This post, originally published Jan. 3, 2022, has been updated.
AML quality control: Strong QC can prevent BSA violations
December 9, 2024
Read Time: 0 min
Tips to strengthen financial institution AML/CFT quality control
Make sure your AML/CFT program meets program expectations with a risk-focused emphasis on controlling quality.
Key topics covered in this post:
What kind of monitoring for quality ensures compliant AML efforts?
Effective AML/CFT programs require quality control.
Robust policies and procedures are cornerstones of anti-money laundering/countering the financing of terrorism (AML/CFT) efforts. But sufficient quality control helps financial institutions execute those effectively to avoid Bank Secrecy Act (BSA) violations.
In other words, if robust policies and procedures are like the blueprint and seeds for a garden, then quality control is like the gardener inspecting the soil and plants throughout the growing season to make sure everything is growing as intended.
Unsure where to start with AML/CFT quality control? Let our Advisory Services team help.
Connect with an expert
Hawkins
That’s why quality control efforts—like risk assessments—have long been recommended and assumed to be necessary for a strong AML program. A recent consent order, however, could mean an emphasis on quality control will be a theme during upcoming exams—even for smaller institutions, according to Josh Hawkins, Director of Abrigo Advisory Services’ Financial Crimes Investigation Unit.
FDIC requires quality control at a small institution
The September consent order, issued by the FDIC and the Illinois Department of Financial and Professional Regulation, required an institution with assets below $1 billion to ‘establish satisfactory quality control procedures over the alert clearing and investigation process.’
“The consent order required the affected bank to establish ‘satisfactory quality control procedures’ over the alert clearing and investigation processes for suspicious activity monitoring and reporting,” Hawkins said. The order further required a training program that incorporated quality assurance to ensure that staff implemented training objectives.
A 2021 enforcement action involving $8 million in AML fines was another reminder of the importance of AML quality control. In that case, a bank was cited for numerous BSA violations related to failing to adhere to its program procedures, despite having an AML program and BSA/AML software. Other troubles included neglecting to file timely and complete suspicious activity reports (SARs) on roughly $100 million in suspicious activity, according to consent orders from the Office of the Comptroller of the Currency (OCC) and the Financial Crimes Enforcement Network (FinCEN).
Understaffing and other inadequate resources for the bank’s AML compliance office between 2015 and 2019 played a role in FinCEN’s decision to impose the fine, according to the consent order. However, one point FinCEN made in the enforcement action was that three BSA analysts—each reviewing an average of 100 alerts a day—were also tasked with regularly providing quality control review for one another.
That type of volume “meant that BSA analysts often did not review supporting documents (cash deposit slips, wire transcripts, check images, etc.), although all of this information was readily available,” the consent order said.
In other words, understaffing issues thwarted the ability to provide quality control that ensured AML program goals were being met.
Ensuring program requirements are met
The procedures that financial institutions develop for their suspicious activity monitoring programs are designed “in a way to make sure that you're adhering to the regs and running a tight ship,” Hawkins said. “What the QC can do is come in behind and ensure that the intended outcomes are being achieved by the activities of your institution’s procedures.”
Regulators expect financial institutions to maintain a quality control program, even if one is not explicitly mandated, he noted. In fact, if regulators are scrutinizing your quality control, it’s likely because they’re finding other problems with your AML program, Hawkins said.
Hawkins believes AML quality control is particularly essential as more financial institutions combine AML/BSA and fraud programs.
A BSA/AML and fraud staff survey by Abrigo in 2021 found that two-thirds of respondents said their financial institution’s BSA department also covered fraud. Based on their responses, combining fraud and AML departments is more common among smaller institutions, which is perhaps unsurprising due to limited resources. Sound quality control can ensure compliance and prevent money laundering and fraud as banks and credit unions continue to blur the lines between the two areas.
Recommended practices for controlling AML quality
How can financial institutions develop strong quality control?
If staffing is an issue impacting the program, an AML staffing assessment might be a good place to start, given the regulatory emphasis on institutions having a strong culture of compliance. An AML staffing assessment can:
- uncover bottlenecks in processes that are costing staff valuable time
- highlight the possible need for short- or long-term assistance to clear backlogs, or
- make a case for adding more people when the workload has grown beyond the current staff level.
Align with the latest AML/CFT program requirements. Download this readiness checklist to proactively address compliance expectations.
keep me informed DownloadRisk-based and written QC
Above all, quality control should be tailored to the institution’s risks, just as all aspects of an institution’s AML program should be risk-based. Hawkins said that QC policies, procedures, and results should be based on the institution’s unique fingerprint.
AML/CFT Officers should document quality control policies and procedures to ensure they are communicated and followed by front-line staff. However, the details of the quality control review will depend on several factors.
For example, reviewing alerts is a major part of the AML program, so an AML team’s alerts will certainly receive scrutiny. However, a new employee might receive quality control examination on 100% of their work reviewing alerts during and soon after training. QC reviews could be lowered to 5% to 10% of the work on an ongoing basis once the expected quality target is achieved and maintained. Similarly, an employee with recent quality issues might need to have a higher percentage of alerts reviewed for a period of time until they lower their error rates, Hawkins said.
Emphasize case reviews in quality control efforts.
Quality control programs should typically review a higher share of cases on an ongoing basis than alerts due to the more complex due diligence required to investigate cases, Hawkins said. SARs typically go through additional due diligence, such as a SARs Committee and the BSA Officer, before being filed to FinCEN, which provides inherent quality control for those investigations, he added.
The criteria used to select alerts, cases, or enhanced due diligence reviews for scrutiny might vary by financial institution. Hawkins said that among the risk-based criteria frequently used for QC reviews are:
- the reason for the alert
- a certain occupation or business type
- specific transaction amounts or ranges
- specific sources/uses of funds
AML documentation quality control
An essential component of AML quality control is reviewing documentation tied to investigations to ensure it supports the disposition of the investigation or analysis. The resolution should be clear and decisive, and documentation should support the reasoning behind the disposition (either clearing or escalating) of the alert or case. BSA/AML software can automate the documentation behind decisions, contributing to efficient, compliant programs.
“In many cases, if a financial institution is understaffed and having difficulty keeping up, things start to slip, including their documentation,” Hawkins said. However, “You want to be able to look at an alert one month later and say, ‘I see why they cleared it.’ A note that just says, ‘Reviewed it; nothing suspicious’ – that’s not sufficient.”
Similarly, documentation for customer due diligence (CDD), 314(a) and 314(b) requests and responses, beneficial ownership information, and Office of Foreign Asset Control (OFAC) and Section 311 searches should be reviewed for completeness.
Timeliness as a component of AML QC policies, procedures
AML quality control policies and procedures should also address the timeliness of the financial institution’s AML reporting. Hawkins recommends examining how long it’s taking staff to file Currency Transaction Reports (CTRs) and SARs, including renewals for continuing activity. Financial institutions have 15 calendar days from the reported transaction to file a CTR and must file an initial SAR within 30 days of an institution determining one should be filed.
Deadlines for timely SAR filings highlight the difficult balancing act required of AML/CFT Officers, especially in smaller institutions where the same staff performing work on alerts, cases, and SARs are also performing quality control reviews.
“You don’t want quality control to supersede the regs,” Hawkins said. “But what you don't want to happen is to be 6 to 10 months behind on your QC either.” Ideally, quality control should occur the month after work is performed, he added.
Again, the frequency of QC reviews should be risk-based. For example, investigations tied to higher-risk activities might need to be reviewed for quality control more frequently, perhaps weekly.
Quality control can head off trouble down the road for BSA/AML and fraud departments. Hawkins said taking the time to establish a QC program, document it, and execute it on an ongoing basis can ensure that program objectives are being met.
“Trust but verify,” he said.
Building or maintaining a robust AML program can seem daunting, but it doesn't have to be. For financial institutions that need assistance in enhancing their programs, remediation assistance is available through BSA/AML consulting and advisory services.
Key Takeaways
A recent consent order could mean that an emphasis on AML quality control will be a theme during upcoming exams.
AML quality control efforts, like all aspects of AML programs, should be tailored to the institution's unique risks.
Reviewing documentation tied to AML investigations is one of the essential activities that will help control quality .
Find out how Abrigo Fraud Detection stops check fraud in its tracks.
fraud detection software
About the Author
