Preparing for an Independent Review of MSB AML Programs

Money Services Businesses (MSBs) must conduct independent reviews of their Anti-Money Laundering (AML) compliance programs to ensure adherence to regulatory standards, such as the Bank Secrecy Act (BSA). These reviews, guided by the FFIEC BSA/AML Examination Manual and the MSB Examination Manual, provide critical evaluations to ensure regulatory compliance and operational effectiveness.

Understanding the Review Process

An independent AML review assesses the structure and effectiveness of an MSB’s BSA/AML program, covering policies, procedures, and operational implementations. Preparation involves gathering key documents, such as policies, transaction data, and records showing AML activities. The initial review phase includes clarifying information requests and ensuring the Compliance Officer has a solid understanding of the documents requested.

Both the FFIEC Manual and MSB Examination Manual provide essential guidance on review procedures. For example, the FFIEC Manual outlines regulatory expectations for AML compliance, offering a comprehensive framework to assess AML program integrity and effectiveness. MSBs can access the FFIEC BSA/AML Examination Manual here, and the MSB Examination Manual here.

Essential Elements of an Effective AML Program

1. Documented Program Structure and Accessibility: A well-organized and accessible AML program includes all four required pillars and demonstrates the organization’s commitment to compliance. The Program should identify a personal responsible for the day-to-day oversight of AML Compliance, policies regarding AML training for employees; policies for completing an Independent Review of the Program; and include the various internal controls in place to help mitigate the risk of money laundering.  It should include high-level policies, specific responsibilities, and clear Standard Operating Procedures (SOPs) for day-to-day tasks, consistent with guidance from both the FFIEC and MSB Manuals.

2. Role of the AML Compliance Officer: The appointment of an AML Compliance Officer (CO) by the Board of Directors is one of the four pillars of an AML Program and is therefore required. The CO must have sufficient authority and independence to maintain program integrity, as emphasized in the FFIEC Manual. The MSB Manual further advises that the CO should have direct access to executive leadership and be empowered to make necessary compliance adjustments. The AML Program should identify the responsibilities of the CO which could include reporting the status of ongoing compliance to the Board, overseeing the completion of training, reviewing and updating the Program when necessary, being aware of regulatory changes, etc.

3. Training and Employee Engagement: Another pillar and required element of a compliant AML Program is training. Training is critical to ensuring compliance culture across all organizational levels. The MSB Examination Manual recommends regular training programs that clarify employees' roles within the AML program, aligned with day-to-day compliance expectations. Training should be relevant to the products and services of the MSB and include appropriate red flags for suspicious activity. Knowledge checks should be used to ensure employees have a good understanding of the material in the training.

4. Policy and Procedure Structure: MSBs should follow a structured approach with high-level policies and SOPs, as recommended by the FFIEC Manual. Regular reviews and updates to SOPs help maintain procedural alignment and program relevance, as outlined in both manuals.

Best Practices for Review Readiness

MSBs should assess their AML programs’ strengths and weaknesses as part of regular preparation for independent reviews. Adopting a U.S.-specific compliance program, as recommended in the MSB Examination Manual, and regularly updating SOPs for accessibility and effectiveness can strengthen the program for regulatory and bank examinations.

An independent review, aligned with FFIEC and MSB guidelines, reinforces the MSB’s compliance culture and operational effectiveness, ultimately contributing to a robust AML compliance stance.

Independent Review Checklist for MSBs

Document Preparation

• Prepare AML policies, procedures, and past review documentation, referencing the FFIEC Manual and MSB Manual guidelines.
• Provide transaction data and operational records in the specified format. The scope of transactions will depend on the review period and number of transactions conducted. Reviewers may only request a subset of transactions covering a certain month or quarter during the review period.

Program Structure and Accessibility

• Ensure that the AML program is well-structured and accessible. Policies or procedures referenced in the AML Policy should be made available as well. This could include more in-depth suspicious activity reporting procedures, training policies, KYC/CIP procedures etc.
• Maintain separate high-level policies and SOPs to facilitate regulatory alignment.

Compliance Officer Qualifications

• Verify CO appointment documentation in Board records. This includes the original appointment as well as subsequent appointments during the review period.
• Confirm the CO’s authority and training as outlined in the FFIEC Manual. Reviewers may verify the qualifications of the CO by requesting their resume, training records, and potentially conducting an interview during the review.

Employee Training and Engagement

• Provide AML training, and document employee awareness of their roles, in line with MSB Manual requirements.
• Documentation should include training records showing all applicable employees, senior management, and board members completed adequate training. Actual training materials or access to training platforms should be available as well.

Policy and Procedure Review

• Regularly review and update SOPs with current practices, ensuring alignment with both manuals’ guidelines.
• Version history within SOPs and policies demonstrate the Company’s commitment to reviewing and updating these documents on a regular basis.
• Board approvals of policies and procedures should be documented and available for review.

Product and Service Clarification

• Provide detailed product descriptions and clarify regulatory status for each service, as recommended by the MSB Manual.
• Provide funds flow diagrams and explanations.
• Be prepared to have a discussion with reviewers to go over the products, services, and fund flows during the review.

U.S.-Specific Compliance Requirements

• For non-U.S. MSBs, confirm the presence of a U.S.-specific AML program as outlined in the MSB Examination Manual.
• Be prepared to consider the various time zones and holidays between the Company and the reviewers when scheduling meetings and deadlines.

Personnel

• Ensure appropriate personnel are available for system demonstrations and other discussions with reviewers. Demos may include transaction monitoring, suspicious activity reporting, OFAC screenings, and onboarding/KYC/CIP.
• Interviews with individuals who are completing tasks such as transaction monitoring, filing SARs, OFAC screenings etc may occur.

Following this checklist, based on the FFIEC and MSB Examination Manuals, helps ensure a thorough and smooth independent review process, providing a solid foundation for ongoing compliance and risk management improvements.