In last month’s article about banking Fintechs, we introduced three areas of a BSA/AML Programs that are frequently criticized during exams: Staffing, Data, and Systems. In this article, we will drill down on the Staffing area – specifically the criticisms cited about the “BSA Officer.”
When examiners cite findings about the “BSA Officer,” the issue might not be about the specific individual with the BSA Officer title. The issue might be with five different, but related, elements of the BSA Program, as follows:
- The qualifications and competencies of the actual BSA Officer.
- The qualifications and competencies of the other managers and staff in the BSA Department.
- The staffing levels in the BSA Department.
- The responsibilities of the BSA Officer role in terms of BSA/AML and other duties.
- The authority level (in fact and perceived) of the BSA Officer.
This is a delicate part of the exam report since it concerns specific individuals, and no BSA Officer wants to read an exam report that points out that they might not be qualified and competent for the role It is important to remember, however, that findings concerning the BSA Officer are really about the BSA Officer’s skillset with respect to the risk profile of the institution. Let’s explore this further, and then review the other four elements.
1. Qualifications and competencies of the BSA Officer – As mentioned in last month’s article, institutions face elevated levels of risk when the BSA Officer doesn’t have sufficient experience in with respect to the risks, products, and services of Fintech companies. Examiners will be reviewing the BSA Officer’s experience with assessing Fintech risks, as well as their knowledge of the risks unique to Fintech customers and transactions. Examiners will also be looking at what extra training the BSA Officer receives regarding Fintech AML/CFT and OFAC risks.
For the BSA Officer, prior experience is key. While “extra training” might be sufficient for staff, examiners typically expect the BSA Officer in an institution to have direct experience with Fintechs.
2. Qualifications and competencies of the other managers and staff in the BSA Department – Similar to the above discussion, when examiners note a disconnect between the skillsets of staff versus the skillsets that would be required based on the institution’s risk profile, they might start to wonder if the BSA Officer is over-leveraged (assuming the BSA Officer has sufficient experience). Examiners will look more closely at the skill sets of managers, supervisors, and those performing any type of review, QA, or QC function. For institutions banking Fintechs, examiners will be looking for sufficient experience banking Fintechs at other institutions and/or extra training focused on Fintechs.
3. Staffing levels in the BSA Department – Examiners don’t conduct staffing level assessments; however, they can still get a sense of when the level of staffing resources in a BSA department might not be adequate. They do this by noting the number of errors revealed during the exam, or the number and type of tasks that should be getting done, but aren’t. Another indicator of a potential staffing level issue for examiners is when they see the BSA department is actively remediating prior audit and exam findings and trying to perform “BAU” (business as usual) functions, but without any increases to staffing levels or technology implementations. The same is true for BSA departments that recently started banking Fintechs, but did not increase staffing levels. In these situations, it is important to remember that implementing technological solutions (such as another monitoring system for the Fintech transactions) will not alleviate the need for more staff – it can in fact increase the need.
4. Responsibilities of the BSA Officer role in terms of BSA/AML and other non-BSA/AML duties – This concern only surfaces in smaller institutions that begin banking Fintechs, in instances where the BSA Officer continues to wear many hats such as the Compliance Officer hat or even the Risk Officer hat. This will likely be a red flag to examiners that the institution doesn’t value the BSA Officer role.
5. The authority level of the BSA Officer – While organizational charts can provide examiners with information on how the BSA Officer role is structured within the organization, those organizational charts don’t always convey true authority level of the BSA Officer. To assess authority level, examiners will ask for minutes of the Board and Board Subcommittee meetings to learn whether the BSA Officer presents at these meetings. Examiners might ask for drafts of reports written by the BSA Officer and compare them to final versions to learn whether they are edited before being submitted for meetings. Examiners will look for BSA Officer recommendations for closing or declining accounts, or for technology needs, to learn how those recommendations are acted (or not acted) upon.
Ensuring a qualified and well-supported BSA Officer is critical for a strong BSA/AML program, especially for Fintech firms. Examiner scrutiny goes beyond the BSA Officer’s qualifications, encompassing the entire BSA department’s experience, staffing levels, role allocation, and the BSA Officer’s perceived authority. Institutions must address these additional factors to proactively identify and rectify weaknesses, safeguarding themselves from regulatory findings and ultimately enhancing their ability to combat financial crime.
How Bates Helps
If your organization needs assistance with ongoing compliance, you should not hesitate to learn about our professional BSA/AML consulting services. Bates Group offers ongoing advisory services to a wide range of financial institutions and Fintechs.