The Contractor should: • Conduct independent testing of CILC’s BSA/AML compliance program that is risk-based and tailored to CILC’s operations • Assess CILC’s compliance with applicable BSA/AML regulatory requirements • Evaluate the overall adequacy of CILC’s BSA/AML compliance program • Report results directly to CILC’s Board of Directors (or designated committee), with management also receiving a copy for response and corrective action planning The audit shall include a risk-based review of key program elements, such as: • Whether CILC’s BSA/AML risk assessment aligns with CILC’s risk profile (products, services, customers, and geographic locations) • The adequacy of CILC’s policies, procedures, and processes for BSA/AML compliance • Adherence to recordkeeping and reporting requirements, including: o Customer Due Diligence (CDD) o Customer Identification Program (CIP) o Beneficial Ownership o OFAC/sanctions screening o Suspicious Activity Reports (SARs) • The effectiveness of CILC’s suspicious activity identification, escalation, and reporting processes • The completeness and accuracy of CILC’s information technology sources, systems, and processes supporting BSA/AML compliance • Training coverage and documentation for staff, management, and the Board tailored to specific functions and positions • Management’s corrective actions to address any violations or deficiencies noted in prior testing or examinations The Contractor’s final report should: • Include a statement about CILC’s overall compliance with BSA/AML requirements and the adequacy of it compliance program • Provide feedback on CILC’s draft revised BSA/AML policy, which is significantly shorter than the current version, and assess whether it is sufficient to meet regulatory expectations and examiner standards
