There are five pillars of an effective BSA/AML/OFAC compliance program. When creating a compliance program, you must adhere to the Bank Secrecy Act (BSA) rules and regulations, anti money laundering (AML) policies and the Office of Foreign Asset Control (OFAC) economic and trade sanctions.
In 1987, the Board of Governors of the Federal Reserve System issued a final rule that established minimum requirements for a compliance program. Under the BSA, financial institutions should implement four pillars in order to strengthen anti money laundering (AML) efforts. The fifth pillar was added in 2016 to clarify and strengthen customer due diligence requirements.
DESIGNATION OF A COMPLIANCE OFFICER
The Compliance Officer is responsible for knowing and understanding the policies and procedures outlined in the BSA/AML/OFAC compliance program, relating to the money services business (MSB).
It is important to make sure you designate someone capable of learning and understanding the policies and procedures written for your organization, as well as has the capacity to ensure policies and procedures are followed within the organization.
DEVELOPMENT OF INTERNAL POLICIES, PROCEDURES AND CONTROLS
The development of internal policies, procedures and controls is the core of all the pillars.
The second pillar addresses:
- How you run the business
- How your business stays in compliance
- How you ensure that all the written policies and procedures are being implemented and upheld
This pillar probably has the most variance amongst all the pillars because not all businesses operate the same.
Each business may have different products, services, volumes and customer demographics. It is important that the policies and procedures of a BSA/AML/OFAC program cater to how the specific business is being operated.
ONGOING, RELEVANT TRAINING OF EMPLOYEES
All employees must receive ongoing, relevant training as it pertains to the AML compliance program. It is recommended that MSBs train all employees upon initial employment as well as once per year thereafter.
Training must cover the basics of BSA/AML compliance and must be documented.
INDEPENDENT TESTING AND REVIEW
To be independent means that the person conducting the review cannot be the Compliance Officer or be someone that directly reports to the Compliance Officer.
One of the main purposes of independent testing and reviewing is to identify any deficiencies in a business’s process. When deficiencies are found, recommendations can be made to alleviate any weaknesses in the BSA/AML/OFAC compliance program.
The person preparing the independent review should also prepare a risk assessment to determine risk level; low medium or high.
While it is always encouraged to have your independent review conducted by a knowledgeable third party with experience working with MSBs, it is especially recommended to source an outside consultant to review your business if your business is identified as a medium or high risk.
CUSTOMER DUE DILIGENCE
The Customer Due Diligence (CDD) Rule, which amends the original BSA rule, is intended to improve financial transparency and prevent criminal/terrorists from using financial institutions to disguise their illicit activities.
The CDD Rule has four main requirements. It requires financial institutions to establish and maintain written policies and procedures that are designed to:
- Identify and verify the identity of customers
- Identify and verify the identity of the beneficial owners of companies opening accounts. Financial institutions will have to identify and verify the identity of any individual who owns 25 percent or more of a legal entity, and an individual who controls the legal entity.
- Understand the nature and purpose of customer relationships to develop customer risk profiles
- Conduct ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information
If you would like an expert to review your compliance program, contact us!