FDIC's Supervision of a Financial Institution's
Compliance With the Bank Secrecy Act

March, 2005
Audit Report 05-008

Background and Purpose of Audit

Congress enacted the Bank Secrecy Act (BSA) of 1970 to prevent banks and other financial service providers from being used as intermediaries for, or to hide the transfer or deposit of money derived from, criminal activity. The BSA requires financial institutions to maintain appropriate records and to file certain reports used in criminal, tax, or regulatory investigations or proceedings. Responsibility for implementing and complying with BSA requirements is shared among the financial institutions responsible for implementing BSA compliance programs and the regulatory agencies responsible for examining the institutions to ensure BSA compliance. The Federal Deposit Insurance Corporation (FDIC) is authorized to examine financial institutions for BSA compliance, impose regulatory actions, and refer significant BSA violations and deficiencies to the Department of the Treasury (Treasury).

The objective of this audit was to determine whether the FDIC adequately fulfilled its responsibilities to monitor and assure a financial institution's compliance with the BSA. The audit included a review of selected institutions whose assets and insured deposits had been sold by the FDIC to the institution that was the principal focus of our audit. The audit report contains extensive examination-related and other sensitive information and will not be made publicly available.

FDIC, Federal Deposit Insurance Corporation

Results of Audit

Responsibilities to ensure compliance with the BSA were not adequately fulfilled by either institution management or the FDIC. Corporate governance at the financial institution and two former institutions was not sufficient to ensure that they met BSA requirements. The FDIC's examinations identified significant BSA violations and deficiencies, but the examinations generally lacked sufficient follow-up on corrective measures promised but not implemented by institution management. Consequently, weak BSA compliance programs persisted for extended periods. In addition, the FDIC should have more thoroughly considered the impact of BSA compliance violation and deficiency histories in connection with the Corporation's decision to qualify the potential acquirers of a failed institution.

Recommendations and Management Response

The report makes the following recommendations to FDIC management:

  • Propose a requirement to the Treasury and the other federal banking regulators that institution management periodically certify the implementation and oversight of an institution's BSA compliance program.
  • Emphasize institution compliance with BSA requirements through continued outreach to the financial services industry on the requirements of the BSA, the USA PATRIOT Act, and the implementing regulations.
  • Require transaction testing in all BSA compliance examinations by expanding core procedures to include transaction testing.
  • Require examiners to perform at least the core and expanded BSA examination procedures at FDIC-supervised institutions if any one of a defined set of BSA assessment factors is present.
  • Ensure that the adequacy of the BSA compliance program is a key component in the assignment of the management rating for safety and soundness examinations.
  • Assess, in conjunction with the other federal banking regulators, the merits of a numeric rating system for BSA compliance.
  • Issue BSA supervisory and enforcement action guidance that outlines how the BSA assessment factors will be considered in determining appropriate action to be taken as part of the BSA examination process.
  • Develop an internal control process to verify that all BSA violations are promptly included in the systems used to report this information to the Treasury.
  • Establish an inter-divisional task force to revise FDIC policies and procedures to define the process to be used during franchise marketing to ensure that BSA compliance issues are appropriately considered.
  • Clarify policies and procedures regarding information that should be specifically considered in approving purchase and assumption transactions.
  • Establish procedures to eliminate institutions with inadequate BSA compliance programs from consideration for eligibility to bid on franchises or failed bank assets.

FDIC concurred with our findings and is making significant improvements in its supervision of institution BSA compliance programs in response to our recommendations and its own initiatives.

Last updated 5/16/2005