Blog post

BSA/AML Program Fundamentals: An Introduction to the Five Requirements of a BSA/AML Program

Well-built structures have many things in common, and most structures start with a good foundation. The foundation is critical as it supports the building of the rest of the structure. Quality materials, well-trained construction professionals, prudent leadership, sound construction practices, and routine inspections all contribute to the optimal performance of a structure’s foundation. Understanding the geography of the building site often determines the methods, expertise and materials needed to establish the foundation, which ultimately influences the rest of the building’s structure.

Similarly, a BSA/AML Risk Assessment provides the details, or blueprint, specific to the financial institution’s understanding of its risk and provides a basis for how and where to mitigate said risk. Consequently, the foundation of a financial institution’s BSA/AML Risk Management Program is dependent on the health of its pillars. While not called out specifically as pillars, the BSA/AML Manual located within the FFIEC BSA/AML InfoBase calls out the following requirements for an adequate BSA/AML compliance program directly:

    • A system of internal controls to assure ongoing compliance.
    • Independent testing for compliance to be conducted by bank personnel or by an outside party.
    • Designation of an individual or individuals responsible for coordinating and monitoring day-to-day compliance (BSA compliance officer).
    • Training for appropriate personnel.
    • …(A) customer identification program (CIP) with risk-based procedures that enable the bank to form a reasonable belief that it knows the true identity of its customers.

It is these five requirements that constitute the often-cited “Five Pillars of a BSA/AML Program.” Considering these as requirements, it is a fair assessment of your program to consider each of these when determining the health and strength of your institution’s BSA/AML program. From a holistic standpoint, any weakness in one area affects the health of the entire foundation. For example, having a good training program without a good system of internal controls makes the training program less effective. Similarly, having an inadequate internal audit function only sets up the compliance officer and financial institution for failure down the road. Having stagnant policies without periodic review may point to further compliance gaps that are unanticipated by the institution.

On the other hand, maintaining a strong independent audit program only makes the internal controls and CIP program stronger, which in turn can lead to a well-versed BSA compliance officer with adequately trained staff that confidently affect the entire financial institution’s culture of compliance. A healthy culture of compliance reflects well on the safety and soundness of a financial institution, which in turn provides opportunities for growth and results in a positive reputation.

Over the next few months, we will begin discussing in the blog the various details of each of these five requirements. It is our hope that the reader takes away from this effort the overall goal of BSA/AML Compliance so that strategizing how best to use BSA/AML software systems, such as our own SimpliRisk application, lines up with their own institution’s needs and aspirations, while giving all readers an equal understanding of how PayLynxs interprets and views the “five pillars” of a sound BSA/AML Risk Management Program.

About the writer

Dave Gowan

Dave brings a unique blend of experience as a former investigator and compliance officer with multi-billion dollar asset financial institutions. Dave has a 15+ years of career experience from the armed forces; to financial crime / fraud investigation; to complete compliance officer responsibilities. Dave brings a pragmatic and practical approach to the industry, grounded in fact and working knowledge of financial regulations. Dave has been with PayLynxs for over 4 years.