Audit Program Bank Secrecy Act and Anti-money Laundering

[Pages:132]Audit Program Bank Secrecy Act and Anti-money Laundering

W/P REF.

DONE DATE BY

Section A - Administration

Audit Objective Determine that the bank has developed, and administers and maintains a program that ensures and monitors compliance with the Bank Secrecy Act anti-money laundering regulations.

Audit Program

1.

Determine that the bank has implemented a compliance program

designed to assure and monitor compliance with the recordkeeping

and reporting requirements of the Bank Secrecy Act (BSA) and its

anti-money laundering (AML) regulations. Determine that program

policies and procedures are:

Documented in writing. Approved by the board of directors and noted in the board minutes. Reaffirmed annually as required by policy. Updated to reflect changes in the law and operations.

2.

Obtain and review the BSA/AML compliance program and

determine that the contents of the compliance program provide for

the following:

System of internal controls to ensure ongoing compliance. Independent compliance testing conducted by either bank personnel or an outside party. Designation of a qualified individual(s) responsible for coordinating and monitoring day-to-day compliance. Training for appropriate personnel.

3.

Determine that the bank's AML policies address the following:

The various types of money laundering. Compliance with BSA and related AML laws and regulations. A "know your customer" program. High-risk activities, businesses, and foreign countries commonly associated with money laundering.

4.

Determine that the board of directors has appointed a BSA/AML

officer.

Through discussions with the BSA/AML officer, determine and document the duties and responsibilities assigned to this position. If responsibilities for compliance with various aspects of BSA/AML have been delegated to other individuals or departments, determine and document their role.

Audit Program Bank Secrecy Act and Anti-money Laundering

5.

Determine that the bank provides periodic training for appropriate

personnel regarding their responsibilities under BSA/AML. Training

should include, but not be limited to, tellers, platform, lending

personnel, trust personnel, wire room, and bookkeeping personnel.

Note dates of training session performed during the audit period and determine that the frequency of the training is adequate and that training is ongoing. Review documentation relevant to the scope of training sessions and determine the adequacy of such training based upon the targeted audience.

6.

Determine that the bank retains copies of the following records for a

minimum of five years:

Cash Transaction Reports (Form 4789). Exemption lists. Designation of exempt persons. Biennial filings. Annual reviews. Monetary instrument logs. Report of International Transportation of Currency or Monetary Instruments (Form 4790).

NOTE: When a customer is removed from the exempt list, the request for exemption is to be maintained for five years after removal from the list.

7.

Summarize results of testing and conclude as to whether the audit

objective has been met.

Section B - Customer Identification Program and Foreign Banking Relationships

Audit Objectives To determine compliance with Section 326 of the USA Patriot Act, requiring financial institutions to implement a customer identification program. To determine compliance with foreign correspondent and private banking relationships and information sharing.

Audit Program Customer Identification Program (CIP)

1.

Determine whether the bank has developed and implemented a

CIP for all new customers.

2.

Obtain and review CIP policy/procedures. Verify compliance with

the following requirements:

Program is documented. Program is approved by the board of directors and is incorporated into the bank's BSA program. Program includes identification and verification of new accounts

Audit Program Bank Secrecy Act and Anti-money Laundering

recordkeeping and comparison against government list of known or suspected terrorists.

USA Patriot Act

1.

Determine whether the bank maintains correspondent account

relationships with foreign banks.

If so, ensure the bank prohibits foreign shell banks from maintaining a correspondent account. If not, determine whether the bank's BSA/AML policy/procedures address this area.

2.

Determine whether the bank maintains private banking

accounts.

If not, determine whether the bank's BSA/AML policy/procedures address this area.

3.

Summarize results of testing and conclude as to whether the

audit objective has been met.

Section C Office of Foreign Assets Control

Audit Objective To determine that the bank complies with the Office of Foreign Assets Control (OFAC) regulations prohibiting specific transactions with targeted countries and individuals or entities that are known to be acting on behalf of targeted countries.

Audit Program

1.

Determine that the bank has written policies and procedures for

complying with OFAC laws and regulations.

2.

Determine who has been delegated responsibility for compliance

with OFAC and for overseeing blocked funds.

3.

Determine and document the procedures for filtering transactions

for possible OFAC violations as follows:

New deposit accounts. Established deposit accounts. New loans. New trust relationships. Wire transfers. Letters of credit.

4.

Determine and document procedures for maintaining a current list

or database of blocked countries, entities, and individuals and

disseminating such information throughout the bank.

Ensure the list/database is up-to-date with foreign countries that the United States has imposed economic sanctions. Ensure the list/database contains specific sanctions by each individual foreign country, with a synopsis of the types of activities prohibited or severely limited.

Audit Program Bank Secrecy Act and Anti-money Laundering

Confirm the availability of the list/database to deposit, lending, wire, and operational personnel.

5.

Verify the bank rejects funds transfers that are remitted (outgoing):

By or on behalf of a blocked entity or individual. To or through a blocked entity. In connection with a transaction in which a blocked entity or individual has an interest.

6.

Verify that reports on rejected transactions are sent to OFAC within

10 days and include the following:

Name and address of the financial institution requesting the transfer. Date and amount of transfer. Photocopy of the transfer or payment. Reason for rejection. Name and telephone number of compliance personnel at the bank who has knowledge of the transaction. Name and address of the beneficiary bank.

7.

Ensure bank procedures require the following when a payment

order governed by OFAC is received (incoming):

The bank accepts the instruction. Debits the customer's account. Blocks the payment on the books.

NOTE: The bank may not reject the instructions and cannot accept a customer's cancellation of the original instructions. "Suspense" accounts should not be used. The only manner that the bank can process a transfer related to a targeted country is if the underlying transaction is authorized by general or specific license from OFAC.

8.

Ensure that procedures require that transferred funds are blocked

and placed in interest bearing accounts that the bank maintains an

audit trail.

9.

Verify that if the bank is holding blocked property, it reports to

OFAC such property within 10 business days from the date that the

property becomes blocked along with a copy of the transfer

instructions.

10. Review any reports of blocked funds remitted during the audit period and verify the following has been provided:

Financial institution's name and address. Identification of the property. The owner of the account. Property address and location. Account number. Value of the account. Blocking data. Photocopy of the transfer or payment instructions.

Audit Program Bank Secrecy Act and Anti-money Laundering

Confirmation that the funds have been deposited into a blocked account. The identity of the individual or entity subject to be blocking should be clearly identified. Name and phone number of compliance personnel at the bank who has knowledge of the transaction. Date of report.

11. If blocked property is maintained, determine that an annual report of blocked property held as of June 30 is filed with OFAC by September 30 using Form TDF 90-22.50.

12. Determine the bank releases funds from accounts that have been blocked only with specific authorization from the U.S. Treasury Department.

13. Determine that records relating to blocked property are retained for five years after the date property is unblocked and are made available to the U.S. Secretary of the Treasury upon request. All other records must be retained for five years after the date of the transaction.

14. Determine the bank is prepared to report to OFAC complete information relative to any transaction or property in which any foreign country or any foreign national has any interest in, including books of accounts, contracts, letters, or other papers connected with any such transaction.

15. Summarize results of testing and conclude as to whether the audit objective has been met.

Section D - Funds Transfers

Audit Objective To determine that procedures are in place to ensure compliance with recordkeeping requirements for funds transfers in the amount of U.S. $3000 or more.

Audit Program Suspicious Funds Transfer Monitoring

1

Determine and document the procedures in place to monitor for

accounts with frequent cash deposits and subsequent wire

transfers of funds to a larger institution or out of the country.

2.

Determine and document the procedures in place to monitor funds

transfer activity for unusual patterns that might not be consistent

with the nature of the business or occupation of the customer.

Ensure written procedures have been developed, and include the

following in your review:

The method for capturing the data to be analyzed manual or automated. The frequency at which the captured data is compiled and submitted to the BSA officer for review. Include the scope of the BSA officer's review and action taken when unusual patterns are identified that require additional research (e.g., additional research of customer activity, knowledge of

Audit Program Bank Secrecy Act and Anti-money Laundering

customers' business, involvement of account officer, or suspicious activity reporting.)

3.

Determine that the wire transfer database used for analysis by the

BSA officer is complete.

If the process is manual, select a sample of wire transfers (incoming and outgoing) from the wire transfer request forms and ensure the wires were properly entered into the manual database. If the process is automated, select a sample of wire transfers (incoming and outgoing) to ensure system interfaces are working properly.

4.

Review the BSA officer's periodic analysis of wire transfer activity.

Discuss with the BSA officer the nature of the analysis performed,

and ensure it considers, at a minimum, the following red flags:

A high volume of international wire activity processed by the bank. Customers sending/receiving high volumes of wires, both domestic and international. Customers sending/receiving wires from foreign/unregulated money exchange houses. Customers sending/receiving wires from non-cooperative countries. Noncustomer activity, including pay-upon-proper-IDs. Unusual wire activity, such as customers receiving small dollar wires followed by large outgoing wires. High volume of wires for whole dollar amounts.

5.

Review the results of the BSA officer's monitoring procedures and

ensure monitoring is adequately documented and contains

evidence of appropriate research. In addition, ensure that

conclusions are well documented and that SARs are filed, if

appropriate.

6.

Summarize results of testing and conclude as to whether the audit

objective has been met.

Section E - Filing of Currency Transaction Reports (CTRs) and Currency and Monetary Instrument Reports

Audit Objective To determine that adequate procedures are in place to ensure the identification and reporting of currency transactions greater than U.S. $10,000 to the U.S. Internal Revenue Service (IRS).

Audit Program

1.

Determine if the bank has received a U.S. Treasury Department

targeting order. If it has, consider scope modifications.

2.

Document the process followed to ensure all reportable

transactions are identified, being sure to include the following

information:

Audit Program Bank Secrecy Act and Anti-money Laundering

How tellers process cash transactions to ensure transactions >$10,000 are captured by the system as reportable transactions. Determine whether currency/coin exchanges are processed to ensure these amounts are captured and aggregated with other cash-in and cash-outs of the customer (i.e., customer deposits to an account and obtains a coin order.) The various BSA reports with an explanation of how each report is used. NOTE: Determine whether exception reports are available and whether they are being used and reviewed regularly. The process management uses to ensure a properly completed CTR is filed on time. The process for correcting currency transaction report errors before filing with the IRS, including procedures for tracking errors by branch/employee, and action taken to address training issues.

3.

From the applicable system reports used by management to

identify reportable transactions, randomly select 20 cash

transactions greater than $10,000 from the most recent six-month

period. Ensure that CTR forms were filed for all reportable

transactions, or that reasons for not filing a CTR are documented

and are reasonable (i.e., exempt transaction; not a cash

transaction.) In addition, ensure CTRs are completed in accordance

with the guidelines.

4.

Review the CTRs selected in Step 3 above and select 10 additional

CTRS filed by the bank in the most recent 6 month period. Include

different types of reportable transactions and CTRs originated from

various sources. Ensure that:

The most recent version of the IRS form is in use. All applicable areas of the CTR form were properly completed. Each CTR was signed and dated by the preparer and reviewer. The CTR was filed within 15 calendar days following the date of the transaction.

5.

Review all correspondence from the IRS or Treasury regarding

incorrect or incomplete CTRs returned for corrective action since

the last audit. Ensure the bank has implemented appropriate

corrective action and filed the report within 20 calendar days.

6.

Determine whether the bank has physically transported currency or

monetary instruments totaling more than $10,000, on its own

behalf, into or out of the United States. If so, verify that a Currency

and Monetary Instruments Report - Form 4790 was filed with the

U.S. Customs Service as follows: (31 CFR 103.25)

The bank filed Form 4790 with the Commissioner of Customs at the time currency or other monetary instruments exceeding $10,000 was transported, mailed, or shipped from the United

Audit Program Bank Secrecy Act and Anti-money Laundering

States to any place outside the United States, or into the United States from any place outside the United States.

The bank filed Form 4790 within 15 days after receipt when it received U.S. currency (or other monetary instruments) in an aggregate amount exceeding $10,000 on any one occasion, which was transported, mailed, or shipped to the bank from any place outside the United States, in which a form had not previously been filed.

7. Determine whether there is a procedure to identify and report suspicious transactions or pattern of activity to the BSA officer.

8. Determine whether the bank performs a periodic review of currency shipments to and from the Federal Reserve Bank, correspondent banks, and between branches over a period of time (at least 3 months) to determine that the volume appears reasonable.

9. Summarize results of testing and conclude as to whether the audit objective has been met.

Section F - Exemption List and Designation of Exempt Persons

Audit Objective To determine that exemption procedures are in compliance with the administrative exemption rules.

Audit Program

1.

Determine whether the bank maintains a centralized list of

customers who are exempt from CTR requirements.

2.

Obtain and review the centralized list to ensure that only the

following permitted exemptions are included:

Domestic banks. Federal, state, and local government agencies and any entity exercising governmental authority (powers to tax, exercise the authority of eminent domain, or exercise police powers). Any entity listed on the New York Stock Exchange, American Stock Exchange, or NASDAQ Stock Market (franchises are not included.) Subsidiaries of a listed entity (provided the listed entity owns 51 percent.) Non-listed businesses (includes franchises of a listed business.) Businesses that make frequent cash withdrawals for payroll purposes.

3.

Review the bank's "designation of exempt persons" procedures for

adequacy.

4.

Select a sample of 10 "exempt persons" exempt since the prior

audit from the centralized list. Include each type and test for

compliance with the exemption rules, as follows:

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download