The Bank Secrecy Act/ Anti-Money Laundering Examination Manual was updated earlier this year so BSA officers need to review the manual to ensure the Bank Secrecy Act/ Anti-Money Laundering & OFAC program meet the regulatory expectations. OFAC has also issued Enforcement Guidelines published on November 9, 2009 which allow for civil money penalties for as much as $250,000 per violation or twice the amount of a transaction, whichever is greater. In addition new OFAC Risk Assessment considerations were provided with the Enforcement Guidelines which include: management’s assessment of OFAC risks; the adequacy of the OFAC Compliance Program approved by the Board of Directors; the adequacy of Staffing Levels to implement the OFAC Compliance Program; and the adequacy of the OFAC Training Program.

1. Bank Secrecy Act (BSA) Background Purpose: To help identify the source, volume and movement of currency and other monetary instruments transported or transmitted into or out of the U.S. or deposited into financial institutions. To aid in the investigation of money laundering, tax evasion, international terrorism and other criminal activity.

2. Office of Foreign Assets Control Background The Office of Foreign Assets Control ("OFAC") of the US Department of the Treasury administers and enforces economic and trade sanctions based on US foreign policy and national security goals. Regulatory requirements are separate and distinct from the BSA, but they share a common national security goal.

3. Office of Foreign Assets Control Background OFAC regulations require the following: The Specially Designated Nationals List (SDN) be reviewed periodically to ensure that the CU’s is not processing transactions for countries, entities, or individuals on the list. Report blocked and prohibited transactions to OFAC.

4. Penalties for BSA Violations

5. BSA/OFAC Program Evaluation Examiners will determine if the credit union has an effective program. Policies, procedures, internal controls, training, and audit process will be evaluated. Programs must be written, approved by the board of directors annually, and noted in the board minutes. BSA & OFAC Risk assessments may be completed by examiners if one is not available for review.

6. Policy Provisions Board of directors ultimately responsible for ensuring the credit union has an effective BSA/OFAC program. Key policy considerations include (not all inclusive): Periodically updating the risk assessment. Informing board of compliance initiatives and deficiencies, actions taken and SARs filed. Designate a BSA compliance officer. Establishing a Member Identification Program. Provide for timely updates in response to changes in regulations. Establishment of an annual training program.

7. Independent Testing BSA/OFAC program needs to be independently reviewed by the internal audit department, outside auditors, or other qualified independent parties. Report to the board. Risk-based, covering all of the credit union’s activities. Should, at a minimum, include the following: An evaluation of the overall integrity and effectiveness of the BSA/AML compliance program, including policies, procedures and practices. A review of the credit union’s risk assessment for reasonableness, given the credit union’s risk profile.

8. Risk Assessments From FFIEC Manual Appendix I

9. Risk Assessment Considerations The Federal Financial Institution Examination Council’s Bank Secrecy Act/ Anti-Money Laundering Examination Manual provides guidance on risk assessments, with examples in: Appendix J: Quantity of Risk Matrix Appendix M: Quantity of Risk Matrix — OFAC Procedures

10. New OFAC Risk Assessment Factors Established in OFAC Enforcement Guidelines published on November 9, 2009 consider: Management Board of Directors Staffing Levels Training Program The enforcement guidelines allow for civil money penalties for as much as $250,000 per violation or twice the amount of a transaction, whichever is greater.

11. New OFAC Risk Assessment Factors Management

12. New OFAC Risk Assessment Factors Board of Directors

13. New OFAC Risk Assessment Factors Staffing Levels

14. New OFAC Risk Assessment Factors Training Program