In 2024, NETBankAudit conducted over 30 Bank Secrecy Act (BSA) Compliance Audits across community banks, credit unions, and other financial institutions. Our audits were designed to evaluate compliance with applicable laws, regulations, and regulatory guidance, including:
- Bank Secrecy Act (BSA) – Currency and Foreign Transactions Reporting Act of 1970
- Money Laundering Control Act of 1986
- Annunzio-Wylie Anti-Money Laundering Act of 1992
- Money Laundering Suppression Act of 1994
- USA PATRIOT Act of 2001
Regulatory Framework
Our audit methodology was based significantly on the FFIEC Bank Secrecy Act/Anti-Money Laundering Examination Manual (FFIEC Manual) and additional guidance issued by federal banking agencies and the U.S. Department of the Treasury's Financial Crimes Enforcement Network (FinCEN).
In addition to BSA/AML compliance, NETBankAudit also reviewed institutions’ Office of Foreign Assets Control (OFAC) compliance programs, ensuring adherence to economic sanctions programs established by the U.S. Treasury to safeguard national security.
Scope of Our 2024 BSA Audits
The scope of our 2024 BSA Compliance Audits included:
- BSA/AML Compliance Program Evaluation: Assessing integrity and effectiveness of policies, procedures, and processes to ensure compliance with regulatory expectations, including OFAC screening and monitoring.
- Risk Assessment Review: Analyzing the institution’s BSA/AML risk assessment for accuracy and alignment with its risk profile (products, services, customers, and geographic footprint).
- Transaction Testing: Conducting comprehensive, risk-based transaction testing to evaluate adherence to recordkeeping and reporting requirements, including:
- Customer Identification Program (CIP)
- Suspicious Activity Reports (SARs)
- Currency Transaction Reports (CTRs) and exemptions
- Information sharing requests (e.g., 314(a) requests)
- Management Response Evaluation: Reviewing management’s efforts to resolve prior audit and regulatory examination findings, including progress toward addressing any outstanding supervisory actions.
- Staff Training Assessment: Evaluating the adequacy, accuracy, and completeness of BSA/AML training programs.
- Suspicious Activity Monitoring: Reviewing the effectiveness of manual and automated monitoring systems, including:
- Suspicious activity monitoring reports
- Large currency aggregation reports
- Monetary instrument logs
- Funds transfer records
- Nonsufficient funds (NSF) reports
- Large balance fluctuation reports
- Account relationship reports
- SAR Process Review: Assessing the processes for identifying and reporting suspicious activity, including reviewing filed SARs for:
- Accuracy
- Timeliness
- Completeness
- Overall effectiveness of the bank’s SAR policies
Top 5 Findings – 2024 BSA Compliance Audits

Across our 2024 engagements, NETBankAudit identified several recurring BSA/AML compliance challenges, including:
- Inadequate Enhanced Due Diligence (EDD) Reviews: Many institutions lacked sufficient depth and documentation in their EDD processes for higher-risk customers.
- Customer Due Diligence (CDD) and EDD Risk Scoring Deficiencies: Risk rating methodologies were often inaccurate, inconsistent, or insufficiently supported by customer risk factors.
- Currency Transaction Report (CTR) Filing Errors: We identified errors in CTR filing processes, including data inaccuracies and late filings.
- Suspicious Activity Report (SAR) Filing Errors: Similar issues were noted with SAR filings, including incomplete narratives, missing required fields, and timing issues.
- Monitoring and Alert Management Delays: Alerts generated by monitoring systems were not consistently reviewed and cleared in a timely manner. In many cases, EDD reviews triggered by alerts were also delayed.
2024 BSA MIS Verification Audit Insights
As part of our BSA audit engagements, NETBankAudit also conducted Management Information Systems (MIS) Verification Audits to evaluate the effectiveness and accuracy of BSA/AML technology solutions. These reviews covered both automated BSA/AML platforms and the systems that feed data into them.
The control areas assessed included:
- Point-to-Point Transaction Monitoring – Evaluating how transactions flow through systems and are captured by BSA/AML software.
- Hardware and Software Interface Reviews – Confirming alignment between core processing systems and BSA/AML platforms.
- System Configuration and Alignment – Reviewing system logic, rules, and filters to ensure proper risk coverage.
- Alert Standards and Filters – Assessing the thresholds, scenarios, and tuning of alerts.
- User and Logical Access Controls – Reviewing permissions and access management for BSA/AML systems.
- Data Integrity Testing – Verifying that data feeding into BSA/AML systems is complete, accurate, and properly mapped.
Methodology
Our MIS verification audits leveraged guidance from:
- Federal Reserve Board of Governors SR-11-7 – Model Risk Management
- OCC Bulletin 2000-16 – Risk Modeling: Model Validation
- FDIC FIL-22-2017 – Supervisory Guidance on Model Risk Management
- FFIEC BSA/AML Examination Manual
Top 5 Findings – 2024 BSA MIS Verification Audits

The most common BSA/AML technology and MIS-related issues identified in 2024 included:
- Mapping Errors in Data Feeds: Data flowing from core banking systems into BSA/AML software was often incorrectly mapped, resulting in missing or inaccurate information.
- Insufficient Review of BSA/AML Software Settings: Many institutions failed to perform adequate initial reviews and ongoing testing of their software’s rules, scenarios, and thresholds.
- Incomplete Sanctions Screening: Several institutions had not enabled all required watchlists within their screening systems, creating potential gaps in OFAC compliance.
- Weak Change Management Controls: BSA/AML system configuration changes were often poorly documented, tested, and approved, increasing operational and compliance risks.
- Inadequate User Access Controls: Access to BSA/AML systems was not consistently restricted to appropriate personnel, and periodic reviews of user access were insufficient.
Strengthen Your BSA/AML/CFT Compliance Program with NETBankAudit
As regulatory expectations for BSA/AML compliance programs continue to evolve, NETBankAudit’s independent BSA/AML and MIS Verification Audits provide critical assurance to financial institutions. By identifying weaknesses in policies, procedures, systems, and controls, institutions can proactively address vulnerabilities before they lead to regulatory criticism or enforcement actions.
Whether your institution is seeking to validate your BSA/AML program’s effectiveness, improve your risk assessment processes, or ensure your technology systems are properly aligned, NETBankAudit’s experienced team can help.
Contact us today to learn more about our comprehensive BSA/AML and MIS audit services.