12 CFR 748.2 – Procedures for monitoring Bank Secrecy Act (BSA) compliance
(a) Purpose. This section is issued to ensure that all federally insured credit unions establish and maintain procedures reasonably designed to assure and monitor compliance with the requirements of subchapter II of chapter 53 of title 31, United States Code, the Financial Recordkeeping and Reporting of Currency and Foreign Transactions Act, and the implementing regulations promulgated under it by the Department of Treasury, 31 CFR chapter X.
(b) Establishment of a BSA compliance program—(1) Program requirement. Each federally insured credit union shall develop and provide for the continued administration of a program reasonably designed to assure and monitor compliance with the recordkeeping and recording requirements in subchapter II of chapter 53 of title 31, United States Code and implementing regulations issued by the Department of Treasury at 31 CFR chapter X. The compliance program must be written, approved by the credit union’s board of directors, and reflected in the credit union’s minutes.
(2) Customer identification program. Each federally insured credit union is subject to the requirements of 31 U.S.C. § 5318(l) and the implementing regulation jointly promulgated by the NCUA and Department of the Treasury at 31 CFR 1020.220, which require a customer identification program to be implemented as part of the BSA compliance program required under this section.
(c) Contents of compliance program. Such compliance program shall at a minimum—
(1) Provide for a system of internal controls to assure ongoing compliance;
(2) Provide for independent testing for compliance to be conducted by credit union personnel or outside parties;
(3) Designate an individual responsible for coordinating and monitoring day-to-day compliance; and
(4) Provide training for appropriate personnel.