SHARE:  
Join Our Email List

Email #4: BSA PROGRAM COMPONENTS

The base of each credit union's BSA program is a written, board-approved policy. Specific components are expected to be in the credit union's policy, so we will discuss each below. The flexibility of the Bank Secrecy Act regulation allows each program to be tailored to your credit union's size and complexity. While your policy might be similar to another credit union's, it should be unique to your own risk factors. Policies will also evolve over time as your credit union's experience and risk levels are taken into consideration and when regulatory expectations change.


NCUA Part 748.2 requires the following elements to be in each credit union's written BSA policy. There are other pieces that will be discussed in future emails, but these four are the primary pillars of the overall program.

 

Internal Controls 

The policies, procedures, and processes a credit union has are designed to limit and control risk. Your credit union's internal controls play an important role in preventing and detecting fraudulent activity and need to be relied on, especially on hectic or busy days or when a staffing shortage interrupts your normal processes. The controls should include detecting and monitoring for suspicious activity, controls of monitoring systems, reviewing data processing reports, and filing necessary reports in a timely manner. The controls should also be commensurate with the size, structure, and complexity of your credit union. Many mid-sized and larger credit unions use software (i.e. Nasdaq Verafin) and features within their data processing system to assist in this area.


Independent Testing 

Every 12-18 months, a qualified person who both understands the Bank Secrecy Act and is not involved in your own credit union's daily BSA program should conduct an independent test — an audit — to see that your BSA policy and procedures are complete and being followed in practice. This can be done by the supervisory committee or an internal auditor, but many credit unions hire an outside auditor or firm with knowledge of BSA to complete this task. The audit report findings should be presented to the board of directors and supervisory committee so they are aware of any program deficiencies and the plan to address and correct them.


BSA Compliance Officer 

The credit union must have a board-approved BSA Compliance Officer who is designated (by name and/or title) in the board's minutes and in the BSA policy. The individual must have sufficient authority, resources, and time to fulfill the role, as well as a thorough understanding of the products and services your credit offers. This is the "go-to" person for any BSA questions or suspicious activity, but they are not the only one in the credit union who contributes to the BSA program.


*TIP* If you are not sure who your credit union's current BSA Compliance Officer is, make it a point to find out before you complete the email series.

 

Training Program

All staff members need training annually on the basics of BSA, along with your credit union's policy and procedures that relate to their particular position or department. The level and frequency of training depends on many factors, including staff turnover and risk levels. New employees should have an overview upon starting or within a very short time after their hire date. Board members and supervisory committee members also need training, but they can be given a more basic, high-level overview that includes discussion of their BSA oversight role and expected board discussions and decisions relating to it.


Training attendance records should always be maintained along with a copy of the presentation handout to show the scope of the instructional content. If staff or board members complete a training on their own with a recorded or online system, they should attest in writing to the BSA compliance officer or their supervisor that it was completed. 

 

Member Identification & Due Diligence 

The identification of members and a credit union's due diligence in noting their risk and financial profiles are also important pieces of a BSA program. Each will be explained more thoroughly in an upcoming email.
ADDITIONAL CONSIDERATIONS

Resource Sharing


Regulators, including NCUA, issued an interagency statement, reminding financial institutions that they can "use collaborative arrangements to pool human, technology, or other resources to reduce costs, increase operational efficiencies, and leverage specialized expertise."


The intention of sharing and collaborating is to reduce expenses and resources devoted to BSA compliance efforts required of all financial institutions. Examples given include sharing a compliance officer, providing independent testing for one another's institutions, or assisting with training.


This can be especially beneficial for credit unions who may not have dedicated compliance personnel and work with limited resources.

Board Role


Your board of directors is required to review and approve the credit union's BSA policy every year at a minimum. With the role of the ultimate oversight and responsibility for your BSA/AML program, the board needs to be briefed on any changes, deficiencies noted in audits and exams, adjustments made to policy or regulation, and other pertinent factors. 

 

The board review and approval of the program should always be documented in the board minutes. That review may be scheduled to coincide with the board's annual BSA training or can be done at a different time.


Detailed documentation in the minutes is suggested because if it is not in the minutes, necessary conversations to show the oversight didn't happen in the eyes of

regulatory agencies.

BSA Policy


In addition to the main program components and your risk assessment, a BSA policy might contain other topic areas of focus: 



-Member Due Diligence

-Beneficial Ownership

-Enhanced Due Diligence

-Member Identification Procedures

-Beneficial Ownership Collection

-Monitoring High-Risk Accounts

-Reporting

-Recordkeeping

-Information Sharing

-Serving Marijuana-Related Businesses


CU PolicyPro has sample policies relevant to Bank Secrecy Act and MRBs (marijuana-related businesses). The standard BSA/AML policy is #2110, and there are also policies for servicing MRBs (#2112), not servicing MRBs (#2113), and Hemp-Related Accounts (#2111).

"Innovation has the potential to augment aspects of banks' BSA/AML compliance programs, such as risk identification, transaction monitoring, and suspicious activity reporting."

Joint Statement on Innovative Efforts to Combat Money Laundering and Terrorist Financing

Next Topic

MEMBER IDENTIFICATION PROCEDURES

Access the 2024 BSA email series archive on our Compliance Training Tools page after each email sends. You'll also find other BSA and compliance training webinars and materials.

Donya Parrish, VP Risk Management | donya@mcun.coop | 406-459-3497

Montana's Credit Unions | 101 N Rodney St. | Helena, MT 59601 US

Unsubscribe | Constant Contact Data Notice