BSA Review – What to Expect?
Money Services Businesses cover a wide swath of territory from single location to multi-national organizations. Each is potentially subject to examination by regulatory authorities or by their bank(s).
What should an MSB expect by way of examination?
The scope, depth, breadth and duration of the audit will all depend upon the risk as perceived by the party performing the review. A convenience store in a rural area cashing checks to a well known local population is not at the same risk as a larger check casher offering an array of other financial products located within a defined High Intensity Drug Trafficking Area (HIDTA). It would be crazy to think that the reviews of the two businesses would be identical.
There are common components to expect from all examinations though.
First – the “Four Pillars” of an effective BSA/AML compliance program
- Risk based policies and procedures
- Compliance officer
- Training program
- Independent review
Second – transaction testing
- Review accuracy and adequacy of paper logs or computer reports
- Review transactional data (prior 3 to 6 months)
- Evaluate whether transactions requiring reporting (currency transaction reports, suspicious activity reports, monetary instrument logs) are identified and reported accurately and timely.
- OFAC testing.
Third – operational and risk management controls
Are the documented policies and procedures being followed? Are controls in place to prevent and minimize losses? Are proper accounting procedures and controls in place? If the business has agents, are effective processes and procedures in place to monitor compliance and minimize risk?
Fourth – employment policies and practices
- Pre-employment background, credit and OFAC checks
- Periodic ongoing background and credit checks
- Liability insurance
Lastly – financial review
Is the financial condition of the MSB sufficient to meet any state eligibility or licensing requirements? Is the bank sufficiently protected by existing collateral in the event of insolvency of the business due to potential losses, penalties, or fraud by officers/employees.
Each business operating as an MSB, whether large or small, must evaluate its risks, manage those risks, and take appropriate steps to comply with the Bank Secrecy Act and other federal and state regulations. If your business is not currently adequately complying and managing risk, the time to start is now and not upon notice of review by your bank or a regulator.