You are here

Key Steps to a Successful BSA Validation

Written by: Rita L. Lucivero, CISA
The Federal Financial Institutions Examination Council’s (FFIEC) Bank Secrecy Act (BSA)/Anti-Money Laundering (AML) Examination Manual mandates that financial institutions have their automated AML monitoring system validated independently. The FFIEC enforces this to ensure that your system’s models are detecting potentially suspicious money laundering-activity. Here are key steps you can take to make sure your institution passes this validation.

Step 1: Know your system
Financial institutions are relying more on the technology to perform automated tasks – especially in the BSA/AML monitoring space. Make sure you understand how the BSA/AML technologies you use are designed to work and know how they’re functioning. This is especially important because regulators are looking to see that you know what your system is doing with the information that’s being sent into it.

We recommend reviewing the manuals provided by your BSA/AML monitoring vendor and attending their hosted webinars and conferences to gain in-depth information about your system. Taking advantage of these resources will also keep you informed about the new functions being included in upcoming releases.

Step 2: Map your system
During our validation engagements, incorrect mappings appear to be the number one issue that comes up. Core systems can have hundreds upon hundreds of transaction codes that need to tie exactly to your BSA/AML system. Without these codes properly mapped, your BSA/AML system could allow suspicious activity to go unnoticed. When codes are modified or changed within the systems that have data flowing into your BSA/AML system, it’s essential you make sure those mappings are still correct.

Step 3: Review your system
Even if you are not making major changes to your BSA/AML system very often, it’s still important to review certain aspects of your system on a periodic basis. Firstly, you should be reviewing your data import process. Key systems within your institution are constantly being modified. Even the smallest of tweaks can affect how data from those systems flows into your BSA/AML system. Regularly reviewing the data import process within your system gives your Institution assurance that all pertinent data is flowing over completely and accurately.

Secondly, review any key changes made to your system rule base. Changes that are intentionally or accidentally made to the system that are not caught can lead to inaccurate reporting from your system. Regular independent review of these changes can help to ensure that they are appropriate.

Your AML monitoring system is the first line of your defense to detect money laundering. Make sure that you are following these 3 key steps, so that you don’t end up missing activity that could cost your institution regulatory fines or penalties.

For assistance with your BSA/AML system, contact Rita L. Lucivero, CISA, IT Assurance Senior Consultant, at 617-261-8185 or