Independent Testing, Audit & Training Playbook
Core BSA/AML Program Pillars – Independent Validation, Assurance, and Workforce Competence
The Customer Onboarding & CDD/EDD Playbook establishes the Bank’s risk-based framework for identifying, verifying, and understanding customers and
beneficial owners. It ensures that the institution’s onboarding processes comply with the Bank Secrecy Act (BSA), FinCEN CDD Rule (31 CFR 1010.230),
and global AML standards, while supporting a seamless client experience.
What This Playbook Covers
This Playbook provides standardized procedures for customer identification, risk scoring, and enhanced due diligence, ensuring consistent application
across jurisdictions, business lines, and customer types. It integrates governance oversight, automated screening, and continuous monitoring to
ensure the integrity of the Bank’s client base. It serves as the foundation for managing AML risk exposure during onboarding and supports ongoing
risk management efforts throughout the customer lifecycle.
Introduction & Purpose
Objective: Define the scope and intent of FundBank’s independent testing, audit, and training programs as essential BSA/AML pillars.
1.1 Overview
This playbook operationalizes Master Program § 6 (Independent Testing) and § 5 (Training), expanding on the principles of independence, competence, and
assurance defined in 31 C.F.R. § 1020.210(b)(3)–(4) and the FFIEC BSA/AML Exam Manual. It establishes the framework by which FundBank validates the
effectiveness of its AML controls and ensures its workforce remains competent and compliant.
1.2 Objectives
Provide a consistent, risk-based methodology for independent testing and internal audit of the AML program.
Define governance, roles, and accountability for assurance activities.
Design a risk-aligned training curriculum covering Board, management, operations, and specialist audiences.
Promote continuous improvement through feedback, remediation, and QA cycles.
1.3 Regulatory Expectations
The Bank’s approach adheres to:
FinCEN 31 C.F.R. § 1020.210(b)(3)–(4) (independent testing / training).
FFIEC BSA/AML Manual, “Independent Testing,” “Audit,” and “Training” sections.
OCC Comptroller’s Handbook: Internal and External Audits.
FATF Recommendations 18 & 23 on internal controls and independent review.
AMLA 2020 § 6101 continuous improvement principles.
1.4 Applicability & Scope
Applies to all FundBank entities and ailiates globally. Testing covers AML, sanctions, fraud, and consumer compliance processes, including third-party and
fintech partners (Master Program § 4.8).
1.5 Core Principles
Independence: Testers must be free of operational influence.
Objectivity: Conclusions are evidence-based and traceable.
Competence: Staff are trained and certified for AML assurance work.
Continuous Improvement: Lessons drive policy, training, and model enhancements.
Governance, Oversight & Roles
Objective: Describe oversight structure, independence safeguards, and accountability mechanisms.
2.1 Program Governance & Accountability
The Board Risk Committee retains ultimate oversight of independent testing results and training eectiveness (Master Program § 2.1 & § 2.2). The BSA
Officer ensures that findings are tracked and remediated. Quarterly summaries of audit results and training metrics are submitted to the Committee.
2.2 Three Lines of Defense
2.3 Independence & Segregation
Independent testing is performed by personnel not involved in day-to-day AML operations and reporting directly to the Audit Committee, not management.
Testing engagements must avoid conflicts per IIA Standards 1110–1130.
2.4 Committee Oversight & Escalation
Audit Committee: Approves annual testing plan and receives all high-risk findings.
Compliance Committee: Monitors training coverage and remediation progress.
BSA/AML Oversight Committee: Integrates results into risk appetite and EWRA updates.
2.5 Policies & Documentation
All test plans, reports, and training curricula are subject to document control and five-year retention under Master Program § 7.4.
| Line | Function | Example Activities |
|---|---|---|
| 1. Business Operations | Own and operate controls | Perform CIP, CDD, TM, and EDD activities |
| 2. Compliance Oversight | Monitor and challenge | Review policies and monitor metrics |
| 3. Internal Audit / Independent Testing | Validate effectiveness | Perform risk-based testing and report to the Board |
Independent Testing Program Framework
Objective: Define the structure and risk-based methodology for AML testing.
3.1 Objectives & Scope
Independent testing provides assurance that FundBank’s AML program is designed and operating eectively. Scope includes governance, CIP/CDD/EDD,
transaction monitoring, sanctions, training, recordkeeping, and reporting.
3.2 Risk-Based Testing Methodology
Testing prioritizes areas of higher inherent or residual risk identified in the Enterprise-Wide Risk Assessment (EWRA) (Master Program § 3). Risk factors
include transaction volume, customer type, geography, prior findings, and regulatory focus.
3.3 Annual Testing Plan Development
Conduct annual planning based on EWRA outputs, regulatory updates, and management input.
Obtain Audit Committee approval before execution.
Integrate AMLA 2020 priorities (cybercrime, corruption, PF, human traicking) into scope selection.
3.4 Roles & Responsibilities
Internal Audit: Executes formal audits per IIA Standards.
Independent Testing Team (2.5 Line): Performs focused AML reviews between audit cycles.
External Consultants: May perform validation under BSA Oicer oversight.
All testers must hold relevant credentials (CPA, CIA, CAMS).
3.5 Internal vs. External Coverage
Internal Audit ensures coverage of all AML program components at least every 18–24 months. External reviews (e.g., model validation, sanctions system
testing) occur biennially or as mandated by regulators.
3.6 Documentation & Record Retention
Each test engagement produces:
Test Plan (scope, objectives, sampling).
Workpapers (evidence, test results, reviewer sign-o).
Draft & Final Report (findings, ratings, management actions).
All materials retained for five years and linked to the Issue Tracker (Master Program §11.4).
Independent Testing, Audit & Training Playbook
Core BSA/AML Program Pillars – Independent Validation, Assurance, and Workforce
Competence
Independent Testing, Audit & Training Playbook
Core BSA/AML Program Pillars – Independent Validation, Assurance, and Workforce
Competence
It all begins with an idea. Maybe you want to launch a business. Maybe you want to turn a hobby into something more. Or maybe you have a creative project to share with the world. Whatever it is, the way you tell your story online can make all the difference.
Make it stand out.
It all begins with an idea. Maybe you want to launch a business. Maybe you want to turn a hobby into something more. Or maybe you have a creative project to share with the world. Whatever it is, the way you tell your story online can make all the difference.
Make it stand out.
It all begins with an idea. Maybe you want to launch a business. Maybe you want to turn a hobby into something more. Or maybe you have a creative project to share with the world. Whatever it is, the way you tell your story online can make all the difference.
