Bank Secrecy Act
Professional Service Providers
Objective. Assess the adequacy of the bank’s systems to manage the risks associated with professional service provider relationships, and management’s ability to implement effective due diligence, monitoring, and reporting systems.
1. Review the policies, procedures, and processes related to professional service provider relationships. Evaluate the adequacy of the policies, procedures, and processes given the bank’s relationships with professional service providers and the risks these relationships represent. Assess whether the controls are adequate to reasonably protect the bank from money laundering and terrorist financing.
2. From a review of MIS and internal risk rating factors, determine whether the bank effectively identifies and monitors professional service provider relationships. MIS reports should include information about an entire relationship. For example, an interest on lawyers' trust account (IOLTA) may be in the name of the law firm instead of an individual. However, the bank's relationship report should include the law firm's account and the names and accounts of lawyers associated with the IOLTA.
3. Determine whether the bank’s system for monitoring professional service provider relationship’s suspicious activities, and for reporting of suspicious activities, is adequate given the bank’s size, complexity, location, and types of customer relationships.
4. If appropriate, refer to the core examination procedures, "Office of Foreign Assets Control," page 152, for guidance.
5. On the basis of the bank’s risk assessment of its relationships with professional service providers, as well as prior examination and audit reports, select a sample of higher-risk relationships. From the sample selected, perform the following examination procedures:
- Review account opening documentation and a sample of transaction activity.
- Determine whether actual account activity is consistent with anticipated (as documented) account activity. Look for trends in the nature, size, or scope of the transactions, paying particular attention to currency transactions.
- Determine whether ongoing monitoring is sufficient to identify potentially suspicious activity.
6. On the basis of examination procedures completed, including transaction testing, form a conclusion about the adequacy of policies, procedures, and processes associated with professional service provider relationships.