Risk Management

The risk management topic of the BSA section of the Examiner's Guide addresses:

• Governance

• Policies and Procedures

• Technology

Governance

AML/CFT Officer

Under NCUA regulation § 748.2(c)(3), FICUs are required to designate an individual responsible for coordinating and monitoring day-to-day BSA compliance. This individual is generally referred to as the AML/CFT officer or BSA compliance officer. Examiners assess whether the AML/CFT officer has the knowledge, authority, independence, and resources to administer an effective AML/CFT program.

Board of Directors

The board of directors, acting through senior management, ensures the credit union has an effective AML/CFT program. Under NCUA regulation § 748.2(c)(3), the board must designate a qualified individual to serve as the AML/CFT officer. The board oversees senior management and the AML/CFT officer and ensures the AML/CFT officer has the authority, independence, and resources to fulfill the responsibilities of this position.

NCUA regulation § 748.2(c)(4) requires BSA training for appropriate personnel. requires BSA training for appropriate personnel. The board of directors must receive foundational training and should be informed of changes and new developments in the BSA, including supervisory guidance.

Senior Management

While the board of directors ensures that the credit union has a comprehensive and effective AML/CFT program, senior management implements the board-approved AML/CFT program.

Under NCUA regulation § 748.2(c)(4), senior management must receive BSA training and should be informed about changes in the BSA, including updates to supervisory guidance.

Other Credit Union Employees

Under NCUA regulation § 748.2(c)(4), FICUs must provide BSA training for all personnel whose duties require knowledge of the BSA or involve some aspect of BSA compliance. Examiners evaluate whether all personnel whose duties require knowledge of the BSA are included in the BSA training, focusing on whether the training is tailored to the individual's specific responsibilities. For more information, see the Training topic in this section and the BSA/AML Training section of the FFIEC BSA/AML Examination Manual.

For additional information, see the Responsible Individual (AML/CFT Officer) topic in this section and the BSA Compliance Officer section of the FFIEC BSA/AML Examination Manual.

Policies and Procedures

NCUA regulation § 748.2(b), Establishment of a BSA compliance program, requires FICUs to have a written, board-approved AML/CFT program that is reflected in the credit union’s minutes. When following best practices, credit union management:

• Reviews BSA policies and procedures regularly

• Updates BSA policies and procedures as needed to reflect changes in the credit union’s ML/TF risk profile

• Remains current with any changes in regulations

For more information, see the Assessing the BSA/AML Compliance Program section of the FFIEC BSA/AML Examination Manual.

Technology

Many credit unions use technology to enable their AML/CFT programs. As part of scoping and planning for a BSA review, examiners develop an understanding of the credit union’s IT sources, systems, and processes used in its AML/CFT program.

Credit union IT systems may:

• Include reports or automated program alerts to identify large currency transactions or suspicious activity

• Aggregate daily currency transactions

• Record monetary instrument sales and funds transfer transactions

• Provide analytical and trend reports

For more information, see the Currency Transaction Reporting and Exemptions and the Currency Transaction Reporting sections of the FFIEC BSA/AML Examination Manual.

Suspicious activity monitoring systems typically include employee identification or referrals, transaction-based (manual) systems, surveillance (automated) systems, or any combination of the above. Examiners verify that credit unions using automated systems to monitor and detect suspicious activity have a good understanding of that technology. Third-party model validation can provide examiners with assurance the BSA/AML modeling software is detecting potentially suspicious activity and operating effectively.

For more information, see the Suspicious Activity Reporting topic in this section and the Suspicious Activity Reporting section of the FFIEC BSA/AML Examination Manual.

Last updated on August 19, 2024