KYC/AML/BSA Assessment

KYC/AML/BSA Assessment

Assess Know Your Customer (KYC), Anti-Money Laundering (AML), and Bank Secrecy Act (BSA) compliance for "$ARGUMENTS". Evaluate customer identification, due diligence, transaction monitoring, and suspicious activity reporting programs.

Prerequisites

Read .metapowers/compliance/$ARGUMENTS/00-scope.md. If this file does not exist, tell the user:

Phase 0 (Scope) has not been completed for "$ARGUMENTS". Run /compliance:regulatory-landscape $ARGUMENTS first, or use --skip-checks to bypass.

If --skip-checks is present in $ARGUMENTS, skip this check.

Process

1. Read context files:

   • Read plugins/compliance/shared/grc-lifecycle-guide.md for GRC methodology reference
   • Read plugins/compliance/shared/assessment-template.md for output structure
   • Read .metapowers/compliance/$ARGUMENTS/00-scope.md for scope and control framework context

2. Customer Identification Program (CIP):

   • Assess identity verification procedures for all account types (individual, business, beneficial owners)
   • Evaluate identification methods (documentary, non-documentary, combination)
   • Review minimum information collected (name, date of birth, address, identification number)
   • Assess record retention for CIP documentation (5-year requirement)
   • Evaluate procedures for customers who cannot be adequately identified

3. Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD):

   • Assess standard CDD procedures (customer risk rating, nature and purpose of relationship)
   • Evaluate risk-based approach to CDD (low, medium, high risk categories)
   • Review EDD triggers and procedures for higher-risk customers (PEPs, high-risk jurisdictions, complex structures)
   • Assess ongoing monitoring and periodic review cadence based on risk rating
   • Evaluate beneficial ownership identification and verification (25% threshold, control prong)

4. Beneficial ownership requirements:

   • Assess compliance with FinCEN Beneficial Ownership Rule (CDD Rule)
   • Evaluate procedures for identifying and verifying beneficial owners of legal entity customers
   • Review Corporate Transparency Act (CTA) readiness and BOI reporting awareness
   • Assess record-keeping and update triggers for beneficial ownership changes

5. Transaction monitoring systems and rules:

   • Assess automated transaction monitoring system configuration and tuning
   • Evaluate alert generation rules and thresholds for unusual activity patterns
   • Review alert disposition workflow (investigation, escalation, closure, documentation)
   • Assess model risk management for monitoring systems (validation, back-testing)
   • Evaluate coverage gaps (new products, channels, customer segments)

6. Suspicious Activity Report (SAR) filing:

   • Assess SAR decision-making process and documentation
   • Evaluate filing timeliness (30-day initial detection, 60-day if no suspect identified)
   • Review SAR narrative quality and completeness
   • Assess continuing activity reporting procedures (90-day reviews)
   • Evaluate SAR confidentiality safeguards

7. Currency Transaction Report (CTR) requirements:

   • Assess CTR filing procedures for transactions exceeding $10,000
   • Evaluate aggregation rules for multiple transactions by or on behalf of the same person
   • Review exemption procedures (Phase I and Phase II exempt persons)
   • Assess timeliness of filing (15 calendar days)

8. OFAC sanctions screening:

   • Assess OFAC screening integration points (onboarding, transactions, periodic rescreening)
   • Evaluate screening system coverage (SDN list, sectoral sanctions, country programs)
   • Review match resolution and false positive handling procedures
   • Assess escalation procedures for potential true matches
   • Evaluate interdiction capabilities for real-time transaction blocking

9. AML training program:

   • Assess training scope (all employees, role-specific, board-level)
   • Evaluate training content currency and relevance
   • Review training frequency and completion tracking
   • Assess training effectiveness measurement

10. BSA/AML officer and governance:

    • Assess BSA/AML officer designation, qualifications, and authority
    • Evaluate reporting line and access to board/senior management
    • Review BSA/AML program documentation and board approval
    • Assess resource adequacy (staff, technology, budget)

11. Independent testing/audit program:

    • Assess scope and frequency of independent testing (risk-based, at minimum every 12-18 months)
    • Evaluate independence of testing function (internal audit or external party)
    • Review prior audit findings and remediation tracking
    • Assess regulatory examination history and MRA/MRIA status

12. Write the artifact to .metapowers/compliance/$ARGUMENTS/01-assess/kyc-aml.md following the assessment template structure with:

    • CIP Assessment — identity verification coverage and adequacy
    • CDD/EDD Program — risk rating methodology and due diligence depth
    • Beneficial Ownership — identification, verification, and maintenance procedures
    • Transaction Monitoring — system coverage, alert management, and tuning effectiveness
    • SAR/CTR Filing — timeliness, quality, and process compliance
    • OFAC Screening — coverage, integration points, and match resolution
    • Governance — BSA officer, training, and independent testing
    • Evidence Inventory — existing evidence and evidence gaps
    • Remediation Priorities — ranked list of gaps to address

Output

The KYC/AML/BSA assessment written to .metapowers/compliance/$ARGUMENTS/01-assess/kyc-aml.md. Present a summary to the user highlighting:

• Overall BSA/AML program maturity assessment
• Transaction monitoring coverage and alert management effectiveness
• SAR filing quality and timeliness metrics
• Top 3 gaps requiring remediation