Skip to main content
U.S. flag
An official website of the United States government
Dot gov
The .gov means it’s official. 
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.
Https
The site is secure. 
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.
INACTIVE
This page is no longer active. Its content has expired or been rescinded by the FDIC.
Financial Institution Letter

Bank Secrecy Act Provision for Independent Testing for BSA/AML Compliance

Summary: The independent test of the Bank Secrecy Act/Anti-Money Laundering (BSA/AML) Compliance Program can improve the efficiency and reduce the burden of the examination process.

Highlights:

The importance of an effective independent review, an original component of the BSA/AML Compliance Program, cannot be overstated.

  • An effective audit is valued by regulators in identifying and monitoring a bank's specific risks and by assessing how those risks are managed and controlled. Effective audits will assist examiners in determining the BSA/AML examination scope and in identifying areas requiring less review.
  • The FFIEC BSA/AML Examination Manual provides details regarding the BSA/AML Compliance Program, states minimum areas to be covered by the independent audit, and addresses limiting transaction testing to the independent review.
  • Independent testing (audit) assists the bank's board of directors and senior management by identifying areas of weakness or matters requiring stronger controls. The audit should be risk-based and will vary depending on the bank's size, complexity, risk profile, quality of control functions, geographic diversity, and use of technology. By incorporating the bank's BSA/AML Risk Assessment into the independent testing process, the audit program can be more effectively tailored to cover all of the bank's activities.
    • Independent testing of the BSA/AML Compliance Program should be conducted by the internal audit department, outside auditors, consultants, or other qualified persons that are independent of the BSA/AML function.
    • If the audit is being performed by an outside party, a contract or engagement letter should be agreed upon that outlines responsibilities and duties. Contracts typically include provisions stating that audit reports are property of the bank, authorized employees will have reasonable and timely access to workpapers, and that the bank will be provided copies of related workpapers, as the bank deems necessary. Further, such agreements should grant examiners access to all workpapers and other materials prepared in the course of the audit.

Distribution:
FDIC-Supervised Banks (Commercial and Savings)

Suggested Routing:
Chief Executive Officer
BSA Compliance Office

Note:
FDIC Financial Institution Letters (FILs) may be accessed from the FDIC's Web site at http://www.fdic.gov/news/financial-institution-letters/2008/index.html

To receive FILs electronically, please visit http://www.fdic.gov/about/subscriptions/fil.html .

Paper copies of FDIC FILs may be obtained through the FDIC's Public Information Center, 3501 N. Fairfax Drive, Room E 1002, Arlington, VA 22226 (1-877-275-3342 or 703-562-2200).


Additional Related Topics:

  • Bank Secrecy Act/Anti-Money Laundering Programs
FIL-38-2008
Attachment(s)

Last Updated: May 16, 2008