What do you call your BSA Program? Moving from BSA to AML/CFT

  • Financial services
  • 2/15/2024

Many examiners now use the term Anti-Money Laundering/Countering the Financing of Terrorism (AML/CFT) instead of "BSA/AML" to reference this collection of laws and r...

The Anti Money Laundering (AML) Act of 2020 has brought significant changes to the Bank Secrecy Act (BSA) as we have known it historically. Focus continues to be preventing money laundering (ML) and terrorist financing (TF) and outlines eight (8) priorities. Many examiners now use the term Anti-Money Laundering/Countering the Financing of Terrorism (AML/CFT) instead of “BSA/AML” to reference this collection of laws and regulations, to align with the AML Act. Please note this is not a CTRL+F and replace change to your program. Think of it this way: the BSA rule is not being replaced, it is being enhanced.

By updating BSA/AML to AML/CFT and addressing the priorities within BSA programs, financial institutions can take steps to incorporate the AML Act of 2020 and associated processes implemented to support the effective mitigation for the risks associated with ML and TF. CliftonLarsonAllen’s (CLA) independent testing will assist financial institutions in identifying areas of enhancement for further mitigation of risk.

The priorities are explained in further detail in the article from Financial Crimes Enforcement Network (FinCEN). Click here for further details: FinCEN National Priorities

The priorities are:

  1. corruption.
  2. cybercrime, including relevant cybersecurity and virtual currency considerations.
  3. foreign/international and domestic terrorist financing; this priority interchangeably uses the term foreign and international.
  4. fraud.
  5. transnational criminal organization activity.
  6. drug trafficking organization activity.
  7. human trafficking and human smuggling.
  8. proliferation financing.

As a reminder, the AML/CFT program should include the following elements:

  • Policies, procedures, and internal controls: The financial institution should have written policies and procedures that outline the AML/CFT program’s objectives, scope, and responsibilities. The policies and procedures should be reviewed and updated regularly to reflect changes in the regulatory environment and the institution’s risk profile.
  • Customer due diligence (CDD): Risk-based CDD program that includes identifying and verifying the customer’s identity, understanding the nature and purpose of the customer’s account, and monitoring the customer’s transactions for suspicious activity.
  • Suspicious activity monitoring and reporting: Systems must be in place to monitor customer transactions for suspicious activity (through automated or manual oversight). If suspicious activity is detected, the institution should file a suspicious activity report (SAR) with FinCEN. Should you automate your BSA program?
  • Training: The financial institution should provide AML/CFT training to all employees, including senior management and the board of directors annually; training should be tailored to the roles and responsibilities.
  • Independent testing: An independent testing program to assess the adequacy of the AML/CFT program should be conducted every 12-18 months. The testing should be conducted by qualified personnel who are independent of the AML/CFT program.

In light of the changes brought about by the AML Act of 2020, CLA will be recommending updates to financial institutions’ AML/CFT programs during our independent testing.

These updates may include:

  • Updating the AML/CFT policy/procedures/programs to incorporate the eight priorities brought about by the AML Act of 2020.
  • Updating the risk assessments to reflect changes in the risk profile or changes in the regulatory environment.
  • To consider an update to titles, where deemed appropriate, to align with the new AML/CFT terminology.
  • Training document updates: Financial institutions may need to update AML/CFT training documents to reflect changes in the regulatory environment and the institution’s risk profile.

Financial institutions should keep the AML/CFT program up-to-date and in compliance with the AML Act of 2020. The program should be risk-based and tailored to the institution’s specific risk profile. By implementing an effective AML/CFT program, financial institutions can have tools in place to mitigate the risks associated with ML and TF; thereby protecting reputation and financial stability.

This blog contains general information and does not constitute the rendering of legal, accounting, investment, tax, or other professional services. Consult with your advisors regarding the applicability of this content to your specific circumstances.

Experience the CLA Promise


Subscribe