30 August 2007

BSA/ AML: Testing the Channel...

Legal compliance with the Bank Secrecy Act (BSA) and Anti-Money Laundering (AML) is a complex and growing concern by regulators, enforcement and Operational Risk Executives. In the United States, the FFIEC (Federal Financial Institutions Examination Council) has published the latest Examination Manual to provide guidance:

Enterprise-Wide BSA/AML Risk Assessment

Holding companies or lead financial institutions that implement an enterprise-wide BSA/AML compliance program should assess risk both individually within business lines and on a consolidated basis across all activities and legal entities. Aggregating risks on an enterprise-wide basis for larger or more complex organizations may enable an organization to better identify risks and risk exposures within and across specific lines of business or product categories. Consolidated information also assists senior management and the board of directors in understanding and appropriately mitigating risks across the organization. To avoid having an outdated understanding of the BSA/AML risk exposures, the holding company or lead financial institution should continually reassess the organization’s BSA/AML risks and communicate with business units, functions, and legal entities. The identification of a BSA/AML risk or deficiency in one area of business may indicate concerns elsewhere in the organization, which management should identify and control.

When a financial institution utilizes a strategy for it's channel or broker network the goal is to build controls into the consumer application process. These controls help the parent financial institution with compliance issues and give the independent broker or registered investment advisor with the tools and mechanisms for risk mitigation. However, to what degree do these independent brokers who interface with the consumer actually understand, implement and comply 100% with BSA/AML laws?

This question may haunt the minds of many OPS Risk professionals as they try to manage the mountain of data and documentation requirements at the home office or processing center. When there are dozens or hundreds of independent brokers in the client acquisition process your risk exposure increases dramatically. When and how often do you need to audit these important entities in your member or client supply chain?

Independent testing (audit) should be conducted by the internal audit department, outside auditors, consultants, or other qualified independent parties. While the frequency of audit is not specifically defined in any statute, a sound practice is for the bank to conduct independent testing generally every 12 to 18 months, commensurate with the BSA/AML risk profile of the bank. Banks that do not employ outside auditors or consultants or have internal audit departments may comply with this requirement by using qualified persons who are not involved in the function being tested. The persons conducting the BSA/AML testing should report directly to the board of directors or to a designated board committee comprised primarily or completely of outside directors.

Those persons responsible for conducting an objective independent evaluation of the written BSA/AML compliance program should perform testing for specific compliance with the BSA, and evaluate pertinent management information systems (MIS).

This is not any surprise to large banks and securities dealers who have been working diligently on these compliance management problems for decades. Whenever an organization is deploying a distributed and indirect model for acquiring new consumers, high net worth individuals and other business entities for financial-based products and services; BSA/AML programs should be robust. The individuals who are planning to launder money that has been obtained illegally or are part of a fraud scheme will prey on those unsuspecting and naive institutions first. In some cases, it could be an independent broker or business who is the target of a sophisticated and influential individual. They want to find a weak link in the institutions sales channel to gain access to a well known brand to leverage their scheme with new victims.

The criminal trial of ex-Refco Inc. Chief Executive Phillip R. Bennett and two other former executives has been postponed until March 2008, according to court transcripts.

During a telephone conference last month, U.S. District Judge Naomi Reice Buchwald delayed the trial of Bennett; Robert C. Trosten, Refco's ex-chief financial officer; and Tone N. Grant, the commodities broker's former president, until March 17. A transcript of the call was released publicly earlier this week.

The case was originally scheduled to go to trial in October.

The men are facing a variety of charges including conspiracy, securities fraud, bank fraud, wire fraud and money laundering.

Late Wednesday, the litigation trusts representing Refco's creditors announced they had sued Thomas H. Lee Partners LP in federal court in Manhattan, alleging the buyout firm uncovered red flags about Refco and its executives before the buyout firm's 2004 purchase of a controlling stake in Refco, but failed to follow up in hopes of profiting from Refco's initial public offering the next year. Lee has denied the claims.