bank secrecy act training: who, what, when, how…and why? … · 2017-02-08 · •content, test...
TRANSCRIPT
Bank Secrecy Act Training: Who, What, When, How…and Why?
Presented by Lynn English
Lafayette Federal Credit Union
Key Takeaways
• After this webinar, participants should have an understanding of minimum requirements for BSA training.
• Understand the importance of consistent, relevant training for your staff versus generic training.
• Understand Examiner Expectations for BSA training at your institution.
Agenda
• Why is training so important?
• Who should receive training?
• To test or not to test…
• One size does not fit all…
• Training Formats
• Didn’t we have to do this last year?
• Board of Directors and Volunteers
• Examiner Expectations
Why is Bank Secrecy Act Training So Important?
• The answer to that question is threefold:• First-Training is one of the required components of a BSA
Compliance Program as mandated under the Act and further expressed under the mantle of the FFIEC Examination Manual.
• Second-A well trained, well informed staff is critical to the success of your credit union’s BSA program.
• Third (and perhaps most important)-Your credit union is subject to enforcement action, including monetary penalties from NCUA, FinCEN and possibly a State Regulatory Authority body (depending on your Charter). Your institution could also suffer deterioration of its reputation and if the monetary penalty is too steep, be placed under conservatorship or even closure.
Who Should Receive BSA Training?
• According to the FFIEC:“Any staff member whose duties require knowledge of the Bank Secrecy Act1”.
• Does the above statement really answer the question?? Yes…and no.
• As the BSA Officer, you should be a part of identifying which positions in your credit should receive BSA training and also, what type of training they receive.
1. FFIEC BSA Examination Manual
The “Who Should Receive BSA Training” Starter Pack.• New Employees
• Compliance Staff
• Frontline Staff• Tellers• MSR’s• Branch Managers and
Assistant Managers
• Back Office Staff• Operations• Lending• Wires (Accounting)
• Administration• HR? Yes, HR
• IT
• Executive
• Board and Volunteers (more to follow)
To Test or Not to Test…that is the question.• Do staff members have to receive a test with their
training?
• While there is not a regulatory requirement to test, it is a best practice.
• You want to be able to assess the understanding levels of your staff to identify potential weaknesses that need to be addressed.
• Testing provides a consistently applied metric to assess proficiency in the subject matter.
Poll Question?
Does the staff at your credit union take an assessment or quiz after BSA training?
• Yes
• No
One Size Does Not Fit All…
• Bank Secrecy Act training is not a one size fits all endeavor.
• The BSA Risk Assessment can be an invaluable tool in the development of your credit union’s BSA training program.
• The training program for BSA needs to be formatted to address the unique make up of your credit union.• Some credit unions operate Cashless Branches• Some credit unions do not process wire transfers• Do you have an international presence?
• Just as you have multiple departments within your credit union, you must have BSA training that matches the responsibilities of each department.• For Example: You wouldn’t necessarily provide training on how to
complete a Currency Transaction Report (CTR) to the staff that processes bank wires. That doesn’t match their responsibilities.
One Size Does Not Fit All…
• You may have some functions within your organization that don’t fit into a specific category for training due to the responsibilities of that job. If that is the case, you can utilize a more general training for that area.
• If it is a unique area, such as IT or HR, you can create a custom presentation that addresses situations in those categories that aren’t covered in typical BSA training.
Training Formats (Delivery)
Is there a specific format that must be used for BSA training?
• The format used for training is up to the credit union…but
• It must be delivered consistently
• Training must be relevant to the recipients
• Be Ongoing
• Can be in-person, instructor led, WebEx, computer based or a combination of any and all.
• PowerPoint, Paper handouts, Games
• Can be outsourced (but you should review and approve the content to be delivered)
• There should be written record of the following:
• Content of training
• Content of testing materials (if applicable)
• Attendance
• Dates of occurrence
Training Formats (Content)
• Should include regulatory requirements and any recent changes
• Include changes to credit union policies or procedures
• Include examples of money laundering activity or suspicious activity red flags
• Should include ramifications of non-compliance• Enforcement Actions• Monetary Penalties• Criminal Penalties
• Include Board and Senior Management responsibility
Poll Question?
• Is your BSA training conducted by internal staff or is it outsourced?
A. Internal Staff
B. Outsourced
C. Combination of both
Didn’t We have to Do This Last Year?• Yes, you probably did!• Guidance1 states periodic or ongoing as the
requirement. It is an industry best practice for BSA training to occur at least annually.
• Knowledge, just like a physical skill is subject to “use it or lose it”.• BSA knowledge needs to be refreshed periodically to ensure
that staff maintains awareness of reporting requirements, processes and red flags.
• Employee turnover creates knowledge gaps among the staff.• Infrequent reportable transactions can also cause gaps in BSA
knowledge retention.• Low risk institutions with limited exposure are also at risk for
knowledge gaps without consistent, ongoing training.
1.NCUA Examination Guide, FFIEC BSA Examination Manual
Poll Question?
How often is BSA training conducted at your credit union?
• Annually
• 2 or more times per year
Board of Directors and Volunteers
• The Board of Directors (including Volunteers) has the ultimate responsibility for your BSA Compliance Program.
• In order to carry out their responsibilities, your Board must have a general understanding of the Bank Secrecy Act to include the following:• The importance of the regulatory requirements• The Board’s responsibility under the Bank Secrecy Act• Penalties for non-compliance• Your credit union’s BSA policies and procedures• Your credit union’s BSA risks (there’s that Risk
Assessment again…)
Examiner Expectations for BSA Training• NCUA expects your credit union to have well
documented records for the ongoing training of general staff and Board members. You must retain:• Content, Test Scores, Dates and Participants for each training
session.• Retain records of all off-site and third party training received
as well.
• The expectation for Compliance staff is even higher. • BSA personnel are expected to receive training above and
beyond the general staff.• BSA certifications are viewed favorably by examiners. Be sure
to keep them current.• Certain BSA training sessions allow the participant to earn
continuing education credits for active certifications.
Civil Penalties increased in 2016
• recordkeeping violations for funds transfers, which has increased from $10,000 to $19,787;
• failure to register as a money transmitter, which has increased from $5,000 to $7,954; and
• willful violations of BSA requirements, which has increased from a range of $25,000–$100,000 to a range of $53,907–$215,628.
Enforcement Action Example
Gibralter Bank
• March 2016, received a $6.5 M for persistent AML & BSA deficiencies.• Comments were: “Banks training inadequate”, “failed to
provide training for specific positions”, “failed to address the needs of its BSA/AML compliance personnel for significant training in order to adequately implement its BSA/AML compliance program.”
Summary
• The BSA training program for your credit union is a vital component of your Bank Secrecy Act Compliance Program.
• Well trained staff are more proficient at spotting suspicious activity as well as completing more timely and accurate BSA report submissions.
• A well trained Board of Directors can have a direct impact on the success of the program through policy, staffing and budget considerations for the Compliance Department.
Useful Links
• Electronic Code of Federal Regulations (eCFR)
https://www.ecfr.gov
• FFIEC BSA/AML Examination Manual: https://www.ffiec.gov/bsa_aml_infobase
• NCUA Examiner’s Guide: Appendix 18A
https://www.ncua.gov/Legal/GuidesEtc/ExaminerGuide/chapter18.pdf
Now lets do a BSA Training!
Why do criminals need access to financial services?
• Crime is a cash business
• 20 deals a day X $100
• $2,000 per day
• $14,000 per week
• $728,000 per year
So what do you do with all that $$$$
Money Laundering
• Placement
• Layering
• Integration
Friendly illustrated guide
The quick history of BSA
• 1970 – “Bank Secrecy Act” is born• 1986: “banks” establish BSA programs
• 1996: Suspicious Activity Report
• September 11, 2001• Patriot Act; Customer Identification Program
• 2005: FFIEC BSA Examination Manual• 300+ pages
• Huge shift in NCUA focus
What is the Goal of BSA
• Identifies people as they enter
• Reports large cash movements
• Document transactions that may lead to money laundering/crimes
• Reports suspicious activity
• Creates paper trail
The Who’s who in BSA Enforcement
• Credit unions
• Treasury and FinCEN
• NCUA
• Law enforcement
BSA Regulation
• Two main components• Reporting
• Record Retention
Currency Transaction Report(s)
• Records cash transactions that exceed $10,000• Aggregate multiple transactions of a
single type in one day• Timing deadline? 15 days
Suspicious Activity Report
Suspicious Activity Report (SAR): Used to report suspicious activity, transactions, or behavior that is observed at your institution.
A SAR is required to be filed for suspicious activity that involves a dollar amount in excess of $5000 where a suspect can be identified or in excess of $25,000 when a suspect is unknown.
A SAR must be filed when a suspect is a credit union insider regardless of whether there is a monetary value involved in the suspicious activity.
An insider is considered an employee, officer, volunteer or director.
Keep those Records!
Record Keeping: Requires that all documentation related to the Bank Secrecy Act be retained for 5 years. Examples of documents to be retained include: Account opening documents Membership Applications,
and supporting documents CTRs & SARs with supporting documents Purchase of Monetary Instruments $3000 or greater,
this includes Money Orders, Cashier’s Checks and Travelers Checks.
Monetary Instrument Log (MIL) to be completed each time a member purchases a Monetary Instrument with cash $3000 or greater either manually or electronically.
USA Patriot Act
• Customer Identification Program • The USA PATRIOT Act outlined new requirements for
identifying the persons and entities that open accounts.
• Under Section 326 the Act, your credit union is required to collect specific information to allow the credit union to reasonably identify the individual or entity. This is known as the Know Your Customer rule or KYC.
CIP
The information that must be collected is as follows:
• Name
• Identification Number (SSN, TIN, EIN, or ITIN)
• Date of Birth
• Residential Address (For Reference- APO, FPO and DPO’s are treated as residential addresses)
What your Credit Union needs to do
• Written Program approved by the Board of Directors• Responsible Individual (BSA Officer) Appropriate proficiency
• Reports to Senior Management
• Access to Board or Committee of the Board
• Written Risk Assessment Customized for your credit union
• Reviewed Annually
• Policy & Procedures
• Internal Controls
• Independent Testing
• Training
Questions?
Polling question-
Please rate this webcast:
ExcellentGoodFairPoor
If you have any questions regarding the presentation you have just seen you may contact
me directly.
Lynn M. [email protected]