Karen Leiter is a Principal with CLA. She works with banks and credit unions nationwide, managing regulatory compliance engagements and other consulting services. Karen joined the Financial Services Group at CLA in 2020 after working in financial institutions since 2004. She has spent the majority of that time focused on regulatory compliance, Bank Secrecy Act (BSA) compliance and bank operations. Karen has spent her career working at a mortgage broker, local community bank and a larger regional bank.
Anti-Money Laundering Programs Are Changing. What Should Yours Look Like?
Laws requiring banks to fight money laundering and terrorism financing have evolved over time. What should banks do to implement modern bank compliance programs?
Brought to you by CliftonLarsonAllen LLP
The Bank Secrecy Act (BSA) has evolved as legislators sought to enhance financial transparency and combat money laundering and terrorism financing.
Subsequent laws have included the Money Laundering Control Act of 1986 and the USA Patriot Act of 2001. As we transition to the preferred naming Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT), the evolution continues.
How funds are transacted in the financial services industry continues to change. Along with increases in higher-risk products and services, BSA programs continue to receive regulatory oversight and, in some cases, regulatory scrutiny. There are several key considerations banks should take into account to create an effective risk-based BSA program.
Risk Assessment and Board Responsibility
A BSA risk assessment should cover all products and services — not just higher-risk offerings, customer groups and geographic locations — and must be reviewed by the board of directors periodically.
Higher-risk products continue to be more prevalent and include areas such as fintech partnerships or Banking as a Service (BaaS), nonbank financial institutions (NBFIs), cryptocurrency and marijuana banking activities (where legally permitted).
Boards should continually be apprised on regulatory filings, audit/exam issues or gaps in effectively managing the program.
Customer Identification and Due Diligence
Banks must collect and verify customer data before opening an account and develop risk profiles to help monitor potential suspicious activities.
Understanding the nature and purpose of customer relationships is crucial for developing a risk profile, which may include collecting expected activity, international activity, business type and residency. Risk ratings can be created through an automated or manual process. Having a quality oversight process helps maintain good data to create and support an appropriate scoring methodology.
Monitoring High-Risk Profiles
All institutions should regularly monitor higher-risk accounts through either automated or manual processes, setting frequencies based on risk profiles and using the information collected when making a risk profile. Outlining deviations between expected and actual activities throughout the account lifecycle may illustrate potential suspicious activity warranting additional review.
This level of monitoring looks different at every financial institution. Knowing who you are banking for is equally as important as knowing what you are banking.
Suspicious Activity Reporting (SAR)
Institutions must have a documented process for monitoring suspicious activities with well-documented support for when a suspicious activity report (SAR) is considered but ultimately not filed, conducting timely SAR filings and reporting those filings to the board.
Recently, we have seen an increase in regulatory announcements indicating the insufficiency of AML/CFT programs with particular attention paid to the SAR process.
Adapting to Evolving Regulations
Rules and regulations constantly evolve and, therefore, your BSA program should, too. Determining if your program is effective and efficient will help your institution appropriately allocate time, energy and resources.
Your program’s goal should be having sufficient internal controls and a policy supporting timely and accurate regulatory filings. It’s critical for your AML/CFT program to be continually reviewed, risk-based and monitored to protect your institution as well as your customers.
The information contained herein is general in nature and is not intended, and should not be construed, as legal, accounting, investment, or tax advice or opinion provided by CliftonLarsonAllen LLP (CLA) to the reader. For more information, visit CLAconnect.com.
CLA exists to create opportunities for our clients, our people, and our communities through our industry-focused wealth advisory, digital, audit, tax, consulting, and outsourcing services. CLA (CliftonLarsonAllen LLP) is an independent network member of CLA Global. See CLAglobal.com/disclaimer. Investment advisory services are offered through CliftonLarsonAllen Wealth Advisors, LLC, an SEC-registered investment advisor.