BSA/AML Examiner School - Case Study Oct 2023

Suspicious Activity Monitoring The BSA Officer tracks monthly MSB cash activity and per procedures is to share “anything of concern” with the Compliance Committee in the monthly reporting. Tracking of MSB cash activity from January 2021 to April 2022 was shared as part of this audit, and while it appears the BSA Officer gathers cash totals for these customers, there are no calculations of cash activity fluctuations or any rationale for changes in activity (e.g., seasonal fluctuation, opening of additional outlets, etc.). For example, we noted for 4 MSB customers, the December 2021 cash outs increased over 30% from the prior month. Two other MSBs had cash in activity increase 46% in December 2021, and monthly activity for 2022 has remained higher than 2021 historical activity. These, and other fluctuations being tracked by the BSA Department, may have been reviewed by the BSA Officer and determined not suspicious; however, there is no indication of such review or determination on any tracking reviewed as part of this audit. Suspicious Activity Monitoring Procedures include references to reports no longer used as well as discussion of processes involving the use of the BSA/AML software, NuMonitor, that do not align with the current model-related processes. Per the BSA Officer, the model is only used to run reports such as cash aggregation reports for comparison to core reports and is not fully implemented as an integral part of the bank’s suspicious activity monitoring process. Management modified scenarios in December 2021 giving the impression management may be using the model software in a different capacity than it has in the past. Prior to full implementation, management should thoroughly review all available scenarios and perform above and below the line testing to determine baselines for threshold settings. Recommendations: • The current EDD framework, documentation, and processes should be enhanced to understand and document the risk posed by higher-risk clients more thoroughly. Specifically, the following areas should be implemented during the review process: o Where procedures require the completion of additional due diligence forms, ensure the information is collected and documented for all such customer types and the information is periodically updated. o Utilize the transaction volumes and other additional due diligence collected when performing EDD to assess the reasonableness of the activity levels. o Ensure all EDD files document periodic negative news searches and parties on whom searches were performed (e.g., owners and/or related parties). o Update procedures to clarify documentation requirements for high-risk customer EDD, such as obtaining copies or acknowledgements of BSA programs, copies of FinCEN and state registrations, ATM statements/cash reconciliations, and frequency of site visits, are clear and consistently applied. o Obtain beneficial ownership on existing high-risk customers as part of EDD, including accounts opened prior to beneficial ownership requirements. o Update procedures accordingly and train applicable staff on any process changes. • Develop a SAR/No SAR decision form to ensure all relevant information is documented. • Enhance the current suspicious activity monitoring processes and procedures to clarify documentation and management reporting expectations.

2