BSA-AML Examiner School Case Study eBook

BSA/AML RISK ASSESSMENT WORKSHEET In addition to the Bank Secrecy Act/Anti-Money Laundering (BSA/AML) compliance program requirements, banks must comply with other program, reporting, and recordkeeping requirements; special information sharing procedures; and special standards of diligence, prohibitions, and special measures set forth in 31 CFR Chapter X Part 1020. Consistent with the approach described in the FFIEC BSA/AML Manual, written policies, procedures, and processes alone are not sufficient to comply with these other BSA regulatory requirements. Practices that correspond to the bank’s written policies, procedures, and processes are needed for implementation. Importantly, policies, procedures, processes, and practices should align with the bank’s unique money laundering, terrorist financing (ML/TF), and other illicit financial activity risk profile. COMPLIANCE PROGRAM OVERVIEW Yes/No or N/A Comments Does the bank hold its board of director's responsible for approving the BSA/AML compliance program and for overseeing the structure and management of the bank’s BSA/AML compliance function? Yes

Does the bank hold senior management responsible for communicating and reinforcing the BSA/AML compliance culture established by the board, and implementing and enforcing the board-approved BSA/AML compliance program? To ensure the strength of compliance controls, does the bank allow an appropriate level of BSA/AML compliance independence by: - Providing BSA/AML compliance staff a reporting line to the corporate compliance or other independent function; - Ensuring that BSA/AML compliance staff is actively involved in all matters affecting AML risk (e.g., new products, review or termination of customer relationships, filing determinations); - Establishing a process for escalating and objectively resolving disputes between BSA/AML compliance staff and business line management; and - Establishing internal controls to ensure that compliance objectivity is maintained when BSA/AML compliance staff is assigned additional bank responsibilities. Does the bank's compliance program provide for the following requirements: - A system of internal controls to assure ongoing compliance. - Independent testing for compliance to be conducted by bank personnel or by an outside party. - Designation of an individual or individuals responsible for coordinating and monitoring day-to-day compliance (BSA compliance officer). - Training for appropriate personnel.

Yes

Yes

Yes

TS&J Bank's BSA / AML Program is stable and strong. As of July 2023, the bank approved an enhanced BSA Policy and appointed a new CCO and BSA Officer. The new BSA Officer has subsequently reviewed and enhanced additional BSA / AML and OFAC processes and procedures across the Bank, established tracking and reporting, and provided additional training to impacted staff. CUSTOMER IDENTIFICATION PROGRAM Yes/No or N/A Comments and description of mitigating controls Does the CIP include risk-based procedures for verifying the identity of each customer to the extent reasonable and practicable? Yes Procedures and process updated as of October 2023. Does the CIP include account-opening procedures detailing the identifying information to obtain from each customer (Name, DOB, Address, and Identification number)? Yes Does the CIP include procedures which describe the documents that the bank will use for verification? Yes If the bank allows the use of non-documentary methods, does it include the methods in its CIP? Yes Does the CIP include procedures for responding to circumstances in which it cannot form a reasonable belief that it knows the true identity of the customer (applies only to new accounts not opened by an individual)? Yes Does the CIP include procedures for maintaining a record of all information obtained to identify and verify a customer’s identity (5 years after an account is closed)? Yes

Does the CIP include procedures for determining whether the customer appears on any list of known or suspected terrorists or terrorist organizations issued by any federal government agency and designated as such by Treasury in consultation with the federal functional regulators (within a reasonable time after account is opened)?

Yes

© Compliance Alliance 2022