In this Compliance Clip (video), Adam explains two things that came from the recent interagency statement on BSA enforcement - one of which is quite enlightening when it comes to the 4 (or 5) pillars of BSA. WARNING: BSA geeks may find this video entertaining.

Video Transcript

The following is a transcript of this video:

This Compliance Clip, we're going to talk about the interagency statement on BSA enforcement. This was a statement that came out by the regulatory agencies – the Federal Reserve, the FDIC, the OCC, and the NCUA – all came together and issued this joint statement. FinCEN actually issued their own statement separately, but we're not going to talk about it in this clip. 

This is a topic that we actually discussed in our Fall 2020 Quarterly Compliance Update and it’s something we also talked about in our BSA Annual Update that was released in the fall of 2020. I figured I would share this with you because in November of 2020, we're celebrating BSA month here at the Compliance Cohort, just for fun. It's our BSA month and we just figured it would be fun to focus on BSA this month. 

This was something that was released in August of 2020. Again, it was by the regulators and it told us a couple of things that were interesting. First of all, it told us, not much, but then it told us something that I find interesting because it's something that's been a topic of debate for some time. The first thing it told us that there's no new regulatory regulatory requirements as part of this statement. What the statement is really doing is describing the circumstances in which an agency, like NCUA or Federal Reserve, OCC, or FDIC, will issue a mandatory cease and desist order to address noncompliance with BSA/AML requirements. What they're talking about here is when they're going to issue a public enforcement action, because cease and desist orders are public enforcement actions, typically, so they're talking about when they would do that. What they say is that isolated or technical violations and deficiencies are generally not considered the kinds of problems that would result in this type of enforcement actions, especially not a public enforcement action. If you had some major issues where you’re harming consumers or had major flaws, then of course you could end up with a CMP.

They gave a couple of examples of types of clients failures that will result in a cease and desist order. There are two categories that are specifically discussed in the statement. The first category is very important, that is if your organization fails to establish and maintain a reasonably designed BSA/AML compliance program. Of course, if you don't have a BSA program, you're going to end up with a cease and desist. Stop that practice until you fix it. The interesting thing is where do we draw the line? What is considered a reasonably designed BSA/AML compliance program? Because if we have a lot of deficiencies in our CIP process and our customer identification program and identifying customers and account opening, then that may be that we don't have a reasonably designed BSA/AML program. My point here is technical deficiencies, that they talk about on this top bullet point, is typically not going to result in a cease and desist. It could, if it ultimately turns into the opinion that you failed to establish and maintain a reasonably designed BSA/AML compliance program for the size and complexity of your organization. I think we understand that  and I think this really isn't telling us anything we don't know. So they're just reiterating the statement.

The other thing they say here, another thing that would result in a cease and desist order, is if you fail to correct previously identified issues. I’ve been saying for years that this is the most important thing you can do as a BSA officer and if you're talking about compliance, as a compliance officer, to correct previously identified issues. If you don't, you will have problems and they're really just reiterating this here. So if you have repeat violations, exam after exam, they may end up issuing a cease  and desist order. That's the first thing they told us.

What they also do is they go on and tell us something else that's pretty interesting here. They say that the statement also addresses how the agencies are going to evaluate violations of individual components, which is known as the pillars of the BSA/AML compliance program.

When talk about pillars, how many pillars are there for BSA? How many? Well, traditionally there's been four, right? Then with the ultimate beneficial ownership rules, they started talking about a fifth pillar, did they not? They did! There's been discussion on whether there's four pillars or five pillars and now what they did in April of 2020 this year, they revised the BSA Exam Manual to kind of take away the language of pillars. They really took away the language of pillars. They're not quite using that exact language anymore, but the statement's still talking about it. What they said is this, “The statement also describes how the agencies are now incorporating the Customer Due Diligence regulations and record keeping requirements, the recent rules, into the internal controls pillar of a bank's BSA/AML compliance program.” All that fuss that they made about this being a fifth pillar, they’re now just incorporating that into one of the existing four pillars. 

The answer to the question of how many pillars do we have is really just four. They talked about going with five, but they decided to roll the ultimate beneficial ownership rules into that pillar relating to internal controls. It really covers all those pieces of the BSA/AML program. And there are many pieces, there's a whole bunch of pieces. We actually break out those pieces when we go into our BSA Bootcamp, which is a product we have in our store at compliancecohort.com. We spend three and a half hours of education in that program talking about all the components. When we get to internal controls, we spend a ton of time focusing on all those different elements, things like CIP beneficial ownership, monetary instrument logs, record keeping requirements for wire transfers and so on and so on and so on.

That is something new. This is interesting that they rolled that fifth pillar back in so there’s only four pillars but they're kind of taking the language away from the four pillars. This is an interesting interagency BSA statement. Well, it didn't tell us a lot. It did tell us a little bit, and for us BSA nerds, we love this kind of information. So it's pretty enlightening from my BSA-geek standpoint, which I tend to fall into that category.

That's all I have for you today. If you want to take a deep dive into BSA this month, you can do that, or any month, whenever you are watching this video. In our store, we've got some deep-dives. We have our BSA Bootcamp, which as I said is a very intensive BSA program going over all the foundational requirements you need to have in the four pillars of your BSA/AML program. We also have a BSA Annual Update that’s in our store. You can take a look at it. We have different training, a basic BSA program and we also have a BSA Training for the Board of Directors and an Annual BSA Update for the Board. So lots of BSA opportunities if you want to take a deep dive and join your fellow BSA nerds while we do it.

That's all I have for you today.