Skip to main content

Looking for Valuant? You are in the right place!

Valuant is now Abrigo, giving you a single source to Manage Risk and Drive Growth

Make yourself at home – we hope you enjoy your new web experience.

Looking for DiCOM? You are in the right place!

DiCOM Software is now part of Abrigo, giving you a single source to Manage Risk and Drive Growth. Make yourself at home – we hope you enjoy your new web experience.

Looking for TPG Software? You are in the right place!

TPG Software is now part of Abrigo. You can continue to count on the world-class Investment Accounting software and services you’ve come to expect, plus all that Abrigo has to offer.

Make yourself at home – we hope you enjoy being part of our community.

AML/CFT Advisory Services AML Training BSA Rules and Regulation Customer Due Diligence

How to prepare for your next BSA exam: What AML/CFT Officers need to know to be regulator-ready

Terri Luttrell, CAMS-Audit, CFCS
October 9, 2024
Read Time: 0 min

Prepare for your BSA exam by following these tips

Getting ready for your upcoming BSA examination takes planning and thinking through several issues. Here's a guide to help.

Want more BSA training and articles emailed to you?

Takeaway 1

The first step to BSA exam preparation is to review regulatory guidance from the FFIEC and FinCEN.

Takeaway 2

Good communication with your BSA examiner and having a team plan are key aspects of exam preparation. 

Takeaway 3

BSA exam plans should include a review of the common themes and hot topics showing up in recent examination criticisms.

Review regulatory material

Guidance to prepare for BSA exams

Are you ready for your next Bank Secrecy Act (BSA) exam? As an AML/CFT Officer, you’re likely familiar with the pressure these exams bring. After all, BSA compliance is generally part of a safety and soundness exam and one of the more critical aspects of an institution’s regulatory scorecard.  With the proper preparation, you can ensure a smooth review and achieve the best possible outcome - a satisfactory rating from the examiners. What preparation should an AML/CFT Officer take to get these highly sought-after results? Here are some actionable steps to help your institution prepare.

Regulatory guidance on BSA exams

The good news is that there is guidance for AML exam preparation. The most essential tool and an AML/CFT officer’s guide to success is the Federal Financial Institutions Examination Council (FFIEC) BSA Examination Manual. This manual is written for examiners and is critical to FFIEC compliance. It outlines all review steps financial institutions should take during a regulatory exam.

Another helpful guidance is the new Rule to Strengthen and Modernize Financial Institutions’ AML/CFT Programs, which codifies and clarifies program requirements and emphasizes a risk-based approach to AML compliance. Although this legislation had no major industry surprises, there are new program requirements that will be tested during your exam. It is worth noting that the FFIEC Exam Manual has not been updated since August 2023, and further updates are expected after the new AML/CFT program rule is finalized.

6 critical areas

Examiner expectations during BSA exams

Knowing that guidance is available to help you prepare for your exam should help reduce stress before your exam. Understanding the examiners’ expectations is your next step. The following six areas are critical when developing your AML/CFT examination plan:

AML/CFT/OFAC policy integration

  • Has the policy been updated within the last 12 months, or has it been revised to include any significant change?
  • Has the policy been approved by the board of directors and documented in board minutes? Has the board approved the entire AML/CFT program?
  • Does the policy address the requirement for the board of directors to have sufficient oversight of the AML/CFT program?
  • Does the policy designate a qualified AML/CFT officer as described in the AML/CFT program rule?
  • Does the policy address a “culture of compliance”?
  • Do you have a separate OFAC policy?

Clearly defined procedures

  • Are written procedures up to date and accessible to staff? Do they include the latest legislation?
  • Are procedures in line with AML/CFT policy requirements?
  • Are processes and practices aligned with current procedures? Has this been tested?

Transaction monitoring software calibration

  • Has your AML/CFT and fraud detection software been optimized on a risk-based approach?
  • Has above-the-line/below-the-line testing been performed and documented on scenario parameters?
  • Are your suspicious activity reporting procedures clear and thorough?
  • Does written documentation justify any scenarios that are not being used for transaction monitoring?

 Data validation

  • Have you received a recent independent model validation?
  • If your model validation is not recent, have you completed internal periodic data validations?
  • Is all AML/CFT-relevant data available for accurate transaction monitoring?

 Training

  • Have all employees received annual BSA training within the past 12 months?
  • Has the board of directors received training during the past 12 months?
  • Is training designed uniquely for each employee role?
  • Are training records organized and up to date?

Staffing

  • Is AML/CFT staff sufficient to ensure that all program requirements are satisfied accurately and promptly?
  • Have you recently completed a staffing assessment?
  • Is staff appropriately qualified and trained for their job position?

If the answer to any of these questions is no, it is time to tighten things up before your exam. This list is extensive and time-consuming and will take several months to complete. Exam prep is a dynamic process that should be planned early and reviewed often.

Build confidence before your next exam.
Download the BSA examination checklist.

Download
Tactical & strategic tips

BSA exam preparation steps

Initial communication

The AML/CFT Officer’s initial conversation with the examiner in charge is essential for setting the tone of the exam. If this is a new relationship, you’ll want it to start with open and honest communication, and you’ll want to foster it with the same communication style. If it is a new relationship, this is also a great time to show your confidence and organizational skills. The initial communication will most likely be led by the examiner, but don’t hesitate to show your interest in the process by discussing the following essential aspects of the exam:

  • Exam logistics – what should you expect?
  • Determine scope – on what risk-based level will you be reviewed?
  • Required documentation - obtain a request letter outlining any pre-exam documentation to send to the exam team

Develop a plan

A defined plan helps your team gain confidence and fully prepare for your examination. Following these steps will help you get there and will help set a positive tone for the exam:

  • Identify a point person. One central contact for all examination questions keeps the stress level down and prevents unprepared information from being given to your examiners. Be sure this is a higher-level staff member who can confidently exude the competence of the entire team.
  • Arrange for nice accommodations. As tempting as it may be, try not to put your exam team in a basement when they are on site. An excellent conference room is a much more pleasant work environment and may result in happier examiners.
  • Commit resources. Set aside plenty of time to communicate with examiners, answer questions, and gather requested documentation in a timely manner.

The point person should not have to do everything, even though the communication comes through them. Delegating tasks such as gathering documentation and creating reports can help spread the burden of exam time.

Frequent communication is helpful in knowing how the exam is going ahead of time and if any clarifying information is needed. Daily touchpoints are suitable for both the AML/CFT and the exam teams.

BSA examination prep checklist

Along with the steps addressed above, certain self-testing should be conducted before your next exam:

All institutions must have

Culture of compliance

FinCEN issued an advisory in 2014 highlighting the importance of a strong culture of compliance for senior management, leadership, and owners within financial institutions. The advisory states that regardless of its size and business model, a financial institution with a poor culture of compliance is likely to have shortcomings in its AML/CFT program. This includes compliance from top to middle to frontline leadership. A financial institution can strengthen its BSA/AML compliance culture by following these six FinCEN critical aspects of a culture of compliance:

  • Leadership must actively support and understand compliance efforts
  • Revenue interests must not compromise efforts to manage and mitigate AML/CFT deficiencies and risks
  • Relevant information from the various departments within the organization is shared with compliance staff to further AML/CFT efforts
  • The institution devotes adequate resources to its compliance function (human, technological, and financial)
  • An independent and competent party tests the compliance program
  • Leadership and staff understand the purpose of its AML/CFT efforts and how its reporting is used

Although this advisory is dated 2014, it is still a top topic of conversation among regulators today. Adding a section on the culture of compliance to your written BSA Policy will show that your institution is on board, assuming the policy is adhered to and those not following are held accountable.

Review in preparation

Hot BSA exam topics

Several common themes continue to be seen in recent examinations. Your plan should include being prepared in these areas to avoid the following types of criticism:

  • Lack of qualified AML/CFT Officer (formerly BSA Officer): This position must have adequate qualifications, experience, and authority levels to oversee the AML/CFT program properly. The new AML/CFT program rule outlines the requirements for this position, so be sure your institution gives your leaders what they need to succeed.
  • Inadequate internal audit: Audits should be performed by AML/CFT-trained professionals. Remember, a 100% clean audit could be a red flag that something is being missed.
  • Insufficient BSA training: Remember that not one size fits all and that training should be tailored to the position and specific threats to your institution.   
  • Insufficient AML/CFT program resources: This includes staffing, technology, and financial support.
  • Customer due diligence (CDD) onboarding processes are insufficient: Ensure your front line obtains all know your customer and other customer due diligence information according to written policy and procedures.
  • Incomplete higher-risk customer documentation and review: Ensure your enhanced due diligence efforts are thorough, comprehensive, and completed periodically using a risk-based approach.
  • Procedures do not match board-approved policy: Compare the two documents to confirm they are aligned.
  • Risk assessment is not thorough enough or not current: Ensure that your enterprise-wide risk assessment includes all areas of risk and dives into deep analysis where inherent risk is higher. Be sure to include all requirements from the new AML/CFT program rule.
  • No optimization of suspicious activity monitoring parameters: Be sure that your AML software is calibrated at the optimum level so that suspicious activity is not missed and false positives are minimized. Be sure to include above-the-line/below-the-line testing.
  • No model validation performed on an automated system: This is essential for AML/CFT software and must be current.
  • Repeated findings or inaction from the institution: Ignoring past findings is a surefire way to be criticized. Ensure all past audit and exam findings are remediated.
Conclusion

The keys to success

Preparing for your next BSA exam doesn’t have to be overwhelming. Being proactive and intentional in your examination planning shows examiners that you are confident in your AML/CFT program and that your team takes compliance responsibilities seriously. To recap the top steps for a successful exam:

  • Designate centralized communication
  • Be forthcoming about all aspects of your AML/CFT program
  • Build relationships with your BSA examiners based on trust and aligned goals
  • Keep promises and follow through to examiners and senior management
  • Be responsive to your examiners with answers and requested documentation
  • Cooperate and choose your battles when necessary

Once your exam prep plan is in place, start working on the steps immediately so it doesn’t become overwhelming. Delegate duties and ask for help. Preparing for all aspects of your AML/CFT program for review should avoid severe criticism. After all, the requirements for an exam are written in the FFIEC BSA Examination Manual, so there should be no surprises. Use the manual and the new AML/CFT program rule as your outline, and you and your financial institution will be set up for success. With a strong culture of compliance and a proactive approach, your exam will be an opportunity to demonstrate your institution’s commitment to stopping financial crime. Download our BSA Exam Prep Checklist and start your plan now.

Learn more by watching the webinar, "BSA exam prep 101: Hot topics"

keep me informed Watch Webinar
Blog

How to avoid costly BSA enforcement actions: Proactive steps for bank compliance

Read More
Blog

Suspicious activity monitoring: Keys to strengthening your AML/CFT program

Read More
Blog

AML program productivity: Boost the impact of AML investigations

Read More
About the Author

Terri Luttrell, CAMS-Audit, CFCS

Compliance and Engagement Director
Terri Luttrell is a seasoned AML professional and former director and AML/OFAC officer with over 20 years in the banking industry, working both in medium and large community and commercial banks ranging from $2 billion to $330 billion in asset size.

Full Bio

About Abrigo

Abrigo enables U.S. financial institutions to support their communities through technology that fights financial crime, grows loans and deposits, and optimizes risk. Abrigo's platform centralizes the institution's data, creates a digital user experience, ensures compliance, and delivers efficiency for scale and profitable growth.

Make Big Things Happen.