The end of the calendar year is a critical checkpoint for your BSA/AML program. Here's the year-end review checklist that every covered business should complete before December 31.
Year-end is the last opportunity to close training, risk assessment, and filing gaps before they become findings
December is the month when compliance gaps become compliance failures. Annual training that was supposed to happen in Q3 but got pushed to Q4 is now overdue. Risk assessments that were flagged for update after a product launch in September are still sitting in draft. Independent testing that was scheduled for November got postponed. The year-end review is your last opportunity to close these gaps before they become examination findings.
Training completion records must be current for every covered employee before December 31
The first item on the year-end checklist is training completion. Pull your training records and confirm that every employee who should have received annual AML training in 2023 has a documented completion record. If there are gaps, schedule makeup training immediately - even a brief, documented session is better than a missing record. Examiners who find employees without current training records will ask why, and "we ran out of time" is not an acceptable answer.
Risk assessments must reflect material business changes that occurred during the year
The second item is risk assessment currency. Review your risk assessment and confirm that it reflects your current business. If your business changed materially in 2023 - new products, new customers, new locations, new staff - and your risk assessment hasn't been updated to reflect those changes, update it before year-end. A risk assessment that doesn't match your current business is a compliance liability.
CTR and SAR filing records should be reviewed for gaps before the calendar year closes
The third item is filing review. Pull your CTR and SAR filing records for the year and look for gaps. Were there months with unusually low filing volume? Were there transactions that should have generated filings but didn't? A self-identified gap that you address proactively is far less damaging than a gap that a regulator identifies during an examination.
Independent testing that slipped creates a gap in the testing record - schedule January immediately
The fourth item is independent testing status. If your annual independent review hasn't happened yet, schedule it for January. A testing cycle that slips into the following year creates a gap in your testing record that examiners will notice. If your testing was completed, review the findings and confirm that all identified issues have been addressed or are on a documented remediation timeline.
Tags
BSA/AML Principal Consultant · Soflo Consulting
Elena Vargas is a BSA/AML Principal Consultant at Soflo Consulting with over a decade of experience building and auditing compliance programs for regulated businesses across the United States. She specializes in enforcement action remediation, risk assessment development, and examination preparation for money services businesses, mortgage lenders, and fintech companies.
5 sections
Key Takeaways
- 1Year-end is the last opportunity to close training, risk assessment, and filing gaps before they become findings
- 2Training completion records must be current for every covered employee before December 31
- 3Risk assessments must reflect material business changes that occurred during the year
- 4CTR and SAR filing records should be reviewed for gaps before the calendar year closes
- 5Independent testing that slipped creates a gap in the testing record - schedule January immediately
Need Expert Guidance?
Put these insights into action. Schedule a free consultation with a Soflo Consulting compliance specialist.
Stay Ahead of Compliance
Get FinCEN updates, BSA/AML guidance, and federal compliance news delivered to your inbox - no fluff.
