BSA-AML Examiner School Case Study eBook

AML Examiner will request additional information if needed.

LIST OF ACH ORIGINATORS (if not provided with IT request list) LIST OF RDC CUSTOMERS (if not provided with IT request list)(do not include mobile banking customers)

P

a.

AML Examiner will request additional information if needed.

P

b.

Provide transcripts of IATs (originated/received by the bank) in the last two months.

P

International ACH Transactions (IATs)

c. d.

Make available copies of any policies and procedures related directly to electronic banking (e-banking) that are not already included in the AML/CFT policies.

P

INTERNAL CONTROLS

e.

Provide management reports that indicate the monthly volume of e-banking activity.

REPORTS

P

AML 16 BaaS Services (AML/CFT) X P/*P

ITEM

EXPLANATION

Provide AML/CFT policies, procedures, and processes for BaaS.

a. b.

INTERNAL CONTROLS

P P

Provide BaaS procedures and guidelines used to determine when EDD is appropriate for higher-risk accounts and parties to the relationship. These should include methods for identifying account interested parties. Provide a list of politically exposed persons (PEP), export or import business owners, money transmitters, Private Investment Companies (PIC), financial advisers, offshore entities, or money managers (when an intermediary is acting on behalf of customers). Customers who were introduced to the bank by individuals previously employed by other financial institutions. Provide a list of the bank’s BaaS clients who's clients meet the following criteria:

GUIDELINES

c.

LISTS

P P

P

§ Customers who were introduced to the bank by a third-party investment adviser.

P P P P P P P

§ Customers who use nominee names.

§ Customers who are from, or do business with, a higher-risk geographic location.

§ Customers who are involved in cash-intensive businesses.

§ Customers who were granted exceptions to policies, procedures, and controls. § Customers who frequently appear on unusual activity monitoring reports.

Provide reports and minutes submitted to the board of directors or its designated committee relating to AML/CFT matters pertaining to BaaS business lines and activities. Provide an organizational chart for the AML/CFT compliance function as it relates to BaaS services. Provide a risk assessment of BaaS customers that identifies those customers, prospective customers, or products the bank has determined to be higher risk. Provide management reports covering the largest, most active, or most profitable BaaS customers. Provide a AML/CFT independent review or audit of BaaS. Provide workpapers. Include internal audits performed on BaaS and work papers. Provide a copy of the AML/CFT training materials for management and employees involved BaaS activities. Identify the BaaS systems used. Briefly explain how they accommodate and assist compliance with AML/CFT regulations and guidelines.

d.

BOARD REPORTS

e.

ORG CHART

P

f.

RISK ASSESSMENT

P

g. h.

ACTIVITY

P P

INDEPENDENT REVIEW

i.

TRAINING

P

j.

SYSTEMS

P

Provide a list of newly opened BaaS clients since 1/1/2023.

k.

CLIENTS

P P P P P

Provide procedures for checking section 314(a) requests relating to BaaS services.

l.

314A

Provide a list of all BaaS customers designated as higher risk.

m.

HIGH RISK

Provide copies of SARs associated with BaaS.

n. o.

SARS

Provide a list of subpoenas, particularly AML/CFT-related, relating to BaaS activities.

SUBPOENAS