BSA-AML Examiner School eBook

Examination Conclusions and Comments (Continued)

Office of Foreign Assets Control The bank's OFAC compliance program is inadequate. Processes and procedures fail to screen transactions and accounts for possible OFAC matches. New accounts and Automated Clearing House (ACH) transactions are not screened against the OFAC list. The bank's written OFAC Compliance Program establishes procedures that are not implemented at account opening. Written processes and procedures for screening ACH transactions and checking existing customers when the OFAC list is updated have not been implemented since the previous examination. Checking existing customers when the OFAC list is updated may not have occurred prior to the last examination as no records were maintained to demonstrate compliance. The December 2015 BSA Independent Review performed by Audit Firm identified that OFAC procedures do not ensure compliance with OFAC. However, management did not implement corrective action. During the examination, CEO contacted service provider firm, and was given instructions on initiating reports for possible matches against established customers. Operations Officer ran reports for January, March, and May 2016, and multiple potential positive matches were identified on each report. Additionally, there were two possible matches on the January 29, 2016, ACH Batch Report. These potential matches should be reviewed to determine whether or not they are actual matches requiring reporting to OFAC. Funds transfers are screened by correspondent bank; however, during wire transfer transaction testing, multiple instances were identified as possible OFAC matches, but the funds were released by bank employees without any research to ensure that the parties were not a positive match. Bank employees only noted "release" for these potential matches and each transfer was approved for release without verification of potentially being a false positive. Procedures should be established to document the research and clearing of potential OFAC matches in the wire transfer area before approval of the transactions. The OFAC Risk Assessment was last reviewed and approved by the Board in January 2015. The Board-approved OFAC Compliance Program was last approved in May 2015. Employees have not received OFAC training or training on internal policies and procedures related to OFAC since the previous examination. As a result of examination findings, CEO stated that new procedures were implemented immediately. New accounts are now being checked against OFAC lists using the website www.instantofac.com. He also stated that all employees received training, the website has been added as a favorite on their internet browser, and an OFAC line item has been added to the New Account Checklist to ensure it is completed. He further commented that instructions were printed from FIS to review OFAC month-end reports for ongoing customer account monitoring. Administrative Assistant received training on wire transfers and the necessary steps to document research for determining 'false-positive" matches. Violations of Laws and Regulations As described above, a significant number of BSA and Financial Recordkeeping apparent violations were noted during this examination. Repeat policy statement contraventions were also noted regarding both Appendix A and B of Part 364, pertaining to safety and soundness standards involving internal control and information security standards deficiencies. Refer to the Violations of Laws and Regulations pages for further details. 9