To combat money laundering in the U.S., Congress enacted a series of laws, collectively referred to as the Bank Secrecy Act (BSA), requiring financial institutions, including money services businesses (MSB), to deter and detect potential money laundering, and report suspicious activities to the U.S. Department of the Treasury’s Financial Crimes Enforcement Network. Under the BSA, the U.S. Postal Service, defined as a MSB, is required to comply with the law.
Our objective was to determine whether the Postal Service anti-money laundering program is adequately designed and implemented to ensure compliance with the BSA and to identify opportunities to enhance the program.
What the OIG Found
The Postal Service anti-money laundering program is adequately designed to ensure compliance with the BSA, but management could enhance its implementation. We identified three opportunities to enhance the BSA program. Specifically, we found that Postal Service management:
- Relied on contractor services to comply with BSA requirements. BSA Compliance Office management monitors ongoing suspicious activity, identifies suspicious activity through a proactive lookback process, and analyzes reports developed by senior analysts. However, the prime contractor had full control over determinations and decisions mostly involving structuring transactions and activity not already monitored by the BSA Compliance Office. In addition, BSA management depended on a separate contractor to perform quality assurance reviews of suspicious activity reporting. This occurred because the Postal Service did not provide sufficient oversight of the contractors performing compliance or quality assurance procedures. This level of reliance, without sufficient oversight, could affect the functioning of the compliance program if the contractor relationship is terminated. Sufficient oversight is critical to ensure continued BSA compliance processing.
- Did not include changes to procedures for obtaining missing information on Postal Service (PS) Form 8105-A, Funds Transaction Report, in its BSA procedures manual. This was an unintentional omission by BSA management. When procedures are not updated, processes may not be accurately or timely completed and required information may not be obtained, which puts the program at risk for non-compliance with BSA record-keeping requirements. Also, outdated or inaccurate procedures are an unreliable source of reference for current employees and new hires who are not aware of organizational procedures.
- Did not address all risk factors for the identification and analysis of suspicious activity in their BSA risk assessment, including BSA processing and recordkeeping systems, employee turnover at post offices, and the BSA compliance office’s relationship with post offices and contract postal units. This occurred because BSA management did not have formal, documented procedures for preparing risk assessments. Also, management decided not to widely disseminate these procedures.Documentation of the procedures for preparing the risk assessment would mitigate the risk of any significant omission of information that is critical for the identification and analysis of suspicious activity. In addition, current, accurate documentation provides a means to retain organizational knowledge and mitigate the risk of having that knowledge limited to a few personnel. Because of our audit, management updated its procedures manual to include procedures for obtaining missing information on PS form 8105-A. Also, they agreed to fully address operational risk beginning with the fiscal year 2018 risk assessment and created formalized procedures for preparing the risk assessment. Accordingly, we are not making a recommendation on these issues.
What the OIG Recommended
We recommended management:
Enhance oversight practices over contractors used to assist the Postal Service in complying with the BSA.