How to train your organization to achieve BSA/AML compliance

Employee training is more than just a pillar of Bank Secrecy Act/Anti-Money Laundering compliance – it is a fundamental exercise that embeds the regulatory requirements and your company’s risk profile into your organization’s culture and your employees’ roles. As part of your Bank Secrecy Act/ Anti-Money Laundering (BSA/AML) compliance program all financial institutions must provide training for appropriate personnel.

Regardless of your regulator, the guidance provided is the same. More specific guidance is provided in the Federal Financial Institutions Examination Council (FFIEC) Exam Manual which says training should “cover the aspects of the BSA that are relevant to the bank and its risk profile”, and “appropriate personnel includes those whose duties require knowledge or involve some aspect of BSA/AML compliance." As a result of the general guidance provided, many financial institutions have training programs that provide only standard training such as BSA/AML-related definitions and regulatory history. These institutions are missing the opportunity to provide employees with actionable knowledge and could be falling short of regulatory expectations.

Enhancing BSA/AML training to move past providing generic, industry knowledge to a more institution-specific experience, provides a critical risk mitigation control. We are increasingly hearing examiners emphasize that training programs need to be job-specific and customized to your institution’s risk profile, policies, and procedures. This means your bank tellers have different training than your CFO, who has different training than your VP of Retail Lending, and on and on. To ensure your employees and board are properly trained we suggest developing and delivering training programs that use:

• The financial institution’s current BSA/AML risk assessment
• Institution and job-specific policies and procedures
• Transaction monitoring scenarios currently used by the institution to monitor for money laundering and terrorist financing

Providing information and examples that are specific to the institution will allow employees to move past baseline training and progress to training that more significantly resonates with them.

The Board of Directors (BOD) rely on senior management to provide training that meets their needs. After establishing an understanding of the regulatory requirements, the BOD will then be equipped to create a plan highlighting the specific management of these risks by the institution. Since BSA/ AML is a complex and highly regulated area, it should be an agenda item for every BOD meeting to discuss items such as:

• The number of suspicious activity reports (SARs) filed
• Current BSA/AML concerns or issues
• Ongoing training on the continued management of BSA/AML compliance

The Board of Directors (BOD) rely on senior management to provide training that meets their needs. After establishing an understanding of the regulatory requirements, the BOD will then be equipped to create a plan highlighting the specific management of these risks by the institution. Since BSA/ AML is a complex and highly regulated area, it should be an agenda item for every BOD meeting to discuss items such as:

• The number of suspicious activity reports (SARs) filed
• Current BSA/AML concerns or issues
• Ongoing training on the continued management of BSA/AML compliance

Financial institutions should provide multiple, specialized training courses tailored to each position within the institution that supports the BSA/AML compliance program. This requires an understanding of the roles and responsibilities within the institution to provide meaningful training. Training for tellers should confirm not only a general understanding of BSA/AML but also provide institution-specific examples of the role that they play in compliance (filing CTRs, identifying and reporting suspicious activity, responding to customer inquiries on BSA/AML topics, etc.) and the penalties if the institution is found to violate any of the BSA/AML regulatory requirements.

BSA/AML training is not a one-and-done proposition; it's an ongoing effort. Similar to surprise audits, regularly scheduled BSA/AML knowledge testing should be included as a training component within the compliance program. With online training becoming more common, financial institutions should not fall victim to having only one delivery vehicle for training. Face-to-face training lets your employees know that you value them and is a great way to obtain the feedback needed to improve your program and address questions that are critical to employee development. It also allows you hear from the “boots on the ground” – to understand risks from their perspective and interactions with customers directly.

BSA/AML training programs are frequently developed with little thought, often focusing on providing a simple and easy-to-deliver session and not on developing critical content that puts things in the context of your unique risk profile and clearly articulates the “why”. Consider your training program as an internal control. You spend a lot of time validating that you have internal controls in place for the various risks within the institution and your training program should take the same approach.

Help each employee understand their role by providing clear explanations of why each policy and procedure is important and the impact that it has on the community. Leverage your risk assessment to map a training module to each risk associated with BSA/AML, which will help to demonstrate to regulators that your institution:

• Understands BSA/AML requirements
• Developed your institution’s compliance programs using a risk-based approach
• Understands where risks reside within your institution
• Trained all employees appropriately on key compliance issues and risks

Let Baker Tilly’s seasoned Financial Crimes professionals help you in developing and delivering a training program that is relevant to your financial institution and will exceed regulatory requirements.