Bank Secrecy Act Training: Who, What, When, How…and Why?

Presented by Lynn English

Lafayette Federal Credit Union

Key Takeaways

• After this webinar, participants should have an understanding of minimum requirements for BSA training.

• Understand the importance of consistent, relevant training for your staff versus generic training.

• Understand Examiner Expectations for BSA training at your institution.

Agenda

• Why is training so important?

• Who should receive training?

• To test or not to test…

• One size does not fit all…

• Training Formats

• Didn’t we have to do this last year?

• Board of Directors and Volunteers

• Examiner Expectations

Why is Bank Secrecy Act Training So Important?

• The answer to that question is threefold:• First-Training is one of the required components of a BSA

Compliance Program as mandated under the Act and further expressed under the mantle of the FFIEC Examination Manual.

• Second-A well trained, well informed staff is critical to the success of your credit union’s BSA program.

• Third (and perhaps most important)-Your credit union is subject to enforcement action, including monetary penalties from NCUA, FinCEN and possibly a State Regulatory Authority body (depending on your Charter). Your institution could also suffer deterioration of its reputation and if the monetary penalty is too steep, be placed under conservatorship or even closure.

Who Should Receive BSA Training?

• According to the FFIEC:“Any staff member whose duties require knowledge of the Bank Secrecy Act1”.

• Does the above statement really answer the question?? Yes…and no.

• As the BSA Officer, you should be a part of identifying which positions in your credit should receive BSA training and also, what type of training they receive.

1. FFIEC BSA Examination Manual

The “Who Should Receive BSA Training” Starter Pack.• New Employees

• Compliance Staff

• Frontline Staff• Tellers• MSR’s• Branch Managers and

Assistant Managers

• Back Office Staff• Operations• Lending• Wires (Accounting)

• Administration• HR? Yes, HR

• IT

• Executive

• Board and Volunteers (more to follow)

To Test or Not to Test…that is the question.• Do staff members have to receive a test with their

training?

• While there is not a regulatory requirement to test, it is a best practice.

• You want to be able to assess the understanding levels of your staff to identify potential weaknesses that need to be addressed.

• Testing provides a consistently applied metric to assess proficiency in the subject matter.

Poll Question?

Does the staff at your credit union take an assessment or quiz after BSA training?

• Yes

• No

One Size Does Not Fit All…

• Bank Secrecy Act training is not a one size fits all endeavor.

• The BSA Risk Assessment can be an invaluable tool in the development of your credit union’s BSA training program.

• The training program for BSA needs to be formatted to address the unique make up of your credit union.• Some credit unions operate Cashless Branches• Some credit unions do not process wire transfers• Do you have an international presence?

• Just as you have multiple departments within your credit union, you must have BSA training that matches the responsibilities of each department.• For Example: You wouldn’t necessarily provide training on how to

complete a Currency Transaction Report (CTR) to the staff that processes bank wires. That doesn’t match their responsibilities.

One Size Does Not Fit All…

• You may have some functions within your organization that don’t fit into a specific category for training due to the responsibilities of that job. If that is the case, you can utilize a more general training for that area.

• If it is a unique area, such as IT or HR, you can create a custom presentation that addresses situations in those categories that aren’t covered in typical BSA training.

Training Formats (Delivery)

Is there a specific format that must be used for BSA training?

• The format used for training is up to the credit union…but

• It must be delivered consistently

• Training must be relevant to the recipients

• Be Ongoing

• Can be in-person, instructor led, WebEx, computer based or a combination of any and all.

• PowerPoint, Paper handouts, Games

• Can be outsourced (but you should review and approve the content to be delivered)

• There should be written record of the following:

• Content of training

• Content of testing materials (if applicable)

• Attendance

• Dates of occurrence

Training Formats (Content)

• Should include regulatory requirements and any recent changes

• Include changes to credit union policies or procedures

• Include examples of money laundering activity or suspicious activity red flags

• Should include ramifications of non-compliance• Enforcement Actions• Monetary Penalties• Criminal Penalties

• Include Board and Senior Management responsibility

Poll Question?

• Is your BSA training conducted by internal staff or is it outsourced?

A. Internal Staff

B. Outsourced

C. Combination of both

Didn’t We have to Do This Last Year?• Yes, you probably did!• Guidance1 states periodic or ongoing as the

requirement. It is an industry best practice for BSA training to occur at least annually.

• Knowledge, just like a physical skill is subject to “use it or lose it”.• BSA knowledge needs to be refreshed periodically to ensure

that staff maintains awareness of reporting requirements, processes and red flags.

• Employee turnover creates knowledge gaps among the staff.• Infrequent reportable transactions can also cause gaps in BSA

knowledge retention.• Low risk institutions with limited exposure are also at risk for

knowledge gaps without consistent, ongoing training.

1.NCUA Examination Guide, FFIEC BSA Examination Manual

Poll Question?

How often is BSA training conducted at your credit union?

• Annually

• 2 or more times per year

Board of Directors and Volunteers

• The Board of Directors (including Volunteers) has the ultimate responsibility for your BSA Compliance Program.

• In order to carry out their responsibilities, your Board must have a general understanding of the Bank Secrecy Act to include the following:• The importance of the regulatory requirements• The Board’s responsibility under the Bank Secrecy Act• Penalties for non-compliance• Your credit union’s BSA policies and procedures• Your credit union’s BSA risks (there’s that Risk

Assessment again…)

Examiner Expectations for BSA Training• NCUA expects your credit union to have well

documented records for the ongoing training of general staff and Board members. You must retain:• Content, Test Scores, Dates and Participants for each training

session.• Retain records of all off-site and third party training received

as well.

• The expectation for Compliance staff is even higher. • BSA personnel are expected to receive training above and

beyond the general staff.• BSA certifications are viewed favorably by examiners. Be sure

to keep them current.• Certain BSA training sessions allow the participant to earn

continuing education credits for active certifications.

Civil Penalties increased in 2016

• recordkeeping violations for funds transfers, which has increased from $10,000 to $19,787;

• failure to register as a money transmitter, which has increased from $5,000 to $7,954; and

• willful violations of BSA requirements, which has increased from a range of $25,000–$100,000 to a range of $53,907–$215,628.

Enforcement Action Example

Gibralter Bank

• March 2016, received a $6.5 M for persistent AML & BSA deficiencies.• Comments were: “Banks training inadequate”, “failed to

provide training for specific positions”, “failed to address the needs of its BSA/AML compliance personnel for significant training in order to adequately implement its BSA/AML compliance program.”

Summary

• The BSA training program for your credit union is a vital component of your Bank Secrecy Act Compliance Program.

• Well trained staff are more proficient at spotting suspicious activity as well as completing more timely and accurate BSA report submissions.

• A well trained Board of Directors can have a direct impact on the success of the program through policy, staffing and budget considerations for the Compliance Department.

Useful Links

• Electronic Code of Federal Regulations (eCFR)

https://www.ecfr.gov

• FFIEC BSA/AML Examination Manual: https://www.ffiec.gov/bsa_aml_infobase

• NCUA Examiner’s Guide: Appendix 18A

https://www.ncua.gov/Legal/GuidesEtc/ExaminerGuide/chapter18.pdf

Now lets do a BSA Training!

Why do criminals need access to financial services?

• Crime is a cash business

• 20 deals a day X $100

• $2,000 per day

• $14,000 per week

• $728,000 per year

So what do you do with all that $$$$

Money Laundering

• Placement

• Layering

• Integration

Friendly illustrated guide

The quick history of BSA

• 1970 – “Bank Secrecy Act” is born• 1986: “banks” establish BSA programs

• 1996: Suspicious Activity Report

• September 11, 2001• Patriot Act; Customer Identification Program

• 2005: FFIEC BSA Examination Manual• 300+ pages

• Huge shift in NCUA focus

What is the Goal of BSA

• Identifies people as they enter

• Reports large cash movements

• Document transactions that may lead to money laundering/crimes

• Reports suspicious activity

• Creates paper trail

The Who’s who in BSA Enforcement

• Credit unions

• Treasury and FinCEN

• NCUA

• Law enforcement

BSA Regulation

• Two main components• Reporting

• Record Retention

Currency Transaction Report(s)

• Records cash transactions that exceed $10,000• Aggregate multiple transactions of a

single type in one day• Timing deadline? 15 days

Suspicious Activity Report

Suspicious Activity Report (SAR): Used to report suspicious activity, transactions, or behavior that is observed at your institution.

A SAR is required to be filed for suspicious activity that involves a dollar amount in excess of $5000 where a suspect can be identified or in excess of $25,000 when a suspect is unknown.

A SAR must be filed when a suspect is a credit union insider regardless of whether there is a monetary value involved in the suspicious activity.

An insider is considered an employee, officer, volunteer or director.

Keep those Records!

Record Keeping: Requires that all documentation related to the Bank Secrecy Act be retained for 5 years. Examples of documents to be retained include: Account opening documents Membership Applications,

and supporting documents CTRs & SARs with supporting documents Purchase of Monetary Instruments $3000 or greater,

this includes Money Orders, Cashier’s Checks and Travelers Checks.

Monetary Instrument Log (MIL) to be completed each time a member purchases a Monetary Instrument with cash $3000 or greater either manually or electronically.

USA Patriot Act

• Customer Identification Program • The USA PATRIOT Act outlined new requirements for

identifying the persons and entities that open accounts.

• Under Section 326 the Act, your credit union is required to collect specific information to allow the credit union to reasonably identify the individual or entity. This is known as the Know Your Customer rule or KYC.

CIP

The information that must be collected is as follows:

• Name

• Identification Number (SSN, TIN, EIN, or ITIN)

• Date of Birth

• Residential Address (For Reference- APO, FPO and DPO’s are treated as residential addresses)

What your Credit Union needs to do

• Written Program approved by the Board of Directors• Responsible Individual (BSA Officer) Appropriate proficiency

• Reports to Senior Management

• Access to Board or Committee of the Board

• Written Risk Assessment Customized for your credit union

• Reviewed Annually

• Policy & Procedures

• Internal Controls

• Independent Testing

• Training

Questions?

Polling question-

Please rate this webcast:

ExcellentGoodFairPoor

If you have any questions regarding the presentation you have just seen you may contact

me directly.

Lynn M. Englishlenglish@lfcu.org