Each depositor insured to at least $250,000 per insured bank



Home > News & Events > Financial Institution Letters




Financial Institution Letters

Bank Secrecy Act
Provision for Independent Testing for BSA/AML Compliance
FIL-38-2008
May 16, 2008


Summary: The independent test of the Bank Secrecy Act/Anti-Money Laundering (BSA/AML) Compliance Program can improve the efficiency and reduce the burden of the examination process.

Highlights:

The importance of an effective independent review, an original component of the BSA/AML Compliance Program, cannot be overstated.

  • An effective audit is valued by regulators in identifying and monitoring a bank's specific risks and by assessing how those risks are managed and controlled. Effective audits will assist examiners in determining the BSA/AML examination scope and in identifying areas requiring less review.
  • The FFIEC BSA/AML Examination Manual provides details regarding the BSA/AML Compliance Program, states minimum areas to be covered by the independent audit, and addresses limiting transaction testing to the independent review.
  • Independent testing (audit) assists the bank's board of directors and senior management by identifying areas of weakness or matters requiring stronger controls. The audit should be risk-based and will vary depending on the bank's size, complexity, risk profile, quality of control functions, geographic diversity, and use of technology. By incorporating the bank's BSA/AML Risk Assessment into the independent testing process, the audit program can be more effectively tailored to cover all of the bank's activities.
    • Independent testing of the BSA/AML Compliance Program should be conducted by the internal audit department, outside auditors, consultants, or other qualified persons that are independent of the BSA/AML function.
    • If the audit is being performed by an outside party, a contract or engagement letter should be agreed upon that outlines responsibilities and duties. Contracts typically include provisions stating that audit reports are property of the bank, authorized employees will have reasonable and timely access to workpapers, and that the bank will be provided copies of related workpapers, as the bank deems necessary. Further, such agreements should grant examiners access to all workpapers and other materials prepared in the course of the audit.

Distribution:
FDIC-Supervised Banks (Commercial and Savings)

Suggested Routing:
Chief Executive Officer
BSA Compliance Office

Related Topics:
Bank Secrecy Act/Anti-Money Laundering Programs

Attachment:
Independent Testing text from the 2007 FFIEC BSA/AML Examination Manual

Contact:
Review Examiner Heather L. Basnett SASFIL@FDIC.gov or (202) 898-3673

Printable Format:
FIL-38-2008 - PDF (PDF Help)

Note:
FDIC Financial Institution Letters (FILs) may be accessed from the FDIC's Web site at http://www.fdic.gov/news/news/financial/2008/index.html

To receive FILs electronically, please visit http://www.fdic.gov/about/subscriptions/fil.html.

Paper copies of FDIC FILs may be obtained through the FDIC's Public Information Center, 3501 N. Fairfax Drive, Room E 1002, Arlington, VA 22226 (1-877-275-3342 or 703-562-2200).


Last Updated 5/16/2008 communications@fdic.gov