BSA/AML Independent Audit Preparation Checklist

Pre-audit inspection checklist for assembling BSA/AML governance documents, transaction monitoring logs, sanctions screening records, and training evidence for independent testing.

Audit Scope and Readiness

• Audit period and entity scope documented
  Verify the review period, legal entity, branch coverage, and business lines included in the independent audit are clearly defined.
• Independent tester engagement letter or assignment documented
  Confirm the independent testing engagement, scope, and reporting line are documented and available for review.
• Prior audit findings and open issues tracked
  Check that prior BSA/AML audit findings, management responses, and remediation status are compiled.
• Current BSA/AML risk assessment available
  Ensure the most recent enterprise-wide BSA/AML risk assessment is available, approved, and dated.

Policies, Procedures, and Governance

• BSA/AML program policy current and approved
  Confirm the written BSA/AML policy is current, approved by management or the board as applicable, and accessible.
• Procedures for customer due diligence and enhanced due diligence available
  Verify procedures address customer identification, beneficial ownership, CDD, and EDD where required.
• Board or committee reporting package available
  Confirm recent board, committee, or senior management reporting on BSA/AML metrics, issues, and escalations is compiled.
• Independent testing scope and methodology retained
  Verify the testing methodology, sampling approach, and workpapers supporting prior independent reviews are retained.

Transaction Monitoring and Regulatory Reporting Logs

• SAR log complete for audit period
  Confirm the Suspicious Activity Report log includes filing dates, case references, disposition, and status for the audit period.
• CTR log complete for audit period
  Verify the Currency Transaction Report log includes reportable transactions, filing status, and exception handling.
• OFAC screening hit log available
  Ensure sanctions screening alerts, true hits, false positives, dispositions, and escalation evidence are compiled.
• Alert investigation and case disposition records available
  Check that alert review records show investigation steps, rationale, and closure decisions for sampled cases.

Training, Staffing, and Competency

• Annual BSA/AML training records complete
  Confirm annual training completion records are available for applicable employees, officers, and directors.
• Role-based training for high-risk functions documented
  Verify enhanced training exists for roles such as operations, onboarding, investigations, and sanctions screening.
• Training completion rate
  Enter the percentage of required personnel who completed assigned BSA/AML training on time.
• Training materials and attendance rosters retained
  Confirm course materials, rosters, completion certificates, and make-up training evidence are retained.

Records, Retention, and Evidence Package

• Evidence binder or shared folder organized by audit request
  Verify documents are organized by request number, topic, or control area for efficient auditor access.
• Record retention periods applied consistently
  Confirm BSA/AML records are retained according to policy and applicable regulatory retention requirements.
• Supporting evidence for sampled items available
  Ensure supporting documents exist for sampled accounts, alerts, filings, investigations, and approvals.
• Known deficiencies and remediation plan documented
  Document any known deficiencies, root cause analysis, remediation owner, and target completion dates.