Introductory BSA/AML Examiner School, Providence, RI

Developing Conclusions and Finalizing the Examination Objective. Formulate conclusions, communicate findings to management, prepare report comments, develop an appropriate supervisory response, and close the examination. Procedures & Comments Formulating Conclusions 1. Accumulate all pertinent findings from the BSA/AML examination procedures performed. Evaluate the thoroughness and reliability of any risk assessment conducted by the bank. Reach a preliminary conclusion as to whether the following requirements are met: • The BSA/AML compliance program is effectively monitored and supervised in relation to the bank’s risk profile as determined by the risk assessment. The examiner should ascertain if the BSA/AML compliance program is effective in mitigating the bank’s overall risk. X1A3T • The board of directors and senior management are aware of BSA/AML regulatory requirements; effectively oversee BSA/AML compliance, and commit, as necessary, to corrective actions (e.g., audit and regulatory examinations) • BSA/AML policies, procedures, and processes are adequate to ensure compliance with applicable laws and regulations and appropriately address higher-risk operations (products, services, customers, entities, and geographic locations) • Internal controls ensure compliance with the BSA and provide sufficient risk management, especially for higher-risk operations (products, services, customers, entities, and geographic locations). • Independent testing (audit) is appropriate and adequately tests for compliance with required laws, regulations, and policies. Overall audit coverage and frequency are appropriate in relation to the risk profile of the bank. Transaction testing is adequate, particularly for higher-risk banking operations and suspicious activity monitoring • The designated person responsible for coordinating and monitoring day-to-day compliance is competent and has the necessary resources. • Personnel are sufficiently trained to adhere to legal, regulatory, and policy requirements. • Information and communication policies, procedures, and processes are adequate and accurate. 2. Determine the underlying cause of policy, procedure, or process deficiencies, if identified. These deficiencies can be the result of a number of factors, including, but not limited to, the following: • Management has not assessed, or has not accurately assessed, the bank’s BSA/AML risks. • Management is unaware of relevant issues. • Management is unwilling to create or enhance policies, procedures, and processes. • Management or employees disregard established policies, procedures, and processes. • Management or employees are unaware of or misunderstand regulatory requirements, policies, procedures, or • Higher-risk operations (products, services, customers, entities, and geographic locations) have grown faster than the capabilities of the BSA/AML compliance program. • Changes in internal policies, procedures, and processes are poorly communicated. Comment: 3. Determine whether deficiencies or violations were previously identified by management or audit or were only identified as a result of this examination. Comment: All relevant determinations should be documented and explained. Determine the Underlying Cause

Comment: Discuss Findings with Examiner in Charge and Identify Necessary Action