The Bank Secrecy Act (BSA) requires that insurance companies identify and report suspicious activities, which is the ultimate goal of transaction monitoring. Companies are free to choose how they monitor transactions – via manual processes, exception reports, and/or transaction monitoring systems (TMSs) – as appropriate
for their size and risk profile, as long as the method(s) effectively identify suspicious activities and support timely reporting.
To ensure effectiveness, regulations require that life and annuity insurers test their transaction monitoring periodically as part of the required independent testing or audit. The Federal Financial Institutions Examination Council (FFIEC) BSA/ Anti-Money Laundering (AML) Examination Manual states that “Independent testing should, at a minimum, include…a review of the effectiveness of the suspicious activity monitoring systems (manual, automated, or a combination) used for BSA/AML compliance.” It instructs examiners to verify the adequacy of the independent audit:
“Determine whether the audit’s review of suspicious activity monitoring systems includes an evaluation of the system’s ability to identify unusual activity. Ensure through a validation of the auditor’s reports and work papers that the bank’s independent testing:
- Reviews policies, procedures, and processes for suspicious activity monitoring.
- Evaluates the system’s methodology for establishing and applying expected activity or filtering criteria.
- Evaluates the system’s ability to generate monitoring reports.
- Determines whether the system filtering criteria are reasonable and include, at aminimum, cash, monetary instruments, funds transfers, and other higher-risk products,services, customers, or geographies, as appropriate.
The BSA/AML Examination Manual for Money Services Businesses, which the IRS has been using as a primary guideline for examining insurance companies until the final version of the BSA/AML Insurance Examination Manual is made available, stipulates that “…the review should include testing of internal controls and transactional systems and procedures to identify problems and weaknesses and, if necessary, recommend to management appropriate corrective actions.” It guides the IRS examiner in testing the TMS to determine the adequacy of its controls.