On April 15th, federal and state financial institution regulators, through the Federal Financial Institutions Examination Council (FFIEC), released several updates to the Bank Secrecy Act/Anti-Money Laundering (BSA/AML) examination manual. The manual is used to evaluate compliance with the Bank Secrecy Act and anti-money laundering requirements. Revisions were made by the Federal Reserve Board, Federal Deposit Insurance Corp. (FDIC), National Credit Union Administration (NCUA), Office of the Comptroller of the Currency (OCC), and State Liaison Committee (made up of state supervisory agencies) “in close collaboration” with the Treasury Financial Crimes Enforcement Network (FinCEN), the agencies said.
Significant revisions include:
- Risk-focused BSA/AML supervision: The manual provides instructions to examiners for tailoring BSA/AML examinations to a bank’s risk profile, including examination and testing procedures, and conducting risk-focused testing or analytical reviews.
- Assessing the BSA/AML compliance program: The manual provides instructions to examiners for assessing the adequacy of a bank’s BSA/AML compliance program and constitutes a minimum set of procedures for full scope BSA/AML examinations. It separates internal controls, independent testing, BSA compliance officer, and training into individual sections.
- BSA/AML risk assessment: The manual provides instructions to examiners for assessing the adequacy of a bank’s BSA/AML risk assessment processes, including: (i) the identification of specific risk categories (e.g., products, services, customers, and geographic locations) unique to the bank, and (ii) an analysis of the information identified to better assess risk within these categories. The manual says there is no particular method or format a bank must use for the risk assessment and that risk categories can vary based on a bank’s size, complexity, or organizational structure. It also says there is no requirement for risk assessment updates on a continuous or specified periodic basis, “but these updates may occur as necessary to align the risk assessment with a significant change in a bank’s risk profile.”
- Developing conclusions and finalizing the exam – The manual reminds examiners that banks have flexibility in the design of their BSA/AML compliance programs, and minor weaknesses, deficiencies, and technical violations alone are not indicative of an inadequate program.
“The agencies are aware of the uncertainty faced by financial institutions during this unprecedented time,” the regulators said through an FFIEC release announcing the changes. “The manual update, which supports tailored examination work, has been in process for an extended period and should not be interpreted as new instructions or as a new or increased focus.”
An interagency statement accompanying the FIL provides information on the updated sectionsThe agencies said updates to other sections of the manual will be announced as they are completed.