This document provides information about autoAML, a company that provides BSA/AML compliance software and services. It introduces the CEO, Carey Rome, and Director of BSA Risk, Nick Guest, and their relevant experience. The document then outlines the history of BSA/AML regulation in the US from 1970 to present day. It discusses key events that shaped regulation, such as the passage of the Bank Secrecy Act, the 9/11 terrorist attacks, and the 2008 financial crisis. It emphasizes that the one consistent weakness highlighted in all enforcement actions is the failure to properly identify beneficial owners. The document argues that banks need to properly align their BSA/AML policies, procedures, and processes with regulations to

2. WHO WE ARE
Carey Rome - CEO, autoAML
Carey is the CEO of autoAML. Leveraging his 20 years of business
and management consulting experience, Carey founded autoAML to
help BSA Officers do more with less.
Nick Guest, CAMS - Director of BSA Risk, autoAML
Nick has provided BSA/AML risk guidance, project operations
oversight and organizational change management services to local,
national and international companies across industries in the private
and public sectors.

3. KEY POINTS TO BE MADE
1. 3 significant events driving the new CDD rule
2. One consistent theme in every enforcement
action
3. What you can do now to prepare

4. KEY TERMS
BSA – Bank Secrecy Act
AML – Anti-Money Laundering
CFT – Combatting the Financing of Terrorism
KYC – Know Your Customer
CIP – Customer Identification Program
CDD – Customer Due Diligence
BOV – Beneficial Ownership Verification
SAR - Suspicious Activity Report
CTR – Currency Transaction Report

5. HISTORY OF BSA/AML
1970 -
present

6. SIMPLIFIED BSA/AML HISTORY TIMELINE
BSA
1970
9/11
Patriot Act
2001
2008
Great
Recessio
n
Panama
Papers
2016
Final CDD
Rule (BOV)

7. First Significant Event

8. • How did this get
started? - Bags
of Money
• What did it do?
• What is it’s main
goal?
1970 – PASSAGE OF BANK SECRECY ACT

9. BACK SECRECY ACT – 1970
• Established REQUIREMENTS FOR RECORDKEEPING
AND REPORTING by private individuals, banks and other
financial institutions
• Designed to help IDENTIFY THE SOURCE, volume, and
movement of currency and other monetary instruments transported
or transmitted into or out of the United States or deposited in
financial institutions
• Required banks to (1) report cash transactions over $10,000 using
the Currency Transaction Report; (2) PROPERLY IDENTIFY
PERSONS CONDUCTING TRANSACTIONS; and (3)
maintain a paper trail by keeping appropriate records of financial
transactions

10. MONEY LAUNDERING CONTROL ACT (1986)
• Established money laundering as a federal crime
• Prohibited STRUCTURING TRANSACTIONS to evade
CTR filings
• Introduced civil and criminal forfeiture for BSA violations
• Directed banks to establish and maintain procedures to ensure and
monitor compliance with the reporting and recordkeeping
requirements of the BSA

11. ANTI-DRUG ABUSE ACT OF 1988
• EXPANDED THE DEFINITION of financial institution to
include businesses such as CAR DEALERS AND REAL
ESTATE CLOSING PERSONNEL and required them to file
reports on large currency transactions
• Required the VERIFICATION OF IDENTITY of purchasers of
monetary instruments over $3,000

12. ANNUNZIO-WYLIE AML ACT (1992)
• STRENGTHENED THE SANCTIONS for BSA violations
• Required SUSPICIOUS ACTIVITY REPORTS and
eliminated previously used Criminal Referral Forms
• Required VERIFICATION and recordkeeping for WIRE
TRANSFERS
• Established the Bank Secrecy Act Advisory Group (BSAAG)

13. MONEY LAUNDERING SUPPRESSION ACT
(1994)
• Required banking agencies to review and enhance training, and DEVELOP
ANTI-MONEY LAUNDERING EXAMINATION PROCEDURES
• Required banking agencies to REVIEW AND ENHANCE PROCEDURES for
referring cases to appropriate law enforcement agencies
• STREAMLINED CTR EXEMPTION process
• REQUIRED EACH MONEY SERVICES BUSINESS (MSB) TO BE
REGISTERED BY AN OWNER OR CONTROLLING PERSON OF THE MSB
• Required every MSB to maintain A LIST OF BUSINESSES AUTHORIZED
TO ACT AS AGENTS in connection with the financial services offered by
the MSB
• Made operating an UNREGISTERED MSB A FEDERAL CRIME
• Recommended that states adopt uniform laws applicable to MSBs

14. MONEY LAUNDERING AND FINANCIAL CRIMES
STRATEGY ACT (1998)
• Required banking agencies to develop anti-money laundering
TRAINING FOR EXAMINERS
• Required the Department of the Treasury and other agencies to
develop a NATIONAL MONEY LAUNDERING STRATEGY
• Created THE HIGH INTENSITY MONEY LAUNDERING AND
RELATED FINANCIAL CRIME AREA (HIFCA) Task Forces to
concentrate law enforcement efforts at the federal, state and local
levels in zones where money laundering is prevalent. HIFCAs may
be defined geographically or they can also be created to address
money laundering in an industry sector, a financial institution, or
group of financial institutions.

15. 31 YEARS OF MISSING THE BOAT ON SOURCE
Who “conducted” the illegal activity versus
who “benefited” from the illegal activity…
Until the day we all got blind
sided…

16. Second Significant Event

17. SEPTEMBER 11, 2001
- THE DAY THAT CHANGED OUR WORLD

18. PATRIOT ACT - 2001
• Criminalized the FINANCING OF TERRORISM and augmented the existing BSA framework by strengthening
customer identification procedures
• Prohibited financial institutions from engaging in business with foreign shell banks
• Required financial institutions to have DUE DILIGENCE PROCEDURES (and enhanced due diligence
procedures for foreign correspondent and private banking accounts)
• Improved information sharing between financial institutions and the U.S. government by requiring government-
institution information sharing and voluntary information sharing among financial institutions
• EXPANDED THE ANTI-MONEY LAUNDERING PROGRAM REQUIREMENTS to all financial institutions
• Increased civil and criminal penalties for money laundering
• Provided the Secretary of the Treasury with the authority to impose "special measures" on jurisdictions,
institutions, or transactions that are of "primary money laundering concern"
• Facilitated records access and required banks to respond to regulatory requests for information within 120 hours
• REQUIRED FEDERAL BANKING AGENCIES TO CONSIDER A BANK'S AML RECORD WHEN REVIEWING
BANK MERGERS, ACQUISITIONS, AND OTHER APPLICATIONS FOR BUSINESS COMBINATIONS

19. INTELLIGENCE REFORM & TERRORISM
PREVENTION ACT OF 2004
• Amended the BSA to require the Secretary of the Treasury to
prescribe regulations requiring certain financial institutions to
REPORT CROSS-BORDER ELECTRONIC TRANSMITTALS
OF FUNDS, if the Secretary determines that such reporting is
"reasonably necessary" to aid in the fight against money laundering
and terrorist financing

20. SO WHAT’S REQUIRED - AML PROGRAM
1. Written internal policies
2. Written procedures & documented processes
3. Internal controls
4. Designated AML compliance officer
5. Ongoing employee training
6. Independent review

21. We’ve been doing
this for almost 50
years – How can this
still be missed?
IDENTIFYING THE SOURCE

22. Does anyone think that no one had
been thinking of this prior to 9/11?

23. • 314(a) : deals with the required sharing of
information between banks and federal law
enforcement
• 314(b) : voluntary bank-to-bank information
sharing
PATRIOT ACT…

24. 314(A) & 314(B)
314(a) - Law enforcement communication
with your FI
314(b) – Communication between
banks

25. SO WHAT
HAPPENED IN
THE FOLLOWING
YEARS?
- VERY LITTLE -

26. FROM 9/11/2001 TO THE
DAY THE GREAT RECESSION
HIT, WHAT PROGRESS DID
WE MAKE?

27. 2008 - GREAT RECESSION

28. GREAT RECESSION…THE AFTERMATH
- 2011 (10yr gap)
- Regulators see
that banks
failed
- Tighter
enforcements
follow

29. ENFORCEMENT ACTIONS - THE HIDDEN COST OF NON-COMPLIANCE

30. 2013
The Senate Permanent
Subcommittee on Investigations
(PSI)
Regulate by Consent Order, Public
Filings & Shareholder Notifications

31. A CHANGE IN THE TONE OF CONSENT ORDERS
• In 2013 – the OCC was cited by the Senate
Permanent Subcommittee for Investigations (SPSI)
in a Presentence Investigation Report (PSIR) for
ineffective AML oversight
• The PSIR called for higher examination
standards

32. BANKS SHOULD BE AWARE OF THE GROWING
NUMBER OF EAs.
• Penalties increased 20x in last 5 years
• Enormous fees
• Average $34M
• 2009-2015: $5.2B BSA/AML violations
• Not including cost of additional staff
• Unaccounted for reputational damage

33. REGULATORS ARE TAKING ACTION IN MAJOR WAYS
• In the last 15 years, FIs with less than $10B in
assets under management (AUM) received more
EAs than larger ones (>$10B)
• Regulators will go after you even if there has
never been any money laundering
• They are making sure the structure is in place
or in development to prevent it: policies,
procedures, processes, and internal controls

34. RATIO OF FINANCIAL IMPACT TO ASSET SIZE
Fine
(Over 5yrs)
Cleanup Cost
(One-time)
Ongoing
Staffing Cost
(Over 5yrs)
Financial
Institutions
~.05% - 1% of
Assets
~.05% of Assets ~.25% of Assets

35. BUT, BSA/AML IS NOT JUST FOR THE BIG GUYS…

36. • $9.7B in AUM
• 2012 – received consent order
• 5 consecutive prior years of compliance
• Heightened expectations of the regulators
• Doubled BSA staff
• $4M staffing costs + $5M annual
expenditures + $500,000 CMPs
OLD NATIONAL BANCORP

37. DROWNING IN BSA DEMANDS
“Few dare talk about their concerns publicly, for fear
of alienating regulators. Privately they say that BSA
exams have become more rigorous and focused in
recent years, digging deeper into the weeds of
processes, systems and controls. Foot-dragging
and shortcomings are being met with stiffer
monetary penalties and lengthy lists of demands for
system improvements and additional personnel.”
–American Banker

38. SMALLER BANKS SINGLED OUT
• Examiners assigned to smaller banks can
advance their careers by playing tough.
• As an examiner, you move to working on the
larger, multinational banks by finding problems
at smaller institutions.
• It’s a risk for the smaller and midsized banks
that you can run into someone who’s trying to
catch every technical detail to impress their
bosses and move up.

39. • 2012 FinCEN consent order
- Willful lack of AML
program
• Failure to detect and
adequately report evidence
of AML
• Inadequate internal
controls, transaction
monitoring systems,
training, & reporting
• Assessed $15M CMP for
bank’s history of
noncompliance and
numerous BSA violations
• Eventually bought out and
had its charter terminated
FIRST BANK OF DELAWARE

40. • $4.9B in AUM
• 2016 – FDIC issued consent order
• Required increased board involvement,
creation of board committee, development &
implementation of written compliance plan
• Required to revise its written policies,
procedures, and processes

41. CARTER BANK CONTINUED…
Additional requirements included:
• Annual risk assessments
• Revision of internal controls to have policies, procedures, and
processes concerning SARs
• Enhancements to CDD & EDD programs, BSA training
• Acquire contract with independent testing firm for BSA/AML
regulation review
• Reassess BSA staffing needs: advised to increase number of
people in its BSA department from 3 full time employees to a
minimum of 22
• Required to file timely BSA reports: CTRs, SARs, etc.
• Required to inform shareholders of the consent order

42. • AUM = $700 Million
• Board supervision
• Implement written
program
• Internal controls
• Adequate staffing
• Independent review
• Look back

43. Third Significant Event

45. FINAL CDD RULE
What has the last 46 years revealed about
what we’re missing in relation to the final
CDD rule?
BOV

46. The policies, procedures, and processes
utilized to identify the beneficial owner, take
reasonable measures to verify the status and
accuracy of the beneficial owner to the degree
that the FI is satisfied that it knows the
beneficial owner’s identity.
BENEFICIAL OWNERSHIP VERIFICATION (BOV)

47. TODAY, FIs ARE FACED WITH A HUGE CHALLENGE.
• What is the line between Verification and Validation
• CDD rules don’t explain what policies & procedures
• Regulators have high expectations
• Compliance program in place by 2018!
• Gamble –10 years to enforce OR Immediate?

48. ONE IRREFUTABLE FACT
CONSISTENT
WEAKNESSES IN
IDENTIFYING THE
SOURCE

49. “Banks have literally
resorted to responding
to the latest regulatory
finding at similar
banks.”
- Theresa Pesce, head of the
Americas AML practice at
KPMG
CONSISTENT WEAKNESSES…

50. - Plugging holes
method not the intent
of regulators
- Reading consent
orders from other
banks isn’t the
answer
- Clear best practice:
address the entirety
of the program
CONSISTENT WEAKNESSES…

51. WHY HAS THIS CONTINUED TO BE IGNORED?
1. No BSA/AML Standards
2. Inconsistency among banks’ program alignment
with FFIEC manual
3. Inconsistency among regulators’ application of
FFIEC manual regulations

52. Failure to
align policies,
processes,
and
procedures
with BSA
Regulations
15 YEARS OF EA’S – 1 CONSISTENT THEME

53. Expectations for the new CDD
rule will be no different.
Are you doing what
you say you do?
FFIEC ALIGNMENT - THIS SEEMS SO BASIC…

54. POLICIES

55. DETAILS FOR POLICY
• Have a monitoring system in place to track P,P,P changes
• Track alignment with the FFIEC manual
• Document details
• Document why your bank does comply
• Document if something in the manual is “N/A”
• Note why it is Not Applicable

56. - This should show
consistency
- This should be your
how-to guide for
implementing policy
- The written set of
directions for your team
to implement and
enforce policy
- Internal controls should
be able to prove that
these procedures are
being implemented
accurately
PROCEDURES

57. Maintain
alignment
Maintain
alignment
Maintain
alignment
Maintain
alignment
Maintain
alignment
PROCEDURES

58. EXAMPLE CDD PROCESS

59. PROCESS
Step 1 Step 2
Step 3 Step 4 Step 5
Step 6 Step 7
New CDD Process
Frontline
Business
Banker
(CIP)
BSA/AML
Compliance
(CDD)
BSA/AML
Operation
s(KYC)

60. INTERNAL CONTROLS
A system for ensuring that your team is
working within the process you’ve
defined and they are utilizing the
procedures you’ve developed to enforce
the policies you’ve created.

61. INTERNAL CONTROL - EXAMPLE
• Customer on-
boarding requires 2
forms of ID
• A bank’s policy
should define
similar
informational
requirements for
verification of High
Risk Customers
• Require secondary,
manager-level
approval to verify

62. Banks have the control and
they have the tools to
address this most
consistent theme in every
enforcement action…it’s
just very manual

63. THE DIRECTOR’S ROLE

64. DIRECTORS ASK THESE QUESTIONS
1. What is the plan?
2. Who is responsible?
3. What is the filter for how it relates to your bank?
4. How will you measure your level of
compliance?

65. 1. WHAT IS THE PLAN?
• Implementation of policies, procedures,
processes
• Control risk
• Achieve compliance

66. QUESTION YOUR PLAN
• What are the internal controls? – FFIEC
• What is the plan to mature the BSA program
over the next 3 yrs?
• How does this plan align with the growth
strategy of the bank?

67. 2. WHO IS RESPONSIBLE?
BSA Officer
• Review audit reports, internal controls, high-
risk deposit accounts monthly
• Review risk rating, staffing, training, testing,
and compliance

68. 3. WHAT IS THE FILTER?
BSA Risk Assessment
• Define your bank’s risk profile
• How much risk will you agree to accept?
• Specific risk categories
• Detailed analysis

69. COMPLIANCE COMMUNICATION IS ESSENTIAL
“We're seeing situations where business
decisions are made that run counter to an
institution's AML policy [or] counter to the
advice of the compliance department, situations
where the compliance department is being
deprived of information required to do its job.”
- Shasky Calvery, previous director of FinCEN

70. 4. HOW CAN I MEASURE MY BANK’S COMPLIANCE?
• Don’t just wait for annual
updates
• Write down what you are
going to do and why
• Identify risks and get feedback
from regulators
• Consistent reporting

71. WHAT REPORTS SHOULD I BE
ASKING FOR?
For an example of reports, email us at:
crome@autoaml.com or nguest@autoaml.com

72. CDD
WHAT CAN YOU DO NOW TO
PREPARE?
3rd KEY TAKEAWAY

73. UNDERSTANDING BOV?

74. “Beneficial Owner”
not necessarily the
person or entity who
sets up or opens the
account, but the
person behind that
person or entity who
receives the benefits
from this account and
controls it from
behind the curtain of
anonymity or through
a nominee account
holder
INTRODUCTION TO BOV

75. 1. Identify
2. Verify status &
accuracy
3. Ownership
4. Control
structure
FOR BOV

76. 2018
Timing is of the essence: 5 Things to Quantify
1. Impact to High-Risk Customers
2. Implementation Plan
3. Training Plan
4. Staffing Needs
5. Timing of Significant Events

77. 3 THINGS YOU MUST KNOW NOW
1. Does your BSA Officer and Team understand the impact
of beneficial ownership verification on your organization?
2. Does your Board of Directors understand the impact of
beneficial ownership verification on your organization?
3. Do you have a plan to deal with your understanding of the
beneficial ownership verification impact on your bank?

78. 1. BSA OFFICER AND TEAM
Build formula based on the following:
• Assessment of increased documentation required
• Assess the additional anticipated amount of time per
new customer (per anticipated growth rate)
• Assess the additional amount of data capture
• Assess impact to additional systems
• Assess the amount of training development and
implementation
• Should equal the total amount of impact on your
organization

79. 2. BOARD OF DIRECTORS
• Policies
• Question Implementation
• Procedures
• Internal controls
• Impact

80. 3. DO YOU HAVE A PLAN
• Why do you need a plan?
• Key’s to your plan:
• Critical Path
• Viable and Realistic
• Documented
• Detailed Actions
• Propagates new mindset prior to 2018

81. QUESTIONS FOR YOUR TEAM TO CONSIDER
 How do I create an implementation plan?
 How do I quantify the impact on my organization?
 What do my new policies need to state?
 How will my procedures be impacted?
 Who will own the creation of and drive the implementation plan?
 How will we know we are reaching our milestones?
 How will training be rolled out given our milestones?
 Have you considered your risk based approach for Beneficial Ownership?
 How will “significant,” “unusual,” or ”unexpected” transactions trigger the
need for additional BOV?

82. CUSTOMER DUE DILIGENCE (CDD)
WHITE PAPER
For a copy of our White Paper on the Final CDD Rule, email
us at:
crome@autoaml.com or nguest@autoaml.com