The Federal Financial Institutions Examination Council (FFIEC) has released several updated sections and related examination procedures to the Bank Secrecy Act/Anti-Money Laundering (BSA/AML) Examination Manual (the Manual). Examiners use these instructions when assessing the adequacy of a financial institution’s BSA/AML compliance program. Bank compliance officers will want to take note of these updates as they provide insight on how to better prepare for their next BSA/AML examination. This release demonstrates further transparency into the BSA/AML examination process and does not establish new requirements. The Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, National Credit Union Administration, Office of the Comptroller of the Currency, and State Liaison Committee (Agencies) revised the sections in close collaboration with the Treasury’s Financial Crimes Enforcement Network.
Many of the revisions are designed to emphasize and enhance the Agencies’ risk-focused approach. For example, the updated sections emphasize the need for examiners to evaluate a financial institution’s BSA/AML compliance program based on its risk profile for money laundering, terrorist financing, and other illicit financial activities. The Agencies’ revisions are intended to ensure language clearly distinguishes between mandatory regulatory requirements and supervisory expectations outlined in the guidance, and also reflects incorporated regulatory changes since the last Manual update in 2014.
Significant revisions include:
- Risk-Focused BSA/AML Supervision – The Manual provides instructions to examiners for tailoring BSA/AML testing procedures to a financial institution’s risk profile, and conducting risk-focused testing or analytical reviews.
- Assessing the BSA/AML Compliance Program – The Manual provides instructions to examiners for assessing the adequacy of a financial institution’s BSA/AML compliance program and constitutes a minimum set of procedures for full scope BSA/AML examinations. It separates internal controls, independent testing, BSA compliance officer, and training into individual sections.
- BSA/AML Risk Assessment – The Manual provides instructions to examiners for assessing the adequacy of a financial institution’s BSA/AML risk assessment processes, including: (i) the identification of specific risk categories (e.g., products, services, customers, and geographic locations) unique to the financial institution, and (ii) an analysis of the information identified to better assess risk within these categories. The Manual also emphasizes to examiners that there is not a particular method or format a financial institution must use for the risk assessment, and risk categories can vary based on a financial institution’s size, complexity, or organizational structure. The Manual also instructs examiners that there is no requirement for risk assessments to be updated on a continuous or specified periodic basis—these updates may occur as necessary to align the risk assessment with a significant change in a financial institution’s risk profile.
- Developing Conclusion and Finalizing the Exam – The Manual reminds examiners that financial institutions have flexibility in the design of their BSA/AML compliance programs, and minor weaknesses, deficiencies, and technical violations alone are not indicative of an inadequate program. New and revised sections of the Manual are identified by a 2020 date in the table of contents and can also be found on the FFIEC BSA/AML InfoBase. The Agencies continue to review and revise the remaining sections of the Manual’s 2014 edition. Those updates will be released in phases.
View the full BSA/AML Examination Handbook here.
For further assistance with BSA/AML and other financial institution regulatory compliance questions, contact one of our PYA executives below at (800) 270-9629.