The Bank Secrecy Act and anti-money laundering system validation

Authored by Jennifer Kincel

While existing in a COVID-19 banking environment, financial institutions need to look internally at their compliance monitoring programs and re-evaluate processes, procedures and controls to ensure compliance in a COVID banking environment. This enhanced compliance monitoring should be completed based on the institutions perceived risk levels. Following, we will discuss the impact of the pandemic on the Bank Secrecy Act (BSA) and fair lending.

BSA and COVID-19

From remote work to surging first-time online banking users, the COVID-19 pandemic has had a widespread impact on customer behavior and compelled institutions to adopt new business-as-usual processes. However, these changes have also amplified the challenges for financial crime management programs at institutions of all asset sizes.

Regulators want to know how COVID-19 is affecting your institution and the business continuity plan. Have there been any cases, local outbreaks, staffing issues or any impact to the business, and to what business areas, including compliance? Has the institution developed any problems in OFAC filtering and transaction monitoring and are there backlogs developing? If your BSA department is large enough, can it be split into “teams” with an alternating on-site (if necessary) schedule? If so, does that allow you to meet your requirements? If that’s not enough, what then? How do you plan on managing EDD reviews if your local government requests that you self-quarantine? At what point, if ever, would your bank close the branch doors and not allow for opening of new accounts? How will you handle in-person transactions or large-dollar transactions? If there is an expectation that BSA/AML transaction monitoring alerts and case backlogs can come about – is there an escalation process to devote additional resources to ‘cap’ the backlog and bring about reduction?

Criminals are primed to take advantage of the fact that banks are running on “skeleton crews” – banking on the fact that there may be weaknesses that can be exploited. During this time, banks still need to complete daily monitoring, possibly with less resources. The pandemic has necessitated banks to have employees work remotely, which is likely causing issues with accessibility and the ability to timely spot and discuss potential suspicious activity. For banks with manual processes, remote working arrangements could have an even greater impact.

Changing customer behavior as a result of the pandemic can increase false positives for fraud and AML compliance professionals to review. Changes in customer behavior has included increased online banking due to closure of branches and dramatic increases in large cash withdrawals by concerned consumers, to name a few. A review and possible revision of AML software filtering criteria may need to be considered based on the change in customer behavior.

In an update, FinCEN declared that it “expects financial institutions to continue following a risk-based approach, and to diligently adhere to their BSA obligations,” although FinCEN also states that it “appreciates that financial institutions are taking actions to protect employees, their families, and others in response to the COVID-19 pandemic, which has created challenges in meeting certain BSA obligations, including the timing requirements for certain BSA report filings.” FinCEN also encourages financial institutions to contact their functional regulator(s) or other BSA examining authority as soon as practicable if a financial institution has BSA compliance concerns because of the COVID-19 pandemic.

Fair lending and the pandemic

The pandemic resulted in a sharp inflow of consumer requests for forbearance or modifications and could result in increased fair lending issues, meaning that banks need to re-visit their fair lending risks.

Areas to consider include:

  • Policy and procedures: Bank policies and procedures should be updated to reflect the temporary changes to the lending process and these updates should be communicated to staff. This will ensure that customers are offered a consistent product vs. one customer receiving a payment deferral while another is required to make a partial payment.
  • Denials: A bank’s loan application denial should be reviewed. A second review process should be implemented to verify that the reasons for denial are supported by information in the credit file. Additionally, the review should also ensure that adverse action notices were delivered in a timely manner.
  • Tracking complaints: Banks should be monitoring and tracking complaints. Analysis of the complaints received will help identify areas of risk that will need to be reviewed in greater detail. Additionally, compliant trends should be reported to senior management.
  • Assessment area/redlining: With the ability for consumers to apply for Paycheck Protection Program (PPP) loans, this may cause many banks to review where the applications are geographically. Are their more loans outside of their assessment area? Have banks changed their assessment areas through the acceptance of these PPP loans?
  • Internal compliance monitoring: The compliance area should review their risk assessment to ensure no material changes in coverage or monitoring are required. This review should ask if there are additional tools needed to monitor compliance based on the changes in the customer’s transaction activity. And did the bank implement online an online application process and origination process?

While the coronavirus vaccines have brought some amount of hope for an end to the pandemic and quarantine restrictions, the accelerated changes in customer behavior are not guaranteed to reverse. This new reliance on remote working and online banking could become a new standard that will impact how the banking market addresses BSA and fair lending practices well into the future.

For more information on this topic, or to learn how Baker Tilly’s banking and capital markets industry Value Architects™ can help, contact our team.

Lawyer sitting at desk reviewing papers
Next up

How Section 280E is hindering the cannabis industry