Practical Ideas for an Effective BSA/AML Compliance Function: Risk Assessment and Program Development

Transcription

1 Institute of International Bankers International Banking Anti-Money Laundering Seminar May 20, 2010 Practical Ideas for an Effective BSA/AML Compliance Function: Risk Assessment and Program Development Paul S. Pilecki Kilpatrick Stockton LLP Washington, DC

2 Senior management support of the compliance program BSA/AML risk assessment Identification of high risk-risk products and services Customer due diligence procedures and customer profiling to identify high-risk accounts Ongoing monitoring of account activity Periodic testing for suspicious activity Employee training and continuing education Ongoing review of and dissemination of knowledge of regulatory requirements Effective communication with regulators Effective use of technology

3 BSA/AML Risk Assessment

4 Each institution should develop a program to identify and manage risks Development of a successful risk assessment generally involves two steps: Identification of specific risk categories; and Analysis of specific risk categories

5 Products and Services Customers and Entities Geographic Locations Staffing

6 Purpose of the analysis is to give management a better understanding of the risk profile of the institution in order to develop appropriate internal controls Level and sophistication of analysis should be commensurate with the sophistication of the products and services offered by the financial institution

7 Purpose of the accounts Actual or anticipated activity in the accounts Nature of the customer s business/activity Customer s location Types of products and services used by the customer

8 Executive Summary of Risk Rating Description of Business Lines Assessment of AML Risk in Each Business Line Review of AML Program Controls Application to Risk Assessment Matrices

9 Roadmap for Independent Reviewers Support for Maintaining or Adding Resources Support for Efficacy of Current Controls Identify Emerging Risks

10 Optional? Not at all A tool to inform senior management of the inherent risks in operations Details are important in Business Description Obtain input and comments from Business Lines, Risk Management, and Audit to ensure accurate descriptions Assess risks independently of regulatory guidance Assess risks associated with the staff Knowledge and experience Level of staffing

11 BSA/AML Compliance Programs

12 Compliance program should be structured to address the risk profile developed during the BSA/AML Risk Assessment Compliance program must enable the financial institution to monitor and control its BSA/AML risk on an on-going basis Particular emphasis must be afforded to high risk customer, products, services, and geographic locations Periodic review and updating of the BSA/AML Risk Assessment and Compliance Program are essential

13 Oversight Responsibilities

14 Senior management support and communication of expectations to all employees Establishing an escalation procedure to notify senior management of significant findings and events Involvement in ongoing compliance training programs Involvement in problem resolution Directing independent audit to test compliance programs

15 A core requirement and a key focus area for examiners Helps create a strong compliance culture Needs to include all levels of the organization Update continually to stay current with new developments Should reflect industry best practices Should involve periodic seminars, conferences Keep detailed records of training efforts Include testing to determine the effectiveness of training

16 Head Office must understand the legal and regulatory requirements applicable to the U.S. offices Head Office personnel responsible for independent testing or oversight must obtain training related to BSA/AML compliance Head Office must be given sufficient access to information in order to monitor the activity of the U.S. operations Establish robust information sharing practices between Head Office and U.S. offices Transaction information Customer information Regulatory requirements Current events

17 Sufficient knowledge of the BSA Fully knowledgeable of the products and services offered by the financial institution Understand the customers, geographic locations, and potential money laundering and terrorist financing risks inherent in the operations Understand the capabilities and limitations of monitoring systems Responsibilities for other areas/functions should be limited to allow for the proper attention to BSA/AML compliance Report directly to the board of directors or senior management

18 Examiners will note insufficient knowledge of regulatory requirements Subscribe to distribution lists for regulatory releases Use enforcement actions as learning tools Become involved in industry groups and task forces Encourage and support professional development of compliance staff Communicate within the organization concerning new developments, especially when new resources will be needed Review resources that identify money laundering and terrorist financing trends

19 Use examination findings as a tool for assessing compliance and an opportunity for making improvements Open communication will better enable you to resolve problem issues when they arise A good relationship will enhance the perception that the organization has a culture of compliance Important source of information on trends and developments in the area Inform regulators of significant developments so that there are no surprises

20 Approval and Periodic Review of the BSA/AML Compliance Program

21 An FBO must have its BSA compliance program approved by: The board of directors and noted in the minutes, or Approved by a delegee acting under the express authority of the board of directors to approve the BSA compliance program. No ongoing approval requirement unless the program changes; best practice is to establish a periodic (annual) review and approval

22 Paul S. Pilecki Kilpatrick Stockton LLP th Street, NW Washington, DC