The Expanded Expectations of Corporate Governance in BSA… · The Expanded Expectations of...

The Expanded Expectations of Corporate Governance in BSA/AML

and the Impact on the Audit Function

Kathe M. Dunne, CAMS, AAP

KMD Consulting Solutions

March 2014


2 03/2014

Table of Contents

I. Executive Summary ....................................................................................................3

II. Background .................................................................................................................5

III. History of Governance of BSA/AML by the FFIEC ....................................................7

IV. Regulatory Actions against Financial Institutions ....................................................8

A. Banesco USA - FDIC-13-166b ......................................................................................8

B. Citibank, N.A. – OCC AA-EC-12-18 ..............................................................................8

C. Recap of Order Elements ..............................................................................................8

V. Department of Treasury and Congressional Actions .............................................11

A. Regulatory Agencies ...................................................................................................11

B. United States Congress ..............................................................................................13

VI. A Proposed Methodology for Auditing BSA Governance ......................................14

A. How to Review Governance in a BSA/AML Program...................................................15

1. Potential Elements for Review .............................................................................15

2. Optional Scoring of the Elements .........................................................................15

B. 10 Elements of BSA/AML Governance - Review Table ...............................................17

VII. Conclusion ................................................................................................................20

Bibliography ............................................................................................................................21


3 03/2014

I. Executive Summary

Most financial industry observers and participants agree that regulatory review of the Bank

Secrecy/ anti-money laundering (BSA/AML) compliance function in depository financial

institutions increased significantly immediately following the passage of the USA PATRIOT

Act in 2001. It took several years for specific regulatory guidance to catch up to the law in

the form of the Federal Financial Institutions Examination Council (FFIEC) BSA/AML

Examination Manual. Until recently, depository financial institutions have done reasonably

well auditing the (BSA/AML) program using this manual as a primary reference.

Significant and blatant BSA/AML violations have been discovered over the past three years

(e.g., the masking of certain transactions and the rerouting of payments to prevent

detection) that resulted in an uproar in the public sector calling for action on the part of the

government. The public wants to know “Who is to blame?” and “Who will pay?” for these

infractions. These significant violations have resulted in large fines for the involved

institutions, but with limited accountability assigned to the management of the institutions.

Congress is now hearing testimony from other government agencies including the Financial

Crimes Enforcement Network (FinCEN) and the Office of the Comptroller of the Currency

(OCC) regarding the enforcement of and violations to the BSA. Several things have been

made clear through this process:

In the past, financial institutions that were assessed a civil money penalties by

FinCEN were permitted to consent to the assessment “without admitting or

denying” the alleged facts; this is no longer permitted.1

Jennifer Shasky Calvery, named as the new director of FinCEN in September 2012,

has proceeded very aggressively to address responsibility and accountability issues

within the financial institution environment as it relates to BSA/AML.

In Senate testimony, FinCEN indicated that it would more often obtain injunctions

against individuals who violate the BSA and fine banks and their partners, directors,

officers and employees.2

Business decisions for budgeting or line of business concerns should no longer be

viewed by the board of directors as viable options when it concerns BSA/AML

compliance matters.3

1 Remarks of Jennifer Shasky Calvery, Director FinCEN, ABA/ABA Money Laundering Enforcement Conference (11/19/2013)

2 Statement made by David Cohen, the head of the Treasury Department’s Terrorism and Financial Intelligence office, in written

testimony to the Senate Banking Committee . 3 Testimony of Testimony of the Office of the Comptroller of the Currency before Committee on Banking, Housing, & Urban Affairs

of the U.S. Senate (3/7/2013)


4 03/2014

Actions within the regulatory agencies, FinCEN, and the Congress have made it very clear

that the board of directors and the senior management of financial institutions need to take

control and responsibility of the BSA/AML functions within their institutions or specific

BSA/AML actions will be dictated to them.

The governance of the BSA/AML function in a financial institution identifies the level of

control and responsibility the board of directors and senior management has defined and

assigned throughout the institution as it relates to the BSA. Like other BSA/AML program

elements, the effectiveness of governance should be audited, but with what criteria? And

how should auditors measure those criteria?

This paper proposes governance criteria and methodology for the measurement of the

criteria. This research is intended to help financial institutions to adequately prepare and

protect not only their institutions, but their board of directors, senior anagement, and

employees from civil and possible criminal action.


5 03/2014

II. Background

In the past several years, failures of the BSA/AML programs of several large domestic and

international financial institutions have changed the regulatory landscape for all U.S.

depository and non-depository financial institutions regardless of size. Arguably, most or all

of these reflect a failure of the board or senior management to establish a tone of

compliance that permeates the institution.

The identification of significant gaps in monitoring programs, identification of the processing

of non-allowable transactions and failures to identify and halt money laundering through

these institutions has resulted in an uproar in the public sector. Coming on the heels of the

“too big to fail” banking crisis of 2008–2009 where many large institutions were funded with

taxpayers money, it is disturbing to the populace that these same institutions may be

funding terrorist organizations through money laundering schemes using their institutions.

The U.S. Congress began to review these situations in detail in 2012 through various

testimony regarding the actions of specific financial institutions as well as testimony by the

OCC. The OCC provided significant testimony before the Committee of Homeland Security

and Governmental Affairs in 2012 regarding the “role the OCC—and the other financial

institution regulators—play in examining financial institutions for compliance in this [BSA]

area.”

Regulatory exams, once a fairly private concern between an institution and its regulators,

became part of national news; regulators were being criticized publically by the Congress,

news media, and the citizens of the U.S. The question that appeared to be at the forefront

was “Who is to blame?”

These factors came together and resulted in reports of the regulatory agencies stepping up

the depth of their BSA/AML audits/reviews in many areas but significantly in the area of the

governance of the BSA/AML function within financial institutions.

In 2013, when the Department of Justice (DOJ) deemed the management of the largest

institutions “Too Big to Jail” for BSA/AML infractions, it brought the issue to the forefront

once again resulting in a proposed bill in Congress regarding criminal penalties for financial

institution executives.

It has become increasingly important for financial institutions to clearly understand the

heightened expectations surrounding the governance of the BSA/AML function.


6 03/2014

The objective of this white paper is to:

Review the history of the governance of the BSA/AML function in depository financial

institutions based upon regulatory guidance;

Extrapolate and present data from consent orders (OCC, FDIC, Federal Reserve

Bank) regarding the expectations concerning governance;

Review Congressional testimony and actions that can impact future institutional

plans; and

Propose one methodology for auditing the effectiveness of the governance of the

BSA/AML function within a depository financial institution.


7 03/2014

III. History of Governance of BSA/AML by the FFIEC

The BSA/AML Examination Manual published by the Federal Financial Institutions

Examination Council (FFIEC) provides some guidance on expectations of BSA/AML

governance in financial institutions. This has evolved over various versions of the manual:

The most recent version of the FFIEC manual provides a defining statement regarding

governance:

“The board of directors is responsible for

approving the BSA/AML compliance

program and for overseeing the structure

and management of the bank’s BSA/AML

compliance function. The board is

responsible for setting an appropriate

culture of BSA/AML compliance,

establishing clear policies regarding the

management of key BSA/AML risks, and

ensuring that these policies are adhered to

in practice.”4

The newest statements regarding

governance represents a significant

expansion over previous versions and

addresses some key areas not mentioned

previously as noted below. Since 2012, this

expansion has been actively used in

regulatory audits for BSA/AML compliance.

The board should ensure that:

1. Senior management is fully qualified and properly motivated to manage the

BSA/AML compliance risks;

2. Compliance personnel are sufficiently independent and have authority and status to

conduct their jobs;

3. There are appropriate resources to conduct compliance activities; and

4. Senior Management establishes incentives, compensation and goals tied to

BSA/AML compliance objectives.

4 Federal Financial Institutions Examination Council (FFIEC) BSA/AML Examination Manual (2010) p.163

“Senior management is responsible for

communicating and reinforcing the

BSA/AML compliance culture

established by the board, and

implementing and enforcing the board-

approved BSA/AML compliance

program.”

FFIEC BSA/AML Examination Manual

“The board also should ensure

that senior management has

established appropriate incentives

to integrate BSA/AML compliance

objectives into management goals

and compensation structure

across the organization…”

FFIEC BSA/AML Examination Manual


8 03/2014

IV. Regulatory Actions against Financial Institutions

How have these regulatory expectations as evidenced in the FFIEC Examination Manual

translated to regulatory actions?

Many of the major actions in 2012 and 2013 against financial institutions have discussed

governance of the BSA/AML function as a factor in the action. In some cases, the regulatory

authority has been very detailed regarding the requirements it is imposing on the board of

directors and senior management within the institution. In all of these cases, however, they

are calling out the boards of directors and senior management for failing to prevent the BSA

problems their institutions are experiencing and requiring specific corrective actions.

So, let us take a look at two specific enforcement actions: one, FDIC regulated and two,

OCC regulated.

A. Banesco USA - FDIC-13-166b

Banesco USA, an $850 million U.S.-based subsidiary of an international bank was issued a

consent order by the FDIC in November of 2013 based solely on their BSA violations. The

order made clear that the FDIC regulators were not satisfied with the involvement of the

board of directors or senior management in the BSA program and had very specific

requirements for each aspect of the program, including many elements of governance.

The order contained some very specific language regarding the actions regulators were

requiring of the institution in order to comply.

The FDIC goes as far as to require the board to meet on an approved schedule with specific

items to review as well as to require the bank to assess their staff abilities, experience and

qualifications to perform BSA duties.

B. Citibank, N.A. – OCC AA-EC-12-18

The Citibank, N.A. consent order issued on April 5, 2012 has been much more publicized

and may be familiar to the reader. This cease and desist order, issued by the OCC,

addresses BSA/AML specifically and covers about 50 BSA compliance issues.

For the purposes of this document, we will address many of the items related to governance

that the OCC included in a section they titled “Management and Accountability,”5 the first

time this section has been seen in an order by the author.

C. Recap of Order Elements

5 Citibank, N.A., OCC Consent Order AA-EC-12-18 (4/5/2012) p.7


9 03/2014

Orders Regarding Board Participation:

1. Board will increase its participation in the affairs of the bank, assuming full

responsibility for the approval of sound policies and objectives and for the

supervision of all of the bank's activities including BSA risk rating, BSA staffing, BSA

training, BSA compliance (Banesco USA).6

2. The bank will develop procedures for informing management and the board of any

suspicious or high risk activities conducted internally by the bank and by bank

customers(Banesco USA).7

3. The board will incorporate BSA and Office of Foreign Assets Control (OFAC)

compliance into the performance evaluation process for both senior management

and line of business management. These processes will likely move downstream to

employee positions below senior managers and line of business managers (Citibank,

N.A.).

Orders Regarding Staffing:

4. Board will designate a qualified officer responsible for managing, coordinating, and

monitoring the bank's BSA Compliance Plan (BSA Officer) (Banesco USA).8

5. Board will analyze and assess the bank's staffing needs to determine the appropriate

number of qualified staff for the bank's BSA Department (Banesco USA).9

Orders Regarding Staff Competency, Authority, and Accountability:

6. Clear lines of authority and responsibility have been established for BSA/AML

compliance (Citibank, N.A.).

7. Compliance management is competent, independent and dedicated on a full-time

basis (Citibank, N.A.).

8. An appropriate level of authority has been provided to the compliance staff to

implement the BSA/AML compliance program (Citibank, N.A.).

9. Compliance staff will been given the authority to question account relationships and

business plans (Citibank, N.A.).

10. Compliance staff will operate independently from the business lines, and not be

subject to any form of evaluation or performance input from the business lines

(Citibank, N.A.).

6 Banesco USA, FDIC Consent Order FDIC-13-166b OFR 1007 -FI-13 (11/22/2013) p.2


8 Banesco USA, FDIC Consent Order FDIC-13-166b OFR 1007 -FI-13 (11/22/2013) p.11-12



10 03/2014

11. Bank will hold senior management and line of business management accountable for

effectively implementing bank policies and procedures, and fulfilling BSA/AML and

OFAC obligations (Citibank, N.A.).

12. The Bank will develop appropriate objectives and means to measure the

effectiveness of compliance management officers and compliance management

personnel within each line of business and for those with responsibilities across lines

of business (Citibank, N.A.).

Orders Regarding Policy and Procedure

13. Written bank policies and procedures will be developed or modified to clearly outline

the BSA/AML and OFAC responsibilities of senior management, and relevant

business line employees, including, but not limited to, relationship managers, foreign

correspondent banking personnel, private banking staff, and business development

staff (Citibank, N.A.) (Banesco USA).10

These consent orders set the regulatory expectations higher than seen previously in

consent orders. It appears from the way these items are addressed that there are issues to

be addressed regarding the actions, responsibilities, and accountability of the board of

directors, senior management and business line management. There has been concern

voiced within the industry regarding some of these items particularly as they pertain to

measurement and evaluation criteria that may impact compensation.

10

Banesco USA, FDIC Consent Order FDIC-13-166b OFR 1007 -FI-13 (11/22/2013) p.4


11 03/2014

V. Department of Treasury and Congressional Actions

Many of the major BSA/AML enforcement actions in 2012 and in the first half of 2013 have

cited the lack of effective corporate governance as an issue. As discussed in the previous

section, this element was called out more specifically in orders starting in 2012 than in

orders in previous years. In consent orders reviewed by this author, very few orders prior to

2012 mentioned governance other than to recap the generic responsibilities of the board of

directors.

Additionally, while the DOJ deemed the management of the largest institutions “Too Big to

Jail,” the Department of Treasury and the Congress have been addressing this issue of the

responsibility and accountability in governance differently.

Specific references to each of the major enforcement areas are addressed below.

A. Regulatory Agencies

The regulatory agencies have been the recipients of much of the public criticism regarding

BSA/AML compliance. In particular, it appears that the OCC has come under the greatest

media scrutiny likely due to their authority over the largest BSA depository financial

institution offenders in recent history.

The scrutiny has extended to Congress, probably for the same reason. Within the past 18

months, the OCC was called to publically testify before two committees of the U.S. Senate

on matters related to BSA. Although a broad range of topics were covered in the testimony

of Comptroller Curry to the Senate Banking Committee on March 7, 2013, the compliance

issues related to the governance of BSA in financial institutions are of the greatest interest.

Comptroller Curry gave the following items as requirements that appeared in OCC

enforcement actions and that he envisioned would appear in the future guidance.11

1. A designated BSA officer with sufficient knowledge, funding, authority,

independence, compensation, and supporting staff to perform his or her assigned

responsibilities and maintain effective compliance with the BSA and its implementing

regulations.

2. An effective governance structure to allow the BSA officer and the compliance

function to administer the program independently by reporting directly to the board of

directors, or a committee thereof, with clear lines of responsibility beginning with

senior management and including each line of business that is required to comply

with the BSA.

11 Thomas J. Curry, “Testimony of the Office of the Comptroller of the Currency before Committee on Banking, Housing, & Urban

Affairs of the U.S. Senate (3/7/2013) p 11


12 03/2014

3. Clearly defined channels for informing the board of directors, or a committee thereof,

and senior management, of compliance initiatives, compliance risks, new product

development, identified compliance deficiencies, and corrective actions undertaken.

4. Compliance staff with the appropriate level of authority and independence to

implement the BSA/AML compliance program and, as needed, question account

relationships, new products and services

and business plans.

5. Policies and procedures that clearly outline

the BSA/AML responsibilities of senior

management and relevant business line

employees, and that hold senior

management and line of business

management accountable for effectively

implementing bank policies and

procedures, and fulfilling BSA/AML

obligations.

6. A well-defined succession plan for

ensuring the program’s continuity despite

changes in management, staffing, or

structure, and policies and procedures to

ensure that problems with excessive

turnover of compliance staff or the BSA

officer function are identified and

appropriately addressed by the board.

7. Policies and procedures to ensure that the

bank’s risk profile is periodically updated to

reflect higher risk banking operations (products, services, customers, entities, and

geographic locations) and new products and services.

8. An enterprise-wide management information system that provides reports and

feedback that enables management to more effectively identify, monitor, and

manage the organization’s BSA risk on a timely basis.

9. A strong BSA/AML audit function that ensures that identified deficiencies are

promptly addressed and corrected.

Although the above items are not part of official regulatory guidance, they are, in part,

already incorporated into the FFIEC BSA/AML Examination Manual.

In an update on OCC actions, Comptroller Curry recently commented on regulatory

guidance of BSA/AML governance and indicated that “the agency would push for the

OCC Testimony

“Some recent cases have

involved the lack of strong

corporate governance

principles necessary to create a

“culture of compliance” within

the organization. These cases

reflected an imbalance in both

the independence of the

compliance function and

organizational incentives that

emphasized revenues and

growth over balanced risk

management.”

Thomas J. Curry

Comptroller of the Currency

March 7, 2013


13 03/2014

changes during bank examinations rather than through regulations or guidance”12 Lacking

official guidance, the regulatory agencies will review these issues using their own

interpretation during examinations.

B. United States Congress

The Holding Individuals Accountable and Deterring Money Laundering Act introduced on

October 12, 2013 in the U.S. House of Representatives, amends provisions of the BSA of

1970 relating to money laundering violations. There are many provisions to this act, but the

following impact the subject of this research.13

Significantly increases civil monetary penalties for both institutions and individuals for

willful and negligent violations of the BSA.

Strengthens the range of civil powers available to regulators to sanction individuals,

including fines for which the individual would be held personally liable and greater

authority to remove and ban bad actors from the industry.

Requires new corporate governance standards to create direct lines of access to

the board for the heads of compliance and establishes direct lines of legal

responsibility for board members and top executives for BSA violations, including

any officers or employees who are in a position responsible for materially affecting

compliance.

12

Remarks of Thomas J. Curry, Comptroller of the Currency, ACAMS 19th Annual International AML and Financial Crime

Conference (3/17/2014) 13

See Proposed Legislation - H.R.3317 Holding Individuals Accountable and Deterring Money Laundering Act (10/24/2013)


14 03/2014

VI. A Proposed Methodology for Auditing BSA Governance

Governance of the BSA/AML program within financial institutions has come to the

forefront and is positioned to remain there for the foreseeable future. As evidenced in

much of the testimony provided by

Comptroller Curry to the U.S. Senate

on March 7, 2013, several of the

problems with BSA compliance can be

attributed to “root causes” that are

considered matters of governance.

Curry also indicated that this is not just

a problem that is confined to large

financial institutions, but that “higher

risk products and customers have

migrated to community banks.”14 It

appears that these issues will be

looked at for each institution

regardless of size and regulatory

authority.

Curry also reported to the Senate

Banking Committee that “banks have

inappropriately reduced staffing and

resources in the BSA area due to

austerity programs initiated during the

financial crisis. In other cases, banks’ compliance department staff and expertise have

failed to keep pace with the growth of the institution.”15

The items of governance previously discussed in this paper should first be addressed in

an institution’s BSA risk assessment and then incorporated appropriately into official

board-approved policy, followed by inclusion into BSA/AML procedures and reporting.

All of the elements of governance discussed throughout have been extrapolated and

incorporated into this proposed methodology for auditing BSA governance.

14

Thomas J. Curry, “Testimony of the Office of the Comptroller of the Currency before Committee on Banking, Housing, & Urban

Affairs of the U.S. Senate (3/7/2013) p.4 15

Thomas J. Curry, “Testimony of the Office of the Comptroller of the Currency before Committee on Banking, Housing, & Urban

Affairs of the U.S. Senate (3/7/2013) p.3

“Many of the practical problems we

have seen in recent years with respect

to BSA compliance can be attributed to

four root causes:

i. culture of compliance within the

organization,

ii. commitment of sufficient and

expert resources,

iii. strength of information

technology and monitoring

processes,

iv. sound risk management.”

Thomas J. Curry Comptroller of the Currency

March 7, 2013


15 03/2014

A. How to Review Governance in a BSA/AML Program

Governance should be viewed within financial institutions as a reviewable aspect of the

BSA/AML program. As such, it should be incorporated by audit staff (internal or external)

as part of an independent review.

How can this be accomplished? There are many audit models or formats for

independent reviews of BSA/AML programs, but most only cover minimal aspects of

governance. The elements are typically restricted to a review of board or committee

reporting, competency of the BSA staff, and a review of sufficient resources.

1. Potential Elements for Review Elements of governance have not typically been measured quantitatively. The following

table provides 10 sets of qualitative criteria that can be used to evaluate an institution’s

overall success in governance within their BSA/AML program. Each element has been

broken down in to three levels of compliance. The level of compliance by the institution

within these elements will allow the auditor to evaluate the overall compliance with

governance within the BSA/AML audit.

This methodology uses a similar method to that used by the FFIEC when assessing

levels of risk within an institution.16 Appendix J gives us potential “measurement” criteria.

Using the same methodology, instead of rating the element low/medium/high risk (as we

do for institution risk), we will be rating the governance elements as weak, satisfactory,

or strong.

A review of elements within the table will provide the auditor with a qualitative view of the

strength of the governance within the institution’s BSA/AML governance.

2. Optional Scoring of the Elements Some institutions and their auditors prefer to incorporate a quantitative scoring system

to any type of measurement. This is not an infrequent practice when using schedule J

within an institutional risk assessment. For those auditors that wish to incorporate a

scoring element, one recommendation is to assign point values based upon how the

institution is rated on each individual element.

Point Scoring

For example, using a scoring scheme using points, one can total the assigned points in

each category to determine how the institution is performing overall regarding

governance. The most basic utilized example:

Weak = 1 point

Satisfactory = 2 points

Strong = 3 points

16

See Appendix J in the FFIEC Examination Manual 2010


16 03/2014

Using the above element scoring, totals for a “final” score in a 10-element audit could be

broken out as follows:

Total Points:

0-16 Points – Weak Program

17-26 Points – Satisfactory Program

27+ Points – Strong Program

Weighing

Another factor that is frequently used in quantitative scoring is the weighing of the

various elements that will properly reflect the risk associated within the institution.

For example, institutions in a big product development push may consider involvement

of the BSA staff in new product development (Element #1) of prime concern and

importance and be deserving of a higher consideration when assigning an overall risk

“score” for governance. This element may we weighed 1.5 times or 2.0 times the weight

of other elements to make up the final score.

Remember to keep in mind that weighed elements should reflect the institution’s risk and

well as their overall governance strategy.


17 03/2014

B. 10 Elements of BSA/AML Governance - Review Table

Element Weak Satisfactory Strong

1

Involvement of BSA/AML staff in

new product development/

introduction

Little to no involvement; typically

brought into the discussion for

risk assessment when ready to

release product.

BSA department brought into the

implementation process for new

products. Involvement

documented in policy and

procedure.

BSA department approved

required in product decisions at

the start of the process.

Involvement documented in

policy and procedure.

2 Inclusion of governance in

institutional risk assessment

Standard elements - BSA officer

assignment and staff training

covered in risk assessment.

Standard elements plus reporting

structure, committees, staff

experience, education levels,

and responsibilities included in

risk assessment.

The entire previous plus

measurement of accountability

for senior management,

corporate goals for line units,

incorporation into

performance/compensation

structures.

3 Adequacy of BSA department

staff to perform duties required

Insufficient staff to perform

required functions.

Adequate staff to perform

required functions.

Staff available to perform optimal

compliance program along with

an available resources for

backup when needed.

4 Competency of BSA department

management staff

BSA management or key

personnel have not received

sufficient training in BSA/AML;

institution has not invested in

outside training or professional

certification for staff members.

BSA management and key

personnel have background in

BSA/AML; attend regular training

(outside the institution);

institution supports staff

members in obtaining or

maintaining professional

certifications.

Institution requires higher level

education for BSA department

managers / BSA officer.

Institution supports or requires

professional certifications.


18 03/2014


5

BSA management empowered

with an appropriate level of

independence and authority to

implement the compliance

program

Limited leadership role assumed

outside the BSA department;

pressure from other banking

departments in evidence.

Flexibility permitted to the BSA

department management to

implement policies, procedures

and the program as approved.

Decision making authorities

given to BSA management to

question business relationships,

close accounts, provide input to

business plans.

6

Effective reporting structure for

the BSA officer and compliance

function by reporting directly to

the board of directors or an

assigned committee

Reports to a line unit, audit

department, or an operational

area.

Reports to the board of directors

through a committee authorized

by the board of directors.

Committee provides reports to

the board, not the BSA officer.

May report to the board of

directors through a committee

authorized by the board of

directors or directly to the board.

Presents reports, policies and

procedures, directly to the board

for discussion or approval.

7

Defined succession plan for key

BSA/AML personnel ensuring

the BSA program’s continuity if

changes in management,

staffing or structure occur

Only standard succession plan

in place for institution. No

specific plan for BSA/AML (if you

do not have a succession plan in

place for your institution, score

0)

Defined backup plan for the BSA

department should staffing

problems occur as part of the

BSA policy and procedure.

Defined BSA succession plan for

the institution’s risk management

area should there be changes in

senior BSA management or

other key personnel.

8

Sufficient education of the BSA

department staff in basic,

advanced, and timely BSA topics

Little education provided to

department staff other than that

scheduled for BSA minimum

requirements.

Education provided in person or

via webinar (in addition to basic

yearly training) on advanced

topics or new/ timely BSA/AML

material.

BSA department staff provided

with some onsite training with

opportunities to attend industry

conference training for seasoned

staff.


19 03/2014


9

Policies and procedures that

clearly outline BSA/AML

responsibilities of senior

management and business line

employees that hold these

employees accountable for

fulfilling BSA/AML obligations

Policy regarding senior

management and business line

employee BSA responsibilities

does not exist or is highly

generic.

Policy is specific in that it

contains responsibilities

regarding each senior

management area and line unit.


contains responsibilities

regarding each senior

management area and line unit.

Line unit and senior

management goals and

compensation tied to meeting

BSA obligations.

10

Policies and procedures to

ensure that the BSA risk

assessment is updated on an

appropriate basis

Policy regarding the BSA risk

assessment Update does not

exist or is too generic (e.g., “as

needed”).


contains minimums (e.g., at least

yearly).

Policy is specific as noted

previously and tracked by the

secretary of the corporation for

automatic review by the board of

directors.


20 03/2014

VII. Conclusion

BSA/AML compliance expectations have increased each year since the passage of the

USA PATRIOT Act and they are expected to continue to increase for the foreseeable

future. Additionally, the increased expectations of the larger depository financial

institutions are filtering down to both smaller depository financial institutions and non-

depository financial institutions at a rapid pace.

BSA/AML compliance can no longer be subject to business decisions by the board of

directors or budgeting decisions by operations or business line units.17 BSA/AML

compliance must be addressed by the board of directors and senior management as an

integral part of their overall responsibility and they must accept accountability for their

actions or lack of action.

The “tone at the top” (to quote Jennifer Shasky Calvery) can define how effectively an

organization will respond to regulatory requirements. The lack of a strong and supporting

“tone at the top” can provide significant challenges to organizations that are trying to

provide proper governance to all levels within the institution.

An audit of the BSA/AML governance function can help organizations in the identification

of gaps in their program and potential steps for remediation.

The 10 elements of BSA/AML governance are being proposed as a starting point to help

bring institutions in line with current OCC, FDIC and FinCEN expectations on individual

and corporate responsibility and accountability.

17

Bruemmer, Russel and Alper, Elijah, “AML: A Corporate Governance Issue”, The Banking Law Journal (November/December

2013)p. 878

21 03/2014

Bibliography

Public Law 107-56 – PATRIOT ACT (Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001)

Proposed Legislation - H.R.3317 Holding Individuals Accountable and Deterring Money

Laundering Act (10/24/2013)

Kauffman, Ted, “Why DOJ Deemed Bank Execs Too Big To Jail”, Forbes (7/29/2013)

Bruemmer, Russel and Alper, Elijah, “AML: A Corporate Governance Issue”, The Banking Law

Journal (November/December 2013)

Adams, Colby, “OCC Chief Tells Bankers to Name Executives Responsible for AML

Compliance”, www.moneylaundering.com (3/17/2014)

Monroe, Brian and Adams, Colby, “Financial Institutions Paid Sharply More for AML Infractions

in 2012, Data Shows”, www.moneylaundering.com (6/4/2013)

Monroe, Brian, “In Enforcement Ramp-Up, FinCEN Will Issue Standalone Fines Against Banks”,

www.moneylaundering.com (3/14/2013)

Monroe, Brian, “As OTS Winds Down, It Seeks More AML Monetary Penalties Against

Individuals”, www.moneylaundering.com (3/29/2011)

Monroe, Brian, “OCC Fines Against 5 Miami Bankers Spark Concerns at Financial Institutions”,

www.moneylaundering.com (5/23/2011)

McMaster, Andrew G. Jr., Vice Chairman of Deloitte LLP, “Successful Onboarding for New Audit

Committee Members”, Wall Street Journal (1/24/2014)

OCC, “Testimony of the Office of the Comptroller of the Currency before the Permanent

Subcommittee on Investigations of the Committee on Homeland Security and Governmental

Affairs of the U.S. Senate”, (7/17/2012)

Thomas J. Curry, “Testimony of the Office of the Comptroller of the Currency before Committee

on Banking, Housing, & Urban Affairs of the U.S. Senate (3/7/2013)

Remarks of Thomas J. Curry, Comptroller of the Currency, ACAMS 19th Annual International

AML and Financial Crime Conference (3/17/2014)

Remarks of Jennifer Shasky Calvery, Director FinCEN, ABA/ABA Money Laundering

Enforcement Conference (11/19/2013)

Remarks of Jennifer Shasky Calvery, Director FinCEN, Securities Industry and Financial

Markets Association (1/30/2014)

KPMG, Global Anti-Money Laundering Survey, www.kpmg.com (2014)

Federal Financial Institutions Examination Council (FFIEC) BSA/AML Examination Manual

(2006)

Federal Financial Institutions Examination Council (FFIEC) BSA/AML Examination Manual

(2010)

http://www.moneylaundering.com/





http://www.kpmg.com/

22 03/2014

FRB Supervisory Letter, Compliance Risk Management Programs and Oversight at Large

Banking Organizations with Complex Compliance Profiles, SR 08-8 (10/16/2008)

TCF National Bank, OCC Consent Order AA-CE-10-71 (7/20/2010)

Citibank, N.A., OCC Consent Order AA-EC-12-18 (4/5/2012)

In re Citigroup Inc. (Banamex, USA) Docket No 13-004-B-HC (3/21/2013)

In re Commerzbank AG Docket Nos. 13-027-B-FB and 13-027-B-FBR (6/8/2012)

Zions First National Bank, FinCEN Assessment of Civil Money Penalty Number 2011-01

Pacific National Bank, FinCEN Assessment of Civil Money Penalty Number 2011-05

Wachovia Bank, FinCEN Assessment of Civil Money Penalty Number 2010-1

Ocean Bank, FinCEN Assessment of Civil Money Penalty Number 2011-7

One Bank & Trust, N.A., OCC Consent Order AA-EC-13-82 (10/9/2013)

Banesco USA, FDIC Consent Order FDIC-13-166b OFR 1007 -FI-13 (11/22/2013)

The Expanded Expectations of Corporate Governance in BSA… · The Expanded Expectations of...

Documents

Transcript of The Expanded Expectations of Corporate Governance in BSA… · The Expanded Expectations of...