This post is part of our occasional series on AML program fundamentals which focuses on refreshing foundational knowledge for experienced members of the AML community and providing an introduction to key topics for those new to the subject. As discussed in The Five Pillars of an AML Compliance Program, employee training is a key element of an AML compliance program. The minimum training requirement is set out in the FFIEC BSA/AML Examination Manual:
Banks must ensure that appropriate personnel are trained in applicable aspects of the BSA. Training should include regulatory requirements and the bank’s internal BSA/AML policies, procedures, and processes. At a minimum, the bank’s training program must provide training for all personnel whose duties require knowledge of the BSA. The training should be tailored to the person’s specific responsibilities.
The requirement states that “appropriate personnel” and “all personnel whose duties require knowledge of the BSA” must receive training. While it is clear that customer facing staff should receive training, a careful review of the regulatory material makes it equally clear that nearly all staff need some instruction on the requirements and internal processes that touch their area of responsibility. This includes senior management and board members.
As stated in the Manual, the training must provide an understanding of the regulatory requirements. This includes providing an overview of the Bank Secrecy Act (BSA) and the related regulations. This part of the training process may also include information about published guidance and regulatory expectations articulated in speeches by agency officials and communicated to the institution during the examination process. While it is not clear that these last categories are “regulatory requirements,” if they have help shape an FI’s program, they should be included in the training as part of the “why” we are doing this.
The training should also include a clear discussion of the FI’s policies, these are the what and why of the compliance program. They are usually set out in beginning of the program documentation and should understood by everyone responsible for success of the program.
The next element of training is a review of the procedures embedded in the program. These elements are the how, when, who and where, relating to the requirements of the program. Procedures are the FI’s way of doing AML compliance.
Another piece of the training is instruction on the processes the FI uses in its compliance activities. Process is the step-by-step roadmap of how the FI implements its procedures.
While a high level overview of the BSA statutory and regulatory requirements is a basic part of any training curriculum, there should be focus on the specific job activities of each group being trained. When onboarding new employees, an introduction to the FI’s compliance program makes sense; additional training will be needed as individuals take on their specific roles in the organizations. The training provided to a teller will be different from the training provided to an analyst in the financial intelligence unit, and different still, from the training provided to the board directors.
Training also should be ongoing. Regulatory requirements change often and the training process needs to keep up with these changes. Another reason for ongoing training is that FIs are regularly updating their policies, procedures and processes, and these updates must be communicated to the impacted employees. For staff directly involved in AML compliance, changes to procedures, processes and systems will also prompt the need for updated training. Ongoing training is important because it keeps the concepts top of mind and allows the recipients of the training be most effective.
Training can take many forms: in-person instruct led, online instructor led, online self-paced, self-study printed material and others. Each FI will choose the format and channels which fit its approach to training, its size and geographic spread and its unique needs. A variety of training formats can help reach employees across the spectrum of learning styles. Assessment of the comprehension of the material is also an important aspect of effective training and should be included in all types of training.
The details of a training program should be documented as should all staff participation in the program, as it would otherwise be difficult to show compliance with this program requirement without comprehensive documentation.
As with all of the training provided by FIs, construction of the AML compliance program training should include both individuals skilled in building and providing training, as well as subject matter experts in AML compliance that can help to implement the necessary components of the program.
As with each of the five pillars, careful attention to the creation, management and implementation of the training element will help an FI operate an effective AML compliance program.