With new leadership at the CFPB, OCC and FDIC, one may put training expenditures on the back burner thinking regulatory relief may make training not an every‐year mandate. Until you see relief in a regulation or rule change, don’t make any assumptions because training exceptions are BSA Pillar violations. Remember, a pillar violation can trigger an enforcement action since banks are still operating under a “zero” tolerance policy.
Also, senior‐level management, under the direction of the Board of Directors, is ultimately responsible for maintaining effective Bank Secrecy Act/Anti‐Money Laundering (BSA/AML) internal controls. As part of the internal control pillar structure, training should be effectively designed commensurate with the size, structure, risk, and complexity of each institution. It is essential that all employees be aware of their BSA responsibilities regarding the regulation, as well as internal bank policies and procedures.
Who should be included in BSA training?
Board of Directors
The Board of Directors has an obligation to provide adequate BSA/AML oversight, approve BSA/AML policies, procedures, processes, and provide sufficient BSA/AML resources. Therefore, the Board needs to have a basic understanding of the importance of the regulatory requirements, the bank’s risks exposure and non‐compliance penalties that ultimately affect CAMELS ratings. Examiners don’t expect Boards to know how to complete a CTR or SAR, but they expect execution of governance duties, such as oversight, awareness of the bank’s risk exposure, risk assessment effectiveness of controls and remediation of deficiencies. Also, Boards need to support the allocation of appropriate resources to comply with the four current pillars and the fifth pillar taking effect in May 2018.
Senior Management
Senior Management, including those not directly related to the BSA functions, must be aware of the principles of the regulation and the compliance functions related to those principles. Members of Senior Management should be educated on the fundamentals of BSA and be made aware of the bank’s challenges, concerns to implement effective policies and procedures, and enterprise risk exposure. By taking visible action and participating in ongoing training, Senior Management sets the tone and the commitment to a “culture” of BSA compliance amongst staff. FinCEN stresses a culture building policy in the 2014 Advisory to U.S. Financial Institutions on Promoting a Culture of Compliance.
New Employees
New hires involved with BSA should receive training that provides an overview of the BSA/AML requirements. This is typically completed during a new employee’s initial orientation period, or with other orientation training prior to the start of employment. It is essential that employees handling cash transactions and those with customer contact receive training prior to performing such functions to understand the required recordkeeping and reporting requirements. Since new staff has a lot to learn in a short time, a follow‐up training program should be conducted that goes beyond generalities. It is important to not only understand regulatory requirements, but how they apply to actual job duties. In addition, the bank’s policy should establish reasonable timelines for new employee BSA training.
Existing Employees
All staff whose duties require knowledge of Secrecy functions should receive annual training in areas that are applicable to their job functions. Ongoing training should incorporate the importance placed on this compliance with BSA as well as current developments and regulatory changes to the BSA and other related regulations, such as the soon‐to‐be‐effective beneficial ownership rules. Training should also cover any bank changes to policies, procedures or processes regarding the BSA.
BSA Compliance Officer
While it is typical for BSA Compliance Officers to receive the same training as existing employees, it is also essential that they attend advanced training. It should include relevant‐periodic training regarding new and old regulatory requirements pertinent to the bank, changes to such, impact on the bank’s overall risk profile, current trends and recent regulatory actions. Enforcement actions should be discussed in training to identify if similar vulnerabilities exist at the bank.
This advanced training requirement goes beyond the BSA Officer. It often takes multiple individuals to ensure that internal controls work, so don’t forget BSA support staff because they are the initial line of defense for BSA compliance. This includes individuals who prepare enhanced due diligence reviews, automated system alert reviews or staff involved in the SAR decision process.
What should be covered in training?
Training should be risk‐based and geared to specific job functions and the bank’s internal policies and procedures. Internal rules may be more stringent than regulatory requirements based on the bank’s risk profile. Training documents should include definitions and examples of money laundering and suspicious activity specific to each business unit or job function. In addition, training should include FinCEN’s examples of money laundering trends described in geographical target orders affecting the fashion, electronic firms and real estate title companies. Additionally, including instances of recent enforcement actions for noncompliance can serve as a valuable tool in establishing an understanding of the launderers’ schemes.
Training can be accomplished through a variety of sources. Some banks choose online course modules establishing minimum passing grades to ensure comprehension; if some staff fail to pass with the minimum score, procedures should describe the bank’s actions. Other banks choose more manual processes such as in‐person staff training; these training programs must include some form competency test. Outside training events also serve as a valuable tool for accomplishing the required training task. Generally, a combination of methods is used to provide training to all required participants.
TCA’s best practice recommendation is to ensure training documentation is maintained. Often, bankers tell TCA they send out periodic newsletters, make presentations at staff meetings or send periodic BSA‐related emails. However, when asked for records, bankers say these valuable sources of information are not documented.
What competency questions should staff be able to answer?
Could your staff answer these questions accurately?
- What does BSA stand for?
- What are the three stages of money laundering?
- Who is the bank ’s BSA Officer?
- How is suspicious activity referred for further investigation?
- What is one example of suspicious activity based on your job function?
If you are not sure your staff can answer these questions, let TCA help! TCA offers a wide variety of options when it comes to fulfilling the training responsibilities of directors, management, BSA Officers, and BSA staff. Whatever your method of choice, we can help. Let us assist you in customizing training specific to your institution. We have a dedicated team of BSA professionals ready, willing, and able to provide interactive training. Call us today to see how we can help!
