Bank Secrecy Act Training: Who, What, When, How and Why? Presented by Lynn English Lafayette Federal Credit Union
Key Takeaways After this webinar, participants should have an understanding of minimum requirements for BSA training. Understand the importance of consistent, relevant training for your staff versus generic training. Understand Examiner Expectations for BSA training at your institution.
Agenda Why is training so important? Who should receive training? To test or not to test One size does not fit all Training Formats Didn t we have to do this last year? Board of Directors and Volunteers Examiner Expectations
Why is Bank Secrecy Act Training So Important? The answer to that question is threefold: First-Training is one of the required components of a BSA Compliance Program as mandated under the Act and further expressed under the mantle of the FFIEC Examination Manual. Second-A well trained, well informed staff is critical to the success of your credit union s BSA program. Third (and perhaps most important)-your credit union is subject to enforcement action, including monetary penalties from NCUA, FinCEN and possibly a State Regulatory Authority body (depending on your Charter). Your institution could also suffer deterioration of its reputation and if the monetary penalty is too steep, be placed under conservatorship or even closure.
Who Should Receive BSA Training? According to the FFIEC: Any staff member whose duties require knowledge of the Bank Secrecy Act 1. Does the above statement really answer the question?? Yes and no. As the BSA Officer, you should be a part of identifying which positions in your credit should receive BSA training and also, what type of training they receive. 1. FFIEC BSA Examination Manual
The Who Should Receive BSA Training Starter Pack. New Employees Compliance Staff Frontline Staff Tellers MSR s Branch Managers and Assistant Managers Back Office Staff Operations Lending Wires (Accounting) Administration HR? Yes, HR IT Executive Board and Volunteers (more to follow)
To Test or Not to Test that is the question. Do staff members have to receive a test with their training? While there is not a regulatory requirement to test, it is a best practice. You want to be able to assess the understanding levels of your staff to identify potential weaknesses that need to be addressed. Testing provides a consistently applied metric to assess proficiency in the subject matter.
Poll Question? Does the staff at your credit union take an assessment or quiz after BSA training? Yes No
One Size Does Not Fit All Bank Secrecy Act training is not a one size fits all endeavor. The BSA Risk Assessment can be an invaluable tool in the development of your credit union s BSA training program. The training program for BSA needs to be formatted to address the unique make up of your credit union. Some credit unions operate Cashless Branches Some credit unions do not process wire transfers Do you have an international presence? Just as you have multiple departments within your credit union, you must have BSA training that matches the responsibilities of each department. For Example: You wouldn t necessarily provide training on how to complete a Currency Transaction Report (CTR) to the staff that processes bank wires. That doesn t match their responsibilities.
One Size Does Not Fit All You may have some functions within your organization that don t fit into a specific category for training due to the responsibilities of that job. If that is the case, you can utilize a more general training for that area. If it is a unique area, such as IT or HR, you can create a custom presentation that addresses situations in those categories that aren t covered in typical BSA training.
Training Formats (Delivery) Is there a specific format that must be used for BSA training? The format used for training is up to the credit union but It must be delivered consistently Training must be relevant to the recipients Be Ongoing Can be in-person, instructor led, WebEx, computer based or a combination of any and all. PowerPoint, Paper handouts, Games Can be outsourced (but you should review and approve the content to be delivered) There should be written record of the following: Content of training Content of testing materials (if applicable) Attendance Dates of occurrence
Training Formats (Content) Should include regulatory requirements and any recent changes Include changes to credit union policies or procedures Include examples of money laundering activity or suspicious activity red flags Should include ramifications of non-compliance Enforcement Actions Monetary Penalties Criminal Penalties Include Board and Senior Management responsibility
Poll Question? Is your BSA training conducted by internal staff or is it outsourced? A. Internal Staff B. Outsourced C. Combination of both
Didn t We have to Do This Last Year? Yes, you probably did! Guidance 1 states periodic or ongoing as the requirement. It is an industry best practice for BSA training to occur at least annually. Knowledge, just like a physical skill is subject to use it or lose it. BSA knowledge needs to be refreshed periodically to ensure that staff maintains awareness of reporting requirements, processes and red flags. Employee turnover creates knowledge gaps among the staff. Infrequent reportable transactions can also cause gaps in BSA knowledge retention. Low risk institutions with limited exposure are also at risk for knowledge gaps without consistent, ongoing training. 1.NCUA Examination Guide, FFIEC BSA Examination Manual
Poll Question? How often is BSA training conducted at your credit union? Annually 2 or more times per year
Board of Directors and Volunteers The Board of Directors (including Volunteers) has the ultimate responsibility for your BSA Compliance Program. In order to carry out their responsibilities, your Board must have a general understanding of the Bank Secrecy Act to include the following: The importance of the regulatory requirements The Board s responsibility under the Bank Secrecy Act Penalties for non-compliance Your credit union s BSA policies and procedures Your credit union s BSA risks (there s that Risk Assessment again )
Examiner Expectations for BSA Training NCUA expects your credit union to have well documented records for the ongoing training of general staff and Board members. You must retain: Content, Test Scores, Dates and Participants for each training session. Retain records of all off-site and third party training received as well. The expectation for Compliance staff is even higher. BSA personnel are expected to receive training above and beyond the general staff. BSA certifications are viewed favorably by examiners. Be sure to keep them current. Certain BSA training sessions allow the participant to earn continuing education credits for active certifications.
Civil Penalties increased in 2016 recordkeeping violations for funds transfers, which has increased from $10,000 to $19,787; failure to register as a money transmitter, which has increased from $5,000 to $7,954; and willful violations of BSA requirements, which has increased from a range of $25,000 $100,000 to a range of $53,907 $215,628.
Enforcement Action Example Gibralter Bank March 2016, received a $6.5 M for persistent AML & BSA deficiencies. Comments were: Banks training inadequate, failed to provide training for specific positions, failed to address the needs of its BSA/AML compliance personnel for significant training in order to adequately implement its BSA/AML compliance program.
Summary The BSA training program for your credit union is a vital component of your Bank Secrecy Act Compliance Program. Well trained staff are more proficient at spotting suspicious activity as well as completing more timely and accurate BSA report submissions. A well trained Board of Directors can have a direct impact on the success of the program through policy, staffing and budget considerations for the Compliance Department.
Useful Links Electronic Code of Federal Regulations (ecfr) https://www.ecfr.gov FFIEC BSA/AML Examination Manual: https://www.ffiec.gov/bsa_aml_infobase NCUA Examiner s Guide: Appendix 18A https://www.ncua.gov/legal/guidesetc/examinergui de/chapter18.pdf
Now lets do a BSA Training! Why do criminals need access to financial services? Crime is a cash business 20 deals a day X $100 $2,000 per day $14,000 per week $728,000 per year
So what do you do with all that $$$$
Money Laundering Placement Layering Integration
Friendly illustrated guide
The quick history of BSA 1970 Bank Secrecy Act is born 1986: banks establish BSA programs 1996: Suspicious Activity Report September 11, 2001 Patriot Act; Customer Identification Program 2005: FFIEC BSA Examination Manual 300+ pages Huge shift in NCUA focus
What is the Goal of BSA Identifies people as they enter Reports large cash movements Document transactions that may lead to money laundering/crimes Reports suspicious activity Creates paper trail
Credit unions The Who s who in BSA Enforcement Treasury and FinCEN NCUA Law enforcement
Two main components Reporting Record Retention BSA Regulation
Currency Transaction Report(s) Records cash transactions that exceed $10,000 Aggregate multiple transactions of a single type in one day Timing deadline? 15 days
Suspicious Activity Report Suspicious Activity Report (SAR): Used to report suspicious activity, transactions, or behavior that is observed at your institution. A SAR is required to be filed for suspicious activity that involves a dollar amount in excess of $5000 where a suspect can be identified or in excess of $25,000 when a suspect is unknown. A SAR must be filed when a suspect is a credit union insider regardless of whether there is a monetary value involved in the suspicious activity. An insider is considered an employee, officer, volunteer or director.
Keep those Records! Record Keeping: Requires that all documentation related to the Bank Secrecy Act be retained for 5 years. Examples of documents to be retained include: Account opening documents Membership Applications, and supporting documents CTRs & SARs with supporting documents Purchase of Monetary Instruments $3000 or greater, this includes Money Orders, Cashier s Checks and Travelers Checks. Monetary Instrument Log (MIL) to be completed each time a member purchases a Monetary Instrument with cash $3000 or greater either manually or electronically.
USA Patriot Act Customer Identification Program The USA PATRIOT Act outlined new requirements for identifying the persons and entities that open accounts. Under Section 326 the Act, your credit union is required to collect specific information to allow the credit union to reasonably identify the individual or entity. This is known as the Know Your Customer rule or KYC.
CIP The information that must be collected is as follows: Name Identification Number (SSN, TIN, EIN, or ITIN) Date of Birth Residential Address (For Reference- APO, FPO and DPO s are treated as residential addresses)
What your Credit Union needs to do Written Program approved by the Board of Directors Responsible Individual (BSA Officer) Appropriate proficiency Reports to Senior Management Access to Board or Committee of the Board Written Risk Assessment Customized for your credit union Reviewed Annually Policy & Procedures Internal Controls Independent Testing Training
Questions?
Polling question- Please rate this webcast: Excellent Good Fair Poor
If you have any questions regarding the presentation you have just seen you may contact me directly. Lynn M. English lenglish@lfcu.org