TRENDING:

FFIEC Updates BSA Guidance

Banks Bracing for New Exam Requirements Tracy Kitten (FraudBlogger) • December 3, 2014    
FFIEC Updates BSA Guidance

For the first time since 2010, the Federal Financial Institutions Examination Council has released updated guidance about Bank Secrecy Act compliance requirements and money-laundering risks (see FFIEC Issues Revised BSA/AML Exam Manual).

See Also: Detect Application & Account Fraud Without Increasing Customer Friction

Although the guidance primarily consolidates advice already released by banking regulators and the Financial Crimes Enforcement Network, it's nevertheless significant, one fraud expert says.

The timing of the manual's update suggests 2015 regulatory exams will follow the updated BSA requirements noted in the new guidance, says Shirley Inscoe, an analyst at consultancy Aite.

"It's coming out toward the end of the year, so everyone can use it consistently in their 2015 exams, which is a good idea," she says. "In some areas of the world, regulators are finally more serious about money-laundering compliance. It's good to get updated procedures out to U.S. banks now that the rest of the world is taking this issue seriously."

But complying with these new requirements is going to be time-consuming and costly for institutions of all sizes, Inscoe says.

"The point I find fascinating is that we now have a 324-page exam document, not counting any of the appendices, index, etc.," she says. "Every financial institution has to spend numerous hours scouring over this document to ensure their program is in compliance and to prepare for exams. And we are only talking about one regulation. ... Compliance costs will lead to more mergers in coming months and years."

Guidance Highlights SARs, CTRs

The FFIEC's 2014 Bank Secrecy Act/Anti-Money Laundering Examination Manual, released Dec. 2, highlights 12 areas where institutions should be focused, including suspicious activity reporting, currency transaction reporting, and due diligence in relationships with third-party payment processors and nonbank institutions.

"Banks should take reasonable and prudent steps to combat money laundering and terrorist financing and to minimize their vulnerability to the risk associated with such activities," the FFIEC points out. "Some banking organizations have damaged their reputations and have been required to pay civil money penalties for failing to implement adequate controls within their organization, resulting in noncompliance with the BSA. ... The federal banking agencies' and FinCEN's commitment to provide guidance that assists banks in complying with the BSA remains a high supervisory priority."

Among the FFIEC's recommendations in the new guidance are:

  • Ensuring that BSA/AML staff are involved with all new product deployments as well as the review or termination of customer relationships;
  • Determining whether reliance on certain parties, such as car dealerships that provide loans, is reasonable; and
  • Addressing risks related to loans and payments offered through nonbank entities by limiting or restricting transaction types.

Other Advisories

In recent months, the Office of the Comptroller of the Currency, one of the FFIEC agencies, and FinCEN, a bureau of the U.S. Department of the Treasury, have issued a number of advisories and letters about banking regulators' increasing expectations for BSA compliance.

In March, Comptroller of the Currency Thomas Curry said during a presentation that senior banking executives are accountable for BSA compliance.

"When we look at the issues underlying BSA infractions, they can almost always be traced back to decisions and actions of the institution's board and senior management," Curry said. "They involve the culture of compliance within an organization, the resources committed to BSA compliance, the strength of the organization's information technology and monitoring process, and the quality of risk management."

And in August, FinCEN reiterated why regulatory examinations will be focused on ensuring C-level executives stay engaged and informed about emerging money-laundering risks. "A financial institution can strengthen its BSA/AML compliance culture by ensuring that its leadership actively supports and understands compliance efforts," FinCEN noted.

Banking executives must support efforts to manage and mitigate BSA/AML deficiencies and mandate that risks are not compromised by revenue interests, as well as ensure that relevant information from the various departments within the organization is shared with compliance staff to further BSA/AML efforts, FinCEN stated.

Tom King, vice president and compliance officer of QCR Holdings, a $2 billion company that owns and oversees four banking institutions in the Midwest, says BSA compliance has gotten renewed attention in the wake of fines and penalties against leading institutions such as JPMorgan Chase, TD Bank and HSBC for BSA violations.

"We are adding this to our Compliance Committee agenda for next month," King says. "We expect there will be more to come as we spend time digesting this material and putting their guidance into practice."

Previous
Defending Against 'Wiper' Malware
Next
Cybersecurity Seen as DoD Priority Under Carter

About the Author

Tracy Kitten

Tracy Kitten

Former Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

Kitten was director of global events content and an executive editor at ISMG. A veteran journalist with more than 20 years of experience, she covered the financial sector for over 10 years. Before joining Information Security Media Group in 2010, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.



Around the Network

Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
Properly Vetting AI Before It's Deployed in Healthcare
Properly Vetting AI Before It's Deployed in Healthcare
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.