Resource Documents Board of Governors of the Federal Reserve System Federal Deposit Insurance Corporation National Credit Union Administration Office of the Comptroller of the Currency Office of Thrift Supervision Financial Crimes Enforcement Network Office of Foreign Assets Control

Examination Procedures Core Procedures Expanded Procedures

Bank Secrecy Act Anti-Money Laundering Examination Manual

Backward | Table of Contents | Forward

EXAMINATION PROCEDURES

Scoping and Planning

Objective.  Identify the bank’s BSA/AML risks, develop the examination scope, and document the plan.  This process includes determining examination staffing needs and technical expertise, and selecting examination procedures to be completed.

To facilitate the examiner’s understanding of the bank’s risk profile and to adequately establish the scope of the BSA/AML examination, the examiner should complete the following steps, in conjunction with the review of the bank’s BSA/AML risk assessment:

1. Review prior examination or inspection reports, related workpapers, and management’s responses to previously identified BSA violations, deficiencies, and recommendations.  Discuss, as necessary, with the person(s) responsible for ongoing supervision of the bank or with the prior examiner in charge (EIC) any additional information or ongoing concerns that are not documented in the correspondence.  Consider reviewing news articles concerning or pertaining to the bank or its management.

2. Review the prior examination workpapers to identify the specific BSA/AML examination procedures completed, obtain BSA contact information, identify the report titles and formats the bank uses to detect unusual activity, identify previously noted high-risk banking operations, and review recommendations for the next examination.

3. As appropriate, contact bank management, including the BSA compliance officer, to discuss the following:

• BSA/AML compliance program.
• BSA/AML management structure.
• BSA/AML risk assessment.
• Suspicious activity monitoring and reporting systems.
• Level and extent of automated BSA/AML systems.

For the above topics, refer to the appropriate overview and examination procedures sections in the manual for guidance.

4. Send the request letter to the bank.  Review the request letter documents provided by the bank.  Refer to Appendix H (“Request Letter Items”).

5. Read correspondence between the bank and its primary regulators, if not already completed by the examiner in charge, or other dedicated examination personnel.  The examiner should become familiar with the following, as applicable:

• Outstanding, approved, or denied applications.
• Change of control documents, when applicable.
• Approvals of new directors or senior management, when applicable.
• Details of meetings with bank management.
• Other significant activity affecting the bank or its management.

6. Review correspondence that the bank or the primary regulators have received from, or sent to, outside regulatory and law enforcement agencies relating to BSA/AML compliance.  Communications, particularly those received from FinCEN, and the Internal Revenue Service (IRS) Detroit Computing Center may document matters relevant to the examination, such as the following:

• Filing errors for Suspicious Activity Reports (SARs), Currency Transaction Reports (CTRs), and CTR exemptions.
• Civil money penalties issued by or in process from FinCEN.
• Law enforcement subpoenas or seizures.
• Notification of mandatory account closures of non-cooperative foreign customers holding correspondent accounts as directed by the Secretary of the Treasury or the U.S. Attorney General.

7. Review SARs, CTRs, and CTR exemption information obtained from downloads from the BSA-reporting database.  The number of SARs, CTRs, and CTR exemptions filed should be obtained for a defined time period, as determined by the examiner.  Consider the following information, and analyze the data for unusual patterns, such as:

• Volume of activity, and whether it is commensurate with the customer’s occupation or type of business.
• Number and dollar volume of transactions involving high-risk customers.
• Volume of CTRs in relation to the volume of exemptions (i.e., whether additional exemptions resulted in significant decreases in CTR filings).
• Volume of SARs and CTRs in relation to the bank’s size, asset or deposit growth, and geographic location.

The federal banking agencies do not have targeted volumes or “quotas” for SAR and CTR filings for a given bank size or geographic location.  Examiners should not criticize a bank solely because the number of SARs or CTRs filed is lower than SARs or CTRs filed by “peer” banks.  However, as part of the examination, examiners must review significant changes in the volume or nature of SARs and CTRs filed and assess potential reasons for these changes.

8. Review internal or external audit reports and workpapers for BSA/AML compliance, as necessary, to determine the comprehensiveness and quality of audits, findings, and management responses and corrective action.  A review of the independent audit’s scope, procedures, and qualifications will provide valuable information on the adequacy of the BSA/AML compliance program.

9. While OFAC regulations are not part of the BSA, evaluation of OFAC compliance is frequently included in BSA/AML examinations.  It is not the federal banking agencies’ primary role to identify OFAC violations, but rather to evaluate the sufficiency of a bank’s implementation of policies, procedures, and processes to ensure compliance with OFAC laws and regulations.  To facilitate the examiner’s understanding of the bank’s risk profile and to adequately establish the scope of the OFAC examination, the examiner should complete the following steps:

• Review the bank’s OFAC risk assessment.  The risk assessment should consider the various types of products, services, customers, entities, transactions, and geographic locations in which the bank is engaged, including those that are processed by, through, or to the bank to identify potential OFAC exposure.
• Review the bank’s independent testing of its OFAC compliance program.
• Review correspondence received from OFAC and, as needed, the civil penalties area on OFAC’s web site to determine whether the bank had any warning letters, fines, or penalties imposed by OFAC since the most recent examination.
• Review correspondence between the bank and OFAC (e.g., periodic reporting of prohibited transactions and, if applicable, annual OFAC reports on blocked property).

In addition to the above, at larger, more complex banking organizations, examiners may complete various types of examinations throughout the supervisory plan or cycle to assess OFAC compliance.  These reviews may focus on one or more business lines. 

10. On the basis of the above examination procedures, in conjunction with the review of the bank’s BSA/AML risk assessment, develop an initial examination plan.  The examiner should adequately document the plan, as well as any changes to the plan that occur during the examination.  The scoping and planning process should ensure that the examiner is aware of the bank’s BSA/AML compliance program, OFAC compliance program, compliance history, and risk profile (i.e., products, services, customers, entities, transactions, and geographic locations).

As necessary, additional core and expanded examination procedures may be completed.  While the examination plan may change at any time as a result of on-site findings, the initial risk assessment will enable the examiner to establish a reasonable scope for the BSA/AML review.  For the examination process to be successful, examiners must maintain open communication with the bank’s management and discuss relevant concerns as they arise.

 

 

Backward | Table of Contents | Forward