Banking and financial institutions are required to assess risk for money laundering and possible terrorist activity funding under the Bank Secrecy Act (BSA - which also includes the USA Patriot Act of 2001). The act was designated to establish requirements for record keeping and to identify movement of currency into and out of the United States. These institutional regulations require an annual independent audit of their anti-money laundering (AML) compliance programs. 

Here are best practices for staying compliant during an AML audit. 

AML Program

In order to remain in compliance, financial institutions must have developed an internal AML program. The Four Pillars of an AML program are as follows:

• A designated BSA compliance officer
• Development of internal policies, procedures and controls
• Ongoing, relevant training of employees
• Independent testing and review

A BSA compliance officer must be appointed by the Board of Directors to manage the BSA/AML compliance. This officer manages communications with senior management and all regulatory authorities involved.

Internal policies, procedures and controls are in place to ensure risk assessment with processes for monitoring and reporting suspicious activities.

All employees who are responsible for for handling financial transactions should have continued updated knowledge of the BSA and the processes for monitoring, controlling and reporting. Employees should also be aware of any changes to the AML programs. 

Audits must be conducted every 12 - 18 months by internal auditors or qualified external independent parties. 

AML Audit

Here is what to expect with an AML audit. 

• A review of the written AML compliance policies
• Testing of the AML compliance procedures 
• Customer Identification Program (CIP) review 
• Review of customer transactions and client files
• OFAC checks
• Evaluation of employee training
• Review of automated monitoring systems
• Review of reporting procedures

Conducting an AML audit on a yearly basis helps to ensure a firm's compliance with the Bank Secrecy Act as well as helping to hinder the growing threat of terrorism and organized crime. 

Best Practices

The BSA compliance officer and the company Board of Directors must be committed to AML compliance. This means that a qualified and experienced individual must be in the role to lead the AML program.

The program must be written and designed to ensure that the organization detects, controls and reports suspicious or fraudulent activity. This program must be available to all employees responsible for financial activities or relationship management. 

An effective KYC - know your customer - program must be in place as an initial requirement for taking on a new customer or when evaluating current customers for risk.

Employee training must be ongoing and relevant to the AML program put in place. Processes outside of the documented program should be assessed, stopped or implemented in writing into the program.

The Office of Foreign Assets Control (OFAC) is set up for financial institutions to screen customers against sanctioned foreign countries or those designated on a terrorist watch list. An AML program should include OFAC screening and compliance.

An ongoing testing process, including the audit, keeps the AML program current and effective against money laundering and fraudulent activities. Effective communication among all employees who follow the program will also ensure the efficacy of the program and procedures.