Development of tailored, detailed enterprise BSA/AML risk assessment supporting a risk based compliance program and transaction monitoring and sanctions filtering. Expertise support to FinTech, Cryptocurrency, Mobile Remittance, Payment Processors, traditional MSBs and banks.
Developing Your Tailored Enterprise BSA/AML and OFAC Risk Assessment
The initial action necessary to development of your risk assessment is to develop a sound understanding of the company’s current business model (and any proposed changes, as applicable), and collection and movement of information/data and funds in order to adequately identify potential risks and opportunities by which such risks can be mitigated.
Information helpful to the initial process includes:
- Written description of the business model and flow chart showing flow of funds which identifies actors, processes, accounts, and process flow.
- Existing BSA/AML/OFAC program documentation, if any, including processes for customer application and acceptance, initial and enhanced customer due diligence, etc.
- Identification of any existing risk mitigation decisions or factors such as transaction limits, aggregation limits, tools used to test provided data elements, etc.
- Details on existing transaction monitoring system(s), if any.
- Details on level and types of fraud experiences, broken down by typologies if possible
We would start the project with an initial call where the Company will briefly explain materials provided and its business processes. With context from the call, we will then read and review all materials provided in order to determine a framework for drafting the risk assessment. We will then request an additional call to discuss the business model and provided materials in more detail. If gaps in the process or our understanding are present we will seek to obtain further knowledge in such areas and may request additional documentation.
MSBCI and Company will each make best efforts to schedule necessary work time and meetings to complete assessment thoroughly as quickly as practical.
Conference calls are anticipated in the following areas:
- Kick off call with internal stakeholders to provide brief overview of documents provided, business lines and processes.
- Customer Application, Due Diligence, Review and Acceptance Processes.
- Customer Risk Rating and Customer level Monitoring activities.
- Transaction Monitoring and OFAC.
- Fraud and Suspicious Activity processes. Understand what types of fraud are caught and what is missed. Typologies.
Leveraging the knowledge of the business gained, we may review additional documentation and/or discuss aspects of the business plans and processes in greater detail. We will then draft a detailed BSA/AML/OFAC and anti-fraud risk assessment for the company based on the review and analysis of the business. We will provide the initial draft to you for review and subsequent discussion with us and may go through multiple iterations depending on facts and circumstances understood during the process, complexity of operations, and responses to questions, etc. As we work to finalize the assessment, we will also work with you to suggest decisions for risk mitigation to be further incorporated within the risk assessment as well as within the compliance program which should be created or updated after the risk assessment is completed.