Brandi B. Reynolds, CAMS-Audit, CCI
The financial services industry has expressed its strong hunger for information about the Anti Money Laundering Act of 2020. Not a week goes by without a webinar being offered on the topic by a vendor or industry group with multiple panelists weighing in on what the impact could be on the industry. BSA/AML Officers, hungry for direction and inspiration, log on to listen to panelists’ perspectives and begin to craft their response.
Wait and See for the Newest AML Features
The industry will have to restrain its appetite when it comes to the Federal Beneficial Ownership Registry portion of the AMLA2020. The Registry will be a massive undertaking requiring a serious allocation of bureaucratic time. Until we hear from FinCEN on the Registry, it’s best for BSA/AML Officers to focus on items from the Act that they can address starting with the fact that BSA/AML Programs will need to incorporate elements that address national priorities. Per the AMLA2020, the Secretary of the Treasury must publish public priorities for anti-money laundering and countering the financing of terrorism. The industry should expect this declaration by summer 2021. By next winter, we should see the corresponding rules for addressing the priorities. The purpose of the priorities and rules is to enable BSA/AML Officers to craft their BSA/AML Risk Management Programs to adequately address the priorities. So far it doesn’t sound like heavy lifting for BSA/AML Officers because complying with rules and priorities is what they’ve been doing all along as they follow regulatory guidance.
Understanding & Addressing Priorities
Regulators have a track record of publishing priorities, even if they’re not specifically called priorities. In January 2021 the FDIC reminded readers that supervisory guidance is essentially their “priorities or expectations.” (See press release “FDIC Approves Rule on the Role of Supervisory Guidance,” January 19, 2021.) The OCC publishes a semiannual Risk Perspective, and BSA/AML Officers of OCC banks know to not only read it, but to read between the lines to determine what the priorities are. One can argue that having the Treasury Department publish priorities will be a breath of fresh air.
My recommendation is to read through the priorities and determine, via risk assessment, which pertain to your particular situation at your institution. Next, for those priorities that are applicable, address each one in terms of each expectation and how your BSA/AML program covers each one. The devil is in the details, so no one is served by glossing over anything. (The auditors and examiners reviewing your program don’t gloss over anything!) Also note where your BSA/AML program falls short of meeting the expectation. Next, note 3 to 5 corrective measures you can implement for each priority. It’s as if you are performing a self-audit of your BSA/AML program compared to the priorities. Create a tracking sheet for these corrective measures as if they really were audit findings. In such a manner your response is documented and tracked.
Anticipating the Priorities
While no one has a crystal ball, it would be reasonable for someone to anticipate priorities that will appear on the Federal list this summer. In response to them, an additional priority should appear on each institution’s list.
1) SAR Fundamentals
Expect the focus to come off of defensive filings and shine more on demonstrating a true suspicion of money laundering or the funding of terrorism. Expect training to get back to “describe with clarity how you believe there is money laundering or terrorist financing occurring in this customer’s activity.” See our series of postings on Tackling SAR issues found here https://corcomllc.com/resources/blog-posts/. Unfortunately, the SAR form itself might become even more detailed, creating more chances to miss a checkbox and more opportunities for an auditor to cite findings. Ensure that your SAR Quality procedures are effective.
The creation of some non-complex SARs, such as those for Structuring and certain types of fraud, can be automated. Finally, something that makes the BSA/AML Officer’s life easier! This automation will require effort from AML system vendors and then significant configuration effort from BSA/AML staff, but will be worth the effort in the long run. BSA/AML Officers can start planning for this today. Start those conversations with your vendor and provide them with your expectation that their software can meet this need. Suggest that this topic be covered during user group meetings and conferences.
3) AML System Tuning
You can’t meet the expectations of #1 and #2 above if your system for identifying suspicious activity isn’t working correctly. The expectation that an AML system should be tuned to address the risks specific to any institution started in 2016-2017 with NYDFS 504 – a requirement that New York State-regulated financial institutions to: 1) perform comprehensive assessments of their transaction monitoring systems; 2) document the effectiveness of the programs; 3) continually ‘tweak’ the programs to maintain compliance; and 4) implement governance processes to ensure compliance with NYDFS 504 such that an annual certification can be signed and submitted. Many astute BSA/AML Officers at institutions not covered by NYDFS 504 had the foresight to think “Hmmm, this is coming our way,” and followed the New York requirements anyway. There’s no requirement in AMLA2020 that institutions implement NYDFS 504, but BSA/AML Officers would benefit from reviewing it.
A Closing Thought
Key to this compliance is taking your annual BSA/AML risk assessment and mapping it to your AML monitoring system. It’s not as easy as it sounds, but it’s a great exercise to document how your AML system is addressing your risks. As always, if your AML system isn’t up to the task, be vocal about it with your vendor’s senior management personnel.
With a new law in place requiring agencies to issue new guidance, 2021 is set to be the most exciting year for BSA/AML Officers in a long time. As you’re waiting for further guidance, begin considering the three areas discussed above.
For more information on how CorCom can assist with your compliance needs, please contact firstname.lastname@example.org.