Skip to main content

Looking for Valuant? You are in the right place!

Valuant is now Abrigo, giving you a single source to Manage Risk and Drive Growth

Make yourself at home – we hope you enjoy your new web experience.

Looking for DiCOM? You are in the right place!

DiCOM Software is now part of Abrigo, giving you a single source to Manage Risk and Drive Growth. Make yourself at home – we hope you enjoy your new web experience.

FFIEC BSA Exam Manual Updates: How Do They Affect Your Anti-Money Laundering (AML) Program?

Terri Luttrell, CAMS-Audit, CFCS
December 10, 2021
Read Time: 0 min

New updates to the FFIEC BSA Exam Manual

The December 2022 release is the latest since revisions began in 2020 as the council attempts to clarify and achieve transparency.

Would you like other articles like this in your inbox?

The Federal Financial Institutions Examination Council (FFIEC) periodically updates its BSA Examination Manual, with the most recent update on December 1, 2021. This release is the latest since revisions began in 2020 as the council attempts to clarify and achieve transparency within sections of this valuable resource. The manual is used by examiners as a training tool and guide when performing bank examinations. It is also the go-to source for AML professionals seeking regulatory expectations for BSA programs across the financial services industry.

The December 2021 updates affect four sections of the existing examination manual, each discussed below. None of the changes represent new information but rather address specific customers that may need more attention within policies, procedures, and processes due to a higher risk for money laundering, terrorist financing, and other illicit activity. Each customer category has long been named in the exam manual as having elevated risk.  The updates also clarify examiner expectations in these customer categories.

Need to know

Updates and Changes

Introduction - Customers:  This section is new material added to the exam manual in the December 2021 change release. The importance of the information added has been verbalized for some time. This update clarifies that banking regulators and FinCEN understand that no specific customer type automatically falls into a higher risk category. Each should be reviewed on a risk-based approach by the financial institution. The update further emphasizes that financial institutions with a robust AML program that follows applicable Bank Secrecy Act (BSA) and AML requirements should not be prohibited or discouraged from providing banking services to these customers, often referred to as de-risking.

There are three updates in the December 2021 release for potentially higher-risk customers. These updates are in the sections for Charities and Nonprofit Organizations, Independent Automated Teller Machine (ATM) Owners or Operators, and Politically Exposed Persons (PEPs). Each of these customer categories has a similar theme to updated text. The FFIEC emphasizes that each of these customer types must have customer due diligence (CDD) requirements consistent with the financial institution's risk profile to understand the risk of each higher-risk customer. The operations, activities, leadership, and affiliations of the customer play a factor in specific risks, particularly with foreign activity in and with areas of concern. A risk assessment to include each of these higher-risk customers should be conducted for a financial institution to understand the risk of each customer type and to be able to develop an appropriate CDD program commensurate with that risk.

Why these three customer sections were chosen for this most recent update is unpublished but may center around the new FinCEN priorities. PEPs are directly related to potential corruption and kleptocracy, which is named as a priority. Terrorism, both domestic and international, is another listed priority that is often financed with contributions through illicit non-governmental organizations (NGOs). While privately owned ATMs are not necessarily tied to a FinCEN priority, they are particularly cash-intensive and can be classic examples of money laundering, using all three methods of placement, layering, and integration of the illicit funds. Chances are other higher-risk customer categories will be addressed in future updates.

Be prepared

The importance of updating your AML program

With any FFIEC update, your AML program should be reviewed to ensure all current regulatory expectations are addressed in policies, procedures, and processes. Remember, regulators use this instruction manual when they conduct an examination. It is prudent to update policies and procedures (P & P) for all higher-risk categories mentioned in the manual and any others that you may have in your customer or member base. For now, pay special attention to your risk assessment and P & P for these three named groups of customers. If you don't knowingly have any in your account portfolio, state so in your risk assessment. Knowingly is the key term to include in risk assessment documentation. You never know for sure who might slip through your CDD procedures, which is why ongoing monitoring for higher-risk customers and suspicious activity is so important.  

Looking ahead

Final Thoughts

Reflecting the national commitment to curbing corruption and increasing transparency, the updates to the examination manual continue to address the risk-focused nature of a robust AML program.  Keeping up with updates as the Anti-Money Laundering Act (AMLA) regulations and guidance are issued will be critical in keeping your AML and fraud programs up to date. 2021 and beyond will continue to include transparency updates and will likely have the most critical changes in the BSA since the 2018 CDD regulations. By using the examination manual as your primary source for developing a risk-focused AML program, your will be several critical steps ahead of your next examination. Remember, demonstrating confidence and expertise in an AML program starts with understanding regulatory expectations.

About the Author

Terri Luttrell, CAMS-Audit, CFCS

Compliance and Engagement Director
Terri Luttrell is a seasoned AML professional and former director and AML/OFAC officer with over 20 years in the banking industry, working both in medium and large community and commercial banks ranging from $2 billion to $330 billion in asset size.

Full Bio

About Abrigo

Abrigo enables U.S. financial institutions to support their communities through technology that fights financial crime, grows loans and deposits, and optimizes risk. Abrigo's platform centralizes the institution's data, creates a digital user experience, ensures compliance, and delivers efficiency for scale and profitable growth.

Make Big Things Happen.