Resource Documents Board of Governors of the Federal Reserve System Federal Deposit Insurance Corporation National Credit Union Administration Office of the Comptroller of the Currency Office of Thrift Supervision Financial Crimes Enforcement Network Office of Foreign Assets Control

Examination Procedures Core Procedures Expanded Procedures

Bank Secrecy Act Anti-Money Laundering Examination Manual

Backward | Table of Contents | Forward

EXAMINATION PROCEDURES

Enterprise-Wide BSA/AML
Compliance Program

 

Objective. Assess the organization’s enterprise-wide program for BSA/AML compliance through the holding company or lead financial institution.¹⁴³

1. Confirm the existence and review the scope of any enterprise-wide BSA/AML compliance program. Communicate with peers at other federal and state banking agencies, as necessary, to confirm their understanding of the organization’s BSA/AML compliance program. This approach promotes consistent supervision and lessens regulatory burden for the holding company or lead financial institution. Determine the extent to which the enterprise-wide BSA/AML compliance program affects the organization being examined, considering the following:

• The existence of enterprise-wide operations or functions responsible for day-to-day BSA/AML operations, including, but not limited to, the centralization of suspicious activity monitoring and reporting, currency transaction reporting, currency exemption review and reporting, and recordkeeping activities.
• The centralization of operational units, such as financial intelligence units, dedicated to and responsible for monitoring transactions across activities, business lines, or legal entities. (Assess the variety and extent of information that data or transaction sources (e.g., banks, broker/dealers, trust companies, Edge Act and agreement corporations, insurance companies, or foreign branches) are entering into the monitoring and reporting systems.)
• The extent to which the holding company or lead financial institution (or other corporate-level unit, such as audit or compliance) performs regular independent testing of BSA/AML activities.
• Whether a corporate-level unit sponsors BSA/AML training.

2. Review audits for BSA/AML compliance throughout the organization and identify program deficiencies.

3. Review board minutes to determine the adequacy of management information systems (MIS) and of reports provided to the board of directors. Ensure that the board of directors of the holding company has received appropriate notification of Suspicious Activity Reports (SARs) filed by the holding company.

4. Review policies, procedures, processes, and risk assessments formulated and implemented by the holding company’s or lead financial institution’s board of directors, a board committee thereof, or senior management. As part of this review, assess effectiveness of the holding company’s or lead financial institution’s ability to perform the following responsibilities:

• Manage the enterprise-wide BSA/AML compliance program and provide adequate oversight and structure.
• Promptly identify and effectively measure, monitor, and control key risks throughout the consolidated organization.
• Develop an adequate enterprise-wide risk assessment and the policies, procedures, and processes to comprehensively manage those risks.
• Develop procedures for evaluation, approval, and oversight of risk limits, new business initiatives, and strategic changes.
• Oversee the compliance of subsidiaries with applicable regulatory requirements (e.g., country and industry requirements).
• Oversee the compliance of subsidiaries with the requirements of the enterprise-wide BSA/AML compliance program, as established by the holding company or lead financial institution.
• Identify enterprise-wide program weaknesses and implement necessary and timely corrective action, at both the holding company and subsidiary levels.

5. To ensure compliance with regulatory requirements¹⁴⁴, review the holding company’s or the lead financial institution’s procedures for monitoring and filing SARs. For additional guidance, refer to the core overview and examination procedures, "Suspicious Activity Reporting," pages 60 and 72, respectively.

6. Once the examiner has completed the above procedures, the examiner should discuss their findings with the following parties, as appropriate:

• Examiner in charge.
• Person (or persons) responsible for ongoing supervision of the organization and subsidiary banks, as appropriate.
• Corporate management.

7. On the basis of examination procedures completed, form a conclusion about the adequacy of policies, procedures, and processes associated with an enterprise-wide BSA/AML compliance program.

Backward | Table of Contents | Forward