Risk management is an important component of financial institution compliance in the United States, especially for sponsor banks, due to the fact that they are providing Banking as a Service for fintechs. We have previously detailed several reasons why fintechs could be operating compliance programs not at the level of banking best practices: among them the fact that they are often startups, many have a new and relatively inexperienced compliance staff, their focus on rapid client onboarding to achieve profitability and success. All these factors increase risk levels when it comes to AML compliance.
The recent OCC Bulletin, which directed financial institutions to Frequently Asked Questions (FAQ), contained this entry:
"Is a financial institution required to document the decision not to file a SAR?
No. There is no requirement or expectation under the BSA or its implementing regulations for a financial institution to document its decision not to file a SAR. FinCEN has previously encouraged, but not required, financial institutions to document the decision not to file a SAR.14 Should a financial institution choose to document its decision not to file a SAR, the level of appropriate documentation may vary based on the specifics of the activity being reviewed and need not exceed that which is necessary for the institution’s internal policies, procedures, and controls, which should be risk-based and reasonably designed to identify and report suspicious activity. In most cases, a short, concise statement documenting a financial institution’s SAR decision will likely suffice, although a financial institution may consider more documentation to explain the factors that the institution considered in reaching a SAR filing determination in more complex investigation scenarios."
Money Laundering Reporting Officers, more commonly known as MLROs, are not normally part of a compliance department in an American financial institution, although they are in the UK and elsewhere. MLROs have the ultimate responsibility for the filing of a Suspicious Activity Report, or SAR, in addition to other duties. It is submitted that, given the language of this OCC FAQ, calling for a "short concise statement," when a decision NOT to file a SAR is made, and in the context of what we regard as the increased risk level that exists at sponsor banks, that bank management seriously consider having an MLRO, to supplement their compliance departments. With the regulatory emphasis on having a risk-based compliance program, it is believed that such an action would not only be a risk reduction measure, it would be favorably looked upon by regulatory agencies, regarding compliance effectiveness.
And of course, the MLRO also performs his traditional functions, which saves the compliance director those chores, such as monitoring, & liaison with authorities.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.