By Elaine Yancey
According to the FFIEC Bank Secrecy Act/Anti-Money Laundering Examination Manual (the manual), suspicious activity reporting “forms the cornerstone of the BSA reporting system.” In fact, the primary purpose of the act is to identify and report transactions where financial institutions are possibly being used to facilitate money laundering, terrorist financing or other illicit financial activities. Noncompliance can have serious consequences, which is one reason examiners spend significant time reviewing this area.
Guidance contained in the manual is another reason for the emphasis on suspicious activity. By statute, the BSA/AML review is part of every full-scope safety and soundness examination. The change in economic conditions led the Board of Governors, in 2008, to issue guidance to examiners reminding them of the risk-based approach to the BSA/AML examination set forth in the manual. While allowing examiners to limit the assignment in most instances based on the specific risk profile of the bank, minimum procedures were nonetheless required, and they include a review of suspicious activity. Further, from a review of 2011 examination findings of state member banks in the Fifth District, suspicious activity issues were among the top three BSA findings cited.
Examiners performing the BSA/AML assignment will evaluate the method used to identify, monitor and report suspicious activity. As part of this undertaking, examiners will conduct a technical review of the Suspicious Activity Reports (SARs) filed by your institution to determine whether “the right boxes were checked” and a narrative was created that is both accurate and understandable to the end user. SAR narratives should answer the questions: who, what, where, when, why and how. The idea behind this review is that the quality of SAR content is sometimes reflective of the effectiveness of your suspicious activity program; if you’re hurrying through your SAR preparation by making technical errors or providing vague or overblown narratives, the examiner may conclude that you might not understand the larger purpose of the BSA. Practices that you might consider to ensure an effective SAR filing process include:
In addition to the technical review of the SARs, examiners will study the employee identification component of your suspicious activity monitoring program, any tools used to monitor customer transactions and, of course, your SAR decision-making process. For unusual activity identified by employees, examiners will want to know whether that information is communicated to the BSA/AML officer and how it was documented and resolved, meaning whether a SAR was filed and why or why not. The same goes for responding to alerts generated by your automated account monitoring system or those you have flagged from your core processor reports. Examiners will evaluate your response to these hints of possible suspicious activity and will need to understand how and who makes the decision to file or to not file a SAR. Practices to consider in the SAR decision-making process include:
When evaluating your transaction monitoring method, be prepared to explain any software programs or core processor reports you use. For the core processor method, examiners will want to know which reports you review (currency activity reports, large item reports, currency fluctuation reports, past-due loan reports, kiting reports, etc.) and why and how often they are reviewed. If you use a software program or automated system to monitor customer activity, examiners will want to know what parameters or settings are in place and what rules have been selected or created that alert you to unusual activity. Examiners will need to understand how the program has been customized based on your specific product or service offerings, customer mix and geographic footprint to notify you of suspicious transactions. Also considered by examiners are data integrity, the reasonableness of monitoring thresholds and rules (do you have rules monitoring credit card activity when you don’t offer credit cards?); change control procedures for items that need updating (like high-risk country lists or other lists that may routinely change); and data mapping or verifying, for example, that all cash feeds, whether they are from the teller stations, the drive-through or the ATMs, are being appropriately channeled for cash aggregation purposes. Practices you might consider to ensure you are appropriately monitoring for suspicious activity include:
Finally, the manual guides examiners to determine whether the “programming of the methodology” used for suspicious activity monitoring has been independently validated. This means that examiners will be looking at your independent review results to help gauge the integrity and accuracy of management information systems used to effectuate BSA compliance, such as any automated or manual systems used for suspicious activity monitoring and summary or analytical reports used to keep management informed of AML issues. The failure to include an assessment of the MIS used in BSA/AML compliance is a common examination finding. The examiner will perform transaction testing to verify the effectiveness of whatever methodology you use.
Although priorities brought about by the markets have changed examiners’ focus on the BSA, suspicious activity remains an important part of each full-scope examination. It is an internal control that is critical to an effective BSA/AML compliance program, and, while the considerations offered above are not requirements, they are practices that may help protect your institution from criminal activity and unwanted enforcement actions.
Elaine Yancey is a supervisory examiner with the Federal Reserve Bank of Richmond. She can be reached at firstname.lastname@example.org.
The analyses and conclusions set forth in this publication are those of the authors and do not necessarily indicate concurrence by the Board of Governors, the Federal Reserve Banks, or the members of their staffs. Although we strive to make the information in this publication as accurate as possible, it is made available for educational and informational purposes only. Accordingly, for purposes of determining compliance with any legal requirement, the statements and views expressed in this publication do not constitute an interpretation of any laws, rule or regulation by the Board or by the officials or employees of the Federal Reserve System.
Supervision, Regulation & Credit