Banking Exchange Magazine Logo

BSA Pillar Violations: Community Banks are Not Immune

Violations of the five pillars can lead to dire consequences for the financial institution

  • |
  • Written by  Terri Luttrell, CAMS-Audit
BSA Pillar Violations: Community Banks are Not Immune

The foundation of the Bank Secrecy Act (BSA) is comprised of five core pillars. A violation of one of those pillars usually means there is a crack in that foundation and a serious deficiency in a financial institution’s BSA/AML program. The Federal Deposit Insurance Corporation (FDIC) recently issued a consent order to a $419 million financial institution for BSA program deficiencies, most of them pillar violations. Violations of the five pillars can lead to dire consequences for the financial institution. 

This current consent order example reflects what is being seen by regulators in many small to mid-sized institutions. Here’s a recap of the deficiencies within the order and what financial institutions can do to prevent them.

The pillar violations include:

  • Internal Controls
    • Suspicious Activity Monitoring and Reporting
      • They had inadequate written policy and procedures to include automated solutions.
        • Written policy must include monitoring for cash transactions, international and domestic wire transfers, ACH, foreign nationals, high-risk deposit accounts, and non-bank financial institutions.
        • They failed to have timely, accurate, and complete filing of SARs, CTRs, and other BSA reports.
        • They did not have thorough documentation to support a decision to file or not file a SAR.
  • Independent Testing
    • They were lacking adequate and accurate evaluations of the overall integrity and effectiveness of the BSA Program.
  • Customer Due Diligence (CDD)

(Yes, you read that correctly – the new fifth pillar is now being cited by regulators!)

  • They had not properly reviewed and enhanced their CDD policies, procedures, and processes for new and existing customers.
    • Institutions must have a risk rating system to assess the risk level of each customer to include:
      • Purpose of the account
      • Anticipated type and volume of all account activity
      • Products and services offered
      • All parties involved with the customer, including beneficial owners
      • Location and markets served by the customer
      • Formalization of visitation program for all high-risk customer
      • Periodic update of risk grades
      • Process for obtaining higher-level approvals as necessary
    • Enhanced Due Diligence (EDD)
      • Institutions must instill ongoing monitoring for customers who pose heightened risk.
        • They must implement procedures for ongoing risk-based reviews.
  • BSA Training
    • They did not institute effective training for the Board, management and staff specific to their responsibilities.
      • Training should address specific BSA risks of individual business lines.

Other violations noted on the consent order include:

  • Inadequate Risk Assessment
    • A risk assessment should weigh all relevant factors of products, services, customers, affiliates, noncustomers, and geographic location risk.
    • Higher risk customer categories such as foreign nationals, non-resident aliens, non-bank financial institutions and higher risk deposit accounts should be assessed separately and in more depth.
  • BSA Officer, Staff and Resources
    • There should be reoccurring analysis and assessment of the bank’s BSA staffing needs
      • The BSA Officer position needs to be evaluated to determine whether the individual possesses the ability, experience and other qualifications required to perform all duties of the BSA program.

How can a BSA officer be proactive and ensure these citings don’t happen to them?

  • Start with cultivating a culture of compliance from the top to the middle, down to the front line. Be a leader of this effort to ensure that the full BSA staff is supported throughout the institution.
  • Share regulatory guidance on this subject as well as recent enforcement actions with executive management and the Board. Read other consent orders and make sure management and the Board are aware of the potential consequences of a weak BSA program, specifically related to the five pillars.
  • Ensure all of the above issues are covered in the institution’s BSA program. Check the programs and be fully prepared for the next exam.

Terri Luttrell is a seasoned AML professional with over 20 years in the banking industry, working both in medium and large community and commercial banks ranging from $2 billion to $330 billion in asset size. Terri is currently Senior Manager of Strategy & Evangelism at Banker’s Toolbox. a leading enterprise risk management solution for financial institution.

back to top


About Us

Connect With Us