FFIEC Updates BSA GuidanceBanks Bracing for New Exam Requirements
For the first time since 2010, the Federal Financial Institutions Examination Council has released updated guidance about Bank Secrecy Act compliance requirements and money-laundering risks (see FFIEC Issues Revised BSA/AML Exam Manual).
Although the guidance primarily consolidates advice already released by banking regulators and the Financial Crimes Enforcement Network, it's nevertheless significant, one fraud expert says.
The timing of the manual's update suggests 2015 regulatory exams will follow the updated BSA requirements noted in the new guidance, says Shirley Inscoe, an analyst at consultancy Aite.
"It's coming out toward the end of the year, so everyone can use it consistently in their 2015 exams, which is a good idea," she says. "In some areas of the world, regulators are finally more serious about money-laundering compliance. It's good to get updated procedures out to U.S. banks now that the rest of the world is taking this issue seriously."
But complying with these new requirements is going to be time-consuming and costly for institutions of all sizes, Inscoe says.
"The point I find fascinating is that we now have a 324-page exam document, not counting any of the appendices, index, etc.," she says. "Every financial institution has to spend numerous hours scouring over this document to ensure their program is in compliance and to prepare for exams. And we are only talking about one regulation. ... Compliance costs will lead to more mergers in coming months and years."
Guidance Highlights SARs, CTRs
The FFIEC's 2014 Bank Secrecy Act/Anti-Money Laundering Examination Manual, released Dec. 2, highlights 12 areas where institutions should be focused, including suspicious activity reporting, currency transaction reporting, and due diligence in relationships with third-party payment processors and nonbank institutions.
"Banks should take reasonable and prudent steps to combat money laundering and terrorist financing and to minimize their vulnerability to the risk associated with such activities," the FFIEC points out. "Some banking organizations have damaged their reputations and have been required to pay civil money penalties for failing to implement adequate controls within their organization, resulting in noncompliance with the BSA. ... The federal banking agencies' and FinCEN's commitment to provide guidance that assists banks in complying with the BSA remains a high supervisory priority."
Among the FFIEC's recommendations in the new guidance are:
- Ensuring that BSA/AML staff are involved with all new product deployments as well as the review or termination of customer relationships;
- Determining whether reliance on certain parties, such as car dealerships that provide loans, is reasonable; and
- Addressing risks related to loans and payments offered through nonbank entities by limiting or restricting transaction types.
In recent months, the Office of the Comptroller of the Currency, one of the FFIEC agencies, and FinCEN, a bureau of the U.S. Department of the Treasury, have issued a number of advisories and letters about banking regulators' increasing expectations for BSA compliance.
In March, Comptroller of the Currency Thomas Curry said during a presentation that senior banking executives are accountable for BSA compliance.
"When we look at the issues underlying BSA infractions, they can almost always be traced back to decisions and actions of the institution's board and senior management," Curry said. "They involve the culture of compliance within an organization, the resources committed to BSA compliance, the strength of the organization's information technology and monitoring process, and the quality of risk management."
And in August, FinCEN reiterated why regulatory examinations will be focused on ensuring C-level executives stay engaged and informed about emerging money-laundering risks. "A financial institution can strengthen its BSA/AML compliance culture by ensuring that its leadership actively supports and understands compliance efforts," FinCEN noted.
Banking executives must support efforts to manage and mitigate BSA/AML deficiencies and mandate that risks are not compromised by revenue interests, as well as ensure that relevant information from the various departments within the organization is shared with compliance staff to further BSA/AML efforts, FinCEN stated.
Tom King, vice president and compliance officer of QCR Holdings, a $2 billion company that owns and oversees four banking institutions in the Midwest, says BSA compliance has gotten renewed attention in the wake of fines and penalties against leading institutions such as JPMorgan Chase, TD Bank and HSBC for BSA violations.
"We are adding this to our Compliance Committee agenda for next month," King says. "We expect there will be more to come as we spend time digesting this material and putting their guidance into practice."