FinCEN Issues Advisory on Promoting Culture of Compliance
August 12, 2014 – The Financial Crimes Enforcement Network (FinCEN) has issued an advisory to U.S. financial institutions on promoting a strong culture of BSA/AML compliance for senior management. FIN-2014-A007 lays out FinCEN’s view that a financial institution may strengthen its compliance culture by ensuring:
- its leadership actively supports and understands compliance efforts
A financial institution’s leadership, which may include its board of directors, senior and executive management, owners and operators, are responsible for understanding an institution’s responsibilities regarding compliance with the BSA and creating a visible culture of compliance at that institution. This includes receiving periodic BSA/AML training, understanding BSA/AML obligations, allocating sufficient resources, and remaining informed of the state of BSA/AML compliance within the institution.
- efforts to manage and mitigate BSA/AML deficiencies and risks are not compromised by revenue interests
An effective governance structure for an institution should allow for the independent function of the BSA/AML compliance program with the authority to address and mitigate any risks that may arise from an institution’s business line and to file any necessary reports regardless of the revenue generated from the business line.
- relevant information from the various departments within the organization is shared with compliance staff to further BSA/AML efforts
FinCEN notes that in several recent enforcement actions, the institution had relevant BSA/AML information that was not made available to BSA/AML compliance staff. Institutions must ensure that information obtained or held by various departments that may be useful for BSA/AML compliance is shared with compliance staff.
- the institution devotes adequate resources to its compliance function
An effective BSA/AML compliance program must be supported by appropriate staff based on its risk profile. Appropriate technological resources should also be allocated to BSA/AML compliance and institutions with higher risk profiles, including those with substantially higher volumes of activity, may need to utilize automated systems for identifying and monitoring suspicious activity.
- the compliance program is effective by, among other things, ensuring that it is tested by an independent and competent party
FinCEN’s guidance stresses the importance of independent testing of the compliance program. The party testing the program must be independent, qualified, and unbiased. The independent tester may not have a conflicting business interest that may influence the outcome of the test of the compliance program.
- its leadership and staff understand the purpose of its BSA/AML efforts and how its reporting is used
Finally, FinCEN’s guidance instructs institutions that adherence to the requirements of the BSA/AML regulations should not be strictly for compliance, but rather should be embraced by institutions for the goal of safeguarding the national financial system and enhancing national security. FinCEN urges institutions to educate employees on the purpose of, and role played by, the BSA/AML regime.