Bank Secrecy Act/Anti-Money Laundering Programs (BSA/AML)

As required by the Bank Secrecy Act (BSA) and applicable regulations, depository institutions and certain other entities must have a compliance program that incorporates training from operational staff to the board of directors. Among other elements, the compliance program must include appropriate internal controls to ensure effective risk management and compliance with record keeping and reporting requirements under the BSA. Internal controls are the financial institution's policies, procedures, and processes designed to limit and control risks and to achieve compliance with the BSA. The level of sophistication of the internal controls should be commensurate with the size, structure, risks, and complexity of the financial institution. At a minimum, internal controls include but are not limited to: implementing an effective customer identification program; implementing risk-based customer due diligence policies, procedures, and processes; understanding expected customer activity; monitoring for unusual or suspicious transactions; and maintaining records of electronic funds transfers. An institution's BSA/AML program must provide for the following minimum components: a system of internal controls to ensure ongoing compliance, independent testing of BSA/AML compliance, a designated BSA compliance officer responsible for managing compliance, and training for appropriate personnel. These controls should apply to all customers, products and services, including customers engaging in electronic banking (e-banking) through the use of social media, and e-banking products and services offered in the context of social media.

Financial institutions should also be aware of emerging areas of BSA/AML risk in the virtual world. For example, illicit actors are increasingly using Internet games involving virtual economies, allowing garners to cash out, as a way to launder money. Virtual world Internet games and digital currencies present a higher risk for money laundering and terrorist financing and should be monitored accordingly.

Sources: FFIEC; BSA

The Highlights:

  • BSA minimum components controls should apply to all social media consumers, including: applying internal controls, performing audits, and designating a BSA compliance officer.