Bank Secrecy Act |
APPENDIX H: REQUEST LETTER ITEMS
Core and Expanded Examination Procedures
As part of the examination planning process, the examiner should prepare a request letter. The list below includes materials that examiners may request or request access to for a bank BSA/AML examination. This list should be tailored for the specific bank’s risk profile and the planned examination scope. Additional materials may be requested as needed.
BSA/AML Compliance Program
_ Name and title of the designated BSA compliance officer and, if different, the name and title of the person responsible for monitoring BSA/AML compliance.
- Organization charts showing direct and indirect reporting lines.
- Copies of résumés and qualifications of person(s) new to the bank serving in BSA/AML compliance program oversight capacities.
_ Make available copies of the most recent written BSA/AML compliance program approved by board of directors (or the statutory equivalent of such a program for foreign financial institutions operating in the United States), including CIP requirements, with date of approval noted in the minutes.
_ Make available copies of the policy and procedures relating to all reporting and recordkeeping requirements, including suspicious activity reporting.
_ Correspondence addressed between the bank, its personnel or agents, and its federal and state banking agencies, the U.S. Treasury (Office of the Secretary and Department of the Treasury, IRS, FinCEN, IRS Enterprise Computing Center – Detroit (formerly the Detroit Computing Center), and OFAC) or law enforcement authorities since the previous BSA/AML examination. For example, please make available IRS correspondence related to CTR errors or omissions.
Independent Testing
_ Make available copies of the results of any internally or externally sourced independent audits or tests performed since the previous examination for BSA/AML, including the scope or engagement letter, management’s responses, and access to the workpapers.
_ Make available access to the auditor’s risk assessment, audit plan (schedule), and program used for the audits or tests.
Training
_ Training documentation (e.g., materials used for training since the previous BSA/AML examination).
_ BSA/AML training schedule with dates, attendees, and topics. A list of persons in positions for which the bank typically requires BSA/AML training but who did not participate in the training.
Risk Assessment
_ Make available copies of management’s BSA/AML risk assessment of products, services, customers, and geographic locations.
_ List of bank identified higher-risk accounts.
Customer Identification Program
_ List of accounts without taxpayer identification numbers (TIN).
_ File of correspondence requesting TINs for bank customers.
_ A copy of any account opening forms (e.g., for loans, deposits or other accounts) used to document CIP/Customer Due Diligence information.
_ Written description of the bank’s rationale for CIP exemptions for existing customers who open new accounts.
_ List of new accounts covering all product lines (including accounts opened by third parties) and segregating existing customer accounts from new customers, for ___________. (Examiner to insert a period of time appropriate for the size and complexity of the bank.)
_ List of any accounts opened for a customer that provides an application for a TIN.
_ List of any accounts opened in which verification has not been completed or any accounts opened with exceptions to the CIP.
_ List of customers or potential customers for whom the bank took adverse action,270 on the basis of its CIP.
_ List of all documentary and nondocumentary methods the bank uses to verify a customer’s identity.
_ Make available customer notices and a description of their timing and delivery, by product.
_ List of the financial institutions on which the bank is relying, if the bank is using the "reliance provision." The list should note if the relied-upon financial institutions are subject to a rule implementing the BSA/AML compliance program requirements of 31 USC 5318(h) and are regulated by a federal functional regulator.
_ Provide the following:
- Copies of any contracts signed between the parties.
- Copies of the CIP or procedures used by the other party.
- Any certifications made by the other party.
Suspicious Activity Reporting
_ Access to SARs filed with FinCEN during the review period and the supporting documentation. Include copies of any filed SARs that were related to section 314(a) requests for information or to section 314(b) information sharing requests.
_ Any analyses or documentation of any activity for which a SAR was considered but not filed, or for which the bank is actively considering filing a SAR.
_ Description of expanded monitoring procedures applied to higher-risk accounts.
_ Determination of whether the bank uses a manual or an automated account monitoring system, or a combination of the two. If an automated system is used, determine whether the system is proprietary or vendor supplied. If the system was provided by an outside vendor, request (i) a list that includes the vendor, (ii) application names, and (iii) installation dates of any automated account monitoring system provided by an outside vendor. Request a list of the algorithms or rules used by the systems and copies of the independent validation of the software against these rules.
_ Make available copies of reports used for identification of and monitoring for suspicious transactions. These reports include, but are not limited to, suspected kiting reports, currency activity reports, monetary instrument records, and funds transfer reports. These reports can be generated from specialized BSA/AML software, the bank’s general data processing systems, or both.
_ If not already provided, copies of other reports that can pinpoint unusual transactions warranting further review. Examples include nonsufficient funds (NSF) reports, account analysis fee income reports, and large item reports.
_ Provide name, purpose, parameters, and frequency of each report.
_ Correspondence received from federal law enforcement authorities concerning the disposition of accounts reported for suspicious activity.
_ Make available copies (or a log) of criminal subpoenas received by the bank since the previous examination or inspection.
_ Make available copies of policies, procedures, and processes used to comply with all criminal subpoenas, including National Security Letters (NSL), related to BSA.
Currency Transaction Reporting
_ Access to filed Currency Transaction Reports (CTR) (FinCEN Form 104) for the review period.
_ Access to internal reports used to identify reportable currency transactions for the review period.
_ List of products or services that may involve currency transactions.
Currency Transaction Reporting Exemptions
_ Access to filed Designation of Exempt Person form(s) for current exemptions (FinCEN Form 110).
_ List of customers exempted from CTR filing and the documentation to support the exemption (e.g., currency transaction history or, as applicable, risk-based analysis).
_ Access to documentation of required annual reviews for CTR exemptions.
Information Sharing
_ Documentation of any positive match for a section 314(a) request.
_ Make available documentation demonstrating that required searches have been performed.
_ Make available any vendor-confidentiality agreements regarding section 314(a) services, if applicable.
_ Make available copies of policies, procedures, and processes for complying with 31 CFR 103.100 (Information Sharing Between Federal Law Enforcement Agencies and Financial Institutions).
_ If applicable, a copy of the bank’s most recent notification form to voluntarily share information with other financial institutions under 31 CFR 103.110 (Voluntary Information Sharing Among Financial Institutions), or a copy of the most recent correspondence received from FinCEN that acknowledges FinCEN’s receipt of the bank’s notice to voluntarily share information with other financial institutions.(Voluntary Information Sharing Among Financial Institutions), or a copy of the most recent correspondence received from FinCEN that acknowledges FinCEN’s receipt of the bank’s notice to voluntarily share information with other financial institutions.
_ If applicable, make available copies of policies, procedures, and processes for complying with 31 CFR 103.110.
Purchase and Sale of Monetary Instruments
_ Access to records of sales of monetary instruments in amounts between $3,000 and $10,000 (if maintained with individual transactions, provide samples of the record made in connection with the sale of each type of monetary instrument).
Funds Transfers Recordkeeping
_ Access to records of funds transfers, including incoming, intermediary, and outgoing transfers of $3,000 or more.
Foreign Correspondent Account Recordkeeping and Due Diligence
_ List of all foreign correspondent bank accounts, including a list of foreign financial institutions, for which the bank provides or provided regular services, and the date on which the required information was received (either by completion of a certification or by other means).
_ If applicable, documentation to evidence compliance wit 31 CFR 103.177 (Prohibition on Correspondent Accounts for Foreign Shell Banks; Records Concerning Owners of Foreign Banks and Agents for Service of Legal Process) and 31 CFR 103.185 (Summons or Subpoena of Foreign Bank Records; Termination of Correspondent Relationship) (for foreign correspondent bank accounts and shell banks).
_ List of all payable through relationships with foreign financial institutions as define 31 CFR 103.175.
_ Access to contracts or agreements with foreign financial institutions that have payable through accounts.
_ List of the bank’s foreign branches and the steps the bank has taken to determine whether the accounts with its branches are not used to indirectly provide services to foreign shell banks.
_ List of all foreign correspondent bank accounts and relationships with foreign financial institutions that have been closed or terminated in compliance with the conditions in 31 CFR 103.177 (i.e., service to foreign shell banks, records of owners and agents).
_ List of foreign correspondent bank accounts that have been the subject of a 31 CFR 103.100 (Information Sharing Between Federal Law Enforcement Agencies and Financial Institutions) or any other information request from a federal law enforcement officer for information regarding foreign correspondent bank accounts and evidence of compliance.
_ Any notice to close foreign correspondent bank accounts from the Secretary of the Treasury or the U.S. Attorney General and evidence of compliance.
_ Make available copies of policies, procedures, and processes for complying with 31 CFR 103.177.
_ List of all the bank’s embassy or consulate accounts, or other accounts maintained by a foreign government, foreign embassy, or foreign political figure.
_ List of all accountholders and borrowers domiciled outside the United States, including those with U.S. power of attorney.
Currency-Shipment Activity
_ Make available records reflecting currency shipped to and received from the Federal Reserve Bank or correspondent banks, or reflecting currency shipped between branches and their banks’ central currency vaults for the previous ___________ months. (Examiner to insert a period of time appropriate for the size and complexity of the bank.)
Other BSA Reporting and Recordkeeping Requirements
_ Record retention schedule and procedural guidelines.
_ File of Reports of International Transportation of Currency or Monetary Instruments (CMIR) (FinCEN Form 105), formerly Customs Form 4790).
_ Records of Report of Foreign Bank and Financial Accounts (FBAR) (TD F 90-22.1).
OFAC
_ Name and title of the designated OFAC compliance officer and, if different, the name and title of the person responsible for monitoring OFAC compliance.
_ Organization charts showing direct and indirect reporting lines.
_ Copies of résumés and qualifications of person (or persons) new to the bank serving in OFAC compliance program oversight capacities.
_ OFAC training schedule with dates, attendees, and topics. A list of persons in positions for which the bank typically requires OFAC training but who did not participate in the training.
_ Make available copies of the results of any internally or externally sourced independent audits or tests performed since the previous examination for OFAC, including the scope or engagement letter, management’s responses, and access to the workpapers.
_ Make available copies of management’s OFAC risk assessment of products, services, customers, and geographic locations.
_ Make available copies of OFAC policies and procedures.
_ Make available a list of blocked or rejected transactions with individuals or entities on the OFAC list and reported to OFAC. (Banks must report all blockings within ten days by filing a Report of Blocked Transactions.)
_ If maintained, make available logs or other documentation related to reviewing potential OFAC matches, including the method for reviewing and clearing those determined not to be matches.
_ Provide a list of any OFAC licenses issued to the bank. (OFAC has the authority, through a licensing process, to permit certain transactions that would otherwise be prohibited under its regulations. If a bank’s customer claims to have a specific license, the bank should verify that the transaction conforms to the terms of the license and obtain a copy of the authorizing license.)
_ If applicable, provide a copy of the records verifying that the most recent updates to OFAC software have been installed.
_ Provide a copy of the Annual Report of Blocked Property submitted to OFAC (TD F 90-22.50). (Banks must report all blocked assets to OFAC annually by September 30.)
Expanded Examination Procedures
As part of the examination planning process, the examiner should prepare a request letter. The listing below includes materials that may be requested for a bank BSA/AML examination. This list should be tailored for the specific institution profile and the planned examination scope. Additional materials may be requested as needed.
Correspondent Accounts (Domestic)
_ Make available copies of policies, procedures, and processes specifically for correspondent bank accounts, including procedures for monitoring for suspicious activity.
_ Make available a list of domestic correspondent bank accounts.
_ Provide a list of SARs filed relating to domestic correspondent bank accounts.
Correspondent Accounts (Foreign)
_ Make available copies of policies, procedures, and processes specifically for foreign correspondent financial institution accounts, including procedures for monitoring for suspicious activity.
_ Make available a list of foreign correspondent financial institution accounts.
_ Provide risk assessments covering foreign correspondent financial institution account relationships.
_ Provide a list of SARs filed relating to foreign correspondent financial institution accounts.
Bulk Shipments of Currency
_ Make available copies of policies, procedures, and processes related to receiving shipments of bulk currency. Describe expanded monitoring procedures applied to Currency Originators and Intermediaries.
_ Make available a list of Currency Originators, Intermediaries, including referral agents, and foreign and domestic customers that send bulk currency shipments to the bank.
_ Provide a list of all foreign and domestic correspondent bank accounts, including a list of foreign financial institutions, from which the bank receives or sends bulk currency shipments.
_ Provide a copy of management’s risk assessment of relationships and transactions of Currency Originators and Intermediaries.
_ Make available copies of reports used for identification of and monitoring for suspicious transactions related to Currency Originators and Intermediaries.
_ Make available agreements or contracts with Currency Originators or Intermediaries.
_ Provide a list of SARs filed related to shipping relationships and transactions.
U.S. Dollar Drafts
_ Make available copies of policies, procedures, and processes specifically for U.S. dollar drafts, including procedures for monitoring for suspicious activity.
_ Make available a list of foreign correspondent bank accounts that offer U.S. dollar drafts. If possible, include the volume, by number and dollar amount, of monthly transactions for each account.
_ Provide a list of SARs filed relating to U.S. dollar drafts.
Payable Through Accounts
_ Make available copies of policies, procedures, and processes specifically for payable through accounts (PTA), including procedures for monitoring for suspicious activity.
_ Make available a list of foreign correspondent bank accounts with PTAs. Include a detailed summary (number and monthly dollar volume) of sub-accountholders for each PTA.
_ Provide a list of SARs filed relating to PTAs.
Pouch Activities
_ Make available copies of pouch activity policies, procedures, and processes, including procedures for monitoring for suspicious activity.
_ Provide a list of customer accounts permitted to use pouch services.
_ Provide a list of CTRs, CMIRs, or SARs filed relating to pouch activity.
_ As needed, provide a copy of pouch logs.
Foreign Branches and Offices of U.S. Banks
_ Make available copies of policies, procedures, and processes specific to the foreign branch or office, if different from the parent’s policies, procedures, and processes.
_ Provide most recent management reports received on foreign branches and offices.
_ Make available copies of the bank’s tiering or organizational structure report.
_ Provide AML audit reports, compliance reports, and supporting documentation for the foreign branches and offices.
_ Provide a list of the types of products and services offered at the foreign branches and offices and information on new products or services offered by the foreign branch, including those that are not already offered by the parent bank.
_ Provide a description of the method for aggregating each customer relationship across business units and geographic locations throughout the organization.
_ Provide the code of ethics for foreign branches or offices, if it is different from the bank’s standard policy.
_ When testing will be performed, provide a list of accounts originated or serviced in the foreign branch or office. Examiners should try to limit this request and focus on accounts for specific products or services, higher-risk accounts only, or accounts for which exceptions or audit concerns have been noted.
_ Provide a list of the locations of foreign branches and offices, including, if possible, the host country regulatory agency and contact information.
_ Provide the organizational structure of the foreign branches and offices, including reporting lines to the U.S. bank level.
Parallel Banking
_ Provide a list of any parallel banking relationships.
_ Make available copies of policies, procedures, and processes specifically for parallel banking relationships, including procedures relating to higher-risk money laundering activities. Such policies and procedures should include those that are specific to the relationship with the parallel entity.
_ Provide a list of SARs filed relating to parallel banking relationships.
_ Make available documents that specify limits or procedures that should be followed when dealing with the parallel entity.
_ Provide a list of directors or officers of the bank who are also associated with the foreign parallel bank.
Electronic Banking
_ Make available copies of any policies and procedures related directly to electronic banking (e-banking) that are not already included in the BSA/AML policies.
_ Provide management reports that indicate the monthly volume of e-banking activity.
_ Provide a list of business customers regularly conducting e-banking transactions, including the number and dollar volume of transactions.
_ Make available a list of service providers related to Remote Deposit Capture (RDC) activities.
_ Make available copies of contracts related to RDC activities.
Funds Transfers
_ Provide funds transfer activity logs, including funds transfers that involve cover payments, including transfers into and out of the bank. Include the number and dollar volume of funds transfer activity for the month.
_ Provide a list of funds transfers purchased with currency over a specified time period.
_ Provide a list of noncustomer transactions over a specified time period.
_ If not already included in the BSA/AML policies, make available copies of any policies, procedures, and processes related to funds transfers, including transfers that involve cover payments, or payable upon proper identification (PUPID).
_ Provide a list of suspense accounts used for PUPID proceeds.
_ Provide a list of PUPID transactions completed by the bank, either as the beneficiary bank or as the originating bank.
Automated Clearing House Transactions
_ Make available copies of any policies and procedures related directly to automated clearing house (ACH) and international ACH transactions (IAT) that are not already included in the BSA/AML policies.
_ Make available copies of management reports that indicate the monthly volume of ACH activity, including IATs.
_ Make available a list of large or frequent ACH transactions or IATs.
_ Make available a list of IATs (both those originated from or received by the bank).
_ Make available a list of customer complaints regarding ACH transactions and IATs.
Electronic Cash
_ Make available copies of any policies and procedures related directly to electronic cash (e-cash), including prepaid cards, that are not already included in the BSA/AML policies.
_ Provide management reports that indicate the monthly volume of e-cash activity, including prepaid cards.
_ Provide a list of business customers regularly conducting e-cash transactions, including prepaid cards, including the number and dollar volume of transactions.
Third-Party Payment Processors
_ If not already included in the BSA/AML policies, make available copies of any policies, procedures, and processes related to third-party payment processors.
_ Provide a list of third-party payment processor relationships. Include the number and dollar volume of payments processed per relationship.
_ Provide a list of SARs filed on third-party payment processor relationships.
Purchase and Sale of Monetary Instruments
_ If not already included in the BSA/AML policies, make available copies of any policies, procedures, and processes related to the sale of monetary instruments for currency. In particular, include policies, procedures, and processes related to the monitoring sales of monetary instruments in order to detect unusual activities.
_ Provide monetary instrument logs or other MIS reports used for the monitoring and detection of unusual or suspicious activities relating to the sales of monetary instruments.
_ Provide a list of noncustomer transactions over a specified period of time.
_ Provide a list of monetary instruments purchased with currency over a specified time period.
_ Provide a list of SARs filed related to the purchase or sale of monetary instruments.
Brokered Deposits
_ Make available copies of specific policies and procedures specifically for brokered deposits, including procedures for monitoring for suspicious activity.
_ Provide risk assessment covering brokered deposits.
_ Provide internal audits covering brokered deposits.
_ Provide a list of approved deposit brokers.
_ Provide management reports covering nonrelationship funding programs (including reports on balances, concentrations, performance, or fees paid).
_ Provide SARs and subpoenas related to brokered deposit relationships.
_ Provide a copy of account documentation or agreements for deposit broker arrangements.
Privately Owned Automated Teller Machines
_ Provide a risk assessment covering privately owned automated teller machines (ATM) and Independent Sales Organizations (ISO), including a list of higher-risk privately owned ATM relationships.
_ Make available copies of policies, procedures, and processes for privately owned ATM and ISO account acceptance, due diligence, and ongoing monitoring.
_ Provide a list of ISO clients and balances.
_ Provide SARs and subpoenas related to privately owned ATMs and ISOs.
Nondeposit Investment Products
_ Make available copies of policies, procedures, and processes relating to nondeposit investment products (NDIP) and relationships with any independent NDIP providers.
_ Provide internal audits covering NDIP sales and provider relationships.
_ Provide a risk assessment covering NDIP customers and transactions.
_ If available, provide a list of NDIP clients and balances.
_ Provide a list of suspense, concentration, or omnibus accounts used for NDIP. Describe the purpose for and controls surrounding each account.
_ Provide management reports covering 25 to 50 of the largest, most active, and most profitable NDIP customers.
_ Provide SARs and subpoenas related to NDIP customers.
_ Make available a copy of account opening documentation or agreements for NDIP.
_ Make available a copy of contracts or agreements between the bank and third-party NDIP providers for the completion of CIP, due diligence, and ongoing monitoring of NDIP customers.
Insurance
_ Make available copies of BSA/AML policies and procedures related to the sale of insurance.
_ Provide risk assessment covering insurance products.
_ Make available MIS reports related to the sales of insurance products. Reports may include large transaction reports, single premium payments, early cancellation, premium overpayments, and assignments of claims.
_ Make available a copy of contracts or agreements between the bank and insurance providers for the completion of CIP, due diligence, and ongoing monitoring of insurance customers.
_ Provide a list of insurance products approved for sale at the bank.
_ Provide management reports covering insurance products (including large transactions, funds transfers, single premium payments, and early cancellations).
_ Provide SARs or subpoenas related to insurance clients.
_ Provide a copy of account documentation requirements and applications for insurance products.
Concentration Accounts
_ Make available copies of BSA/AML policies, procedures, and processes that are specific to concentration accounts (also known as special-use, omnibus, suspense, settlement, intraday, sweep, or collection accounts).
_ Provide a list of all concentration accounts and each account’s most recent reconcilement.
_ Provide account activity reports for concentration accounts for ___________. (Examiner to insert a period of time appropriate for the size and complexity of the bank.)
Lending Activities
_ Make available copies of BSA/AML policies and procedures specific to lending.
_ Provide a risk assessment relating to the lending function, including a list of any higher-risk lending relationships identified by the bank.
_ For loans secured by cash collateral, marketable securities, or cash surrender value of life insurance products:
- Provide a list of all loans that have defaulted since the previous BSA/AML examination, including those that were charged off.
- Provide a list of all loans that have been extended since the previous BSA/AML examination.
Trade Finance Activities
_ Make available copies of BSA/AML policies and procedures specific to trade finance activities.
_ Provide a risk assessment relating to trade finance activities, including a list of any higher-risk trade finance transactions, accounts, or relationships identified by the bank.
_ Provide a list of customers involved in transactions with higher-risk geographic locations or for whom the bank facilitates trade finance activities with higher-risk geographic locations.
Private Banking
_ Make available copies of policies, procedures, and controls used to manage BSA/AML risks in the private banking department.
_ Make available business or strategic plans for the private banking department.
_ Provide the most recent version of management reports on private banking activity, such as customer aggregation reports, policy exception reports, client concentrations, customer risk classification reports, and unusual account activity.
_ Provide recent private banking reports from compliance, internal audit, risk management, and external auditors or consultants that cover BSA/AML.
_ Provide a list of products and services offered to private banking clients. Information on new products and services offered to private banking clients and the bank’s process for approving new activities.
_ Provide a description of the method for aggregating customer holdings and activities across business units throughout the organization.
_ Provide a description of account officer and manager positions, and the compensation, recruitment, and training program for these positions.
_ Make available the code of ethics policy for private banking officers.
_ Provide a risk assessment covering private banking customers and transactions.
_ Provide a list of suspense, concentration, or omnibus accounts used for private banking transactions. Describe the purpose for each account and the controls governing it.
_ Provide management reports covering 25 to 50 of the largest, most active, or most profitable private banking customers.
_ Provide a list of the bank’s private banking accountholders who meet the following criteria:
- Politically exposed persons (PEP), export or import business owners, money transmitters, Private Investment Companies (PIC), financial advisers, offshore entities, or money managers (when an intermediary is acting on behalf of customers).
- Customers who were introduced to the bank by individuals previously employed by other financial institutions.
- Customers who were introduced to the bank by a third-party investment adviser.
- Customers who use nominee names.
- Customers who are from, or do business with, a higher-risk geographic location.
- Customers who are involved in cash-intensive businesses.
- Customers who were granted exceptions to policies, procedures, and controls.
- Customers who frequently appear on unusual activity monitoring reports.
_ Provide SARs and subpoenas related to private banking customers.
_ Make available a copy of account-opening documentation or agreements for private banking customers.
Trust and Asset Management Services
_ Make available copies of BSA/AML policies, procedures, and processes for trust and asset management services.
_ Make available trust and asset management procedures and guidelines used to determine when EDD is appropriate for higher-risk accounts and parties to the relationship. These should include methods for identifying account-interested parties (i.e., individual grantors, co-trustees, or outside investment managers).
_ Provide a list of the bank’s trust and asset management accountholders who meet the following criteria:
_ Provide a list of politically exposed persons (PEP), export or import business owners, money transmitters, Private Investment Companies (PIC), financial advisers, offshore entities, or money managers (when an intermediary is acting on behalf of customers).
- Customers who were introduced to the bank by individuals previously employed by other financial institutions.
- Customers who were introduced to the bank by a third-party investment adviser.
- Customers who use nominee names.
- Customers who are from, or do business with, a higher-risk geographic location.
- Customers who are involved in cash-intensive businesses.
- Customers who were granted exceptions to policies, procedures, and controls.
- Customers who frequently appear on unusual activity monitoring reports.
_ Make available reports and minutes submitted to the board of directors or its designated committee relating to BSA/AML matters pertaining to trust and asset management business lines and activities.
_ Provide an organizational chart for the BSA/AML compliance function as it relates to the trust and asset management services.
_ Provide a risk assessment of trust and asset management services that identifies those customers, prospective customers, or products the bank has determined to be high risk.
_ Provide management reports covering 25 to 50 of the largest, most active, or most profitable trust and asset management customers.
_ Provide a BSA/AML independent review or audit of trust and asset management services. Make workpapers available upon request.
_ Make available a copy of the BSA/AML training materials for management and employees involved in trust and asset management activities.
_ Identify the trust accounting systems used. Briefly explain how they accommodate and assist compliance with BSA/AML regulations and guidelines.
_ Provide a list of newly opened trust and asset management accounts since ___________. (Examiner to insert a period of time appropriate for the size and complexity of the bank.)
_ Provide procedures for checking section 314(a) requests relating to trust and asset management services.
_ Provide a list of all trust and asset management accounts designated as high risk, and a list of all accounts whose assets consist of PICs and asset protection trusts.
_ Provide copies of SARs associated with trust and asset management services.
_ Provide a list of subpoenas, particularly BSA/AML-related, relating to trust and asset management activities.
Nonresident Aliens and Foreign Individuals
_ Make available copies of policies, procedures, and processes specific to nonresident alien (NRA) accounts, including guidelines and systems for establishing and updating W-8 exempt status.
_ Provide a list of NRA and foreign individual accounts held by the bank, particularly those accounts the bank has designated as high risk.
_ Provide a list of NRA and foreign individual accounts without a TIN, passport number, or other appropriate identification number.
_ Provide a list of SARs and subpoenas related to NRA and foreign individual accounts.
Politically Exposed Persons
_ Make available copies of policies, procedures, and processes specific to politically exposed persons (PEP). Policies should include the bank’s definition of a PEP as well as procedures for opening PEP accounts and senior management’s role in the approval process for opening PEP accounts.
_ Provide a list of accounts in the name of or for the benefit of a PEP. List should include the country of residence of the PEP, the account balances, and the average number and dollar volume of transactions per month.
_ Provide a list of the information systems or other methods used to identify PEP accounts.
_ Make available management reports used to monitor PEP accounts, including reports for identifying unusual and suspicious activity.
Embassy and Foreign Consulate Accounts
_ Make available copies of policies, procedures, and processes specific to embassy and foreign consulate account relationships.
_ Provide a list of embassy and foreign consulate accounts held by the bank, including the average account balances and the average number and dollar volume of transactions per month.
_ Provide a list of accounts that are in the name of individuals who work for the embassy or foreign consulate.
Nonbank Financial Institutions
_ Make available copies of policies, procedures, and processes related to nonbank financial institutions.
_ Provide a list of nonbank financial institution accounts, including all related accounts.
_ Provide a risk assessment of nonbank financial institution accounts, identifying those accounts the bank has designated as higher risk. This list should include products and services offered by the nonbank financial institution; the average account balance; and the average number, type, and dollar volume of transactions per month.
_ Provide a list of foreign nonbank financial institution accounts, including the products and services offered; the average account balance; and the average, number, type, and dollar volume of transactions per month.
_ Provide a sample of account opening documentation for higher-risk nonbank financial institutions.
_ Provide a list of SARs and subpoenas related to nonbank financial institutions.
Professional Service Providers
_ Make available copies of policies, procedures, and processes related to professional service provider accounts.
_ Provide a list of professional service provider accounts, including all related accounts (such as interest on lawyers’ trust accounts (IOLTA) which should include the name of the attorney on each account).
_ Provide a list of any professional service provider accounts that the bank has designated as higher risk.
Nongovernmental Organizations and Charities
_ Make available copies of policies, procedures, and processes related to nongovernmental organizations and charities.
_ List of nongovernmental organizations and charities, particularly those that the bank the bank has designated as higher risk. This list should include average account balances and the average number and dollar volume of transactions.
_ List of nongovernmental organizations involved in higher-risk geographic locations.
Business Entities (Domestic and Foreign)
_ Make available copies of policies, procedures, and processes specifically related to domestic and international business entities.
_ Provide a list of accounts opened by business entities. If this list is unreasonably long, amend the request to look at those entities incorporated in higher-risk jurisdictions or those accounts the bank has designated as higher risk.
_ Provide a list of loans to business entities collateralized by bearer shares.
Cash-Intensive Businesses
_ Make available copies of policies, procedures, and processes related to other businesses and entities.
_ Provide risk assessment of other businesses and entities, list those other businesses and entities that the bank has designated as higher risk. The listing should include average account balances and the average number and dollar volume of transactions.
