70 likes | 224 Views
COMMON AUDIT FINDINGS SAR REPORTING No evidence of compliance with 30/60 day time limit Narratives did not communicate events clearly Review for follow-up SAR not documented Delayed review for follow-up SAR/SAR filed >90days Technical omissions on follow-up SAR: Earlier SAR not referenced
E N D
COMMON AUDIT FINDINGS • SAR REPORTING • No evidence of compliance with 30/60 day time limit • Narratives did not communicate events clearly • Review for follow-up SAR not documented • Delayed review for follow-up SAR/SAR filed >90days • Technical omissions on follow-up SAR: • Earlier SAR not referenced • Reasons for not filing SAR not clearly documented AML/BSA Certification Program Level I
COMMON AUDIT FINDINGS • CTR REPORTING • Lack of aggregation of ALL currency transactions • ATM transactions excluded • System validation not performed by auditors • Accuracy of amounts reported open to question • Incorrect TIN reported • IRS Correspondence: • Inaccuracy of TIN on CTR, when CIF has correct TIN • Delays in responses • Exemptions: • Belief that ALL cash transactions are reasonable AML/BSA Certification Program Level I
COMMON AUDIT FINDINGS • BSA/AML Policy & Program • Approval not granted/documented by BOD • Lack of timely policy updates • Final Rules • FinCEN Guidance AML/BSA Certification Program Level I
COMMON AUDIT FINDINGS • Customer Identification Program • New accounts for existing customers without adequate KYC • No identification of accounts with missing TIN • Lack of physical address/accounts with only PO boxes • Violations of institutions P&P’s • Primary/secondary ID • KYC information • Documentation and sign-off • Non-timely review of new account documentation AML/BSA Certification Program Level I
COMMON AUDIT FINDINGS • AML Monitoring • Inadequate KYC information • Inadequate/excessive identification of “high risk” customers: • Inappropriate/canned risk rating model • No review of risk rating • Focused on “high risk customers” • No attention given to high risk products/services • No monitoring of activities not captured by AML systems • Sate Deposit Boxes • Trade Finance AML/BSA Certification Program Level I
COMMON AUDIT FINDINGS • AML Monitoring (cont.) • Monitoring procedures not documented • Adequacy of monitoring not addressed by Internal Audit • Lack of escalation procedures • Automated monitoring tool used without post-implementation validation for: • Adequacy of AML reports • Controls over AML system • Rationale for changes in monitoring parameters • Approval of changes AML/BSA Certification Program Level I
COMMON AUDIT FINDINGS • Training • Non coverage of ALL appropriate personnel • Training to specific to: • Role/function and products/services • No reference to policy and procedures • Employee’s failing tests: • No follow-up on low scores • The issue of repeat failures not addressed • Inadequate training for “new” BSA Officer • Senior mgmt and BOD not trained AML/BSA Certification Program Level I