BSA & OFAC Compliance Audits

The responsibility of compliance with the Bank Secrecy Act belongs to almost everyone within a Credit Union, including the Board of Directors, senior management, the designated BSA officer, and the member-facing employees.

In addition to satisfying BSA requirements, Credit Unions must comply with NCUA Rules and Regulations, which require an annual independent audit of their BSA compliance measures.


The Five Pillars of BSA/AML Compliance

In 1970, the Bank Secrecy Act (BSA) established the requirements for Credit Unions and other financial institutions to implement anti-money laundering (AML) and financial crimes safeguards.

For a credit union to be in compliance with the BSA, the Credit Union must develop and maintain procedures for fulfilling the requirements. These are known as the “four pillars” of BSA compliance. The U.S. Department of the Treasury’s Financial Crimes Enforcement Network added a fifth pillar in 2018. The five pillars are as follows: 


        1. Develop a program of internal safeguards to support ongoing compliance
        2. Appoint a BSA Compliance Officer to maintain the financial institution’s BSA audit program and ensure it is followed
        3. Perform independent testing of BSA policies and procedures
        4. Train employees in procedures to ensure compliance of internal controls
        5. Create and follow internal policies to identify beneficial owners of customer legal entities

Office of Foreign Asset Control (OFAC) Compliance

The Office of Foreign Asset Control enforces economic sanctions which target foreign countries, terrorist organizations, and international narcotics traffickers.

While the Office of Foreign Assets Control (OFAC) requirements are not part of the BSA, the BSA and OFAC share similar goals for national security. Therefore, it is common to review OFAC compliance and internal procedures concurrent with BSA/AML examinations.


The Role Of CPAs In Compliance Requirements

Independent testing (or audit) evaluates the adequacy of the financial institution’s overall BSA program. Usually, the BSA and OFAC compliance audits are conducted by qualified outside auditors, such as our team of accounting professionals.

The annual independent audit required by the NCUA and conducted by Griffin & Furman includes:

        • Evaluating internal controls
        • Testing samples for compliance
        • Deciding if personnel are adequately trained
        • Examining Currency Transaction Reports (CTRs) and Suspicious Activity Reports (SARs)
        • Reviewing Customer Information Policy and Customer Notice
        • Testing record-keeping procedures

Credit Union BSA and OFAC Compliance Audits

The certified public accountants at Griffin & Furman are engaged in detecting and preventing money laundering, fraud, counter-terrorist financing, and other financial crimes.  

Give us a call to talk more about a regular audit process for your Credit Union.