Internal Audit Services

Bank Secrecy Act (BSA) Audit

BSA/AML/CFT/OFAC audit services to ensure compliance, detect risks, validate models, and strengthen your bank’s anti-money laundering program.

Request For Proposal
Read Whitepaper
800
+
Organizations Assisted
23
+
Years of Superior Success
38
States Represented

Bank Secrecy Act (BSA) Audit

The Bank Secrecy Act of 1970 (BSA), also known as the Currency and Foreign Transactions Reporting Act, requires financial institutions in the United States to assist government agencies in detecting and preventing money laundering and other financial crimes. The BSA mandates recordkeeping and reporting of certain transactions, including cash purchases of negotiable instruments over $10,000 and suspicious activity that may indicate money laundering, tax evasion, or other criminal activities. The BSA has been amended several times, including by the USA PATRIOT Act, and is sometimes referred to as "BSA/AML" (Anti-Money Laundering).

The board of directors and senior management are ultimately responsible for ensuring an effective BSA/AML internal control structure, including suspicious activity monitoring and reporting. Internal controls should be commensurate with the institution’s size, structure, risks, and complexity, and should address risks unique to specific lines of business or departments.

Objectives and Methodology

The objective of the BSA audit is to assess the adequacy of the institution’s BSA/AML compliance program, including both manual and automated controls, and to determine whether the institution has developed, administered, and maintained an effective program for compliance with the BSA and all implementing regulations. The audit methodology is based on the FFIEC’s BSA/AML Examination Manual and incorporates COSO-approved sampling standards.

  • Evaluate the overall adequacy and effectiveness of the BSA/AML compliance program, including policies, procedures, and processes, and review OFAC compliance.
  • Review the institution’s risk assessment for reasonableness given its risk profile (products, services, customers, entities, and geographic locations).
  • Conduct risk-based transaction testing to verify adherence to BSA recordkeeping and reporting requirements (e.g., CIP, Beneficial Ownership, Reg GG, SARs, CTRs, CTR exemptions, and information sharing requests).
  • Evaluate management’s efforts to resolve violations and deficiencies noted in previous audits and regulatory examinations.
  • Review staff training for adequacy, accuracy, and completeness.
  • Review the effectiveness of suspicious activity monitoring systems (manual, automated, or both), including related reports such as suspicious activity monitoring, large currency aggregation, monetary instrument records, funds transfer records, NSF reports, large balance fluctuation reports, and account relationship reports.
  • Review Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) programs.
  • Assess the process for identifying and reporting suspicious activity, including review of filed or prepared SARs for accuracy, timeliness, completeness, and policy effectiveness.
  • Assess the integrity and accuracy of management information systems (MIS) used in the BSA/AML compliance program.

Scope of the Audit

BSA Governance

  • Board and Senior Management Oversight
  • Organizational Structure
  • Risk Assessment Process
  • Regulatory Compliance
  • Testing and Audit Provisions
  • Training and Awareness

BSA Operations

  • BSA Policies and Procedures
  • Customer Identification Program (CIP), including Beneficial Ownership and Regulation GG
  • Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD)
  • Suspicious Activity Reporting
  • Currency Transaction Reporting and Exemptions
  • Information Sharing
  • Purchase and Sale of Monetary Instruments Recordkeeping
  • Brokered Deposits (if applicable)
  • Funds Transfers Recordkeeping
  • Office of Foreign Assets Control (OFAC)
  • Procedures for Products and Services (Bulk Shipments of Currency, Electronic Banking, ACH, Non-Deposit Account Activities, Lending Activities, Prepaid Cards, Trust and Asset Management)
  • Procedures for Persons and Entities (Nonresident Aliens, Cash Intensive Businesses, Nonbank Financial Institutions, Politically Exposed Persons, Nongovernmental Organizations and Charities)
  • Record Retention and Recordkeeping

BSA/AML Model Validation (Optional Service)

The BSA/AML Model Validation process is based on regulatory guidance including the Federal Reserve’s SR 11-7, OCC Bulletin 2011-12, FDIC FIL-22-2017, and FFIEC IT Booklets. Model risk is the potential for adverse consequences from decisions based on incorrect or misused model outputs and reports. NETBankAudit incorporates these key areas of risk into the model validation process.

Objectives and Scope

  • Point-to-point transaction analysis to identify all input, output, and transactional points
  • Hardware and software interface review, including configurations between BSA/AML MIS and other systems (core processing, teller, wire, ACH, etc.)
  • Extensive testing using COSO and COBIT sampling standards, including source document to MIS report testing, daily transaction verification, balancing, and reconcilements
  • Rule set and parameter review to ensure system rules are customized to the institution’s market and customer base, and that settings are appropriate
  • Review of system cash aggregation and watch list scanning logic
  • User and logical access review to ensure access is restricted to authorized users
  • Data integrity review to ensure accurate input and output, segregation of duties, and independent review
  • Vendor management review (e.g., SSAE 18, SOC reviews, internal audits)
  • Transaction monitoring and filtering program review, including screening against watchlists, PEP lists, and negative news, and review of governance and training
  • Annual certification review for the institution’s Board or Senior Management

BSA/AML Filter Analysis (Optional): An in-depth review of alert settings to identify efficiencies and recommend adjustments for improved analysis. This can be performed as a separate engagement or as part of the model validation.

Deliverables

  • Letter to the audit committee and executive summary with overall evaluation, scope, objectives, and summary of findings
  • Audit report with evaluation rating, control objective ratings, risk ratings, and prioritized issues and recommendations
  • Audit workprogram(s) with detailed audit steps, risk-based testing, and analysis
  • Electronic workpapers supporting the audit report and workprogram

All reports are confidential and may not be distributed without permission.

Table of Contents
This is also a heading
This is also a heading
Related Services
Transactional Audits
Crypto-Asset Safekeeping Risk Assessment
Related Articles
Insights From BSA Coalition’s AI and Fraud Webinar
Navigating BSA, AML, CFT and OFAC: An Overview of Finance Regulations
Key Findings from NETBankAudit’s 2024 BSA/AML Audits and MIS Verification Audits
Risk Assessment Best Practices for BSA/AML/CFT and OFAC Compliance
Emerging Threats to BSA/AML/CFT and OFAC Compliance: Navigating AI, Cryptocurrency, and Machine Learning Risks
"NETBankAudit is more than just an audit firm. They take the time to truly understand your organization. By working as a partner they made recommendations that best fit our bank while helping us realize resources that were already at our disposal. The employees we work with are extremely knowledgeable and always available to assist"
Garrett Henry, Chief Information Technology Officer
Franklin Savings Bank
$822M total assets, FDIC regulated
Franklin Savings Bank Logo
"Our Auditor was accommodating when appropriate, but never at the expense of principle.  She has my respect in every regard, and it is a privilege having her as a resource especially during exams. Our Engineer was great as well.  He was able to perform the penetration testing and vulnerability scanning with little disruption to our team.  This year’s engagement was on point as usually."
Beth Worrell, EVP, Chief Risk Officer
Skyline National Bank
$855M total assets, OCC regulated
"We were very satisfied with the model validation of our Verafin System. The NETBankAudit team was great to work with, very professional and kept us in the loop throughout the engagement. We will definitely consider working with them again for the annual validation"
Ken Helmrich, CAMS, CFCS
Kearny Bank
$7B total assets, FDIC regulated
"NETBankAudit provides us with top notch Information Security Professionals to allow us to continually improve our organizations security posture. Springs Valley is able to utilize them to stay abreast of the changing regulatory and cybersecurity landscape. It is great to have a reliable resource like them as a valued partner."
Craig Buse, CLO, COO
Springs Valley Bank & Trust Company
$494M total assets, FDIC regulated
"We appreciate working with professionals respected in the financial services community for their individual expertise and their attention to detail in the audit programs.  Always accessible when we need their assistance. "
Teresa Welty, SVP Internal Audit and Risk Officer
Capital Bank
$1.8B total assets, OCC Regulated
Capital Bank Logo
"We have been doing business with NETBankAudit since 2018 and their team of professionals have been amazing to work with.  They are experienced, objective, and responsive in performing our audit. Plus, they have been readily available to assist us with any issues during regulatory exams."
Robin Harris, Vice President
Carolina Bank
$579M total assets, FDIC regulated
Carolina Bank Logo
"The auditors have been very helpful and patient in giving us guidance with starting, developing, and improving our cybersecurity program. We have an active relationship with NETBankAudit and they are not just an audit firm. NETBankAudit wants us to succeed and not only meet regulatory requirements but understand them as well."
Leslie Nicely, Cybersecurity and BSA Officer
Highlands Community Bank
$172M total assets, FRB Regulated
Highlands Community Bank Logo
"First Citizens National Bank selected NETBankAudit to provide audit services for Information Technology Systems in early 2005.  Since that time, we have added cybersecurity, digital banking, and network penetration testing.  NETBankAudit is not only our auditor, but our partner in developing new digital strategies, policies and procedures. When we are implementing anything digital, NETBankAudit is a resource we use to ensure we have covered all aspects of risk management"
Judy Long, President and COO
First Citizens National Bank
$2B total assets, OCC Regulated
First Citizens National Bank Logo
"We were very satisfied with our first NETBankAudit experience and impressed with the thorough report. Working with our assigned auditor was a pleasure - he possesses great field experience and regulatory experience that was very helpful to us."
Dan Hagedorn, Audit Liaison/Compliance
International Bank of Chicago
$845M total assets, FDIC regulated
International Bank of Chicago Logo
"NETBankAudit's auditor was very knowledgeable and explained clearly what was needed from our side to help complete the audit as well as providing clear recommendations on where we could improve our controls.  The audit was done very professionally. Everyone here at SECU that interacted with NetBankAudit here at SECU had the feeling of a partner."
Rodney Hill, VP Technology
Schlumberger Employees Credit Union
$945M total assets, NCUA regulated
SLB Employee Credit Union Logo
"NETBankAudit serves as our internal auditing team. Their attention to detail and mastery of regulations are invaluable tools to our organization. During the audit, when they have a recommendation or finding, they partner with us and aide us in an internal audit liaison capacity. It is not a typical auditor firm’s approach, who just present their report and findings with limited direction or follow-up. NETBankAudit’s approach also helps us prepare for regulatory reviews with regular “heads-up” guidance and coaching. The examiners value NETBankAudit’s quality and depth of coverage and leverage the detailed audit work papers to facilitate the examination process. "
Dave Kittleson, Director of IT
Arundel Federal Savings Bank
$444M total assets, OCC regulated
Arundel Federal Logo
"We are very satisfied with NETBankAudit’s IT Audit services. The people we worked with are very personable, knowledgeable, and professional."
Sue Richardson, ISO
BayPort Credit Union
$2.2B total assets, NCUA regulated
BayPort Credit Union Logo
"We've partnered with NETBankAudit for over 10 years. We know we'll always receive a thorough review, but the service is always above and beyond our expectations. NETBankAudit keeps us apprised of recent regulatory changes, potential exam issues, and other areas for focus. Engaging NETBankAudit is creating a partnership for the future."
Leslie Hambrick, CFSA, CRMA
Peoples Bank, Newton, NC
$1.5B total assets, FDIC regulated
Peoples Bank Logo

More Services

Value-Add Consulting
Leveraging Decades of Industry Experience

As your trusted partner for compliance and security, our audits include informed recommendations to improve.
Request For Proposal
How NETBankAudit Delivers Value-Add Consulting:

Our Value-Add approach to auditing and compliance provides tailored, actionable advice drawn from our experts' practical industry experiences.

  • Senior-level auditing team each bringing 10+ years of industry and regulatory experience.
  • Our team has broad expertise with certifications from CISA, CISSP, CISM, CRISC and more.
NETBankAudit Logo PNG
2024 NETBankAudit. All Rights Reserved.
Privacy PolicyTerms of Service