Generic AML Compliance Deficiencies Checklist from House Oversight Document

e __|solated and Technical Violations: Limited instances of noncompliance that do not threaten overall program effectiveness Some common problems and issues include, but are not limited to, the following: e AML compliance officer (as well as other employees) lacks sufficient experience and/or knowledge regarding AML policies, procedures and tools e __Insufficientinadequate resources dedicated to AML compliance e Lack of specific and customized training of employees with critical functions (e.g., account opening, transaction processing, risk management) e Failure to conduct adequate risk assessments (e.g., customer risk assessment, business line risk assessment, OFAC risk assessment) e Failure to incorporate risk assessments into a transaction-monitoring process, customer acceptance standards, audits, testing or training e Inadequate Know Your Customer (KYC) procedures (e.g., CIP, CDD and EDD at or after account opening, including inadequate controls over required fields, inadequate methods of obtaining and/or maintaining current information, lack of reporting capabilities over missing information, and lack of verification procedures) e Poor documentation maintained for investigations that did not lead to SAR filings e Poor follow-up on SAR actions (e.g., close, monitor) e Lack of reporting of key SAR information to senior management/board of directors e Inadequate tuning, validation and documentation of automated monitoring systems e Overreliance on software to identify transactions for which CTRs and/or SARs must be filed without fully understanding how the software is designed and what information it does/does not capture e Exclusion of certain products from transaction monitoring (e.g., loans, letters of credit, capital markets activities) e _ Lack of timeliness when filing CTRs and SARs (e.g., reports are manually filed via certified mail, and the date postmarked is not noted) e _Lack of or inadequate independent testing of the AML Compliance Program e Lack of or untimely corrective actions to prior examination or audit findings To identify potential gaps in a financial institution's AML Compliance Program, regulatory enforcement actions for AML deficiencies against other (similar) financial institutions should be reviewed to identify the specific violations and related action steps. This enables financial institutions to recognize and correct any potential weaknesses of their own before their next regulatory examination. AML Compliance Program 33, What types of financial institutions are required to comply with AML laws and regulations? Under the USA PATRIOT Act, the definition of “financial institutions” was expanded to include more than 20 different types of businesses that provide financial services, including, but not limited to, broker-dealers, currency exchangers, insurance companies, trust companies, dealers in precious metals, stones or jewels, and issuers of traveler's checks, money orders or similar instruments. For additional guidance on the other types of financial institutions now required to comply with AML laws and regulations, please refer to the USA PATRIOT Act and Nonbank Financial Institutions and Nonfinancial Businesses sections. 34. What are the key components of an AML Compliance Program? Key components of an AML Compliance Program include, but are not limited to, the following: protiviti | 24 HOUSE_OVERSIGHT_024130