Compliance
Published on 11 Jan 2022

Key Findings from NETBankAudit’s 2024 BSA/AML Audits and MIS Verification Audits

View results of over 30 Bank Secrecy Act (BSA) Compliance Audits across community banks, credit unions, and other financial institutions in 2024.
Quick Links:
No items found.
No items found.

In 2024, NETBankAudit conducted over 30 Bank Secrecy Act (BSA) Compliance Audits across community banks, credit unions, and other financial institutions. Our audits were designed to evaluate compliance with applicable laws, regulations, and regulatory guidance, including:

  • Bank Secrecy Act (BSA) – Currency and Foreign Transactions Reporting Act of 1970
  • Money Laundering Control Act of 1986
  • Annunzio-Wylie Anti-Money Laundering Act of 1992
  • Money Laundering Suppression Act of 1994
  • USA PATRIOT Act of 2001

Regulatory Framework

Our audit methodology was based significantly on the FFIEC Bank Secrecy Act/Anti-Money Laundering Examination Manual (FFIEC Manual) and additional guidance issued by federal banking agencies and the U.S. Department of the Treasury's Financial Crimes Enforcement Network (FinCEN).

In addition to BSA/AML compliance, NETBankAudit also reviewed institutions’ Office of Foreign Assets Control (OFAC) compliance programs, ensuring adherence to economic sanctions programs established by the U.S. Treasury to safeguard national security.

Scope of Our 2024 BSA Audits

The scope of our 2024 BSA Compliance Audits included:

  • BSA/AML Compliance Program Evaluation: Assessing integrity and effectiveness of policies, procedures, and processes to ensure compliance with regulatory expectations, including OFAC screening and monitoring.
  • Risk Assessment Review: Analyzing the institution’s BSA/AML risk assessment for accuracy and alignment with its risk profile (products, services, customers, and geographic footprint).
  • Transaction Testing: Conducting comprehensive, risk-based transaction testing to evaluate adherence to recordkeeping and reporting requirements, including:
    • Customer Identification Program (CIP)
    • Suspicious Activity Reports (SARs)
    • Currency Transaction Reports (CTRs) and exemptions
    • Information sharing requests (e.g., 314(a) requests)
  • Management Response Evaluation: Reviewing management’s efforts to resolve prior audit and regulatory examination findings, including progress toward addressing any outstanding supervisory actions.
  • Staff Training Assessment: Evaluating the adequacy, accuracy, and completeness of BSA/AML training programs.
  • Suspicious Activity Monitoring: Reviewing the effectiveness of manual and automated monitoring systems, including:
    • Suspicious activity monitoring reports
    • Large currency aggregation reports
    • Monetary instrument logs
    • Funds transfer records
    • Nonsufficient funds (NSF) reports
    • Large balance fluctuation reports
    • Account relationship reports
  • SAR Process Review: Assessing the processes for identifying and reporting suspicious activity, including reviewing filed SARs for:
    • Accuracy
    • Timeliness
    • Completeness
    • Overall effectiveness of the bank’s SAR policies

Top 5 Findings – 2024 BSA Compliance Audits

2024 BSA Audit Compliance Findings
2024 BSA Audit Compliance Findings

Across our 2024 engagements, NETBankAudit identified several recurring BSA/AML compliance challenges, including:

  1. Inadequate Enhanced Due Diligence (EDD) Reviews: Many institutions lacked sufficient depth and documentation in their EDD processes for higher-risk customers.
  2. Customer Due Diligence (CDD) and EDD Risk Scoring Deficiencies: Risk rating methodologies were often inaccurate, inconsistent, or insufficiently supported by customer risk factors.
  3. Currency Transaction Report (CTR) Filing Errors: We identified errors in CTR filing processes, including data inaccuracies and late filings.
  4. Suspicious Activity Report (SAR) Filing Errors: Similar issues were noted with SAR filings, including incomplete narratives, missing required fields, and timing issues.
  5. Monitoring and Alert Management Delays: Alerts generated by monitoring systems were not consistently reviewed and cleared in a timely manner. In many cases, EDD reviews triggered by alerts were also delayed.

2024 BSA MIS Verification Audit Insights

As part of our BSA audit engagements, NETBankAudit also conducted Management Information Systems (MIS) Verification Audits to evaluate the effectiveness and accuracy of BSA/AML technology solutions. These reviews covered both automated BSA/AML platforms and the systems that feed data into them.

The control areas assessed included:

  • Point-to-Point Transaction Monitoring – Evaluating how transactions flow through systems and are captured by BSA/AML software.
  • Hardware and Software Interface Reviews – Confirming alignment between core processing systems and BSA/AML platforms.
  • System Configuration and Alignment – Reviewing system logic, rules, and filters to ensure proper risk coverage.
  • Alert Standards and Filters – Assessing the thresholds, scenarios, and tuning of alerts.
  • User and Logical Access Controls – Reviewing permissions and access management for BSA/AML systems.
  • Data Integrity Testing – Verifying that data feeding into BSA/AML systems is complete, accurate, and properly mapped.

Methodology

Our MIS verification audits leveraged guidance from:

  • Federal Reserve Board of Governors SR-11-7 – Model Risk Management
  • OCC Bulletin 2000-16 – Risk Modeling: Model Validation
  • FDIC FIL-22-2017 – Supervisory Guidance on Model Risk Management
  • FFIEC BSA/AML Examination Manual

Top 5 Findings – 2024 BSA MIS Verification Audits

2024 BSA MIS Verification Audit Findings
2024 BSA MIS Verification Audit Findings

The most common BSA/AML technology and MIS-related issues identified in 2024 included:

  1. Mapping Errors in Data Feeds: Data flowing from core banking systems into BSA/AML software was often incorrectly mapped, resulting in missing or inaccurate information.
  2. Insufficient Review of BSA/AML Software Settings: Many institutions failed to perform adequate initial reviews and ongoing testing of their software’s rules, scenarios, and thresholds.
  3. Incomplete Sanctions Screening: Several institutions had not enabled all required watchlists within their screening systems, creating potential gaps in OFAC compliance.
  4. Weak Change Management Controls: BSA/AML system configuration changes were often poorly documented, tested, and approved, increasing operational and compliance risks.
  5. Inadequate User Access Controls: Access to BSA/AML systems was not consistently restricted to appropriate personnel, and periodic reviews of user access were insufficient.

Strengthen Your BSA/AML/CFT Compliance Program with NETBankAudit

As regulatory expectations for BSA/AML compliance programs continue to evolve, NETBankAudit’s independent BSA/AML and MIS Verification Audits provide critical assurance to financial institutions. By identifying weaknesses in policies, procedures, systems, and controls, institutions can proactively address vulnerabilities before they lead to regulatory criticism or enforcement actions.

Whether your institution is seeking to validate your BSA/AML program’s effectiveness, improve your risk assessment processes, or ensure your technology systems are properly aligned, NETBankAudit’s experienced team can help.

Contact us today to learn more about our comprehensive BSA/AML and MIS audit services.

 
class SampleComponent extends React.Component { 
  // using the experimental public class field syntax below. We can also attach  
  // the contextType to the current class 
  static contextType = ColorContext; 
  render() { 
    return <Button color={this.color} /> 
  } 
}
Table of Contents
This is also a heading
This is also a heading
This is a heading

Mitigate Risks with Comprehensive Audits & Assessments

Request For Proposal
NEWS & ARTICLES

Explore Our Learning Center

View All Articles
Compliance
Key Findings from NETBankAudit’s 2024 BSA/AML Audits and MIS Verification Audits
View results of over 30 Bank Secrecy Act (BSA) Compliance Audits across community banks, credit unions, and other financial institutions in 2024.
Read more
Compliance
Guide to Currency Transaction Reports (CTRs): Strategies and Best Practices
Currency Transaction Reports (CTRs) serve as critical tools in the fight against money laundering, terrorist financing, and other financial crimes.
Read more
Compliance
Risk Assessment Best Practices for BSA/AML/CFT and OFAC Compliance
Fortify your institution’s BSA AML risk assessment processes by weaving together best practices, real-world examples, and authoritative guidance from global regulatory entities.
Read more
Compliance
Emerging Threats to BSA/AML/CFT and OFAC Compliance: Navigating AI, Cryptocurrency, and Machine Learning Risks
Understand the impact of emerging technologies such as AI, Machine Learning, Crypto and more on BSA, AML and CFT compliance.
Read more
Industry News
Key Cybersecurity Deadlines and New DFS Requirements Coming in 2025
Updates on The New York Department of Financial Services (DFS) new requirements under its amended Cybersecurity Regulation (23 NYCRR Part 500).
Read more
Industry News
FFIEC CAT Sunset Prep: A Guide to NIST CSF 2.0, CRI Cyber Profile & CIS Controls
With the Federal Financial Institutions Examination Council (FFIEC) announcing the sunset of the Cybersecurity Assessment Tool (CAT) by August 31, 2025, financial institutions must pivot to new resources to manage cybersecurity risks effectively.
Read more
Compliance
FCA Final Rule on Cyber Risk Management: The 2025 Guide for Financial Institutions
The Farm Credit Administration (FCA) has issued a groundbreaking final rule on Cyber Risk Management, reshaping how institutions within the Farm Credit System (FCS) address cybersecurity.
Read more
Cybersecurity
Farm Credit Administration Guidance on Navigating AI and Emerging Cybersecurity Risks
Discover how the Farm Credit Administration's guidance helps financial institutions navigate AI integration and emerging cybersecurity risks. Learn key strategies for compliance and effective risk management.
Read more
Industry News
2024 Annual Audit and Exam Issues: Insights from NETBankAudit
A 2024 survey of examination and audit issues collected from over 250 audit engagements to assist our clients in identifying commonly reported examination and audit issues.
Read more
Compliance
Understanding Placement, Layering, and Integration: The Core Stages of Money Laundering
This guide delves into each stage of money laundering—Placement, Layering, and Integration— highlighting common methods, red flags, and the challenges inherent in detection.
Read more
Compliance
Structuring and Smurfing Explained: Strengthening AML Compliance
This guide delves into the definitions, methods, legal implications, real-world examples, and best practices associated with structuring and smurfing, providing actionable insights to bolster compliance programs.
Read more
Compliance
Circular Transactions & Funnel Accounts: Unveiling Money Laundering Tactics
This guide delves into the methodologies of circular transactions and funnel accounts, highlights red flags for their identification, and provides actionable best practices for robust compliance.
Read more
Compliance
Navigating BSA, AML, CFT and OFAC: An Overview of Finance Regulations
This guide provides an overview of the Bank Secrecy Act (BSA), Anti-Money Laundering (AML) protocols, and Office of Foreign Assets Control (OFAC) regulations.
Read more
Cybersecurity
Elder Financial Exploitation and Fraud: What You Need to Know
This article delves into the scope, trends, and impacts of elder fraud, highlighting red flags and strategies to protect one of society’s most vulnerable groups.
Read more
Risk Assessments
Understanding Gift Card Scams: Regulations, Risks, and Tips for Safe Usage
Learn about gift card scams including essential regulations, common risks, and actionable tips to ensure you can use gift cards wisely and securely.
Read more
Risk Assessments
FFIEC Development, Acquisition, and Maintenance (DA&M) Booklet: What You Need to Know
Understand the FFIEC's Development, Acquisition, and Maintenance (DA&M) Booklet including key updates and their implications on financial entities.
Read more
Cybersecurity
Phishing in Financial Services: Protecting Your Institution Against Cyber Threats
Phishing Attacks on financial institutions are increasing in frequency and complexity. We explain the tactics, regulations and strategies to protect your institution from cyber threats.
Read more
Cybersecurity
Penetration Testing Methodology and Procedures for Financial Institutions
Learn the process, methodologies, tools, and best practices for conducting effective penetration tests in financial institutions.
Read more
Cybersecurity
IT Governance: Aligning Technology with Business Strategy for Optimal Performance
Explore how financial institutions can implement effective IT governance frameworks to align their technology initiatives with business objectives, manage risks, and ensure regulatory compliance.
Read more
Cybersecurity
Common Cybersecurity Attacks and Penetration Testing Solutions For Financial Institutions
Understand common cybersecurity attacks and penetration testing solutions to mitigate risk in an increasingly sophisticated environment.
Read more
Industry News
Bank-Fintech Partnerships: Analysis of the Federal Reserve Board's 2024 Guidance
Analysis of bank-fintech partnerships, risks, and regulatory programs with a focus on the Federal Reserve Board's 2024 guidance.
Read more
Industry News
Risks and Strategies for AI Cybersecurity Risks: Key Takeaways from NY DFS Letter
Learn key AI cybersecurity risks and controls from the October 2024 letter from New York Department of Financial Services
Read more
Cybersecurity
IT Risk Management Solutions for Financial Services: Safeguarding Your Digital Assets
This article explores key IT risk management solutions for the financial sector, offering practical insights to help institutions protect their digital assets and maintain regulatory compliance.
Read more
Cybersecurity
IT Business Continuity Plans for Financial Institutions
This article explores the essential components of IT business continuity planning, emphasizing the unique needs of financial institutions drawing from FFIEC guidance.
Read more
Cybersecurity
IT Change Management for Financial Services
This guide covers IT change management for financial services, providing insights, best practices, and strategies for successfully navigating the complexities of managing IT changes.
Read more
Cybersecurity
Data Assurance in Financial Services: Ensuring Integrity of Financial Information
This guide delves into the critical aspects of data assurance in financial services, offering insights, best practices, and forward-looking perspectives to help you navigate this complex field.
Read more
Cybersecurity
IT Crisis Management Guide for Financial Services: Protecting Your Institution
This guide explores the critical aspects of IT crisis management in financial services, offering insights and strategies to help financial institutions navigate through disasters.
Read more
Industry News
2023 Annual Audit and Exam Issues: Insights from NETBankAudit
Read NETBankAudit's insights from the 2023 audit season, based on over 250 audit and over 750 technical testing engagements with financial institutions.
Read more
Compliance
Customer Due Diligence (CDD) Guide for Financial Institutions
Learn best practices for of Customer Due Diligence (CDD) for financial institutions, designed to prevent money laundering, terrorist financing, and other financial crimes.
Read more
Risk Assessments
Ransomware Assessment Facilitation for Financial Institutions
Get an in-depth look at ransomware assessment facilitation, focusing on the tools and strategies available to financial institutions to protect themselves against this pervasive threat.
Read more
Risk Assessments
URSIT Analysis – A Six Part Whitepaper Series
Learn about the the Uniform Rating System for Information Technology (URSIT) and the importance for financial services risk management.
Read more
Compliance
CECL Model and Validation: Ensuring Compliance with Regulatory Requirements
Learn about the Current Expected Credit Loss (CECL) model, introduced by the Financial Accounting Standards Board (FASB) with best practices for model validation.
Read more
Cybersecurity
IT Network Security Management: Protecting Your Digital Assets
Explore the key components of IT network security management, best practices for implementation, and emerging trends that are shaping the future of cybersecurity.
Read more
Cybersecurity
IT Security Incident Reporting: A Guide for Financial Institutions
Explore the critical aspects of IT security incident reporting, tailored specifically for smaller financial institutions.
Read more
Cybersecurity
Guide to Cybersecurity Assessments for Financial Institutions
A guide to cybersecurity assessments for financial institutions including guidance for the discontinuation of the CAT in 2025 and the shift to NIST 2.0 and CISA CPGs.
Read more
NETBankAudit Logo PNG
2024 NETBankAudit. All Rights Reserved.
Privacy PolicyTerms of Service
By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
PreferencesDenyAccept