A Risk-Based Approach to BSA/AML and OFAC Compliance
How much do you know about your third-party vendors? Could your subcontractors be laundering money used to finance drug cartels, terrorist organizations or other illegal activities? It’s not as far-fetched as you might imagine. Without your knowledge, your bank or credit union may be non-compliant with requirements in the Bank Secrecy Act (BSA)/Anti-Money Laundering (AML).
Also, when your third-party vendors are foreign entities, your financial institution may face additional compliance burdens from the Treasury Department’s Office of Foreign Assets Control (OFAC). Bankers know that third-party vendors sanctioned by OFAC could be involved in not just criminal but terrorist activity.
BSA/AML and OFAC compliance remain atop the list of risks for financial institutions. What can do you do to minimize this risk as you manage your vendors?
Vet Your Vendors
Before starting a relationship with a third party, assess their activities. Are they subject to laws and regulations involving privacy, information security, fiduciary requirements and, most importantly, BSA/AML and OFAC?
When conducting due diligence reviews, gather information about the entity, including:
- Experience and reputation
- History and performance
- Stated goals
- Risk management practices
- Insurance coverage
Then incorporate these findings into your contractual relationship.
When formulating the contract, require that the third party provide and retain timely, accurate and comprehensive information. This includes records and reports that allow bank management to monitor performance, service levels and risks. Stipulate the frequency and type of BSA/AML and OFAC compliance responsibilities and reports.
You should also ensure the contract addresses compliance with the specific laws, regulations, guidance and self-regulatory standards applicable to the activities involved. This includes provisions that outline compliance with BSA/AML and OFAC. Require your right to conduct periodic reviews. This is to verify the third party’s compliance with the bank’s policies and expectations.
Finally, state your right to continuously monitor the vendor’s compliance with applicable laws, regulations and policies. Require remediation if issues arise.
VendorInsight® Helps Protect You
As with all aspects of compliance, third-party relationships require contracts, due diligence, monitoring and review. The best way to verify your vendors are on the up and up is by using VendorInsight®.
VendorInsight® can verify your vendor’s activities throughout a continuous life cycle. When onboarding, the vendor risk management (VRM) solution performs contract reviews, audits for compliance and monitoring and alerting.
VendorInsight®’s due diligence also includes automated screenings of all vendors against the OFAC database and watchlist reports daily. Any identified matches are detailed on a system-generated vendor due diligence report.
Once a relationship is established with a vendor, VendorInsight® protects you by using our expertise, technology and resources. This helps you prepare for supervisory reviews performed by regulatory bodies such as the Office of the Comptroller of the Currency (OCC). Such examinations evaluate:
- Safety and soundness risks
- The financial and operational viability of the third party to fulfill its contractual obligations
- Compliance with applicable laws and regulations, including BSA/AML and OFAC laws
VendorInsight® promises to protect financial institutions. That means adapt to enable our customers to stay ahead of the changing regulatory environment.
To avoid potential violations and related civil liability, make BSA/AML and OFAC compliance a consistent focus of your VRM program. Request a demo to learn more about how VendorInsight® keeps you compliant.