Board Involvement in the BSA Program
With the Beneficial Ownership rule effective this month, most of the compliance and managerial efforts are being focused on proper implementation into the BSA program. Thus, it’s a perfect time to focus on the Board’s BSA duties. Unlike other regulations, BSA is one of the few places where the Board’s responsibilities are specifically delineated in the rule. The Board is required to appoint the BSA officer, take annual training, and most importantly, the Board has ultimate oversight over the entire BSA program.
While this may seem pretty general and just a simple sign-off for directors, it’s not. It’s important for Directors to understand the (now) five pillars of BSA, and how the bank tailors its program to the bank’s specific products, customer base and risk profile. This ultimate oversight issue was highlighted in the BB&T Consent Order in January 2017. That order specifically required the Board of Directors to “serve as a source of strength to the bank” to ensure compliance with the consent order. In addition, the Board was required to submit a written plan to strengthen compliance with BSA/AML requirements including what action it would take to improve the compliance risk management across BB&T. The Directors were specifically tasked with providing funding for qualified and trained personnel to comply with BSA, ensuring adherence to the written program, and improving internal controls, policies, procedures and processes. This includes addressing the scope and frequency of risk assessments, identifying business lines, activities and products, and making sure that they are properly risk rated. It also means implementing procedures for testing, figuring out what the responsibilities are across business lines, and ensuring that issues are properly escalated to senior management.
This consent order really underscores the level of involvement that the Board should have in BSA. With the implantation of Beneficial Owners, any deficiencies in ultimate oversight or understanding of risk profiles or the bank’s mitigation steps will be highlighted since new rules and requirements create higher risk. So how can Directors be more actively engaged in the process? Ensure that the bank’s written program includes all five pillars, that the BSA officer chosen has sufficient time and training, that senior management backs up the BSA officer and emphasizes the importance of BSA with their business units, and finally, when reviewing the BSA Board report, ask questions. These should be pointed questions about, for example, how the bank’s automated software is validated, which can help illuminate the BSA risk mitigation tools and the strength and understanding of internal controls. Asking questions about policies and procedures and other tools incorporated into the written program can help determine whether they are straightforward, to-the-point and readable. Asking about training, how successful it was, and what the metrics of “success” are, can help with the bank’s overall dedication to that pillar. Finally, asking these questions and having these conversations during Board meetings are recorded in the minutes. That, by itself, can be powerful documentation of the Board’s commitment to its duties to the BSA/AML program.
Silvia Garcia Maggio, Deputy General Counsel, has been with Compliance Alliance since 2014. A graduate of the University of Texas School of Law, Silvia regularly presents on a number of compliance topics including MLA, Flood regulations, Regulation E and HMDA, in addition to, assisting C/A members with a wide-range of regulation and compliance inquiries.