Q: What should be done during the review? The review should provide a fair and unbiased appraisal of each of the required elements of the company’s anti-money laundering program, including its Bank Secrecy Act-related policies, procedures, internal controls, recordkeeping and reporting functions, and training.
The review should include testing of internal controls and transactional systems and procedures to identify problems and weaknesses and, if necessary, recommend to management appropriate corrective actions. For example, if the program requires that a particular employee or category of employee should be trained once every six months, then the independent testing should determine whether the training occurred and whether the training was adequate.
The review also should cover all of the anti-money laundering program actions taken by – or defined as part of the responsibility of – the designated compliance officer. These actions include, for example, the determination of the level of money laundering risks faced by the business, the frequency of Bank Secrecy Act anti-money laundering training for employees, and the adoption of procedures for implementation and oversight of program-related controls and transactional systems.
This FAQ was obtained from FinCEN’s website, in the section for Answers to Frequently Asked BSA Questions, which may be found here: