Updated: Aug 12
“An investment in knowledge pays the best interest,” according to Benjamin Franklin, and this message is not lost on financial institutions. As the complexity of BSA/AML compliance has grown, so has the importance of training.
For any financial institution, failing to provide appropriate training, tailored for specific personnel, is a giant no-no. It’s also one of the Bank Secrecy Act (BSA)/Anti-Money Laundering (AML) deficiencies for which banks have sometimes found themselves remediating issues.
One of many signs of the importance of training is it’s standing as the third of five pillars for a robust BSA/AML compliance program. The first two pillars (establishing controls and designating a compliance officer) were discussed in prior blog posts, here and here, and the remaining two will be explored in upcoming weeks. Stay tuned.
A well-run and sophisticated BSA/AML program ensures that training is never a one-off. Instead, the training provided is updated periodically or when events warrant additional education.
Here are three pivotal moments when financial institutions should make sure that they are revisiting the training they provide:
At Onboarding. “An overview of the purposes of the BSA and its regulatory requirements are typically provided to new staff during employee orientation or reasonably thereafter,” according to the FFIEC. Employees should understand how to prevent BSA/AML violations, and doing so at hiring shows the commitment which your institution has to ensuring new hires are doing the right thing.
Recurring dates. It is important to not only reiterate prior information on BSA/AML compliance but to provide updates on regulatory change. Additionally, as roles and responsibilities change within your institution it’s integral to ensure training is tailored to the specific employees entering the “classroom.” Employees generally receive training annually—if not more frequently. Depending on an employee’s responsibilities, a timeline for additional training should be set, documented, and adhered to.
Sudden changes to BSA/AML requirements. The FFIEC notes that training should occur whenever “major changes are made to AML compliance guidelines.” An example of one such change would be the May 2018 addition of the fifth pillar of BSA/AML compliance, which is due diligence and which went into effect after FinCEN amended Bank Secrecy Act regulations.
Some Additional Considerations
Aside from the “when” of training, financial institutions must think long and hard about the “who” question, as well. While of course the BSA/AML compliance team must be trained, all employees need familiarity with what’s involved in BSA and AML requirements to try to stop illegal activities from taking place.
The best training is carefully tailored for a specific audience. For tellers, for instance, compliance training might center around which transactions are suspicious, such as ones involving large sums of currency changing hands. Loan officers, on the other hand, should be educated about how certain lending arrangements might conceal efforts at money laundering.
We’ve discussed rank-and-file employees, but don’t forget about director education. “Without a general understanding of the BSA,” says FFIEC, “it is more difficult for the board of directors to provide adequate oversight of the BSA/AML compliance program, including approving the written BSA/AML compliance program, establishing appropriate independence for the compliance function, and providing sufficient BSA/AML resources.”
A very practical reason why board members should receive ongoing BSA/AML training - they’re the ones allocating resources. It’s important for the entire boardroom to understand the goals and strategies of compliance so they make sure these efforts are adequately funded.
Training can take many forms from internal instruction, often led by an institution’s compliance officer, to certificate courses run by third parties, such as the American Bankers Association (ABA).
In-person or live video training is often considered the gold standard because everyone involved can ask questions and get needed clarification. That said, more passive types of training can be effective.
It’s increasingly important that employees be trained to understand the AML compliance tools a financial institution relies upon. Here, a bank or credit union will want its employees to gain proficiency in various types of software from transaction monitoring systems to customer identity management systems.
For anyone who misses critical training, a financial institution should schedule make-up sessions, or ways to ensure individuals have videos and/or written materials covering whatever was missed.
Finally, documenting your employee training efforts is critical for when regulators come calling. Institutions should hold onto attendee lists, as well as dates and documentation, for all training provided. If an employee fails to attend mandatory training sessions, supervisors will want to track any corrective or disciplinary actions taken.