 |
 |
 |
 |
 |
|
The Federal Financial Institutions Examination Council (FFIEC) today released the revised Bank Secrecy Act/Anti-Money Laundering (BSA/AML) Examination Manual. The revised manual reflects the ongoing commitment of the federal and state banking agencies and the Financial Crimes Enforcement Network (FinCEN) to provide current and consistent guidance on riskbased policies, procedures, and processes for banking organizations to comply with the BSA and safeguard operations from money laundering and terrorist financing. The 2007 version further clarifies supervisory expectations since the July 28, 2006, update. The revisions again draw upon feedback from the banking industry and examination staff.
This Federal Financial Institutions Examination Council (FFIEC) Bank Secrecy Act (BSA) /Anti-Money Laundering (AML) Examination Manual provides guidance to examiners for carrying out BSA/AML and Office of Foreign Assets Control (OFAC) examinations. An effective BSA/AML compliance program requires sound risk management; therefore, the manual also provides guidance on identifying and controlling risks associated with money laundering and terrorist financing. The manual contains an overview of BSA/AML compliance program requirements, BSA/AML risks and risk management expectations, industry sound practices, and examination procedures. The development of this manual was a collaborative effort of the federal banking agencies1 and the Financial Crimes Enforcement Network (FinCEN), a bureau of the U.S. Department of the Treasury, to ensure consistency in the application of the BSA/AML requirements. In addition, OFAC assisted in the development of the sections of the manual that relate to OFAC reviews. Refer to Appendices A ("BSA Laws and Regulations"), B ("BSA/AML Directives"), and C ("BSA/AML References") for guidance.
This Federal Financial Institutions Examination Council (FFIEC) Bank Secrecy Act (BSA) /Anti-Money Laundering (AML) Examination Manual provides guidance to examiners for carrying out BSA/AML and Office of Foreign Assets Control (OFAC) examinations. An effective BSA/AML compliance program requires sound risk management; therefore, the manual also provides guidance on identifying and controlling risks associated with money laundering and terrorist financing. The manual contains an overview of BSA/AML compliance program requirements, BSA/AML risks and risk management expectations, industry sound practices, and examination procedures. The development of this manual was a collaborative effort of the federal banking agencies1 and the Financial Crimes Enforcement Network (FinCEN), a bureau of the U.S. Department of the Treasury, to ensure consistency in the application of the BSA/AML requirements. In addition, OFAC assisted in the development of the sections of the manual that relate to OFAC reviews. Refer to Appendices A ("BSA Laws and Regulations"), B ("BSA/AML Directives"), and C ("BSA/AML References") for guidance.
Objective: Assess the organization's enterprise-wide program for BSA/AML compliance through the holding company or lead financial institution. Similar to the approach to consolidated credit, market, and operational risk, effective control of BSA/AML risk may call for coordinated risk management. An enterprise-wide BSA/AML compliance program coordinates the specific regulatory requirements throughout an organization inside a larger risk management framework. Such frameworks seek a consolidated understanding of the organization's risk exposure to money laundering and terrorist financing across all activities, business lines, or legal entities. For example, the holding company or lead financial institution may have a centralized function to evaluate BSA/AML risk; this may include the ability to understand world-wide exposure to a given customer, particularly those considered high¬risk or suspicious, consistent with applicable laws. Many organizations, typically those that are larger or more complex and that may include international operations, implement an enterprise-wide BSA/AML compliance program that manages risks in an integrated fashion across affiliates, business lines, and risk types (e.g., reputation, compliance, or transaction). Some larger or more complex organizations may decide to manage their risks by developing enterprise-wide approaches to their BSA/AML compliance program. Such programs manage risk at both operational and strategic levels.
The following is a list of the appendices from the Bank Secrecy Act/Anti-Money Laundering Examination Manual. > Read the entire appendicies here - PDF Appendix A: BSA Laws and Regulations (2006)
The Federal Financial Institutions Examination Council (FFIEC) today released the revised Bank Secrecy Act/Anti-Money Laundering (BSA/AML) Examination Manual (manual). The revised manual reflects the ongoing commitment of the federal banking agencies and the Financial Crimes Enforcement Network (FinCEN) to provide current and consistent guidance on risk-based policies, procedures, and processes for banking organizations to comply with the BSA and safeguard operations from money laundering and terrorist financing. The manual has been updated to further clarify supervisory expectations and incorporate regulatory changes since the manual's 2005 release. The revisions also draw upon feedback from the banking industry and examination staff.
The Federal Financial Institutions Examination Council today issued revised guidance for examiners and financial institutions to use in identifying information security risks and evaluating the adequacy of controls and applicable risk management practices of financial institutions. The Information Security Booklet is one of twelve that, in total, comprise the FFIEC IT Examination Handbook. In addition to the revised Information Security Booklet, the agencies also released an Executive Summary that contains high level synopses of each of the twelve booklets and describes the handbook development and maintenance processes. The security of financial institutions' systems and information is essential to maintaining the privacy of customer information and safe and sound operations. The Information Security Booklet describes how an institution should protect and secure the systems and facilities that process and maintain information. The booklet calls for financial institutions and technology service providers (TSPs) to maintain effective security programs tailored to the complexity of their operations.
The Financial Crimes Enforcement Network today announced it is issuing a survey to banking and financial services industry trade groups seeking information about the feasibility and impact of implementing a cross-border wire transfer reporting requirement under the Bank Secrecy Act. The survey, which is required by the Intelligence Reform and Prevention Act of 2004, is part of an ongoing study into the feasibility of imposing a requirement that financial institutions to report to FinCEN records that they currently maintain concerning international wire transfers. The survey, which is required by the Intelligence Reform and Prevention Act of 2004, is part of an ongoing study into the feasibility of imposing a requirement that financial institutions report to FinCEN records that they currently maintain concerning international wire transfers. The American Bankers Association, the Institute of International Bankers, the Credit Union National Association, the Independent Community Bankers of America and representatives of major money wire services are assisting in this effort by distributing this survey to their membership.
This statement alerts the Board of Directors and management to some of the risks and concernsof retail on-line, personal computer banking (PC banking). Recently, the staff of the FFIECagencies organized a symposium to hear industry experts offer their thoughts and observations onthe development of retail on-line PC banking. Through this statement, the FFIEC agencies wishto impart many of the ideas discussed during the symposium to bankers and examiners. II.EXECUTIVE SUMMARY Financial institutions are beginning to utilize new technologies to offer innovative products andservices to their customers. On-line PC banking exemplifies an emerging delivery channel forretail banking services made possible by technology. One of the reasons for the rapid evolution ofPC banking involves the increased use of the Internet1. Regulatory agencies recognize that PCbanking offers opportunities for financial institutions to enhance customer relationships andimprove competitive positions. Before implementing a PC banking program, management should exercise sufficient due diligenceand develop comprehensive plans. Such due diligence would ordinarily include the followingactivities.
• Review the implications of PC banking on the institution's strategic plan;
TO:All Federally-Insured Credit Unions The purpose of this letter is to inform you of revised technology-related guidance provided to examiners and the credit union industry. Earlier this year, the Federal Financial Institutions Examination Council (FFIEC1) released the Information Security Booklet – a first in a series of booklets to revise the existing 1996 FFIEC Information Systems Examination Handbook. The revised Information Technology (IT) Examination Handbook will be composed of several booklets to address significant changes in technology since 1996 and incorporates a risk-based examination approachto each booklet.
The FFIEC agencies plan to issue additional booklets covering such topics as business continuity planning, technology service providers, electronic banking, audit, payment systems, outsourcing, management, computer operations, and systems development and acquisition.
This policy issuance alerts all financial institutions to the importance of strategic information systems planning and its role in overall corporate management and planning. It identifies management's responsibilities in preparing strategic plans for their information systems requirements.
This interagency statement alerts financial institutions to potential risks in contracting for EDP services and/or failing to properly account for certain contract provisions.
The banking agencies will implement the Central Data Repository (CDR) to process the Reports of Condition and Income (Call Reports) beginning with the third quarter 2005. This filing period begins September 30, 2005. Except for certain banks with foreign offices, data must be received by October 30, 2005. **The agencies recognize that institutions whose operations have been significantly affected by Hurricane Katrina may experience difficulty or delay in filing their third quarter Call Report. Those institutions should contact their primary regulator or the CDR help desk at 1-888-CDR-3111 for special assistance in filing third quarter Call Report data. The CDR will require banks to validate their Call Report data before it will be accepted. To allow sufficient time to complete the new prevalidation process prior to the submission deadline, banks should start their Call Report preparation process earlier than in the past. The new prevalidation process will require banks to correct errors identified by the CDR and, where necessary, to prepare explanatory comments for data that fall outside specific parameters. These explanatory comments, which will be filed along with a bank's data, will be considered confidential.
In 2001, NCUA amended 12 CFR Part 748 to fulfill a requirement in Section 501 of the Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA), in which Congress directed both NCUA and the other Federal Financial Institution Examination Council (FFIEC ) agencies, including the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the Office of the Comptroller of the Currency, and the Office of Thrift Supervision (collectively, the “Banking Agencies”) to establish standards for financial institutions relating to administrative, technical, and physical safeguards to...
This advisory letter highlights issues regarding bank electronic record systems in light of the E-SIGN Act. 15 USC 7001, et seq. The letter provides a basic framework that bank management can use to assess and address key issues posed by electronic record keeping systems. BACKGROUND Federal legislation changed the legal framework for electronic records and will likely result in more banks adopting electronic record retention systems. Banks can implement electronic record retention systems in many ways to support different business processes. Some examples of possible electronic record retention systems are loan file imaging, retention of paperless applications and online agreements, and the use of electronic payment systems.
On January 17, 2001, the banking regulatory agencies adopted guidelines implementing Section 501 of the Gramm-Leach-Bliley Act (GLBA). The guidelines require financial institutions to establish a comprehensive and coordinated information security program, appropriate to the size of the bank and the complexity of its operations.
The Bank Secrecy Act (BSA)/Anti-Money Laundering (AML) Examination InfoBase, which is located on the Federal Financial Institutions Examination Council's (FFIEC) Web site, has been updated. The InfoBase can be found at www.ffiec.gov/bsa_aml_infobase. Highlights: * On November 3, 2005, the FFIEC updated the BSA/AML Examination InfoBase, which is located on its Web site. * The InfoBase is an automated tool for examiners and the banking industry that provides information on the FFIEC BSA/AML Examination Manual, released on June 30, 2005. The InfoBase also helps examiners and the industry to more easily use and navigate the Manual.
Summary: The Federal Financial Institutions Examination Council (FFIEC) has issued the attached guidance, "Authentication in an Internet Banking Environment." For banks offering Internet-based financial services, the guidance describes enhanced authentication methods that regulators expect banks to use when authenticating the identity of customers using the on-line products and services. Examiners will review this area to determine a financial institution's progress in complying with this guidance during upcoming examinations. Financial Institutions will be expected to achieve compliance with the guidance no later than year-end 2006.
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
RSS SyndicationCopyright © 2007 CUInfoSecurity.com