Preparing for Your Bank’s Next Bank Secrecy Act Regulatory Exam

On July 22, 2019, the federal banking agencies (the Federal Reserve Board, Federal Deposit Insurance Corporation, National Credit Union Administration and Office of the Comptroller of the Currency) and the U.S. Department of the Treasury’s Financial Crimes Enforcement Network issued a joint statement summarizing their risk-focused approach to examinations of depository institution’s Bank Secrecy Act and anti-money laundering (BSA/AML) compliance programs.

The release is intended to provide banks with transparency into the risk-focused approach that is used by the banking regulators when conducting examinations of bank’s BSA/AML compliance programs. There are no new requirements included in the release.

Importance of a bank’s BSA/AML risk assessment

The structure of a bank’s BSA/AML compliance programs is risk-based, allowing a bank to allocate resources to perform functions and duties commensurate with the risks. Each bank’s BSA/AML risk assessment is paramount to ensuring the bank has identified all its risks and can structure an appropriate compliance program, including the allocation of resources.

The BSA/AML risk assessment empowers a bank to place appropriate risk management processes in place to mitigate risk, as well as identify any missing controls relative to those risks. BSA/AML risk assessments must identify and address specific risk categories as it relates to products and services, customers, nature and volume of transactions and geographic locations. Data and analysis must be prepared by a bank to support the conclusions in the risk assessment.

How will examiners use your bank’s risk assessment?

In addition to assisting a bank in its management of the multitude of BSA/AML related risks, a bank’s risk assessment will help bank examiners understand a bank’s risk profile, which is one of the first procedures performed when planning the examination.

A bank’s BSA/AML risk assessment is the examiner’s initial view into the bank’s ability to identify, monitor and implement controls to address risk. Reading a bank’s BSA/AML risk assessment, along with understanding the results of the bank’s most recent independent audit of the BSA/AML function, has a direct connection to the examiner’s scoping and planning of their BSA/AML examination, including the examination procedures and the nature and extent of transaction testing that will be performed. Bank examiners will spend more time in areas deemed higher-risk just as a bank allocates more resources to those areas as well. As a result, the focus and scope of regulatory examinations will vary from institution to institution as each bank’s risk profile may vary given the nature and complexity of each institution.

Action steps you can take to prepare

Knowing how important it is for your BSA/AML risk assessment to be thorough, well supported and representative of your bank’s BSA/AML risk profile, consider critically evaluating your BSA/AML risk assessment before your next regulatory exam.

  1. Make sure all products and services are considered, especially new ones that were introduced since the last risk assessment update. Emphasis and analysis should be placed on those products or services that pose the highest risk for money laundering, such as those that involve a high volume of currency or provide a higher degree of anonymity, including electronic banking and funds payment services.
  2. Understand and document the geographic locations where your customers open accounts and conduct business transactions. If your bank has gone through a merger recently, have you gained a thorough understanding of the geographic locations where the acquired bank’s customers operate?
  3. Assess your customer base. While certain customer types are generally considered higher risk, do not conclude on risk based solely on categories of customer types (e.g., money service businesses). Rather, consider the customer type coupled with their geographic location, as well as the products and services they use to form your conclusion on risk.

In addition to determining compliance with laws and regulations, bank regulators evaluate a BSA/AML program relative to the bank’s own risk profile. This underscores the importance of creating and maintaining a well-developed, thorough BSA/AML risk assessment that clearly illustrates a bank’s risk profile. In other words, the better your BSA/AML risk assessment, the better your processes and controls will be tailored to address the identified risks, which will result in a more efficient and effective regulatory exam.

About DHG Financial Services

DHG Financial Services professionals provide you with in-depth industry knowledge and a wide range of advisory, assurance and tax services to address issues facing your industry in today’s challenging environment. For more information, visit