On Feb. 8, 2016, the Federal Register comment period closed for the NCUA's proposed reform of the field of membership regulations. Credit unions considering an expanded FOM must also consider the impact of an expanded FOM on their existing Bank Secrecy Act/Anti-Money Laundering programs. A more expansive FOM would create a more expansive BSA/AML burden.
An expanded FOM will potentially impact a credit union's entire BSA/AML program, but areas with the greatest impact are likely to be the customer identification program, the independent testing requirements, and training and enforcement risk.
In addition, on July 30, 2014, the Financial Crimes Enforcement Network, a key BSA/AML regulator, issued a Notice of Proposed Rulemaking to clarify and strengthen customer due diligence requirements as a fifth pillar under BSA/AML compliance programs. Under the proposed rule, financial institutions would be required for the first time to identify and collect information on the beneficial owners of their legal entity customers and treat CDD as a pillar.
One argument banks have made against an expanded FOM is that they have stronger compliance programs with extensive BSA/AML staff and supporting BSA/AML technology. Banks argue that credit unions, which have limited compliance resources, may become more attractive venues for financing criminal activities. Despite this claim by banks, credit unions often have the advantage of a more intimate relationship with their members.
However, as the membership and FOM expand, credit unions must be prepared to adjust their BSA/AML programs. A CIP program, which is adequate for a smaller membership, will need to change as membership expands. The required independent BSA/AML data validation must assure senior management, the board and regulators that the AML program model is effective with the new FOM, or, identify resulting program gaps and weaknesses.
If the mandated independent testing requires changes in the overall BSA/AML program, that in turn will require improved employee training. Appropriate staff training, especially for frontline employees, who have the most familiarity with members, will strengthen the second line of defense of the AML system.
Richard Rosenblum is a consultant with Teraverde Management Advisors. He can be reached at 717-327-4084 or rrosenblum@teraverde.com.
Both the NCUA and FinCEN have BSA/AML enforcement authority over credit unions. Typically, FinCEN has looked to the NCUA as the primary credit union regulator. However, as credit union membership expands, one can expect that FinCEN will take a more active role. Law enforcement depends on credit union reported data such as Suspicious Activity Reports and Currency Transaction Reporting.
Significant membership expansion will require additional staff, technology and independent BSA/AML vendors to maintain an effective BSA/AML program containing the four current required pillars of:
-
A system of internal controls to ensure ongoing compliance
-
Independent testing of the program's compliance
-
Designated individual(s) responsible for managing BSA compliance
-
A member identification program and employee training
An effective program requires the commitment and support of senior management and the board to foster a culture of compliance for the entire organization. As membership grows, a professional credit union compliance officer responsible solely for BSA/AML compliance may be required. If hiring a single purpose BSA officer is not possible, the employee charged with BSA/AML compliance should seek the full-time availability of a virtual compliance officer from a consulting firm experienced in the area.
The BSA officer must document the steps taken for assessing risk within the credit union and obtain specific approval from senior management and the board.
A good AML framework should coordinate risk management across all product lines. Proper data should be collected and checked for risk, ferret out developing issues, and provide for regular reporting to senior management and the board.
There are several excellent software products for monitoring transactions and identifying red flags. However, due to the differing membership for each institution and its specific products, services and membership make-up, relying solely on software programs with standard and unchanging settings and triggers will not be adequate. Thoughtful initial set-up followed by ongoing review and assessment is necessary for the system to remain effective despite the changing dynamics of member activity.
Alex Henderson is co-founder and general manager of compliance services for Teraverde Management Advisors. He can be reached at 717-344-5553, ahenderson@teraverde.com.
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.