BSA-AML Examiner School Case Study eBook

Other Areas to be Reviewed at Upcoming Examination: While examiners held discussions in the following areas, a thorough review was not completed during the visitation. Examiners will review the corresponding areas as part of the upcoming examination. • Capital planning will be reviewed. The 2023 capital plan was not requested as part of this review; however, we understand the 2024 capital plan was in process of development at the time of the visitation and will include an assessment of operational risks presented by the BaaS program. In addition, it was unclear how frequently the capital plan will be reviewed and modified to incorporate the dynamic operational risks present as the BaaS program expands. In addition, the bank’s dividend plans regarding providing a return to shareholders and/or investors of the BaaS strategy will be monitored and reviewed. • The bank’s monitoring and testing of Unit’s BSA/AML program will be reviewed as these controls were not established at the time of the visit. • The bank’s internal audit program and control environment will be reviewed as it is unclear whether the bank’s audit plans incorporate audits of BaaS-related activities, BaaS vendors and partners, or prospective partners. • The license agreement between the bank and Love Bancshares, Inc., will be reviewed to ensure compliance with Regulation W, Section 23B. We appreciate senior management’s cooperation during the visitation and acknowledge the board’s stated intention to build a risk management framework that supports the bank’s business initiatives in a safe and sound manner. While many risk management factors are noted above, this is not an exhaustive list of risk management factors to consider in the establishment of a strong risk management framework that supports the BaaS program and growth initiatives. Finally, the consumer compliance examination that commenced on December 4, 2023, remains open and final conclusions from that examination will be provided separately, including any assessment of the impact of the bank’s BaaS strategy on its compliance management system. As such, senior management should continue to be proactive and agile in the identification of risk and implementation of commensurate controls to manage the dynamic risk that is introduced by the BaaS program.

For Training Purposes Only