BSA-AML Examiner School Case Study eBook

First page Table of contents Previous page 58-59 Next page Last page

Internal Use Only

BENEFICIAL OWNERSHIP

Yes/No or N/A

Comments and description of mitigating controls

Does the bank have written procedures that are reasonably designed to identify and verify beneficial owner(s) of legal entity customers and to include such procedures in its anti-money laundering compliance program? Yes Does the bank have written procedures detailing the identifying information that must be obtained for each beneficial owner of a legal entity customer opening a new account after May 11, 2018 (Name, DOB, Address, Identification number)? Yes Does the bank have written procedures to maintain and update customer information, including beneficial ownership information for legal entity customers, on the basis of risk? Yes Does the bank maintain written risk-based procedures for verifying the identity of each beneficial owner of a legal entity customer within a reasonable period of time after the account is opened? Yes Does the bank maintain policies, procedures, and processes for circumstances in which it cannot form a reasonable belief that it knows the true identity of the beneficial owner(s) of a legal entity customer? Yes Does the bank maintain recordkeeping procedures for beneficial ownership identification and verification information (5 years after the account is closed)? Yes

Moderate Satisfactory

Assign Inherent Risk → Assign Controls Rating → Assign Residual Risk → Assign Overall Trend →

3 2 2

Limited

Summary of Risk Ratings:

Stable

Overall, no change in risk from previous year. New Compliance Team will be engaged by Bank Leaders as needed, and will be conducting New Account Testing within the 2024 Compliance Testing Plan.

SUSPICIOUS ACTIVITY REPORTING (SARs)

Yes/No or N/A

Comments and description of mitigating controls

Does the bank have appropriate policies, procedures, and processes in place to monitor and identify unusual activity?

Yes

Does the bank have adequate staff is assigned to the identification, research, and reporting of suspicious activities, taking into account the bank's overall risk profile and the volume of transactions? Do the bank's policies, procedures, and processes describe the steps it takes to address the key components and indicate the person(s) or departments responsible for identifying or producing an alert of unusual activity, managing the alert, deciding whether to file, SAR completion and filing, and monitoring and SAR filing on continuing activity? Does the bank implement appropriate training, policies, and procedures to ensure that personnel adhere to the internal processes for identification and referral of potentially suspicious activity? Does the Bank have policies, procedures, and processes for identifying subjects of law enforcement requests, monitoring the transaction activity of those subjects when appropriate, identifying unusual or potentially suspicious activity related to those subjects, and filing, as appropriate, SARs related to those subjects? Does the bank have procedures in place for processing and maintaining the confidentiality of NSLs (National Security Letters) and ensure any SAR does not contain any references to such letters? Does the bank have policies, procedures, and processes in place for referring unusual activity from all areas of the bank or business lines to the personnel or department responsible for evaluating unusual activity (including a clear and defined escalation process)? Does the bank have policies, procedures, and processes indicating when to escalate issues or problems identified as the result of repeat SAR filings on accounts? Does the bank have policies, procedures, and processes in place to ensure SARs are filed in a timely manner, are complete and accurate, and that the narrative provides a sufficient description of the activity reported as well as the basis for filing? Does the bank file SAR's electronically through the BSA E-Filing System no later than 30 calendar days from the date of the initial detection of facts that may constitute a basis for filing a SAR (or 60 days if no suspect can be identified)? Does bank management provide information on its SAR filings to the board of directors or an appropriate committee in order to fulfill its fiduciary duties, while being mindful of the confidential nature of the SAR? Does the bank have a clearly defined SAR decision making process (individual or committee)?

Yes

Yes

Yes

Yes

Yes

Yes

Yes Yes

Yes

Yes

Yes

Made with FlippingBook - Online catalogs