- 35 years of government and private sector experience in law enforcement, regulatory and management expertise in the areas of regulatory compliance, financial crimes and customs violations
- Expertise includes independent reviews and investigations, threat/risk assessments, domestic and international training, expert testimony and anti-money laundering program development
- Former Deputy Director, Financial Crimes Enforcement Network (FinCEN) of the U.S. Department of the Treasury
- Former Executive Director of Operations, Director of Financial Investigations, Group Supervisor, and Special Agent for the U.S. Customs Services
- All 10 Best Practices
- Pre-Call Discovery Process
- One-on-One Call with Expert
- Session Summary Report
- Post-Session Engagement
- An MSB does not have written policies and procedures tailored to the company's specific activity.
One of the critical components of an anti-money laundering program is written policies and procedures, also referred to as a BSA/AML compliance manual.
While generic policies and procedures may be available online or from various vendors, companies must ensure that their compliance manual has company-specific procedures. Regulatory examiners will not accept generic policies and procedures and will list the lack of a company-specific compliance manual as a critical finding.
Policies and procedures must include or address:
- Designation of a compliance officer
- A training program addressing money laundering issues specific to the MSB's products and services
- Transaction monitoring specific to the MSB's products and services
- Suspicious activity specific to the MSB's products and services
- Document filing and retention
- Customer identification specific to the MSB's products and services
- Law enforcement inquiries
- An independent review process
- An MSB has not conducted a risk assessment and the policies and procedures are not risk-based.
All AML policies and procedures must be based on an assessment of the risk that the company faces regarding its products and services. The risk assessment should include products, customers and geographic areas served.
While regulations do not require MSBs to have a written risk assessment, the company should be able to articulate the process that it conducted to identify its risks. Policies and procedures should be drafted to address the identified risk.
- Procedures followed by an MSB are not in compliance with its written program documents.
MSBs must ensure that all processes and procedures written in the compliance manual are, in fact, followed in day-to-day business activities. Failure to follow written procedures will result in a significant finding by regulators. Company policies and procedures should be realistic and the company must have adequate resources to comply with those stated policies.
- An MSB compliance officer is not given the authority or resources to manage the AML compliance program.
Management must insure that the compliance department is staffed to address the risks identified in the AML risk assessment. Additionally, the compliance officer must be given appropriate authority to manage the compliance function of the MSB. Ideally, the compliance officer should report directly to the board of directors, or the CEO of the MSB.
- An MSB compliance officer does not have the required background and experience.
While regulations do not specifically list qualifications an MSB compliance officer must have, the compliance officer is expected to have sufficient background and training to lead the AML compliance program. Failure to have a qualified compliance officer will result in a significant finding by regulators. Additionally, executive management must ensure the compliance officer has adequate authority and resources to manage the AML program.
- AML training for all required employees is not documented and/or current.
A critical element of an MSB’s AML program is training for all employees who are involved in the regulated financial service. Training must be documented, including name of employee, date trained, training subject and trainer's name. MSBs are expected to provide periodic refresher training to employees. Refresher training must be also be documented in the same manner.
- An MSB does not exercise adequate supervision and oversight over its branches and agents.
Regulations require licensed MSBs to have oversight and control over their authorized delegates or agents. It is expected that the licensed MSB provide an agent compliance manual, conduct agent training, monitor transactions and conduct examinations of their agents.
If licensed MSBs identify discrepancies in an agent's AML controls, it must take appropriate action. All oversight activity must be fully documented. Regulators hold licensed MSBs responsible for their agent activity and will issue fines and penalties to the primary MSB if its agents are non-compliant.
- Independent reviews of an MSB’s AML program are not conducted or are inadequate in nature.
A key component of an AML program is the periodic review of the company’s AML policies and procedures by an independent party. The review must be conducted by an individual or company who has sufficient background and knowledge of the MSB industry as well as current AML laws and requirements.
The review must include an assessment of the primary requirements of AML compliance programs as well as a test to confirm that the MSB is following the procedures listed in the MSB's AML compliance manual. The frequency of the review is based on the company’s product and services risk.
- An MSB's top leadership has not been briefed on regulations regarding money laundering, terrorist financing, foreign corrupt practices and other financial crimes.
An MSB's senior management and board of advisers or directors must be fully aware of the AML laws and regulations governing the MSB. They must also review the MSB's AML policies and procedures. The approval of any AML policy must be documented in writing.
Executive management should be briefed on significant AML issues on a periodic basis or as the issues dictate. Briefings should include regulatory examination indings, numbers of government forms filed, law enforcement requests for information, training updates and AML trends and patterns that affect the MSB industry.