28 KiB
28 KiB
🛡️ AML/BSA COMPLIANCE PLAYBOOK
BlackRoad OS, Inc. - Anti-Money Laundering Program
TABLE OF CONTENTS
- AML Program Overview
- Customer Identification Program (CIP)
- Customer Due Diligence (CDD)
- Beneficial Ownership
- OFAC Screening
- Transaction Monitoring
- Suspicious Activity Reporting (SAR)
- Currency Transaction Reporting (CTR)
- Red Flags & Scenarios
- Training & Testing
AML PROGRAM OVERVIEW
Four Pillars of AML Compliance
┌─────────────────────────────────────────────────────────┐
│ AML PROGRAM COMPONENTS │
├─────────────────────────────────────────────────────────┤
│ │
│ 1. POLICIES, PROCEDURES & INTERNAL CONTROLS │
│ └─ Written AML Program │
│ └─ Risk-based approach │
│ └─ Board approved │
│ │
│ 2. DESIGNATED AML COMPLIANCE OFFICER │
│ └─ Day-to-day responsibility │
│ └─ Adequate authority │
│ └─ Access to resources │
│ │
│ 3. ONGOING EMPLOYEE TRAINING │
│ └─ Annual training minimum │
│ └─ Role-based training │
│ └─ Red flags & scenarios │
│ │
│ 4. INDEPENDENT TESTING │
│ └─ Annual minimum │
│ └─ Qualified external party │
│ └─ Comprehensive scope │
│ │
└─────────────────────────────────────────────────────────┘
AML Officer Responsibilities
Daily:
- Review OFAC screening alerts
- Monitor high-risk account activity
- Review exception reports
Weekly:
- Review transaction monitoring alerts
- Follow up on pending investigations
- Update AML investigation log
Monthly:
- AML metrics report to senior management
- Training needs assessment
- AML program effectiveness review
Quarterly:
- Enhanced due diligence reviews (high-risk)
- AML program updates for regulatory changes
- Report to Board Risk Committee
Annually:
- Independent AML testing coordination
- Annual AML training program
- AML risk assessment update
- AML program certification to Board
CUSTOMER IDENTIFICATION PROGRAM (CIP)
CIP Requirements (USA PATRIOT Act Section 326)
Required Information - INDIVIDUALS:
┌──────────────────────────────────────────┐
│ BEFORE ACCOUNT OPENING - MUST OBTAIN: │
├──────────────────────────────────────────┤
│ 1. Name │
│ 2. Date of Birth │
│ 3. Address (residential or business) │
│ 4. Identification Number: │
│ • U.S. Person: SSN or ITIN │
│ • Non-U.S. Person: Passport + Country │
└──────────────────────────────────────────┘
Required Information - ENTITIES:
┌──────────────────────────────────────────┐
│ BEFORE ACCOUNT OPENING - MUST OBTAIN: │
├──────────────────────────────────────────┤
│ 1. Legal Name │
│ 2. Principal Place of Business │
│ 3. Mailing Address (if different) │
│ 4. Identification Number: │
│ • U.S. Entity: EIN │
│ • Non-U.S. Entity: Similar number │
│ or other identifier│
└──────────────────────────────────────────┘
Identity Verification Procedures
ACCEPTABLE DOCUMENTS (Individuals):
Tier 1 - Government-Issued Photo ID:
- ✅ Driver's license (U.S. state or territory)
- ✅ U.S. passport
- ✅ State-issued ID card
- ✅ Military ID
- ✅ Foreign passport (with visa for non-U.S. citizens)
Tier 2 - Supporting Documents (if Tier 1 unavailable):
- Bank statement (showing name & address)
- Utility bill (within 2 months)
- Voter registration card
- Birth certificate (plus supporting docs)
Verification Steps:
- Obtain photocopy of ID (front and back)
- Verify ID appears authentic (not obviously fake)
- Verify customer information matches ID
- Check ID expiration date (must be current)
- Document verification method used
- Retain copy in customer file
ACCEPTABLE DOCUMENTS (Entities):
- Articles of Incorporation
- Business license
- Partnership agreement
- Trust instrument
- Government registration
Additional Verification:
- Secretary of State business search
- Dun & Bradstreet report
- Public records search
- Third-party database verification
CIP Failure Procedures
If Unable to Verify Identity:
TIMELINE:
Day 0 - Account opened, CIP attempted
Day 30 - If not verified, restrict account
Day 60 - If still not verified, enhanced review
Day 90 - If still not verified, close account & file SAR
Restrictions at Day 30:
- No withdrawals or transfers
- No new securities purchases
- Only sales of existing positions allowed
- Customer notified of restriction
Day 90 Actions:
- Close account
- Liquidate positions
- Send proceeds via check to address on file
- File SAR (reason: unable to verify identity)
- Maintain records for 5 years
CUSTOMER DUE DILIGENCE (CDD)
Risk-Based Customer Categorization
LOW RISK:
- U.S. citizens/residents
- Employed with verifiable income
- Standard investment objectives
- Modest account size (<$250,000)
- No PEP status
- No high-risk geography
- Transparent source of funds
MEDIUM RISK:
- High net worth ($1M+)
- Self-employed
- Complex investment strategies
- Multiple accounts
- Frequent transfers
- Cash intensive business
- Previous AML concerns (resolved)
HIGH RISK:
- Politically Exposed Persons (PEP)
- Non-resident aliens
- High-risk countries (FATF list)
- Cash intensive businesses
- MSBs (Money Service Businesses)
- ATMs, check cashing, casinos
- Foreign shell companies
- Anonymous structures (bearer shares)
- Offshore jurisdictions
- Unregistered charities
- Prior regulatory actions
Enhanced Due Diligence (EDD)
Required for HIGH RISK customers
Enhanced Information to Obtain:
## EDD Questionnaire
### Source of Wealth
- How did customer accumulate wealth?
- Employment history
- Business interests
- Inheritance/gifts
- Investment gains
### Source of Funds
- Where are account funds coming from?
- Employment income
- Business income
- Sale of assets
- Inheritance
- Other (describe)
### Purpose of Account
- Investment objectives
- Expected activity level
- Expected deposit amounts
- Expected withdrawal amounts
- Geographic scope of activity
### Third-Party Relationships
- Any third-party money managers?
- Any authorized traders?
- Any beneficial owners besides customer?
- Any related accounts?
### Expected Activity
- Anticipated annual deposits: $___________
- Anticipated annual withdrawals: $________
- Types of securities to be traded
- Expected trade frequency
- Geographic focus of investments
EDD Review Frequency:
- HIGH RISK: Quarterly review
- MEDIUM RISK: Annual review
- LOW RISK: Every 3 years or upon trigger event
Trigger Events Requiring Updated EDD:
- Significant increase in account activity
- Change in account ownership
- Change in business structure
- Move to/from high-risk jurisdiction
- Media reports about customer
- Law enforcement inquiry
- Unusual transaction patterns
BENEFICIAL OWNERSHIP
CDD Rule Requirements (FinCEN 2018)
Applies to: Legal entity customers (corporations, LLCs, partnerships, etc.)
Exemptions:
- Financial institutions
- Government entities
- Publicly traded companies (listed on exchange)
- Banks, credit unions, broker-dealers
- Registered investment companies
- Public accounting firms
- Entities with >20 full-time U.S. employees
Required Information:
1. BENEFICIAL OWNERS (25% or more ownership):
For EACH person owning ≥25% equity:
├─ Name
├─ Date of Birth
├─ Address
└─ Identification Number (SSN or passport)
2. CONTROL PERSON (Single individual):
One person with significant control:
├─ Name
├─ Date of Birth
├─ Address
└─ Identification Number (SSN or passport)
Examples of control:
• CEO
• President
• Managing Partner
• Trustee
• Person with authority to control/dispose of 25%+ assets
Beneficial Ownership Certification Form:
# BENEFICIAL OWNERSHIP CERTIFICATION
## Legal Entity Customer Name: _______________________
## EIN: ________________________________________
I hereby certify that the following individuals are beneficial owners:
### BENEFICIAL OWNERS (25% or greater ownership):
1. Name: ________________ DOB: _______ Address: ________ SSN/Passport: ______
2. Name: ________________ DOB: _______ Address: ________ SSN/Passport: ______
3. Name: ________________ DOB: _______ Address: ________ SSN/Passport: ______
4. Name: ________________ DOB: _______ Address: ________ SSN/Passport: ______
### CONTROL PERSON (check one):
☐ Same as beneficial owner #___ above
☐ Different person:
Name: ________________ DOB: _______ Address: ________ SSN/Passport: ______
Title/Role: ___________
I certify that the above information is complete and accurate. I agree to update this information within 30 days of any change.
Signature: ____________________ Date: __________
Print Name: ___________________ Title: _________
Verification:
- Verify beneficial owner identity same as individual CIP
- Obtain photo ID for each beneficial owner
- Document verification in account file
OFAC SCREENING
Sanctions Lists
Primary Lists:
- SDN List (Specially Designated Nationals) - ~11,000 entries
- Consolidated Sanctions List - All OFAC lists combined
- Foreign Sanctions Evaders - Violations of sanctions
- Non-SDN Lists - Sector sanctions, entities of concern
Update Frequency: OFAC updates lists frequently (sometimes daily)
Screening Requirements
WHEN TO SCREEN:
MANDATORY SCREENING POINTS:
├─ New account opening
├─ Existing customer name change
├─ Every wire transfer (incoming and outgoing)
├─ Every securities transfer
├─ Every ACH transaction
├─ Daily screening of all existing customers
└─ Real-time screening of counterparties
WHO TO SCREEN:
- Customer name
- Customer address
- Customer date of birth
- Beneficial owners
- Authorized signers
- Wire transfer originators
- Wire transfer beneficiaries
- Securities transfer parties
- Business associates
OFAC Screening Process
Automated Screening:
# Daily OFAC Screening Algorithm
def daily_ofac_screening():
"""
Screens all customers daily against OFAC lists
"""
# 1. Download latest SDN list from OFAC
sdn_list = download_ofac_sdn_list()
# 2. Get all active customers
customers = get_all_active_customers()
# 3. Screen each customer
for customer in customers:
matches = fuzzy_match(
customer.name,
customer.address,
customer.dob,
sdn_list,
threshold=85 # 85% match threshold
)
if matches:
# Alert for manual review
create_ofac_alert(
customer_id=customer.id,
potential_matches=matches,
priority="HIGH"
)
Manual Review Process:
For Each OFAC Alert:
Step 1: Initial Review (Within 1 Hour)
- Review customer information
- Review potential match information
- Assess similarity of:
- Name
- Date of birth
- Address
- Aliases
- Identification numbers
Step 2: Decision Matrix
HIGH CONFIDENCE MATCH:
├─ Name: Exact or very close match
├─ DOB: Exact match
├─ Address: Same country/city
└─ Action: BLOCK immediately, call OFAC hotline
POSSIBLE MATCH:
├─ Name: Similar but not exact
├─ DOB: Different or unknown
├─ Address: Different country
└─ Action: Enhanced review, request additional info
FALSE POSITIVE:
├─ Name: Common name, clearly different person
├─ DOB: Significantly different
├─ Address: Different country, no connection
└─ Action: Clear alert, document reasoning
Step 3: Blocking Procedures (if match confirmed)
IMMEDIATE ACTIONS:
- Freeze account (no transactions allowed)
- Do NOT notify customer (tipping off prohibited)
- Call OFAC hotline: 1-800-540-6322
- File online report: https://ofac.treasury.gov/contact-ofac
- Await OFAC guidance
OFAC Report Contents:
- Your contact information
- Customer information
- Account numbers
- Transaction details (if applicable)
- SDN name matched
- Supporting documentation
Follow OFAC Instructions:
- OFAC may authorize release (false positive)
- OFAC may require asset blocking
- OFAC may require transaction rejection
- All communications with OFAC documented
Step 4: Documentation
# OFAC SCREENING LOG
**Date:** [Date]
**Reviewer:** [Name]
**Alert ID:** [Number]
**Customer Information:**
- Name: [Full name]
- DOB: [Date]
- Address: [Full address]
- Account: [Number]
**Potential Match:**
- SDN Name: [Name from list]
- SDN DOB: [If available]
- SDN Address: [If available]
- SDN Program: [Sanctions program]
**Analysis:**
- Name similarity: [Exact/Close/Different]
- DOB comparison: [Match/Different/Unknown]
- Address comparison: [Same country/Different/Unknown]
- Other factors: [Aliases, ID numbers, etc.]
**Decision:** ☐ Match ☐ Possible Match ☐ False Positive
**Action Taken:**
[Description of action]
**Reviewer Signature:** _______________ **Date:** _______
**Secondary Review:** _______________ **Date:** _______
TRANSACTION MONITORING
Automated Monitoring Rules
Rule 1: Structuring Detection
TRIGGER: Multiple deposits <$10,000 totaling >=$10,000 within 24 hours
Examples:
• Customer deposits $9,500 and $9,500 same day = ALERT
• Customer deposits $8,000 three times in one day = ALERT
Purpose: Detect CTR avoidance
Review: Within 24 hours
Rule 2: Rapid Movement of Funds
TRIGGER: Deposit followed by withdrawal within 48 hours
Examples:
• Deposit $50,000, withdraw $45,000 next day = ALERT
• Wire in $100,000, wire out $95,000 same week = ALERT
Purpose: Detect potential layering
Review: Within 3 business days
Rule 3: Round Dollar Wires
TRIGGER: Wire transfers in exact round amounts (e.g., $10,000, $25,000, $50,000)
Especially suspicious if:
• High-risk country involved
• Customer has no history of such transactions
• No clear business purpose
Purpose: Detect potential money laundering
Review: Within 24 hours
Rule 4: Unusual Trading Patterns
TRIGGER: Trading activity inconsistent with customer profile
Examples:
• Dormant account suddenly active
• Conservative investor suddenly trading options
• Elderly customer day trading
• Account activity far exceeds stated income/net worth
Purpose: Detect potential account takeover or fraud
Review: Within 2 business days
Rule 5: High-Risk Geography
TRIGGER: Transactions involving high-risk jurisdictions
FATF High-Risk Countries (as of 2025):
• Myanmar
• North Korea
• [Others per current FATF list]
FATF Increased Monitoring:
• [Per current FATF list]
Purpose: Enhanced scrutiny for high-risk jurisdictions
Review: Within 1 business day
Rule 6: Third-Party Transactions
TRIGGER: Deposits/withdrawals from/to parties other than account holder
Examples:
• Check deposits from third parties
• Wires from unknown parties
• Withdrawals to third parties
Exceptions (not alerts):
• Employer payroll deposits
• Authorized third-party managers (documented)
Purpose: Detect potential fraud or money laundering
Review: Within 2 business days
Alert Review Process
Daily Alert Queue:
8:00 AM - Pull overnight alerts
8:30 AM - Triage alerts by priority
HIGH: OFAC, structuring, high-risk geography
MEDIUM: Third-party, rapid movement
LOW: Round dollars, unusual patterns
9:00 AM - Begin HIGH priority reviews
12:00 PM - HIGH priority reviews complete
1:00 PM - Begin MEDIUM priority reviews
5:00 PM - All HIGH and MEDIUM reviewed
(LOW reviewed within 5 business days)
Alert Review Checklist:
☐ Review customer account opening documentation
☐ Review customer historical activity
☐ Check customer risk rating
☐ Review triggered transaction(s)
☐ Check for business purpose
☐ Review any customer communications
☐ Check for related alerts (same customer)
☐ Research customer background (Google, LinkedIn, etc.)
☐ Determine if activity is:
☐ Expected/legitimate
☐ Unexpected but explainable
☐ Suspicious requiring SAR
☐ Document decision with reasoning
☐ Escalate to AML Officer if suspicious
SUSPICIOUS ACTIVITY REPORTING (SAR)
When to File a SAR
MANDATORY SAR FILING:
Threshold: $5,000+ (aggregate over 90 days)
Categories:
- Insider Abuse - Employee conducting unauthorized transactions
- Violations of Law - Customer using account for illegal activity
- Fraud - Any type of fraud
- Money Laundering - Transactions designed to hide proceeds
- Structuring - Avoiding CTR reporting
- Terrorist Financing - Funds for terrorist activities
- Identity Theft - Use of stolen identity
- Computer Intrusion - Hacking, unauthorized access
- Other - Any suspicious activity not otherwise categorized
SAR Decision Matrix:
Question 1: Is the activity suspicious?
└─ YES → Continue
└─ NO → Document why not, close alert
Question 2: Does it involve $5,000+ (aggregate)?
└─ YES → File SAR
└─ NO → Consider filing anyway if:
• Terrorism related
• Involves structuring
• Part of larger pattern
SAR Red Flags - Common Scenarios
SCENARIO 1: Structuring
RED FLAGS:
• Multiple deposits just under $10,000
• Customer makes deposits at multiple branches
• Customer asks about reporting thresholds
• Pattern of deposits designed to avoid CTR
EXAMPLE:
Customer deposits $9,800 on Monday, $9,900 on Tuesday, $9,700 on Wednesday
Total: $29,400 in 3 days - all under $10,000
SAR REQUIRED: Yes (clear structuring pattern)
SCENARIO 2: Rapid Movement
RED FLAGS:
• Large deposit immediately followed by withdrawal
• Funds moved through account with little economic purpose
• No trading activity, only deposits and withdrawals
EXAMPLE:
Monday: Wire in $100,000 from foreign bank
Tuesday: Purchase money market fund
Wednesday: Sell money market fund
Thursday: Wire out $98,000 to different foreign bank
SAR REQUIRED: Likely (layering, no apparent business purpose)
SCENARIO 3: Inconsistent with Profile
RED FLAGS:
• Activity far exceeds stated income/net worth
• Customer occupation doesn't match account activity
• Sudden change in account usage
EXAMPLE:
Customer listed occupation: "Retail clerk"
Customer listed income: "$35,000/year"
Account activity: $500,000 in deposits over 6 months
SAR REQUIRED: Yes (source of funds questionable)
SCENARIO 4: Uncooperative Customer
RED FLAGS:
• Customer refuses to provide information
• Customer provides false/inconsistent information
• Customer avoids contact
• Customer closes account when questioned
EXAMPLE:
Firm requests updated employment information (EDD)
Customer refuses to provide
Customer immediately requests full withdrawal and account closure
SAR REQUIRED: Yes (evasive behavior, possible fraud)
SCENARIO 5: Insider Trading Indicators
RED FLAGS:
• Trading prior to major announcements
• Unusual options activity
• Customer has connection to company insiders
• Pattern of profitable trades around news events
EXAMPLE:
Customer purchases significant call options
Two days later, company announces merger
Customer exercises options for 500% profit
Customer has no prior options trading history
Investigation reveals customer's spouse works at acquiring company
SAR REQUIRED: Yes (possible insider trading - also report to SEC)
SAR Filing Process
TIMELINE:
Day 0 - Suspicious activity detected
Day 1-5 - Investigation conducted
Day 6-10 - SAR decision made
Day 11-20 - SAR drafted and reviewed
Day 21-30 - SAR filed with FinCEN
Maximum: 30 days from detection
SAR Investigation Checklist:
☐ Review all account documentation
☐ Review all transaction history (minimum 90 days)
☐ Interview relationship manager/rep (if appropriate)
☐ Conduct open-source research (Google, social media, news)
☐ Review beneficial ownership information
☐ Check for related accounts or customers
☐ Review prior SARs or alerts for same customer
☐ Determine if pattern or isolated incident
☐ Assess whether criminal referral warranted
☐ Document all findings
☐ Prepare SAR recommendation memo
☐ Route to AML Officer for decision
SAR Filing Form (FinCEN SAR):
Required Information:
PART I - SUBJECT INFORMATION
├─ Name, address, DOB, SSN/EIN
├─ Identification documents
├─ Occupation/business
├─ Phone numbers
└─ Account numbers
PART II - SUSPICIOUS ACTIVITY
├─ Date of detection
├─ Date range of activity
├─ Total dollar amount
├─ Activity type (checkboxes)
└─ IP addresses (if cyber-related)
PART III - NARRATIVE
├─ Who: Subjects involved
├─ What: Description of suspicious activity
├─ When: Timeline
├─ Where: Locations involved
├─ How: Method used
└─ Why: Why suspicious
PART IV - FILING INSTITUTION
├─ Firm information
├─ Contact person
└─ Branch information
PART V - CONTACT FOR ASSISTANCE
└─ Who law enforcement should contact
SAR Narrative Best Practices:
GOOD Narrative:
On January 5, 2025, customer John Doe (DOB: 01/15/1980, SSN: xxx-xx-1234) deposited $9,800 cash at Branch A. On January 6, 2025, the same customer deposited $9,900 cash at Branch B. On January 7, 2025, the customer deposited $9,700 cash at Branch C. Total deposits: $29,400 over 3 days.
Customer's account opening information indicates employment as "teacher" with annual income of "$55,000". Customer had no prior cash deposit history. When contacted by registered representative on January 8 regarding the deposits, customer stated funds were "from savings" but became evasive when asked for details. Customer requested immediate withdrawal of funds on January 9.
The pattern of deposits just under $10,000, made at different branches, over consecutive days, appears designed to avoid CTR reporting requirements. The activity is inconsistent with customer's stated occupation and income. Customer's evasive responses and immediate withdrawal request further support suspicion of structuring.
POOR Narrative:
Customer made suspicious deposits. We think it's structuring. Customer was weird when we asked about it.
SAR Filing:
File electronically via BSA E-Filing System:
https://bsaefiling.fincen.treas.gov/
✅ Use institution's BSA E-Filing credentials
✅ Complete all required fields
✅ Attach supporting documentation
✅ Obtain filing confirmation number
✅ Save confirmation in SAR file
Post-SAR Actions
Account Decisions:
Option 1: MAINTAIN ACCOUNT
• If isolated incident
• If customer cooperates
• If ongoing monitoring sufficient
• Enhanced monitoring implemented
Option 2: CLOSE ACCOUNT
• If repeated suspicious activity
• If customer uncooperative
• If risk too high to manage
• If criminal activity suspected
PROHIBITED: Do not disclose SAR filing to customer (tipping off)
Violation: Up to 5 years imprisonment
SAR Tracking:
# SAR LOG
SAR_Number | Filing_Date | Customer_Name | Account | Amount | Activity_Type | Status | Notes
SAR-2025-001 | 2025-01-15 | John Doe | 12345 | $29,400 | Structuring | Filed | Closed account
SAR-2025-002 | 2025-01-20 | ABC Corp | 67890 | $150,000 | Rapid movement | Filed | Under review
CURRENCY TRANSACTION REPORTING (CTR)
CTR Filing Requirements
Threshold: $10,000+ in currency (cash) in single day
Multiple Transactions:
If customer conducts multiple currency transactions totaling >$10,000 same day:
└─ Aggregate and file ONE CTR
Examples:
• Deposit $6,000 + Deposit $5,000 = $11,000 → FILE CTR
• Withdraw $3,000 + Deposit $8,000 = $11,000 → FILE CTR
• Deposit $10,001 = FILE CTR
Currency Defined:
- U.S. coins and currency
- Foreign currency (calculate USD equivalent)
- Cashier's checks, money orders, traveler's checks if >$10,000 cash exchanged
NOT Currency:
- Personal checks
- Wire transfers
- ACH transfers
CTR Filing Timeline
DEADLINE: 15 days after transaction
Best Practice: File within 5 days
CTR Exemptions
Eligible for Exemption (after 12 months):
- Listed public companies
- Subsidiaries of listed companies
- U.S./state/local governments
- Banks and financial institutions
- Businesses with operating accounts meeting criteria
Not Eligible for Exemption:
- Individuals
- Sole proprietorships
- Most small businesses
- Check cashing services
- Money transmitters
Exemption Process:
- Customer maintains account for 12 months
- Firm designates customer as exempt
- File FinCEN Form 110 (Designation of Exempt Person)
- Review exemption annually
- File renewal every 2 years
CTR Form Completion
Required Information:
PART I - PERSON(S) ON WHOSE BEHALF TRANSACTION(S) IS CONDUCTED
├─ Name, address, DOB, SSN/EIN
├─ Occupation/business
└─ Identification (type, number, issuing authority)
PART II - INDIVIDUAL(S) CONDUCTING TRANSACTION(S)
└─ If different from Part I, same information
PART III - AMOUNT AND TYPE OF TRANSACTION(S)
├─ Cash in: $________
├─ Cash out: $________
├─ Foreign currency exchanged
└─ Total: $________
PART IV - BRANCH INFORMATION
└─ Where transaction occurred
TRAINING & TESTING
Annual AML Training
Required Participants: ALL employees
Minimum Content:
- AML laws and regulations
- Firm's AML program
- Red flags and suspicious activity
- Reporting procedures
- Sanctions compliance
- Consequences of violations
Training Duration: 60-90 minutes minimum
Training Record:
Employee_Name,Employee_ID,Training_Date,Training_Topic,Hours,Score,Trainer,Signature_Date
John Smith,E1001,2025-01-15,AML Annual Training,1.5,95%,Jane Doe,2025-01-15
Independent Testing
Frequency: Annual minimum
Scope:
COMPREHENSIVE AML TESTING:
├─ CIP procedures review
├─ CDD/EDD procedures review
├─ Beneficial ownership compliance
├─ OFAC screening effectiveness
├─ Transaction monitoring system
├─ SAR decision-making process
├─ CTR filing accuracy
├─ Recordkeeping compliance
├─ Training program adequacy
├─ AML Officer effectiveness
└─ Overall program effectiveness
Tester Qualifications:
- Independent (not AML Officer or supervised by AML Officer)
- Knowledgeable about AML requirements
- Preferably external qualified consultant
Testing Deliverable:
- Written report
- Findings and recommendations
- Management response
- Remediation timeline
🖤🛣️ BlackRoad OS, Inc. AML/BSA Compliance Playbook Version 1.0 | January 2026