News Feed

Bank Secrecy Act – Compliance Program

Wed, Dec 10, 2014

Credit unions must establish and maintain a written compliance program for fulfilling the requirements of the BSA that includes at least: (1) a system of internal controls; (2) designation of an individual to coordinate/monitor BSA compliance; (3) independent testing; and (4) training of appropriate personnel. In addition, an effective BSA compliance program should include written policies and procedures designed to detect and prevent money laundering activities. Failure to comply with the requirements of BSA and its implementing regulations can result in both civil and criminal penalties.

Part 748 of the NCUA Rules and Regulations (§741.214 for state-chartered credit unions by reference) requires all credit unions to establish and maintain procedures reasonably designed to assure and monitor their compliance with the BSA and its implementing regulations. This includes establishing an effective Customer Identification Program (CIP) that is part of the overall BSA program. A credit union must develop and administer a program which assures and monitors compliance with BSA record keeping and reporting requirements. Such a program also can protect a credit union against possible criminal and civil penalties and asset forfeitures. Section 748.2 establishes four minimum requirements for a compliance program.

At a minimum, a credit union’s internal compliance program must be written, approved by the board of directors, and noted in the board’s meeting minutes. The program must include:

  • A system of internal controls to ensure ongoing compliance;
  • Independent testing of compliance;
  • Daily coordination and monitoring of compliance by a designated person; and
  • Training for appropriate personnel.

Internal Controls Credit unions must have appropriate internal control procedures to allow them to detect money laundering. These procedures must provide, among other things, a credit union with the ability to identify and report: (1) currency transactions in excess of $10,000 (2) transactions suspicious in nature.

Senior management responsibilities for internal controls should demonstrate their commitment to compliance by:

  • Establishing a comprehensive compliance plan that is approved by the board of directors and fully implemented by credit union staff.
  • Instituting a requirement that senior management be kept informed of compliance efforts, audit reports, identified compliance deficiencies, and the corrective action taken.
  • Making BSA compliance a condition for employment.
  • Incorporating compliance with the BSA and its implementing regulation into job descriptions and performance evaluations of credit union personnel.

Independent Testing; Compliance with the BSA should be independently tested at least annually by the internal audit department, outside auditors, or consultants. The audit program should, at a minimum, be able to:

  • Attest to the effectiveness of internal procedures for monitoring compliance with the BSA by, for example:
    • Sampling large currency transactions traced to CTR filings;
    • Testing the validity and reasonableness of exemptions granted; and
    • Reviewing a sample of SARs filed for completeness and accuracy.
  • Assess employees’ knowledge of regulations and procedures.
  • Assess adequacy of training programs.

Audit findings should be incorporated into a report for senior management and board review. Appropriate follow-up should be ensured.

Compliance Officer A credit union must designate a credit union employee as the BSA compliance officer. This officer should have day-to-day responsibility for the BSA compliance program.

Training Senior management must ensure that appropriate credit union personnel are trained in all aspects of the regulatory requirements of the BSA and the credit union’s internal policies and procedures to ensure compliance. Under BSA, "appropriate" credit union personnel to train will include all staff, including Board and Supervisory Committee members.

An effective training program includes provisions to ensure that:

  • All credit union personnel who have contact with members – tellers, member service representatives, lending officers, etc. – receive appropriate training.
  • Such training is ongoing and incorporates current developments such as new and different money laundering schemes involving credit unions. It also can include examples of money laundering cases, tailored to the audience, and the ways in which such activities can be detected or resolved.

For additional information, including checklists and a link to the CUNA Compliance guide, click here for the topic.

Review the information today to help your credit union remain in compliance