866-352-9324
866-352-9324

AML/BSA Audits

  • Former Federal Agents
  • 100 Years of Combined Experience
  • Investigations, Compliance & Defense
Call Us
Chris Quick

Former Special
Agent (FBI & IRS)

Roger Bach

Former Special
Agent (DOJ-OIG & DEA)

Timothy Allen

Former Special Agent
(U.S. Secret Service & DOJ-OIG)

Ray Yuen

Former Special
Agent (FBI)

Michael S. Koslow

Former Special
Agent (DOD & OIG)

Experienced Federal Compliance Consultants Conducting AML/BSA Audits Nationwide

Tim Allen

AML/BSA Audits Team Lead – Timothy E. Allen | Former Special Agent (U.S. Secret Service & DOJ-OIG)

Banks, credit unions, and other financial institutions that need to comply with the federal anti-money laundering and Bank Secrecy Act (AML/BSA) regulations must conduct periodic audits and risk assessments to assess the efficacy of their compliance efforts. These audits (also referred to as “independent testing”) must be unbiased toward any particular outcome, and the goal must be to gain a clear and comprehensive understanding of the state of the financial institution’s AML/BSA compliance program.

Although federal regulations permit financial institutions to conduct AML/BSA audits in-house if they are equipped to do so, most institutions will need to engage an outside consulting firm to assist with assessing and documenting their AML/BSA compliance efforts. There are a few reasons why:

  • While conducting an AML/BSA audit, an internal audit may be suitable for certain small local banks with limited risks, but it generally is not suitable for other financial institutions. Most financial institutions will need to rely on outside expertise to analyze and manage their risk effectively.  
  • Independence is a key aspect of an AML/BSA audit. If a financial institution conducts its AML/BSA audits in-house, it must be able to ensure that, “the persons conducting the BSA/AML independent testing are not involved in other BSA-related functions at the bank.” 
  • Overlooking issues during an AML/BSA audit can expose financial institutions to significant regulatory and/or civil penalties. Working with a team of independent and experienced AML/BSA auditors can help prevent oversights that can lead to serious adverse consequences. 

At Corporate Investigation Consulting (CIC), we rely on extensive relevant experience to conduct comprehensive, efficient, and compliant AML/BSA audits for our clients. As former federal special agents who investigated AML violations and other financial offenses at the Federal Bureau of Investigation (FBI), Internal Revenue Service (IRS), U.S. Department of Justice (DOJ), and other federal agencies, our AML/BSA auditors know what it takes to gather the information and insights our clients need to make informed decisions.

7 Critical Steps in AML/BSA Audits

While several federal authorities have oversight of financial institutions’ AML/BSA compliance efforts, the Federal Financial Institutions Examination Council (FFIEC) holds primary responsibility for ensuring that banks, credit unions, and other institutions conduct adequate internal compliance audits. While the FFIEC does not provide specific guidance for conducting these audits, it does publish its focus areas when assessing financial institutions’ AML/BSA audit programs.

Since these are focus areas for the FFIEC, they should be focus areas for financial institutions when conducting AML/BSA audits as well. This means that the following are critical steps for ensuring that an audit is capable of withstanding FFIEC scrutiny:

1. Ensuring the Independence of the Audit

Ensuring that AML/BSA audits are conducted by independent auditors is among the FFIEC’s top priorities. To this end, the FFIEC states that all audits should be, “performed by a person or persons not involved with the function being tested or other BSA-related functions at the bank that may present a conflict of interest or lack of independence.” Engaging an outside auditing firm allows financial institutions to avoid any questions regarding independence while also ensuring that their AML/BSA audits serve their intended purpose.

2. Ensuring that the Audit Assesses the “Overall Adequacy” of the Institution’s AML/BSA Compliance Program

The FFIEC expects financial institution’ AML/BSA audits to, “address[] the overall adequacy of the BSA/AML compliance program, including policies, procedures, and processes.” It also advises that, “[a]t a minimum,” financial institutions’ audit reports should contain sufficient information to allow FFIEC personnel, “to reach a conclusion about the overall adequacy of the BSA/AML compliance program.”

3. Reviewing Board Materials and Ensuring that the Board is Informed of the Audit’s Results

To demonstrate auditor’s independence, the audit process should include, “a review of board minutes or other board of directors’ materials [to] determine whether persons conducting the independent testing report[] directly to the board of directors or to a designated board committee . . . .” To ensure that the institution is able to take any necessary remedial action, the audit should conclude with its results being provided to the institution’s board of directors or senior management.

4. Preparing Reports that Demonstrate the Audit is “Comprehensive, Accurate, . . . and Timely”

When conducting compliance assessments, the FFIEC expects to be able to, “[r]eview independent testing reports, scope, and supporting workpapers to determine whether they are comprehensive, accurate, adequate, and timely, relative to the bank’s risk profile.” Crucially, the FFIEC also instructs its personnel to, “evaluate the qualifications and subject matter expertise of the person or persons performing the independent test.”

5. Evaluating the Institution’s Suspicious Activity Monitoring Systems

While the FFIEC examines financial institutions’ AML/BSA compliance programs in their entirety, it also pays particular attention to institutions’ suspicious activity monitoring systems. The FFIEC instructs its personnel to review institutions’ AML/BSA audit reports to determine if they demonstrate an adequate evaluation of:

  • The institution’s methodology for monitoring transactions and accounts for suspicious activity; 
  • Each suspicious activity monitoring system’s ability on suspicious activity reporting;
  • The reasonableness of the institution’s filtering criteria, if any; 
  • Whether the institution’s filtering criteria are tailored to its risk profile and adequately address “higher-risk products, services, customer identification program, and geographic locations;” and, 
  • The institution’s policies, procedures, and processes for its suspicious activity monitoring systems.

6. Evaluating the Institution’s “Overall Suspicious Activity Monitoring and Reporting Process”

Along with evaluating a financial institution’s suspicious activity monitoring systems specifically, the FFIEC also advises that AML/BSA audits should include, “a review and evaluation of the overall suspicious activity monitoring and reporting process.” While the FFIEC acknowledges that there are “no specific regulatory requirements” for conducting this review and evaluation, it outlines several criteria that its personnel are instructed to consider when determining if financial institutions have done enough to meet their AML/BSA compliance obligations.

7. Ensuring that the Audit is “Adequate, Relative to the Bank’s Risk Profile”

Ultimately, an AML/BSA audit must be “adequate, relative to the bank’s risk profile.” This raises another critical point about the AML/BSA audit process: The process begins (or should begin) before auditors turn their focus to assessing compliance. At the outset of the process, it is critical to ensure that the process itself is suitably tailored to address a financial institution’s specific compliance obligations, risks, and needs.

Engaging CIC to Conduct Your Financial Institution’s AML/BSA Audits

Since non-compliance with the federal AML/BSA regulations can expose financial institutions to substantial penalties, effective auditing is essential. At CIC, we conduct audits focused not solely on the FFIEC’s assessment criteria, but also on helping our clients gain a comprehensive understanding of the efficacy of their AML/BSA compliance programs. This allows our clients to take remedial action when necessary, and it also helps ensure that our clients are prepared to withstand scrutiny from the FFIEC and other federal authorities.

Here is what you can expect when you choose to work with the AML/BSA auditors at CIC:

  • An independent BSA/AML audit conducted by former federal special agents.
  • A comprehensive assessment of your financial institution’s AML/BSA compliance program.
  • Comprehensive documentation of the audit process and our findings.
  • Consultation regarding any remedial measures that are necessary to reestablish AML/BSA compliance.
  • A systematic approach that allows our team to efficiently conduct AML/BSA audits for your financial institution on an ongoing basis.

FAQs: What You Need to Know About AML/BSA Independent Testing (Auditing)

What Are the Steps Involved in an AML/BSA Audit?

Conducting an effective AML/BSA audit is a complex multi-step process. The specific steps that a financial institution will need to take to effectively assess AML/BSA compliance depend on the nature and scope of the institution’s operations, its risk profile, customer due diligence, and other pertinent factors.

What Are the Federal Requirements for AML/BSA Audits?

Federal regulations do not establish specific requirements for AML/BSA audits. Instead, financial institutions are expected to develop and implement auditing policies and examination procedures that are adequate to assess the efficacy of their AML/BSA compliance programs.

How Often Should Financial Institutions Conduct AML/BSA Audits?

The FFIEC advises that financial institutions should conduct AML/BSA audits “over periodic intervals (for example, every 12-18 months) and/or when there are significant changes in the bank’s risk profile, systems, compliance staff, or processes.” To effectively manage their compliance-related risk, most financial institutions will benefit from conducting AML/BSA audits annually.

How Can Banks Meet the ‘Independence’ Requirement for AML/BSA Audits?

Banks can meet the “independence” requirement for AML/BSA audits in one of two ways—either: (i) they can appoint internal auditors who are not otherwise involved in their AML/BSA compliance efforts and transaction testing; or, (ii) they can engage an outside firm. Engaging an outside firm also affords the benefit of being able to rely on the expertise of auditors and consultants who stay up-to-date on pertinent legal and regulatory requirements.

What Are the Risks of Overlooking Compliance Issues During an AML/BSA Audit?

Overlooking compliance issues during an AML/BSA audit can expose financial institutions to enforcement action from the FFIEC, DOJ, and other federal authorities—and these enforcement actions can lead to substantial penalties. As a result, it is critical that financial institutions ensure their AML/BSA audit compliance programs are both comprehensive and effective.

Speak with a Member of Our AML/BSA Audit Team in Confidence

If you would like more information about our AML/BSA audit services, we invite you to get in touch. To speak with a senior member of our team in confidence, please call 866-352-9324 or tell us how we can reach you online today.

Further Areas For Our BSA/AML Services

Contact Us Today

Contact Team Lead, Timothy Allen,
For a Confidential Consultation

  • This field is for validation purposes and should be left unchanged.

Contact Us 24/7 to Schedule Your Free Consultation

Call 866-352-9324 or request an appointment online. We are available 24/7, and our consultants can take action immediately to protect your company.

WordPress Lightbox