On July 22, 2019, the Federal Reserve Board, Federal Deposit Insurance Corporation, National Credit Union Administration, Office of the Comptroller of the Currency (banking agencies), and the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) are issued a joint statement highlighting their risk-focused approach to Bank Secrecy Act/Anti-Money laundering (BSA/AML) compliance exams.
It is important to note that this statement from the Agencies and FinCEN does not institute new requirements; rather, it is intended to improve transparency into the risk-focused approach examiners use for planning and performing BSA/AML exams. Identifying and mitigating risk is a vital component of a financial institution’s BSA/AML compliance program, which allows banks to allocate resources commensurate with areas and levels of risk. Examiners look to risk assessments and other information to determine an institution’s risk profile, which assists with determining the focus of the exam and ultimately in evaluating the institution’s BSA/AML compliance program.
Common practices used by the Agencies to assess a financial institution’s risk profile include:
- Leveraging available information, including the bank’s BSA/AML risk assessment, independent testing or audits, analyses and conclusions from previous examinations, and other information available through the off-site monitoring process or a request letter to the bank,
- Contacting banks between examinations or prior to finalizing the scope of an examination, and
- Considering the bank’s ability to identify, measure, monitor and control risks.
The statement issued by the Agencies and FinCEN affirms that, “[t]he extent of examination activities necessary to evaluate a bank’s BSA/AML compliance program generally depends on a bank’s risk profile and the quality of its risk management processes to identify, measure, monitor, and control risks, and to report potential money laundering, terrorist financing, and other illicit financial activity.”
The statement is available here.