Here are the 4 Pillars of a Strong BSA/AML Compliance Program
A strong BSA/AML compliance program needs a strong foundation. Developing a strong foundation is easier than you might think. Here's what to consider, and how to get started.
Most financial institutions, from banks to MSBs to mortgage companies, must comply with Bank Secrecy Act/Anti-Money Laundering (BSA/AML) regulations. Each financial institution must develop and implement a written anti-money laundering program that is reasonably designed to prevent the institution from being used to facilitate money laundering or the financing of terrorist activities. This BSA/AML program must be approved by the Board of Directors or senior management.
How can your mortgage company succeed with AML compliance?
Download our quick guide!
The written BSA/AML compliance program must include the following four pillars:
- Internal controls;
- The designation of a BSA/AML officer;
- A BSA/AML training program; and
- Independent testing to test programs.
To build a stable home, you need a strong foundation. Likewise, an effective BSA/AML program also needs a strong foundation in order to support these four pillars.
How can you develop a strong foundation? Through a clear and comprehensive understanding of your organization's structure and risk exposure.
This understanding will allow you to build a program that accurately reflects your institution's unique needs. In the same way that taller buildings will need deeper foundations, larger and more complex institutions need larger and more robust AML compliance programs to manage organizational risk.
BSA/AML Risk Assesment
A risk assessment is an essential first step in developing this strong foundation, because it will help you create the program that fits your institution's structure.
The risk assessment is used to determine whether the BSA/AML compliance program is adequate and provides the controls necessary to mitigate risks. It is important to objectively evaluate each pillar by first identifying the specific risk to the institution within the pillar, and second, conducting a more detailed analysis of the identified risk.
With a well-developed risk assessment, you can focus appropriate risk management processes on your institution's unique BSA/AML compliance program to effectively mitigate risk to the institution.
BSA/AML Risk Control
As mentioned above, once the risk are identified and understood, the institution should build a solid program to control for those risks. The program needs to include policies, procedures and processes which are trained upon and incorporated into daily operations.
The compliance team and/or audit department will need to conduct testing of the program to gauge how well the program is working, and make changes and updates as needed. BSA/AML programs should not remain stagnant; they need to grow and evolve with the business.
TRUPOINT Viewpoint: In our experience, financial institutions that have a quality assurance process in place have stronger BSA/AML programs as they are able to proactively identify and correct deficiencies in their own programs. Self-testing, a component of many institution's QA process, aids in the growth of the BSA//AML program. If the risk assessment is the foundation that supports the pillars of your BSA/AML program, the self-testing is an inspection.
However, self-testing does not meet the pillar requirement of an independent review which must be completed in accordance with the perceived risk to the organization.
Regulators recommend that the independent review be conducted every 12-18 months. The higher your BSA/AML risk, the more frequent the independent review should be; industry best practice is every 12 months, regardless of risk, and especially if you do not have self-testing in place.
We recently released this white paper "AML Compliance for Mortgage", which is directed at Residential Mortgage Lending Offices (RMLOs) but could be applicable for most financial institutions, outlining the steps to developing a strong BSA/AML program. It's designed to provide clarity about the regulations and some clear steps to success.