5
Page 1 Phone: +1 (866) 459-CAMS Outside U.S.: +1 (305) 373-0020 Fax: +1 (305) 373-7788 or +1 (305) 373-5229  Email: [email protected]  www.acams.org  www.acamsglobal.org  Surviving Your AML/BSA Regulatory Exam Megan Davis Hodge, CAMS As presented at the ACAMS 7th Annual Internati onal Money Launderin g & Exhibition Conference in Las Vegas – September 20008 There are very few events that strike fear into the heart of even the most experienced AML Professional more than the promise of a visit from your regulatory agenc y. After all, Anti-Money Laundering and Bank Secrecy Act compliance has been in the spotlight with regulators for years and the bar seems to only rise. You know from experience that the exam process is going to involve plenty of effort responding to the pre-visit request letter, being run through the ringers while they are on-site and perhaps even following up with them after the exam concludes. And out of all of that ef fort, the best you can generally hope for is a bland rating of “Satisfactory” and the promise to be regulator-free for another year until the next scheduled visit. Or is it? With a little advance planning, you can not only survive the exam, but perhaps even use it as an opportunity to shine with the regulators and with your bank’s management team, who always take a keen interest i n AML/BSA examinations. Some people believe that providing a steady supply of donuts and coffee to distract the examiners is the most effec tive strategy for surviv ing an exam. Well, that must work s ome of the time or else people wouldn’t c ontinue to rely on it. But really the easiest way to come through a regulatory exam with flying colors is to have an exemplary AML program that your examiners will view as a model for other banks. If that’s the case, there are still a few best practices to highlight your program in the most flattering light so its strengths are evident. However, sometimes (hopefully t hrough no fault of your own) your AML program isn’t in that same pristine state. While this may seem lik e the natural result will be disastrous, that doesn’t have to be the case. Below is a step-by-step guide for preparing for an exam and sailing through it. Know Your Program The first step in preparing for your regulatory exam is to take a detailed, truthful look at your program – you need to know “where the bodies are hidden”, so to speak, so you can proactively determine the most appropriate way to respond. Even if there are no major

White Paper Surviving the Exam From Annual 08

Embed Size (px)

Citation preview

Page 1: White Paper Surviving the Exam From Annual 08

8/3/2019 White Paper Surviving the Exam From Annual 08

http://slidepdf.com/reader/full/white-paper-surviving-the-exam-from-annual-08 1/5

Page 1

Phone: +1 (866) 459-CAMSOutside U.S.: +1 (305) 373-0020Fax: +1 (305) 373-7788 or +1 (305) 373-5229 Email: [email protected] www.acams.org www.acamsglobal.org 

Surviving Your AML/BSA Regulatory Exam

Megan Davis Hodge, CAMS

As presented at the ACAMS 7th Annual International Money Laundering & Exhibition Conference in Las Vegas – September 20008 

There are very few events that strike fear into the heart of even the most experiencedAML Professional more than the promise of a visit from your regulatory agency. After all,Anti-Money Laundering and Bank Secrecy Act compliance has been in the spotlight withregulators for years and the bar seems to only rise. You know from experience that theexam process is going to involve plenty of effort responding to the pre-visit request letter,being run through the ringers while they are on-site and perhaps even following up withthem after the exam concludes. And out of all of that effort, the best you can generallyhope for is a bland rating of “Satisfactory” and the promise to be regulator-free for another

year until the next scheduled visit. Or is it? With a little advance planning, you can notonly survive the exam, but perhaps even use it as an opportunity to shine with theregulators and with your bank’s management team, who always take a keen interest inAML/BSA examinations.

Some people believe that providing a steady supply of donuts and coffee to distract theexaminers is the most effective strategy for surviving an exam. Well, that must work someof the time or else people wouldn’t continue to rely on it. But really the easiest way tocome through a regulatory exam with flying colors is to have an exemplary AML programthat your examiners will view as a model for other banks. If that’s the case, there are stilla few best practices to highlight your program in the most flattering light so its strengthsare evident. However, sometimes (hopefully through no fault of your own) your AML

program isn’t in that same pristine state. While this may seem like the natural result willbe disastrous, that doesn’t have to be the case. Below is a step-by-step guide forpreparing for an exam and sailing through it.

Know Your ProgramThe first step in preparing for your regulatory exam is to take a detailed, truthful look atyour program – you need to know “where the bodies are hidden”, so to speak, so you canproactively determine the most appropriate way to respond. Even if there are no major

Page 2: White Paper Surviving the Exam From Annual 08

8/3/2019 White Paper Surviving the Exam From Annual 08

http://slidepdf.com/reader/full/white-paper-surviving-the-exam-from-annual-08 2/5

Page 2

minefields, be sure to stay focused on how each aspect will be perceived by regulators,and what the overall picture looks like when you put it all together.

  Review processes to make sure each one is functioning properly – Being in the day-to-day trenches, we all get numb to how our processes appear to an outsider.Sometimes, a temporary workaround has never been replaced with the target,

automated solution; at other times, a series of enhancements have been layered ontoa process, resulting in a more-complex-than-anticipated solution. Identify any processthat may raise questions by your examiners. Review the Federal Financial InstitutionsExamination Council (FFIEC) BSA/AML Examination Manual for valuable insight intowhat your examiners will be looking for during the examination. This process may bequick if you have a clear view of where things stand, or may be complex if you’re newto the role or further removed from the details.

  Review end-to-end processes for consistency – Even if each process looks fine on itsown, you’ll want to take a quick run through of the full process end-to-end to makesure nothing is dropped along the way and that policies between departments aren’tcontradictory.

  Double-check IT solutions – Many banks have benefited tremendously from

Information Technology (IT) solutions to streamline and improve AML execution.However, the last thing you want is for your examiners to discover for you that apreviously-implemented technology solution doesn’t actually do what it was designedto do. Be sure to double-check for yourself that your technical solutions functionproperly all the way through. Don’t just ask your IT team if the work was done…ofcourse the work was done, the real question is, does it work?

  Review findings from the last exam – If examiners provided feedback that you agreedto undertake during their last exam, make sure these changes have been made.

  Review recent internal audits or other program evaluations – If you’ve recently had anindependent audit or other review performed of your program, be especially mindfulthat the report is one of the first things your regulators will ask for, so give it a thoroughread and take note of any “red flags” it may raise. Be sure there are action plans to

address the root cause of all findings and that your plans are being tracked for timelycompletion.

Formulate a Plan of AttackOnce you evaluate your AML program you should have a much better perspective of whatconcerns may be raised during the exam. Hopefully there are only minor tweaks or bestpractices that can be incorporated into the program…or your issues may be much larger.But now at least you can determine next steps, which could range from small changes toextreme effort (significant overhaul of the program). Remember: the best defence is astrong offence.  Inform management of any serious issues – If this section applies to you, don’t panic.

If there are any serious issues that you anticipate will surface during the exam, it’s

critical that senior management know as soon as possible. In fact, the worse thenews, the quicker and higher it should be escalated. No one wants to be the bearer ofbad news, but it would be significantly worse for your examiners to do it for you. Anyespecially negative findings (major violations of the “four pillars”) can have majorimpacts on your bank’s ability to conduct business, so management and the boardshould be given all information as soon as possible so they can be involved inaddressing any concerns.

  Make changes that can be successfully made before the exam – Time-permitting,coordinate with business and/or technology partners to make improvements to any

Page 3: White Paper Surviving the Exam From Annual 08

8/3/2019 White Paper Surviving the Exam From Annual 08

http://slidepdf.com/reader/full/white-paper-surviving-the-exam-from-annual-08 3/5

Page 3

areas of weakness identified during your program evaluation. But be realistic thatthere’s only so much you can do in a short period—you can’t make up for years’ worthof neglect in a few months. This is a balancing act, though, that you should discusswith management. You don’t want to be so energetic in making last-minute changesthat your examiners become suspicious of your efforts and decide to delve deeper tofind out for themselves if there are more issues they should be concerned with.

  Document plans for any longer-term changes  – Generally speaking, regulators arereasonable individuals and understand that every AML program, even a very strongone, continues to evolve and require changes to improve processes. It won’t be seenas a sign of weakness to acknowledge that there are areas that can benefit fromchanges. But be sure that you identify solutions to the problems (don’t leave an issueat “CIP information not complete”; identify what steps will remedy the gaps) andrealistic timeframes of when you expect they will be complete.

Prepare for the Actual ExaminationYou’re almost there, just a little more preparation for the best exam experience of yourAML career. At this point you’ve inventoried the good and the bad within your AMLProgram, let management know where things stand, and started making progress against

any gaps. The next thing is to make sure that all key participants for the exam are fullyprepared for the exam.  Consider holding mock interviews for key parties – This step can be skipped by

seasoned veterans, but is generally helpful for newer or more junior employees ornon-AML professionals who will likely speak with your examiners but aren’t used todealing with regulators. During mock interviews, a more experienced team memberplays the role of an examiner and asks difficult questions the interviewee would belikely to receive during the exam. The goal of this exercise is to receive feedback andcoaching on the specific phrasing of responses to tough topics in a safe environmentso discussions with the real examiners go as smoothly as possible. In this way, youcan determine how the “unvarnished truth” should be best phrased in order to beaccurate yet regulatory-friendly. (For example: it may be sadly true that “the project

was a total disaster”, but it sounds much better to tell regulators “we encounteredsome challenges with the project but management brought in additional resources toget things back on track”.) Even if there are no difficult questions to mull over,answers that have been said once before will just flow better, making you sound moreconfident and professional.

  Prepare logistics and administrative aspects in advance – Before the exam, examinersgenerally send a list of requested materials. Follow-up in advance to clarify anyambiguous requests and ask if they prefer to receive information hard-copy or inelectronic format. Then organize all materials so they are easy for the regulators toreview on-site. Also make sure examiners will be set up with comfortable workingspace large enough to accommodate their numbers, temporary badges to gain accessto buildings, and have a contact list of individuals they will want to speak with. Things

will be hectic once the exam begins, so be sure to take care of these items inadvance.

During the ExamAfter much anticipation and preparation, the examination is upon you. Because you’vealready invested extensive effort in readying your AML program and yourself, the on-siteexam will be much less stressful…maybe even fun! Here are a few tips to make sure thatall of your planning results in a smooth exam.

Page 4: White Paper Surviving the Exam From Annual 08

8/3/2019 White Paper Surviving the Exam From Annual 08

http://slidepdf.com/reader/full/white-paper-surviving-the-exam-from-annual-08 4/5

Page 4

  Have business management attend the kick-off –Although AML Compliance maycoordinate the AML program, the business is ultimately responsible for execution ofmany key processes. Therefore, it sets the right tone for a senior leader from thebusiness to take a prominent role in the initial meeting, underscoring their commitmentand support to the program.

  Prepare kick-off materials – The first formal interaction with the examiners will be

through the kick-off meeting, where key parties meet and discuss plans for the exam.You want to create a strong first impression that you and your AML program are highlyorganized and that the organization as a whole takes its AML responsibilities veryseriously. A well-prepared presentation highlighting the organization, the AMLprogram, any major changes since the last exam, and plans for the future will set theright tone for the examination. Even if you know the content inside and out, don’t tryto wing it, prepare an actual presentation that examiners can follow along with.Remember, since you’ve arranged to have senior management in attendance, this isthe perfect time to impress them with your knowledge and steady confidence.

  Schedule regular communication to avoid surprises – If you’re coordinating the exam,find out how the Examiner in Charge (EIC) prefers to stay in close communication.Maybe you agree that you’ll touch base every day, or you may decide that an informal

end-of-week meeting is the best way. Whichever format, be sure to use the time todiscuss issues before they are set in stone, head off concerns, and make sure thingsare flowing smoothly.

  Lead with the good news – Be sure to highlight the especially strong aspects of yourAML program. Now is not the time to be bashful with accomplishments.

  Be truthful but diplomatic – At some point during the exam the conversation willinvariably turn to some less-than-ideal process or issue. Generally speaking, don’t tryto sell that everything is perfect if it’s clear that there are issues; this will only make itlook like you don’t know what you’re doing. Diplomatic answers are an art form, whichis where the mock interviews really pay off. This is sticky territory, so consult withmanagement in advance about the bank-sanctioned positions on key topics to makesure everyone is on the same page.

  Keep the best interest of the overall organization in  mind – When discussing the AMLprogram or specific issues, make sure the overall organization is seen in the best lightpossible. There are times when projects failed or have major flaws due the distinctincompetence of an internal department or specific person, but it doesn’t help theexam overall for your examiners to find fault with any part of the organization. In otherwords, you all sink or swim together so don’t sell out other departments.

  Keep management involved, escalate issues as needed – This really goes withoutsaying, but ensure that management is not surprised with any issues or negativefindings. And if things are trending in the wrong direction, you may need formanagement to get involved to get things back on track.

  Respond to additional requests, but push back if needed – There is a certain amountof minor scope creep that is inevitable during an exam…one series of questions may

lead to a request for additional documentation or sample files. A good practice is toask clarifying questions and let examiners know if a particular request is difficult toproduce, so they can be sure they are receiving comparable value relative to the effortrequired to procure the request. But if the examination process is becoming soburdensome as to interfere with the department’s ability to manage their daily work, aconversation between an appropriate team member and the EIC is probably in order.

  Don’t just accept an issue – Sometimes an examiner will have a suggestion thatsounds great on paper but you know, as a banker, will be nearly impossible toimplement or will put you at a competitive disadvantage relative to your peers. Before

Page 5: White Paper Surviving the Exam From Annual 08

8/3/2019 White Paper Surviving the Exam From Annual 08

http://slidepdf.com/reader/full/white-paper-surviving-the-exam-from-annual-08 5/5

Page 5

you agree to accept it, take the time to (nicely) educate the examiner about thecomplexities of their suggestion and propose other alternatives that will mitigate therisk without halting normal business. A good clarifying question here is “do you seethis as an issue, or a best practice?” If you really believe the examiner is off-base withtheir recommendation and especially if they are classifying it as an issue, other goodquestions to ask are “how are others in the industry addressing this concern?” or “can

you show me where the FFIEC examination manual discusses this process?” If otherbanks aren’t being asked to do the same thing your examiner is requesting, then youhave stronger footing to push back. This is a delicate balance, so be sure to getadvice from management on these discussions.

  Make sure there is an exit meeting – Even if the examiners are not able to produce afinal rating before they leave, be sure to have a wrap-up meeting whereby they sharewith you their findings, their general impressions of the program, and articulate nextsteps with the exam. This gives you one last opportunity to clarify facts so there arenot inaccurate findings in the final rating. Be sure to ask the EIC when they expect topresent the rating and final list of issues.

After the Exam and Beyond

Congratulations! The examiners have left the building. The only items that remain arereceiving the final rating memo and responding to it, although you may still receive a fewclarifying questions as the examiners solidity their conclusions. Hopefully your AML/BSAexam went off without a hitch and any issues were quickly sidestepped, thanks to carefulplanning and a solid plan of attack during the exam. And with the high profile of BSA/AMLexaminations – and dire consequences of negative one – your management team willsurely be grateful for the role you played in securing a positive outcome. Now you canrelax…until the next exam.