. – Avoiding criminal exposure from persons who use or attempt to use the bank’s products and services for illicit purposes. – Adhering to safe and sound banking practices
Enhanced Due Diligence (EDD) Program • Enhanced Due Diligence (EDD) for higher risk customers • If a bank determines that a customer poses a higher risk because of the customer’s business activity, ownership structure, anticipated or actual volume and types of transactions, including those transactions involving higher-risk jurisdictions, then it should obtain the following information not just at account opening but also throughout the relationship: –Purpose of the account. –Source of funds and wealth –Individuals with ownership or control over the account, such as beneficial owners, signatories, or guarantors –Occupation or type of business (of customer or other individuals with ownership or control over the account) –Financial statements –Banking references –Domicile (where the business is organized) –Proximity of the customer’s residence, place of employment, or place of business to the bank –Description of the customer’s primary trade area and whether international transactions are expected to be routine –Description of the business operations, the anticipated volume of currency and total sales, and a list of major customers and suppliers –Explanations for changes in account activity
Bank Secrecy Act/Anti-Money Laundering Risk Assessment
• The same risk management principles that the bank uses in traditional operational areas should be applied to assessing and managing BSA/AML risk • Why well-developed risk assessment is important: – Will assist in identifying the bank’s BSA/AML risk profile. – Understanding the risk profile enables the bank to apply appropriate risk management processes to the BSA/AML compliance program to mitigate risk. – Enables management to better identify and mitigate gaps in the bank’s controls.
• Documentation and communication – The risk assessment should provide a comprehensive analysis of the BSA/AML risks in a concise and organized presentation – Should be shared and communicated with all business lines across the bank, board of directors, management, and appropriate staff – Should be documented in writing
Bank Secrecy Act/Anti-Money Laundering Risk Assessment • The steps involved: – First step of the risk assessment process is to identify the specific products, services, customers, entities, and geographic locations unique to the bank – The second step of the risk assessment process entails a more detailed analysis of the data obtained during the identification stage in order to more accurately assess BSA/AML risk
• An effective risk assessment should be an ongoing process, not a one-time exercise • Periodically reassess their BSA/AML risks at least every 12 to 18 months
Identification and Reporting of Suspicious Activity • Banks can use a number of methods to track and identify unusual activity – this may include: – Employee identification – Law enforcement enquiries and requests – Transaction and surveillance monitoring system output – Any combination of the above
Want to learn more about anti-money laundering, the process, how it works and best practices? ComplianceOnline webinars and seminars are a great training resource. Check out the following links:
• http:// www.complianceonline.com/anti-money-laundering-aml-compliance-program-seminar-t
• http:// www.complianceonline.com/bsa-aml-ofac-risk-assessments-regulatory-requirements-se
• http:// www.complianceonline.com/bsa-aml-compliance-reporting-requirements-webinar-train
• http:// www.complianceonline.com/bsa-aml-compliance-checklists-webinar-training-703178-pr
• http:// www.complianceonline.com/bsa-aml-ofac-risk-assessments-and-evaluation-compliance-
• http:// www.complianceonline.com/best-practices-for-developing-risk-models-for-aml-bsa-mon ?channel=amlppt