BSA is Good for You and Especially Good for your High Risk Customers!
We hope that title got your attention! It certainly got our attention when the comptroller of the currency Tim Curry said it recently! When Mr. Curry was speaking before the Association of Certified Anti-Money Laundering Specialists convention earlier this year , he noted that when a financial institution has a strong BSA program, its ability to service high-risk clients increases.
One of the many points that Mr. Curry was making goes against trends that we often see in banks, when regulators increase the focus on a given area, the tendency is to cease the product line or service being offered. One obvious example of this tendency was the response from many banks to the Qualified Mortgage rules. These rules required the lenders who originate higher priced mortgages to fully document the borrower’s ability to repay the loan before the loan was made. The rule carved out a “Safe Harbor” for banks that did not make higher priced mortgages. This exception, the qualified mortgage (“QM”) exception, became the path of least resistance to many banks. As of today there are still many banks that have decided to limit the non “QM” activity to zero. In point of fact, a quick review of the requirements for documenting the ability to repay, reveals that these requirements are little more than best practices for lending that have been established for many years.
Mr. Curry pointed out that in many cases, banks suffer from similar over reaction in the BSA area. Just because there is a great deal of attention paid to BSA, doesn’t mean that banks should immediately stop servicing high-risk clients.
Common Problems with BSA
- The biggest areas of concern for BSA be can be categorized into four major areas, according to Curry:
- The culture of Compliance at the Bank
- The resources (or lack thereof) that are dedicated to BSA
- The strength of the information technology
- The quality of risk management
- It is interesting to note that the very first item on this list is the compliance culture of the bank. Regulators have made it clear that in 2014 and beyond, the area of compliance will directly impact the “M” in a banks CAMEL ratings. The expectation is that senior management including the Board of Directors will make compliance an issue that is fundamental to the ongoing operation of the Bank.
The implications for the AML/BSA compliance program are clear; regulators expect that banks will spend the necessary resources to fully staff and administrate BSA/AML compliance. Further, accountability for compliance rests at the highest levels of management at the bank.
While all of this may seem ominous, it can actually result in a positive outcome. The flip side of the coin is that when resources are properly allocated and the CMP is strong, there is absolutely no reason to turn large amounts of high-risk business away. This is not to say that a bank can use the excuse of a strong BSA program to add any and all high-risk clients. It does however, mean that with the proper screening and monitoring, banks can offer their natural clients a full range of services. So how does one get the Bsa Department in shape? We have a few suggestions.
Suggestions for Strengthening the BSA Program:
Make the BSA/OFAC Risk Assessment Process More Dynamic
This is oftentimes a document that is often either overlooked or completed as a “fill in the blanks” document that captures general information about BSA risks. It is also extremely rare that at the end of reviewing the BSA assessment significant change is generated. We recommend the risk assessment process should be dynamic. Not only should all department heads have input, but also the conclusion from the document should be incorporated into the decisions for resource allocation to the BSA department. In this manner, the risk assessment is tied directly to the resource allocation, the compliance culture and strength of monitoring technology. Discussions about the plan should be comprehensive and evidence that senior management and the Board have fully considered the risk associated with BSA and made decisions based on that risk. The level and quality of training should also be tied directly to the risk assessment review process.
Combine CIP/EDD with Business Development
In many banks, the business development department works at cross purposes with the BSA department. While account officers do their best to obtain new clients by signing them up to as many new products as possible, the requirements of CIP can feel like they are in the way of the relationship. Oftentimes, pertinent information about the client is not passed on to the compliance staff. Many times, only the basic CIP data is obtained and the BSA staff is left to try to develop a risk profile using limited information. However, it is often the case that it is the account officer that knows these customers best and can/should be able to fully describe what it is that they do. We recommend that banks attempt to get the Bsa and business development units to work together to produce EDD that is based upon knowledge of the customer, knowledge of the industry and knowledge of the requirements of BSA.
Develop Training that Meets the Specific Needs of Your Bank
Online training for staff is widely accepted and fine for a start. However, we recommend that you augment this training with information that is specific to your client base. For example, a bank that serves an area that has a great number of high tech firms can greatly enhance its BSA program by training staff the operations of these firms. Is it likely that a high tech firm would have a large number of cash deposits? Probably not! On the other hand, such a firm would be likely to send wires to foreign countries. If staff at the bank have been well informed, they can recognize a suspicious transaction even before software might have a chance to do so. In addition a well-trained and well-informed staff can perform much more effective and complete risk management.
Technology must be powerful AND Match the Abilities and Skills of the BSA staff
We have had the experience more than once of meeting with a client who had purchased powerful BSA/AML software, only to become frustrated and resort back to manual monitoring. Oftentimes, the thinking of senior management was that the examiners have told the bank that they need software and the response has been to buy software, get the basic training that come with the software license and wait for miracles to happen. Unfortunately the trainers from the software companies are focused on the operation of the software and not the meaning of the reports that are generated. It is critically important that when considering upgrades that the upgrade are comprehensive. Make sure that the BSA staff knows how to use the software in a manner that is most effective.
At the end of the day, regulators are not advising banks to run away from high risk clients, but instead to be ready, willing and able to handle the risk. So a strong BSA program is good for one and all!
 Remarks by Thomas J. Curry, Comptroller of the Currency, before the Association of Certified Anti-Money Laundering Specialists. Hollywood, Florida. March 17, 2014
James DeFrantz is a Partner in Atlanta-based financial services industry consulting firm Bank Solutions Group. [email protected]