Docstoc

BSA Compliance Audit Program

Document Sample
BSA Compliance Audit Program Powered By Docstoc
					Cert #XXXXX

BANK NAME

Date: XX/XX/XXXX

BANK SECRECY ACT COMPLIANCE WORKPROGRAM OVERALL PROGRAM BSA OFFICER 1. Obtain the name, title, and other relevant personal information. A resume is recommended for the work papers. 2. Determine if the BSA Officer is an outside member of the Board of Directors/Trustees. 3. If the BSA Officer is not a member of the Board, does he/she have policy making authority? 4. Does the BSA Officer present findings and recommendations to the Board? BSA POLICY 1. Does the policy identify reportable transactions? 2. Does the policy describe the required reports to be filed, including deadlines? 3. Is there some instruction about how to fill the reports out accurately? 4. Is there a description about how

RESULTS OF REVIEW

REFERENCES

RESULTS OF REVIEW

REFERENCES

Cert #XXXXX

BANK NAME

Date: XX/XX/XXXX

BANK SECRECY ACT COMPLIANCE WORKPROGRAM exemptions are properly granted and recorded? 5. Are internal controls described in the policies, such as dual control and separation of duties? 6. Are the different money laundering techniques explained with examples? Placement, including Structured Transactions. Layering Integration 7. Does the policy identify higher-risk activities, businesses, locations, and countries? 8. Does the policy address the responsibilities of the different departments of the bank, including: Teller Operations Sales of Monetary Instruments New Accounts Loan Department

Cert #XXXXX

BANK NAME

Date: XX/XX/XXXX

BANK SECRECY ACT COMPLIANCE WORKPROGRAM Trust Department Safe Deposit Box Rental Correspondent Banking Private Banking International Banking Discount Brokerage NDIPs Deposit Broker Relationships Electronic Banking Wire Transfer Telephone Banking

BSA/ANTI-MONEY LAUNDERING TRAINING 1. Obtain records of all BSA/Anti-Money Laundering Training programs presented by the bank to the personnel. 2. Did the training include the different forms of money laundering as shown below? Placement—First stage. Physically moving bulk cash into the financial system in a way that will minimize suspicion.

RESULTS OF REVIEW

REFERENCE

Cert #XXXXX

BANK NAME

Date: XX/XX/XXXX

BANK SECRECY ACT COMPLIANCE WORKPROGRAM

Placement can use different approaches: Structured Transactions— Series of transactions under $10,000, use of wire transfers, purchasing money orders, cashier’s checks, etc. with cash. Commingling Smuggling Layering—Moving funds after placement in the bank. Wiring some of funds many times to different people. Purchasing monetary instruments with cashier’s checks. Integration—Bringing laundered funds back. 3. Is there documentation of both initial and ongoing training? 4. Do all new hires obtain the training? 5. Does everyone receiving training sign off on the training. 6. Cite the dates of all training sessions at the bank. 7. Ascertain if some bank officers and

Cert #XXXXX

BANK NAME

Date: XX/XX/XXXX

BANK SECRECY ACT COMPLIANCE WORKPROGRAM personnel obtained outside training. 8. Obtain documentation of outside training. 9. Does training include details about the information to be obtained in the Customer Identification Program? 10. Does training include the filing of the relevant reporting documents? Suspicious Activity Report (SAR) Currency Transaction Report Currency Import/Export Report 11. Does the training cover the CUSTOMER IDENTIFICATION PROGRAM (CIP)? What forms of identification are required? Verification Procedures? 12. Does the training include the lines of authority and reporting in the

Cert #XXXXX

BANK NAME

Date: XX/XX/XXXX

BANK SECRECY ACT COMPLIANCE WORKPROGRAM bank?

INDEPENDENT COMPLIANCE TESTING 1. Is testing completed at least annually? 2. Who is responsible for the testing? 3. Is the person doing the compliance testing independent of management? 4. Is there an antimoney laundering risk assessment completed? 5. Does the testing include all aspects of the program, including training? 6. List the dates of the reports obtained and reviewed. 7. Were any weaknesses cited in the compliance audit reports? 8. Were the weaknesses reported to the Board and corrected? 9. Review the Audit Work Program to determine if all the

RESULTS OF REVIEW

REFERENCE

Cert #XXXXX

BANK NAME

Date: XX/XX/XXXX

BANK SECRECY ACT COMPLIANCE WORKPROGRAM policies and procedures were tested. 10. Review the Audit Schedule to determine when each element of the policies and procedures is to be reviewed. 11. Determine from working papers, questionnaires, and other documents generated from the independent review, if the following areas were adequately tested: a. BSA Reporting Requirements, such as: CTR SAR b. Exemptions complied with rules and regulations. c. Customer Identification Program. d. Suspicious Activity Reporting e. BSA Record Keeping Requirements are in compliance. f. Funds Transfers. g. High risk activities.

Cert #XXXXX

BANK NAME

Date: XX/XX/XXXX

BANK SECRECY ACT COMPLIANCE WORKPROGRAM h. Compliance with information sharing requirements under USA PATRIOT Act, Title III, Section 314. i. Retention of required records. j. Customer due diligence. 12. Determine if the independent review test the accuracy of the information system used to capture large transactions. 13. If there is no software used to capture large transactions, determine if independent review includes sample test check of tellers’ cash proof sheets. Trace large transactions on these manual records to the required reporting of large transactions. 14. Ascertain if the independent review found any errors, violations and deficiencies. Determine if they were properly resolved. CUSTOMER IDENTIFICATION PROCEDURES 1. Does the bank have a formal Customer Information Policy approved by the Board? 2. Determine if the policy requires that the following RESULTS OF REVIEW REFERENCES

Cert #XXXXX

BANK NAME

Date: XX/XX/XXXX

BANK SECRECY ACT COMPLIANCE WORKPROGRAM identifying data be obtained from each customer: a. Name b. Date of Birth c. Address d. Taxpayer Identification Number (Social Security number or Employer Identification Number) or application for one for US Citizens. e. Taxpayer Identification Number, passport number, alien identification card number, or number and country of issuance of identification documentation of another country that is not expired for legal resident aliens. f. For a corporation or other business entity documents that should be obtained include f-1. Articles of Incorporation or Partnership agreements. f-2. Unexpired government business license. f-3. Trust Instrument. 3. The CIP includes procedures for comparing a customer’s name with government lists of suspected terrorists and

Cert #XXXXX

BANK NAME

Date: XX/XX/XXXX

BANK SECRECY ACT COMPLIANCE WORKPROGRAM terrorist organizations. VERIFICATION OF CUSTOMER IDENTITY Verification Through Required Identification Documents. 1. Ascertain if the CIP identifies the documents the bank will use to verify customer identity. 2. Determine that the policy address the availability of counterfeit identity documents and provide reasonable steps to make a reasonable judgment about the customer’s identity. Verification By Means Other Than Identity Documents. 1. Determine if the bank permits identification through means other than identity documents. 2. If the bank uses means other than documents ensure that the means are described in the CIP. INABILITY TO VERIFY CUSTOMER IDENTIFY 1. Circumstances in which and account will not be opened are described in the CIP. 2. Limitations imposed on the use of the account until RESULTS OF EXAMINATION REFERENCES

Cert #XXXXX

BANK NAME

Date: XX/XX/XXXX

BANK SECRECY ACT COMPLIANCE WORKPROGRAM identity is verified. 3. When the account will be closed if the identity is not determined. This should be a DATE CERTAIN. 4. When a Suspicious Activity Report should be filed.

ADEQUATE NOTICE RESULTS OF REVIEW OF CUSTOMER INFORMATION PROCEDURES Ascertain if the bank has an adequate means of notifying customers that it is requesting information to verify identity. 1. The notice includes bank’s identification requirements. 2. The notice adequately explains the reason for verifying the identity of a customer. CUSTOMER INFORMATION POLICY RECORD KEEPING REQUIREMENTS 1. For accounts other than credit cards, identification documents retained for five years after account closed. 2. Credit card customer identification records kept for five years after account dormant or closed.

REFERENCE

Cert #XXXXX

BANK NAME

Date: XX/XX/XXXX

BANK SECRECY ACT COMPLIANCE WORKPROGRAM

3. Documents relied on to verify customer identity kept for five years after record made. 4. Method and results of verifying identity kept for five years. 5. Results of any discrepancy discovered when verifying identity kept for five years. CURRENCY TRANSACTION REPORTS AUDIT 1. Start the audit by obtaining the list of exempted entities. 2. Complete the work programs “Test of Exempted Entities” and “Background of Exempted Entities” to ensure all exemptions are permissible.

3. Obtain copies of software reports that capture reportable currency and monetary instruments transactions. Examples include a Large Transactions Report or Transactions Over $3,000 Report. The transactions over $3,000 could be in either currency or monetary instruments, such as money orders, cashiers checks, drafts, bank checks, travelers’ checks. Multiple purchases during one

Cert #XXXXX

BANK NAME

Date: XX/XX/XXXX

BANK SECRECY ACT COMPLIANCE WORKPROGRAM business day of $3,000 or more are treated as one transaction. 4. Does the software capture multiple transactions that total over $10,000? 5. Obtain reviews and articles about the software by accessing GOOGLE or some other search engine. Any technical problems cited in the articles should be mentioned here and in reports to management. 6. What is the latest version of the software? 7. Does the bank have the latest version? 8. Manual Capture of Transactions: a. Ascertain manual method of capturing currency and monetary instrument transactions. Such methods can include teller records and logs of monetary instrument sales. b. Run the same traces from the report capturing the transactions to the CTR required. 10. Trace captured transactions from the reports to CTRs reporting the transactions.

Cert #XXXXX

BANK NAME

Date: XX/XX/XXXX

BANK SECRECY ACT COMPLIANCE WORKPROGRAM 11. If there are any unreported transactions, seek information from management about why the transaction was not reported. 12. List unreported transactions that should have led to the production of a CTR. 13. On the sale of monetary instruments totaling $3,000 or more, is the following information retained by the bank: a. Name of purchaser. b. Date of purchase. c. Types of instruments purchased. d. Serial numbers of instruments purchased. e. Dollar amount of each instrument. f. Method of identifying the purchaser. Can be the method of identifying a bank customer when account was opened. If not a regular bank customer, the following should be retained: a. Name and address of purchaser.

Cert #XXXXX

BANK NAME

Date: XX/XX/XXXX

BANK SECRECY ACT COMPLIANCE WORKPROGRAM b. Social Security number or Alien Identification Number. c. Date of Birth of purchaser. d. Serial numbers of instruments purchased. e. Type of instruments purchased. f. Dollar amount of each instrument purchased. g. Method of verifying the identity of the purchaser. 14. Are the required records maintained for five years? 15. What media are used for storing the records? 16. If CDRs, ascertain their quality and capability of maintaining data for up to five years. Some CDRs have not held data for that long. Management should be made aware of the CDR problem and plan accordingly. An additional back-up system, such as paper, microfilm, tape, zip drive, or stand alone PC hard drive should be suggested. ANNUAL REPORT OF FOREIGN BANK TRANSACTION ACCOUNTS (TREASURY FORM 90-

Cert #XXXXX

BANK NAME

Date: XX/XX/XXXX

BANK SECRECY ACT COMPLIANCE WORKPROGRAM 22.1)

1. Request a copy of the report. 2. This report should reveal each person who has a financial interest in, signature authority over, bank, securities, or other financial accounts in any foreign country, not just a “criteria” foreign country. CURRENCY SHIPMENTS INTO OR OUT OF THE UNITED STATES (US CUSTOM FORM 104) 1. Is the requirement to file US Customs Form 104 part of the bank’s policy and procedures? 2. Ascertain if there is any evidence of such currency shipments. Search out any reports of large cash transactions as the reporting threshold is $10,000 or more being exported out of the US or imported into the US. SUSPICIOUS ACTIVITY REPORTING (SAR) AUDIT 1. Obtain copies or originals of all SAR filed since the previous audit. 2. Use the large currency transaction report, whether computerized or manual, to determine if the large

Cert #XXXXX

BANK NAME

Date: XX/XX/XXXX

BANK SECRECY ACT COMPLIANCE WORKPROGRAM transactions generated a SAR. 2. Obtain copies of Suspect Check Kiting Reports, whether computerized or manual. 3. Determine if suspect kiting schemes generated SAR filings. If any of them did not, determine why a SAR was not filed in each case. a. Is a bank insider or employee involved? b. Does the transaction involve an amount over $5,000? c. If over $5,000, does the activity involve suspected money laundering, terrorist financing, or other criminal activity in which at least one suspect can be identified (See check kiting, for example.)? d. Any criminal activity when involving an aggregate of $25,000 or more. 4. Ascertain if there is a Demand Deposit Activity Report generated by the information system particularly for large checks. 5. Obtain wire transfer logs. Review them to see if any should have resulted in

Cert #XXXXX

BANK NAME

Date: XX/XX/XXXX

BANK SECRECY ACT COMPLIANCE WORKPROGRAM a SAR. 6. Use SAR Timing Test Work Program to determine if SAR are being filed within 30 days of the discovery of suspicious activity. 7. Determine how the Board is informed of every SAR. 8. Is reporting each SAR to the Board part of the BSA Policy? 9. Note the date of each SAR filing, then trace to Board Minutes and supporting documentation to determine that the Board is informed of each SAR filed. 10. Determine how the BSA Officer tracks every SAR. 11. Determine who is responsible for filling out the SAR. 12. Ascertain if SAR filed with errors are properly corrected and resubmitted. Trace from the Treasury Department notification of an error in a SAR to the original SAR and to the corrected SAR. 13. If copies of SAR are made for the working papers, check to ensure all data identifying the suspects

Cert #XXXXX

BANK NAME

Date: XX/XX/XXXX

BANK SECRECY ACT COMPLIANCE WORKPROGRAM are REDACTED. The bank is not to reveal the subject of any SAR, and we do not want to be responsible for the identity of a SAR subject being leaked. WHEN A SAR IS NOT FILED Determine if there is documentation as to the reason a SAR is not filed.


				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:129
posted:4/1/2009
language:English
pages:19