BID® Daily Newsletter
Nov 9, 2018

BID® Daily Newsletter

Nov 9, 2018

Absorbing And Sharing BSA/AML Resources

Summary: Sharing BSA resources can be helpful for community banks. A recent interagency statement provides some options and steps to stay safe.

Community bankers hear all the time about how regulations are being eased, but we wanted to put it to the test. We went to one regulator's website and looked at the number of pages of regulations bankers had to absorb in the first half of the year and then doubled it to approximate the annual load. Drum roll please... your team will need to deal with about 1,500 pages of rules just to keep up. We thought you might be interested to know how much you were dealing with as a team this year, as you prepare for 2019. Good luck bankers!
Along these lines, federal regulators recently issued an Interagency Statement that provided information on effectively sharing Bank Secrecy Act resources, as well as the benefits and the risks associated with collaborative resource sharing arrangements. This is important for community banks as compliance costs have been steadily increasing and denote a larger percentage of total costs than at bigger banks.
In fact, according to a survey by LexisNexis Risk Solutions, smaller firms with assets less than $10B (including banks) spend an average of $695k on AML human resources, with 58% of the total AML compliance operations costs being labor. Since labor costs tend to increase over time, this is an area of focus for smaller firms and banks.
One way to help manage your costs is to share resources. If you have already been doing this, then hats off to you for engaging in this resourceful and cost-effective practice. If not, it may be something to consider.
Banks have found ways to leverage resources such as sharing a BSA trainer or staff performing specific internal controls among a small group of banks. Some examples of tasks to share include:
1) reviewing, updating, and drafting BSA/AML policies and procedures; 2) reviewing and developing risk-based customer identification and account monitoring processes; 3) tailoring monitoring systems and reports for the potential risks.
This sharing can also provide smaller banks with specialized expertise that it may not otherwise have in-house.
Having a collaborative arrangement for a BSA Officer may work between affiliated banks, but generally would not work for most community banks. If community banks do consider sharing a BSA Officer, they should carefully consider this option, as the confidentiality of SARs could be an issue.
Sharing resources such as databases is also helpful and cost-effective. According to the same LexisNexis survey, as many as 59% of smaller financial firms rely on shared interbank compliance databases for greater efficiencies.
If you choose to share BSA/AML resources, you will want to remember: the bank's risk profile, suitable documentation, any legal restrictions, and the formation of appropriate oversight mechanisms. Remember also that ultimately, each bank is responsible for ensuring its own compliance with BSA requirements, and that sharing resources does not relieve the bank of this responsibility. Lastly, your BSA sharing plans and agreements should be consistent with sound principles of corporate governance and reviewed in advance by the bank's board of directors.
Subscribe to the BID Daily Newsletter to have it delivered by email daily.

Related Articles:

How CFIs Can Maintain Adequate Capital in a Downturn
The Federal Reserve just concluded its annual capital adequacy annual stress test with 33 participating banks. While regulators don’t require CFIs to run stress tests to assess their capital adequacy, the federal banking supervisory agencies indicate that they should have the capacity to analyze the potential impact of adverse outcomes, and particularly encourage this for CFIs with CRE portfolios. We provide four steps to help form the foundation of an effective capital planning process.
Serious Hack-Attack-You Have 36 Hours to Report It
CFIs and other banks now have 36 hours to report serious hacks, including those that may disrupt operations, cause material losses or even threaten the stability of the entire financial system. Is 36 hours enough time for CFIs?