Introduction - Customers: This section is new material added to the exam manual in the December 2021 change release. The importance of the information added has been verbalized for some time. This update clarifies that banking regulators and FinCEN understand that no specific customer type automatically falls into a higher risk category. Each should be reviewed on a risk-based approach by the financial institution. The update further emphasizes that financial institutions with a robust AML program that follows applicable Bank Secrecy Act (BSA) and AML requirements should not be prohibited or discouraged from providing banking services to these customers, often referred to as de-risking.
There are three updates in the December 2021 release for potentially higher-risk customers. These updates are in the sections for Charities and Nonprofit Organizations, Independent Automated Teller Machine (ATM) Owners or Operators, and Politically Exposed Persons (PEPs). Each of these customer categories has a similar theme to updated text. The FFIEC emphasizes that each of these customer types must have customer due diligence (CDD) requirements consistent with the financial institution's risk profile to understand the risk of each higher-risk customer. The operations, activities, leadership, and affiliations of the customer play a factor in specific risks, particularly with foreign activity in and with areas of concern. A risk assessment to include each of these higher-risk customers should be conducted for a financial institution to understand the risk of each customer type and to be able to develop an appropriate CDD program commensurate with that risk.
Why these three customer sections were chosen for this most recent update is unpublished but may center around the new FinCEN priorities. PEPs are directly related to potential corruption and kleptocracy, which is named as a priority. Terrorism, both domestic and international, is another listed priority that is often financed with contributions through illicit non-governmental organizations (NGOs). While privately owned ATMs are not necessarily tied to a FinCEN priority, they are particularly cash-intensive and can be classic examples of money laundering, using all three methods of placement, layering, and integration of the illicit funds. Chances are other higher-risk customer categories will be addressed in future updates.