Often times when we hear “policies and procedures,” does this mental picture comes to mind: various Charlie Brown cartoons with the teacher saying “wah wa-wah wah wa-wah” and so on? All joking aside, part two of this series is about your policies and procedures in relation to your customer due diligence program and how integral they are in operating a sound program.
After all, isn’t it the right thing to do what you say and say what you do? Let’s break this down into three meaningful points:
- Policies and procedures are the operating framework of your customer due diligence program.
Actually, they are the operating framework for any type of program that requires compliance with laws and regulations. Consider this point as closely linked to one of the pillars of a BSA compliance program: internal controls. Policies and procedures (and processes) are your internal controls created to minimize and control risks with the objective of achieving compliance with the BSA.
Most of us may be somewhat familiar with the Federal Financial Institutions Examination Council’s (FFIEC) BSA/AML Examination Manual, 2014; the fact that the manual references
“policies, procedures, and processes” almost 300 times, should tell us the importance of these three words. Let’s camp on this for a moment. Pre-9/11, most BSA programs had a written policy statement that maybe was followed with undocumented procedures, and certainly not much for customer due diligence. Post 9/11, and with the implementation of the USA PATRIOT Act, the status quo must now involve policies, procedures, and processes. While not specifically defined in the manual, from experience, we can draw these conclusions:
– Policies need to be board approved; board members typically do not want to know specific details that are spelled out in documented procedures and processes. They perform their oversight duties at a much higher level; therefore, policies need to paint a picture of how your organization will comply with regulatory requirements, laws, and regulations. This line of reasoning is logical: the board is not involved in the day-to-day actual practices and processes. Therefore, we train according to how they perform their duties and responsibilities as a board.
– Procedures and processes are the responsibility of management. The goal is to mirror the policy through procedures and processes that employees can carry out efficiently and in a compliant manner. Consider procedures as guidelines that address who, what, when, where, and how policies will be carried out. Processes may be informal or even mapped out; nonetheless, they provide direction and show align to the procedures and policy.
- Keep in mind that we must align policies, procedures, and processes with the BSA risk assessment. In utilizing a risk-based approach, and understanding that we will always be dealing with some level of risk, we are agreeing with the principle that resources are directed congruently with priorities so that the greatestrisks receive the highest Policies, procedures, and processes must reflect this approach.
- In light of the above two points, your customer due diligence procedures need to be revamped, strengthened, and formalized before the May 11, 2018, deadline regarding beneficial ownership. Doing so will truly demonstrate “do what you say and say what you do.” Your BSA policy must be updated and board approved to include the new requirements for compliance.
Key Action Items to Consider
- How does your organization go about approving policies and procedures? In light of this article, are necessary adjustments in order?
- Do you have a process in place to ensure that your BSA policy, procedures, and processes point back to your BSA risk assessment?
- Do your customer due diligence procedures align with your BSA policy and BSA risk assessment? Are you in the process of updating them to incorporate how you will comply with the beneficial ownership rule by May 11, 2018?
Next time we’ll review the Customer Identification Program requirements, but from the angle of how it ties into your customer due diligence program.