With the establishment of “beneficial ownership” requirements, BSA/AML compliance now requires adherence to five pillars. However, for Office of Foreign Assets Control (OFAC)/Sanctions compliance, lesser perhaps is known about the issuance of the U.S. Treasury’s Framework in May 2019. This Framework identifies five essential components of compliance:
Regardless of your compliance focus (and credit unions must have risk-based compliance programs covering both BSA/AML and OFAC/Sanctions), there is general agreement on one “pillar:” training. Training is key for BSA/AML and OFAC/Sanctions compliance. Today’s article focuses on the two main components of an adequate training program: company-wide training and compliance-officer training.
Train and remain BSA/OFAC compliant on October 28
Get up to speed on the most current industry news and information in just one hour during this live webinar with ProBank’s Mark Dever.
While compliance professionals are accustomed to being asked to provide documentation of their training program as part of their BSA/AML and OFAC/sanctions regulatory examinations, it’s important to no treat this request as merely a download of training certificates. Training (or the lack thereof) will quickly draw the attention of your examiner. All credit union staff must receive BSA/AML training. While the recurrence of this training should be “risk-based,” the suggested frequency is annual, and the scope should be company-wide.
You may ask, “Why does our janitor need to know about BSA/AML?” That is a valid question, but to the extent that your janitor is cleaning after hours and sees loan documents laying on someone’s desk, potentially exposing a member’s private/personal data, it is important for the janitor to know to report such risks.
But back to the point of credit-union-wide training. What is relevant is to ensure that all staff can do the following: define BSA/AML, understand its application to their duties, and, most importantly, to know how to report suspicious activities. And it’s important to remember (unfortunately), that suspicious activity can occur within your own staff. Typologies include staff living beyond their means, staff unwilling to take vacation, and staff who bypass the controls you place on work, including the secondary review of general ledger entries, secondary reviews of over/shorts, and staff unwilling to rotate to other duties allow other staff to perform their duties.
For OFAC/Sanctions compliance programs, the Framework directs training for relevant staff. In a credit union, OFAC/Sanctions compliance training is most often needed for staff who handle payments processing, especially wire transfers, and, from a risk-based standpoint, a particular focus is on international wires. Member-facing staff who handle wire requests must understand the depth of information needed in order to manage the complexities of sanctions compliance in international wire transfers. Regardless of the destination – domestic or international – the “purpose” of a wire is never “personal,” but rather must be specific with respect to the final use of the funds.
While most credit unions use a system to scan for OFAC “hits,” staff who must resolve these “hits” need specific training. It is also often true that an OFAC system is not sufficient for sanctions compliance—again, because the final use of the funds is often in question. The OFAC scan can be used to identify wires destined for places with sanctions programs in place; however, that final determination is probably manual and requires well-trained staff. This brings us to training for BSA/AML and OFAC/Sanctions Officers.
BSA/AML and OFAC/Sanctions officer training
The second training component is strong, risk-based training for a credit union’s BSA/AML and OFAC/Sanctions Officer(s). Not every credit union has the luxury of having multiple compliance officers, such as a separate BSA/AML officer and OFAC/Sanctions officer, or even a staff of investigators, but it only makes sense that those who must make decisions about filing Suspicious Activity Reports (SARs) and notifying OFAC about possible “hits” must have in-depth, specialized training.
The changing landscape in sanctions means that the training must be dynamic and on-going, as well. As mentioned in last month’s article, the new Anti-Money Laundering Act of 2020 (AMLA) has added a new layer for compliance professionals with a centralized, beneficial ownership database in the planning stages. This means the training must go beyond the one-time, multi-hour training offered by many firms, including on-demand and live training provided by Corporate One.
Layers of compliance-officer training
The first layer of this specialized, compliance-officer training should be signing up for alerts from Financial Crimes Enforcement Network (FinCEN) and the U.S. Treasury to pick up new advisories and OFAC/sanctions list releases.
Second, compliance officers should consider the multiple training opportunities from firms like CUNA, NAFCU, ProBank Austin, Thomson-Reuters, BAI, and the international credentialling organization, ACAMS. The options include full-day, comprehensive training but also short webinars and a return to in-person or hybrid event formats that provide in-depth training with respect to specific typologies, themes, and law enforcement priorities. Critical for compliance professionals are topics including Writing Effective Suspicious Activity Reports, sessions on interpreting sanctions and new executive orders, and Alerts Investigations, as well as specialized topics of great importance such as human trafficking.
In summary, training is a critical component for a credit union’s compliance program. This includes company-wide and job-specific training, as well as specialized training for the compliance officers.
VP, Senior Risk Manager