Risk Management

The risk management topic of the BSA section of the Examiner's Guide addresses:

• People

• Policies and Procedures

• Technology

People

Bank Secrecy Act Officer

Under NCUA regulation § 748.2(c)(3), FICUs are required to designate an individual responsible for coordinating and monitoring day-to-day BSA compliance. This individual is generally referred to as the BSA officer or BSA compliance officer. Examiners assess whether the BSA compliance officer has the knowledge, authority, independence, and resources to administer an effective compliance program.

Board of Directors

The board of directors, acting through senior management, ensures the credit union has an effective compliance program. Under NCUA regulation § 748.2(c)(3), the board must designate a qualified individual to serve as the BSA compliance officer. The board oversees senior management and the BSA officer, and ensures the BSA officer has the authority, independence, and resources to fulfill the responsibilities of this position.

NCUA regulation § 748.2(c)(4) requires BSA training for appropriate personnel. The board of directors must receive foundational training and should be informed of changes and new developments in the BSA, including supervisory guidance.

Senior Management

While the board of directors ensures that the credit union has a comprehensive and effective compliance program, senior management implements the board-approved compliance program.

Under NCUA regulation § 748.2(c)(4), senior management must receive training in the BSA and should be informed of changes and new developments in BSA compliance or requirements, including supervisory guidance.

Other Credit Union Employees

Under NCUA regulation § 748.2(c)(4), FICUs must provide BSA training for all personnel whose duties require knowledge of the BSA or involve some aspect of BSA compliance. Examiners evaluate whether all personnel whose duties require knowledge of the BSA are included in the BSA training, focusing on whether the training is tailored to the individual's specific responsibilities. For more information, see the Training topic in this section and the BSA/AML Training section of the FFIEC BSA/AML Examination Manual.

For additional information, see the Responsible Individual / BSA Officer topic in this section and the BSA Compliance Officer section of the FFIEC BSA/AML Examination Manual.

Policies and Procedures

NCUA regulation § 748.2(b), Establishment of a BSA compliance program, requires FICUs to have a written, board-approved compliance program that is reflected in the credit union’s minutes. When following best practices, credit union management regularly reviews BSA policies and procedures, updating them as needed to reflect changes in the credit union’s BSA/AML risk profile and remain current with any changes in regulations.

For more information, see the Assessing the BSA/AML Compliance Program section of the FFIEC BSA/AML Examination Manual.

Technology

Many credit unions use technology to enable their compliance programs. As part of scoping and planning for a BSA review, examiners develop an understanding of the credit union’s IT sources, systems, and processes used in its compliance program.

Credit union IT systems may:

• Include reports or automated program alerts to identify large currency transactions or suspicious activity

• Aggregate daily currency transactions

• Record monetary instrument sales and funds transfer transactions

• Provide analytical and trend reports

For more information, see the Currency Transaction Reporting and Exemptions and the Currency Transaction Reporting sections of the FFIEC BSA/AML Examination Manual.

Suspicious activity monitoring systems typically include employee identification or referrals, transaction-based (manual) systems, surveillance (automated) systems, or any combination. Examiners verify that credit unions using automated systems to monitor and detect suspicious activity have a good understanding of that technology. Third-party model validation can provide examiners with assurance the BSA/AML modeling software is detecting potentially suspicious activity and operating effectively.

For more information, see the Suspicious Activity Reporting topic in this section and the Suspicious Activity Reporting section of the FFIEC BSA/AML Examination Manual.

Last updated on February 02, 2023