Four Questions to Assess Your BSA/AML Quality Control.

Many BSA/AML programs start out with the best intentions, only to have these intentions go wrong over time.

That’s where quality control (QC) comes in. Strong QC ensures that a BSA/AML program is operating as designed, saving community banks and credit unions from embarrassing—and costly—penalties from the regulators.

While companies understand that QC matters, some may not realize that the importance of quality control is increasing with time. There are a number of reasons for this, including the increased regulatory scrutiny for failing to run reasonable and achievable BSA/AML programs.

A Fine Is Worth a Thousand Words….

In Abrigo’s article “AML Quality Control: Strong QC Can Prevent BSA Violations,” the author notes that the $8 million in AML fines that FinCEN and the OCC assessed against CommunityBank of Texas (CBOT) in December 2021 can serve as a cautionary tale.

“CommunityBank of Texas willfully disregarded its lawful obligations to implement and maintain an effective AML program and to identify and report suspicious transactions to FinCEN,” said FinCEN’s Acting Director Himamauli Das in a press release the agency put out[1].

CBOT did not run into trouble for lack of an AML program; it had an AML program and even used AML monitoring software. Where the bank got into trouble was by failing to adhere to its own program procedures. The program was understaffed and relied on AML software without proper human backup.

“With CBOT’s AML program understaffed, corners were cut,” said a December 17, 2021, article in Compliance Week. “At one point, the bank’s BSA officer applied exemptions for certain ‘well-known’ customers in the automated system as a way to reduce the number of case alerts, but these exemptions would, in some cases, be applied to individuals later arrested for or convicted of financial crimes[2].”

A Brief QC Checklist

The following four questions can help you determine if your QC is as strong as it should be.

• Are your AML policies and procedures documented and have they been tested?

Documentation is critical because it means that what’s being communicated to staff is consistent and can be referenced, when necessary. Testing is critical to ensure that the documented procedures are being adhered to.

• Do you have adequate staff to monitor the case alerts generated on a daily basis?

Before the FinCEN/OCC penalty was levied, CBOT had a BSA staff of six to eight. Three of these individuals were BSA analysts, assigned to regularly review case alerts. The problem as identified by FinCEN? Each analyst was responsible for reviewing an average of 100 case alerts a day—far too many to be handled with the necessary care[3].

• Is your compliance staff taking shortcuts when it comes to reviewing case alerts?

Because of understaffing in the compliance department, CBOT analysts did not review supporting documents, such as cash deposit slips, wire transcripts, and check images. In addition, CBOT’s BSA officer applied exemptions to numerous customers, many of whom were later convicted of financial crimes. The regulators noted that in 2019 alone, CBOT exempted 1,000 case alerts without review (or documentation)[4].

• Is your BSA/AML reporting timely?

Part of sound quality control is knowing how long it takes staff to file Currency Transaction Reports (CTRs) and Suspicious Activity Reports (SARs), says Abrigo. Financial institutions have only 15 calendar days after a reported transaction to file a CTR. What’s more, an initial SAR must be filed within 30 days of an institution determining that one is warranted.

In the end, determining whether your BSA/AML quality control is sufficiently rigorous can be a tough call as it depends on the risk profile of each individual community bank or credit union. RiskScout is here to help your financial institution strengthen its QC processes. Reach out to us today to find out more.