The burden of extensive regulatory exams on a financial institution’s BSA/AML program has taken its toll on the financial crimes industry for years. In an effort to improve the effectiveness and efficiency of those regulatory exams, the collective financial institution regulatory bodies (the Agencies) issued a Joint Statement on Risk-Focused Bank Secrecy Act/Anti-Money Laundering (BSA/AML) Supervision (the Statement) on July 22, 2019. The Statement emphasizes the importance that the Agencies use a risk-based focus when scoping and planning an institution’s examination. This is not a new philosophy and has long been stated in the FFIEC Exam Manual but the Statement refocuses the Agencies to use more resources where there is higher risk among the financial institutions and fewer resources for the lower-risk institutions. This means that exam scoping for each institution will vary.
Under current regulation, each financial institution must develop a BSA/AML program commensurate with its risk profile to identify and report potential money laundering, terror financing, and other illicit financial activity. A risk-based approach begins with a comprehensive, board-approved, enterprise-wide risk assessment which will enable financial institutions to allocate compliance resources commensurate with its risk profile. The risk assessment is the first step for the examiners to understand an institution’s unique risk profile. According to the Statement, common practices for assessing the institution’s risk profile include:
- Leveraging available information, including the institution’s BSA/AML risk assessment, independent testing or audits, through the off-site monitoring process or a request letter to the financial institution
- Contacting institutions between examinations or prior to finalizing the scope of an examination
- Considering the institution’s ability to identify, measure, monitor, and control risks
This Statement reminds the Agencies of where their valuable examination resources should be focused, but what does it mean for financial institutions when preparing for their regulatory exams?