Skip to content

BSA Audit Requirements

Question: 
Are banks required to have independent auditing of their Bank Secrecy Policy and files? If so, what should the audit consist of?
Answer: 

Yes, independent testing of Bank Secrecy Act Compliance is required by each of the bank regulatory agencies.

The FDIC last described its expectations in FIL 29-96:

  • Independent testing for compliance with the BSA and 31 C. F. R. 103. The independent testing should be conducted at least annually, preferably by the internal audit department, outside auditors, or consultants. Banks that do not employ outside auditors or consultants or that do not operate internal audit departments can comply with this requirement by utilizing for testing employees who are not involved in the currency transaction reporting function.

The compliance testing should include, at a minimum:

  • A test of the bank's internal procedures for monitoring compliance with the BSA, including interviews of employees who handle cash transactions and their supervisors.
  • A sampling of large currency transactions followed by a review of CTR filings.
  • A test of the validity and reasonableness of the customer exemptions granted by the bank.
  • A test of the bank's recordkeeping system for compliance with the BSA.
  • Documentation of the scope of the testing procedures performed and the findings of the testing. Any apparent violations, exceptions or other problems noted during the testing procedures should be promptly reported to the board of directors or appropriate committee thereof.

It is essential that the scope of any testing procedures, and the results of those procedures, be thoroughly documented. In most cases, this will involve retention of workpapers from internal and/or external audits of BSA compliance. Procedures that are not adequately documented will not be accepted as being in compliance with the independent testing requirement.

From Ken: Use your primary federal regulatory agency's examination procedures as the template for your audit program. The are the closest you will come to generally accepted auditing standards in compliance, your examiners will have confidence in them and you will save yourself all the time it would have taken to invent the wheel; i.e. design your own.

First published on BankersOnline.com 4/01/02

First published on 04/01/2002

Search Topics