COMMON AUDIT FINDINGS

1

• COMMON AUDIT FINDINGS
• SAR REPORTING
• No evidence of compliance with 30/60 day time
  limit
• Narratives did not communicate events clearly
• Review for follow-up SAR not documented
• Delayed review for follow-up SAR/SAR filed
  gt90days
• Technical omissions on follow-up SAR
• Earlier SAR not referenced
• Reasons for not filing SAR not clearly documented

2

• COMMON AUDIT FINDINGS
• CTR REPORTING
• Lack of aggregation of ALL currency transactions
• ATM transactions excluded
• System validation not performed by auditors
• Accuracy of amounts reported open to question
• Incorrect TIN reported
• IRS Correspondence
• Inaccuracy of TIN on CTR, when CIF has correct
  TIN
• Delays in responses
• Exemptions
• Belief that ALL cash transactions are reasonable

3

• COMMON AUDIT FINDINGS
• BSA/AML Policy Program
• Approval not granted/documented by BOD
• Lack of timely policy updates
• Final Rules
• FinCEN Guidance

4

• COMMON AUDIT FINDINGS
• Customer Identification Program
• New accounts for existing customers without
  adequate KYC
• No identification of accounts with missing TIN
• Lack of physical address/accounts with only PO
  boxes
• Violations of institutions PPs
• Primary/secondary ID
• KYC information
• Documentation and sign-off
• Non-timely review of new account documentation

5

• COMMON AUDIT FINDINGS
• AML Monitoring
• Inadequate KYC information
• Inadequate/excessive identification of high
  risk customers
• Inappropriate/canned risk rating model
• No review of risk rating
• Focused on high risk customers
• No attention given to high risk products/services
• No monitoring of activities not captured by AML
  systems
• Sate Deposit Boxes
• Trade Finance

6

• COMMON AUDIT FINDINGS
• AML Monitoring (cont.)
• Monitoring procedures not documented
• Adequacy of monitoring not addressed by Internal
  Audit
• Lack of escalation procedures
• Automated monitoring tool used without
  post-implementation validation for
• Adequacy of AML reports
• Controls over AML system
• Rationale for changes in monitoring parameters
• Approval of changes

7

• COMMON AUDIT FINDINGS
• Training
• Non coverage of ALL appropriate personnel
• Training to specific to
• Role/function and products/services
• No reference to policy and procedures
• Employees failing tests
• No follow-up on low scores
• The issue of repeat failures not addressed
• Inadequate training for new BSA Officer
• Senior mgmt and BOD not trained