Independent Testing

NCUA regulation § 748.2(c)(2) requires FICUs to conduct independent testing of their AML/CFT programs. The purpose of the testing is to assess the overall adequacy of a credit union’s AML/CFT program and compliance with regulatory requirements. The frequency of a credit union's testing is not specified in regulation. A credit union generally aligns the frequency of testing with its ML/TF risk profile.

Only individuals who are not involved in BSA-related functions at the credit union have the independence to conduct the testing, such as:

  • The internal audit department

  • Outside auditors

  • Consultants

  • Supervisory committee

  • Other qualified independent parties

Examiners review independent testing documentation and supporting workpapers. Ideally, credit union management reports promptly to the board of directors or designated board committee on deficiencies noted during the independent testing and the associated corrective actions.

Examiners:

  • Review the scope of the independent testing, as needed, to verify it covers all higher-risk products and services offered, and the FOM and geographic locations served

  • Determine if there is enough information to reach a conclusion about the overall adequacy of the AML/CFT program and compliance with BSA regulatory requirements

  • Review the results of the independent testing and management’s remediation plan to address any deficiencies

Examiners may also evaluate the independence, expertise, and qualifications of the individual(s) conducting the testing, when applicable.

For more information, see the BSA/AML Independent Testing section of the FFIEC BSA/AML Examination Manual.

Last updated on August 19, 2024