Sergey Nivens - Fotolia
The Federal Financial Institutions Examination Council released updated guidance on compliance requirements of the Bank Secrecy Act. What is covered in this release, and what should my firm take away from these updates to help prepare for the 2015 regulatory exams?
The Bank Secrecy Act (BSA) of 1970 regulates the activities of financial institutions in an effort to curb money laundering activity. BSA requires banks to report transactions over $10,000 and any suspicious transactions to the federal government. The Federal Financial Institutions Examination Council (FFIEC) is charged with enforcing this act through a series of bank audits, called "examinations." In December 2014, the FFIEC released updated guidance on BSA implementation and will use that new guidance during its 2015 bank examinations.
Before diving into a few of the changes, it is important to note that the updated guidance runs over 400 pages. Organizations preparing for an FFIEC examination should review the entire document carefully, rather than relying upon any summary of changes.
Under the new guidance, banks must implement new controls around the Suspicious Activity Report (SAR) process. Notably, the manual updates requirements for electronic filing of SARs and implements privacy controls protecting the contents of SARs from unauthorized disclosure.
The manual also expands the scope of institutions required to submit reports to the Financial Crimes Enforcement Network. These concern the responsibilities of non-bank financial institutions, including money service businesses, prepaid access programs and virtual currency exchanges.
Other subjects receiving added attention in the 2014 update include foreign accounts, currency transaction reporting, bulk shipments of currency, automated clearinghouse transactions, third-party payment processors and accounts controlled by foreign embassies, consulates and missions. If your firm is involved in financial transactions, now is the time to carefully review the lengthy updated guidance and incorporate it into your 2015 bank examination preparation process.
Ask the Expert:
Got a vexing problem for Mike Chapple or any of our other experts? Ask your enterprise-specific questions today. (All questions are anonymous.)
Learn more about the focus of the Bank Secrecy Act compliance exam
Dig Deeper on Information security policies, procedures and guidelines
Related Q&A from Mike Chapple
It's not possible to eradicate the risk of DoS attacks, but there are steps infosec pros can take to reduce their impact. Mike Chapple shares ... Continue Reading
The HHS OCR ruled that healthcare ransomware attacks are HIPAA violations, so these covered entities need to react according to the HHS's guidance. ... Continue Reading
HIPAA regulations incorporate NIST guidelines and standards, so do healthcare organizations need to be compliant with both? Expert Mike Chapple ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.