Federal bank regulators announced this week that certain community banks and credit unions will be allowed to share resources in effort to bolster Bank Secrecy Act compliance and anti-money laundering obligations.
The announcement was made on Oct. 3 by the Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, Financial Crimes Enforcement Network, National Credit Union Administration, and the Office of the Comptroller of the Currency.
Collaborative arrangements, as described in the statement, are generally are most suitable for financial institutions with a community focus, less complex operations, and lower-risk profiles for money laundering or terrorist financing.
“This joint statement is part of a broader effort to work closely with our regulatory partners to strengthen the anti-money laundering defenses across the U.S. financial system,” said Treasury Under Secretary for Terrorism and Financial Intelligence Sigal Mandelker. “It allows community-focused banks and credit unions to share certain anti-money laundering resources to better protect against illicit actors seeking to abuse those types of institutions. Such resource sharing must be approached with careful due diligence and thorough consideration of the risks and benefits.”
Among other goals, the new policy aims to:
Highlight the potential benefits of collaborative arrangements that pool resources, such as staff, technology, or other resources, to increase operational efficiencies, reduce costs, and leverage specialized expertise; and
outline risk considerations and mitigation measures associated with the use of collaborative arrangements.
Regulators, through the new guidance, noted that financial institutions should approach the establishment of collaborative arrangements “like other business decisions, with due diligence and thorough consideration of the risks and benefits.” Banks and credit unions are encouraged to contact their primary federal regulator with questions regarding sharing BSA resources.
Defining collaborative arrangements
All banks are required to establish and maintain procedures reasonably designed to ensure compliance with the BSA and to develop and implement BSA/AML programs. The BSA/AML compliance program must include the following: (1) a system of internal controls to ensure ongoing compliance; (2) independent testing of BSA/AML compliance; (3) designating an individual or individuals responsible for managing BSA compliance (BSA compliance officer); and (4) training for appropriate personnel.
A bank is expected to have a BSA/AML compliance program commensurate with its respective risk profile.
Banks may use collaborative arrangements to pool human, technology, or other resources to reduce costs, increase operational efficiencies, and leverage specialized expertise.
“The cost of meeting BSA requirements and effectively managing the risk that illicit finance poses to the broader U.S. financial system may be reduced through sharing employees or other resources in a collaborative arrangement with one or more other banks,” the regulators wrote. “These arrangements may also provide access to specialized expertise that may otherwise be challenging to acquire without the collaboration.”
Banks are required to provide for a system of internal controls to assure ongoing compliance with the BSA. A collaborative arrangement may be entered into by two or more banks to share resources and conduct internal control functions.
Functions that may be conducted utilizing shared resources include: reviewing, updating, and drafting BSA/AML policies and procedures; reviewing and developing risk-based customer identification and account monitoring processes; and tailoring monitoring systems and reports for the risks posed.
Banks are also required to provide for independent testing for compliance. That testing may be conducted by either bank personnel or an outside party and should provide an evaluation of the adequacy and effectiveness of the bank’s BSA/AML compliance program.
Some banks may have personnel that perform multiple job functions, making it difficult to identify an employee within the bank to conduct an independent test of the BSA/AML compliance program, the letter says. Personnel at one bank may be utilized to conduct the BSA/AML independent test at another bank within a collaborative arrangement.
The shared resource may, for example, be utilized in the scoping, planning, and performance of the BSA/AML compliance program independent test with appropriate safeguards in place to ensure the confidentiality of sensitive business information.
Banks involved in the collaborative arrangement need to ensure that the shared resource conducting the BSA/AML independent testing is qualified and not involved in related functions at the bank being reviewed, such as training or developing policies and procedures, that may present a conflict of interest or demonstrate lack of independence.
Banks must ensure that appropriate personnel are trained in BSA regulatory requirements and in internal BSA/AML policies, procedures, and processes.
“It may be challenging to acquire personnel with BSA/AML expertise in some communities,” the regulators wrote. “It may also be cost prohibitive to attract a qualified outside BSA/AML trainer. A collaborative arrangement between two or more banks may provide the latitude to hire a qualified instructor to conduct the BSA/AML training, allowing the bank to share the cost.”
The bank’s board of directors must designate a qualified individual or individuals to serve as the BSA compliance officer.
The inter-agency letter also notes that “the sharing of a BSA officer among banks could be challenging due to the confidential nature of suspicious activity reports filed and the ability of the BSA officer to effectively coordinate and monitor each bank’s day-to-day BSA/AML compliance.”
Risk considerations and mitigation
The use of collaborative arrangements to manage BSA/AML obligations “requires careful consideration regarding the type of collaboration in relation to the bank’s risk profile, adequate documentation, consideration of legal restrictions, and the establishment of appropriate oversight mechanisms; and should be consistent with sound principles of corporate governance,” the letter says.
It adds: “a collaborative arrangement should be supported by a contractual agreement between the banks, with the performance reviewed by management and evaluated on a periodic basis.”
Banks are advised to refer to their respective regulator’s existing guidance regarding third-party relationships.
A collaborative arrangement for sharing employees or other resources to manage BSA/AML obligations is similar to using dual-employees, the letter adds. Banks must also comply with all applicable legal restrictions, including limitations on the disclosure of confidential supervisory information, confidential financial and business information, individual customer data, and trade secrets, as well as restrictions governing collaborative arrangements among competitors generally, such as rules designed to limit conflicts of interest.
“As is usual and customary when a bank enters into an arrangement with a third party, a collaborative arrangement should be appropriately documented to define the nature and type of resources to be shared, define each institution’s rights and responsibilities, establish procedures for protecting customer data and confidential information, and develop a framework to manage risks associated with the sharing of resources,” the letter says. “Reasonable systems should be established to ensure that bank management adequately oversees the activities of shared resources.”
Periodic reports related to BSA/AML collaborative arrangements should be provided to senior management and reported to the board of directors as appropriate in conjunction with their regular oversight of bank activities.