BSA-AML Examiner School Case Study eBook

Internal Use Only #

MEASUREMENT

INHERENT RISK

VALUES

CONTROLS

RESIDUAL RISK

Ratings

Control Evaluation

Risk Summary

Control Description

FINAL

Risk Factor

Risk Measure

LOW

MODERATE

HIGH

Risk

Value Feb 2022

Value May 2023

Control Summary

Score

Weight

Unit Platform

15%

The Unit platform structure facilitates adherance to rules and policies, however each bank partner has unique policies and procedures that must be accomodated by unique builds increasing complexity and adding manual work.

Unit onboarded 3 additional banks and continues to add more. More Bank Partners increases the complexity of BSA compliance.

6 or more AND stable; or active onboarding of additional bank partners

Size

# of Bank Partners

High (3)

1-2 AND stable

3-5 AND stable

High

1

4

Standardization of Bank Partner requirements

Weak

3%

0.0900

Unit's employee base grew 215%. HIgh growth rate increases the complexity of meeting BSA training requirements.

Unit's conducts annual company-wide training which is tracked through an automated system. Unit has not implemented required training of partners.

Growth

growth rate of employees

High (3)

Less than 10%

More than 10% less than 25%

More than 25%

High

59

186

BSA/AML/OFAC Training

Moderate

3%

0.0900

Unit bank partners have approved onboarding of customers from other platforms that circumvent the end to-end Unit onboarding process. Migrated customers are higher risk for Unit's BSA program due to documentation that may be retained on other non-Unit systems and that are not available to our bank partners. Unit is not able to perform "checks" to ensure information is at Unit's standards. Unit has developed additional unique workflows due to unique requirements from bank partners as well as enhancements in fraud-fighting operations. More unique workflows decreases the effectiveness of this control due to increased complexity and difficulty managing each workflow and the suite of workflows. Unit maintains 10 different customer types which adequately cover the cusotmer base served and results in better transaction monitoring alerting. This process, however, is manual and each deposit product is assigned a customer type by the solutions team and is retroactively reviewed by BSA and can result in errors in classification.

Unit relies on customer CIP processes that were performed off-platform for 1 Client. More exceptions to Units regular oversight increases complexity of BSA compliance.

End-to-End vs. Partial

Moderate (2)

End-to-End with no exceptions

Partial with 3 or fewer exceptions

Partial with >3 exceptions

Moderate

0

1

Limited exceptions to standard process

Weak

3%

0.0600

Unit maintains 27 unique workflows for customer onboarding. More unique workflows increases the complexity of BSA compliance.

High (3)

# of unique onboarding workflows

Weak

2%

0.0900

Less than 10 unique workflows

10-15 workflows

More than 15 unique workflows

High

10

27

Standardization of workflows

Complexity

Unit has 10 different customer types for transaction monitoring, including "Default" and "Pilot." Higher numbers of unique customer types increases the complexity of transaction monitoring and requires more resources for oversight and tuning.

# of unique customer types for transaction monitoring

Moderate (2)

5 or fewer

More than 5, less than 20

More than 20

Moderate

8

10

Tailored customer monitoring

Moderate

2%

0.0400

Unit Procedures around integration approvals are still in development and Unit's BSA Team is not always aware of integrations before Clients go-live. The process for testing the effectiveness of BSA requirements are also in development.

Unit offers 28 different integrations classified as either Native or Parter. More integrations increase the complexity of BSA functions and compliance. (Ex. Plaid, CurrencyCloud, GreenDot)

# of unique integrations

High (3)

0-4 integrations

5-10 integrations

More than 10 integrations

High

Unknown

28

BSA risk assessment for new products

Weak

2%

0.0600

Clients

15%

Unit conducts a KYC walk-through call for each client during the implementation stage. Follow-up with Clients indicates that the knowledge gained and retained by such calls is limited. Unit's Dashboard provides Clients with insight into Client activity and allows them to manage risk with real-time decisions. Access controls available to Clients for the purpose of freezing, closing, or reactiviting accounts could run counter to other controsl employed by the Unit BSA team and/or bank partners.

Client BSA training;

Unit number of Clients increased by 75% since Feb 2022. Higher growth rates puts more demands on BSA functions and compliance.

Client growth has not increased since previous risk assessment

# of Clients

High (3)

Client growth has increased by 25% Client growth has increased by more than 50%

High

67

117

Weak

3%

0.0900

Dashboard access management

Size

Unit has a high number of small Clients. Smaller Clients have less resources available and may be less sophisticated.

Unit regularly reviews BSA/AML and OFAC regulations with Clients though Unit does not require Client training for BSA/AML and OFAC risks.

50-100% of clients have more than 10 employees

20-50% of clients have more than 10 employees

0-20% of clients have more than 10 employees

Avg # of employees

Moderate (2)

Moderate

Unknown

39%

Client BSA training

Weak

2%

0.0400

Unit utilizes an automated transaction monitoring software called DataSeers which allows for broad monitoring of specific transaction and client types by bank partner. The provider's operational history is limited as is Unit's operational history with the software which was deployed in July 2022.

Unit Clients on average have a large number of End Users. Clients with more End Users are more complex and require greater oversight and controls.

Between 1,000 and 5,000 End Users/Client

End users/client

High (3)

Less than 1,000 End Users/Client

More than 5,000 End Users/Client

High

3,495

7,543

Automated transaction monitoring

Moderate

2%

0.0600

Additional staff and analytical capabilities allow Unit to understand End User risk and segment appropriately to each Client. Unit BSA staffing increases and employees had additioanl access to business intelligence and reporting software though its features are still developing. High growth resulted in the need for temporary contractors to supplement full time resources. Unit offers a suite of procedures and technology solutions for clients with limited experience marketing financial services to end users. Client requirements have changed frequently over the evaluation period as the industry continues to rapidly evolve. Additioanlly, Client business evaluations are only conducted at the time of onboarding with no formal process for updates over time. Client risk ratings are done at the time of client onboarding. Risk ratings are analyzed yearly and changes are made if necessary. The process is completed and tracked manually and are not currently available to bank partners via the Unit Dashboard.

Unit Clients grew rapidly over the past year, largely driven by substantial growth at a few Clients.

Growth

High (3)

Growth in End Users/Client

Weak

3%

0.0900

Less than 5% growth

Between 5% and 15% growth

Greater than 15% growth

High

N/A

216%

Additional staffing and analytical capabilities

Unit Clients on average have limited operating history. Clients with more operating history have a lower risk while Clients with less operating history present higher risk.

Standardization of Unit processes including around due diligence

0-25% of clients have 3 years or more of operating history

50% or more of clients have 3 years or more of operating history

25-50% of clients have 3 years or more of operating history

Maturity

Years in business

High (3)

High

Unknown

34%

Weak

2%

0.0600

Unit assessed that 14% of Clients presented high risk. This represents a large increase from a year ago, due to changes in the Client Risk Rating methodology. A higher proportion of high risk clients presents more inherent risk.

Risk Level

Client Risk Ratings

Moderate (2)

0-10% of clients are risk rated high 10-25% of clients are risk rated high More than 25% of clients are risk rated high

Moderate

3%

14%

Client risk ratings

Weak

3%

0.0600

End Users

25%