12 CFR § 326.8 - Bank Secrecy Act compliance.
(a) Purpose. This subpart is issued to assure that all FDIC-supervised institutions as defined in 12 CFR 326.1 establish and maintain procedures reasonably designed to assure and monitor their compliance with the requirements of subchapter II of chapter 53 of title 31, United States Code, and the implementing regulations promulgated thereunder by the Department of Treasury at 31 CFR Chapter X.
(b) Compliance procedures—(1) Program requirement. Each institution shall develop and provide for the continued administration of a program reasonably designed to assure and monitor compliance with recordkeeping and reporting requirements set forth in subchapter II of chapter 53 of title 31, United States Code, and the implementing regulations issued by the Department of Treasury at 31 CFR Chapter X. The compliance program shall be written, approved by the institution's board of directors, and noted in the minutes.
(2) Customer identification program. Each institution is subject to the requirements of 31 U.S.C. 5318(l) and the implementing regulation jointly promulgated by the FDIC and the Department of the Treasury at 31 CFR 1020.220.
(c) Contents of compliance program. The compliance program shall, at a minimum:
(1) Provide for a system of internal controls to assure ongoing compliance;
(2) Provide for independent testing for compliance to be conducted by institution personnel or by an outside party;
(3) Designate an individual or individuals responsible for coordinating and monitoring day-to-day compliance; and
(4) Provide training for appropriate personnel.