How’s Your Culture of Compliance?
As 2019 winds down, it might not be a bad idea to review whether your credit union promotes what the Financial Crimes Enforcement Network (FinCEN) refers to as a “culture of compliance.” Although it is not a regulatory requirement to have a culture of compliance policy or program, it can play an important role in the implementation of a credit union’s compliance program. I have reported on many Bank Secrecy Act/anti-money laundering (BSA/AML) enforcement actions in NAFCU’s BSA Blast, where a consistent theme reflected that a weakness with a financial institution’s BSA/AML program indicated a poor culture of compliance, regardless of an institution’s size and business model. A weak BSA/AML program can result in civil and criminal enforcement actions as many an institution has learned the hard way.
FinCEN has issued advisory guidance, FIN-2014-A007, indicating an organization’s culture is critical to its compliance. Policies, procedures and the compliance department are not the only components integral to a credit union’s BSA/AML compliance, according to FinCEN, this goes to the very core and culture of an organization.
As outlined in the advisory, a credit union can strengthen its BSA/AML compliance culture by ensuring:
- “Its leadership is actively engaged with compliance;
- BSA/AML compliance is not compromised by revenue interests;
- Relevant information throughout the credit union is shared with compliance staff;
- Adequate resources are devoted to compliance;
- The compliance program is tested by an independent and competent party; and
- The leadership and staff understand the purpose of BSA/AML efforts and just how the reporting is used.”
FinCEN’s guidance to financial institutions gives further details on each of the six items:
- “A credit union’s board of directors as well as its senior and executive management needs to provide demonstrable and appropriate support of the BSA/AML compliance program based on its size and structure. Leadership should receive periodic BSA/AML training tailored to their roles within the credit union.
An appropriate understanding of the credit union’s BSA/AML obligations can help make leadership make informed decisions in order to allocate resources. The credit union’s leadership should also monitor its BSA/AML program.
Compliance staff need to have enough authority and the autonomy to implement a credit union’s BSA/AML program. Compliance should not be compromised by revenue efforts.
- Information needs to be disseminated throughout the credit union. Useful information in various departments within the credit union should be shared with compliance staff as it may be relevant to BSA/AML compliance.
- A credit union’s leadership needs to provide enough staff and technological resources based upon its risk profile as this is a required element of a BSA/AML compliance program.
- Components of a credit union’s effective BSA/AML compliance program include: a proper ongoing risk assessment, sound risk-based member due-diligence, the appropriate detection and reporting of suspicious activity and independent program testing performed by a competent party.
- The credit union’s leadership and staff at all levels should understand the purpose that BSA reports are used and how this information is used to confront serious threats to the nation.”
Would your compliance program stand up to these general principles?
Note this FinCEN guidance doesn’t change any existing expectations or obligations under the BSA/AML requirements. However, if you have any questions you can contact FinCEN’s Resource Center at 1-800-767-2825 or 703-905-3591.