Bank Secrecy Act
Objective. Assess the adequacy of the bank’s systems to manage the risks associated with private banking activities, and management’s ability to implement effective due diligence, monitoring, and reporting systems. This section expands the core review of the statutory and regulatory requirements of private banking in order to provide a broader assessment of the AML risks associated with this activity.
1. Review the policies, procedures, and processes related to private banking activities. Evaluate the adequacy of the policies, procedures, and processes given the bank’s private banking activities and the risks they represent. Assess whether the controls are adequate to reasonably protect the bank from money laundering and terrorist financing.
2. From a review of MIS reports (e.g., customer aggregation, policy exception and missing documentation, customer risk classification, unusual accounts activity, and client concentrations) and internal risk rating factors, determine whether the bank effectively identifies and monitors private banking relationships, particularly those that pose a higher risk for money laundering.
3. Determine whether the bank’s system for monitoring private banking relationships for suspicious activities, and for reporting of suspicious activities, is adequate given the bank’s size, complexity, location, and types of customer relationships.
4. Review the private banking compensation program. Determine whether it includes qualitative measures that are provided to employees to comply with account opening and suspicious activity monitoring and reporting requirements.
5. Review the monitoring program the bank uses to oversee the private banking relationship manager’s personal financial condition and to detect any inappropriate activities.
6. If appropriate, refer to the core examination procedures, "Office of Foreign Assets Control," pages 157 to 159, for guidance.
7. On the basis of the bank’s risk assessment of its private banking activities, as well as prior examination and audit reports, select a sample of private banking accounts. The sample should include the following types of accounts:
- Politically exposed persons (PEP).
- Private investment companies (PIC), international business corporations (IBC), and shell companies.
- Offshore entities.
- Cash-intensive businesses.
- Import or export companies.
- Customers from or doing business in a higher-risk geographic location.
- Customers listed on unusual activity monitoring reports.
- Customers who have large dollar transactions and frequent funds transfers.
8. From the sample selected, perform the following examination procedures:
- Review account opening documentation and ongoing due diligence information.
- Review account statements and, as necessary, specific transaction details.
- Compare expected transactions with actual activity.
- Determine whether actual activity is consistent with the nature of the customer’s business.
- Identify any unusual or suspicious activity.
9. On the basis of examination procedures completed, including transaction testing, form a conclusion about the adequacy of policies, procedures, and processes associated with private banking relationships.