On Course » OnCourse Staff » Interagency Statement on Sharing BSA Resources and Challenges

Interagency Statement on Sharing BSA Resources and Challenges

Posted by OnCourse Staff December 7, 2018 7:34pm

Photo Credit: semisatch
By Farrukh Qureshi, Associate Director, Internal Audit - BSA/AML & OFAC

On October 3, 2018, an Interagency Statement was issued by five agencies/regulatory bodies to provide banks with an option to enter into a collaborative arrangement involving two or more banks to share their available resources in order to ensure compliance with Bank Secrecy Act/Anti-Money Laundering (“BSA/AML”) requirements. This statement summarizes some of these requirements with advice that financial institutions should consider regarding bank risk profiles; legal restrictions; establishing appropriate oversight; the need to have contractual agreements between banks entering into collaborative arrangements; and the development of policies, procedures and systems, etc. While collaborative arrangements would be best suited for banks with a community focus, lower-risk profiles, and less complex operations, as stated by the Interagency Statement, the following challenges should be considered in order for banks to determine the best route to take:

It would very difficult to find an exact/identical Risk Profile for different banks in a collaborative arrangement. Identifying different risk factors, assigning each risk factor a weight in the overall profile, calculating inherent and residual risk, and designing mitigating controls will most likely differ at some stage in the risk assessment process for different banks.

Developing BSA/AML policies and procedures would depend on the annual risk assessment of each participant bank. Having the same policies and procedures for more than one participant bank in a collaborative arrangement would be an extraordinary challenge due to the difference in risk factors between participant banks. General guidelines regarding compliance requirements may be the same, but processes and design of controls to achieve compliance could be different at more than one bank.

Banks could have different core banking system and transaction monitoring tools. Developing and implementing the same transaction monitoring and report extraction process would be challenging and complicated. A possibility would be if two participant banks are using the same core banking system and transaction monitoring system or are generating the same output/reports. Still, the volume of transactions and customer base would be unique for each participant bank. Defining a review and monitoring process for each participant bank with a unique customer base, transactional activities, geographies served, and shared automated transaction monitoring systems would be challenging.

In a collaborative arrangement, if two or more banks have the same transaction monitoring and OFAC applications, the procedures and controls would need to address separation, mapping and transfer of transactional and customer data and monitoring scenarios; staff access controls among participant banks; assignment of responsibility for investigating; escalation and disposition of alerts/cases; enforceability, accountability and consequences related to ineffective monitoring; confidentiality, privacy, and separation of business; customer information; and data.

A liaison to coordinate the collaborative arrangement would need to be assigned. Participant banks would have to write in-depth policies and procedures, contracts detailing assigned roles, and responsibilities for processes and monitoring activities. However, as banks would have different staff levels, processes, designs of controls, and skill sets in compliance and operational areas, the legitimate concerns include the method, scope and enforceability of independent testing by auditors and regulators, assignment of responsibility, and accountability for any failures in processes and controls.

Employee training resources may be more practical, as banks can hire a knowledgeable, experienced trainer to provide staff training in a collaborative arrangement and share the costs; however, there may be some administrative challenges of having all relevant employees and management available for such training sessions, tracking of attendance and, if needed, customization of training based on bank business profile and exposure. If two or more banks are similar in customer base, products and services, geographies, processes and controls, they most likely would be competitors. How feasible would it be to share resources with a bank’s competitor?

Banks would have to align some or most of their processes, controls, products and services offered, and geographies served with the same sort of organizational structure, and internal and external environment. To create such collaborative arrangements, the costs of coming up with such similarities would most likely surpass the benefit of a collaborative arrangement. As stated in the Interagency Statement, sharing resources in a collaborative arrangement does not relieve a bank from its compliance responsibility. Perhaps entering a collaborative arrangement at this point needs a lot more clarity and guidance, which may be available as the banking industry and monitoring practices further evolve and participants devise certain solutions to share resources and look for specific areas to collaborate.