Skip to main content

Looking for Valuant? You are in the right place!

Valuant is now Abrigo, giving you a single source to Manage Risk and Drive Growth

Make yourself at home – we hope you enjoy your new web experience.

Looking for DiCOM? You are in the right place!

DiCOM Software is now part of Abrigo, giving you a single source to Manage Risk and Drive Growth. Make yourself at home – we hope you enjoy your new web experience.

AML/CFT

BSA/AML risk assessment checklist

Introduction

Financial institutions must structure their compliance programs to be risk-based to ensure that BSA/AML compliance programs are reasonably designed to meet regulatory requirements. Understanding its risk profile enables the institution to apply appropriate risk management processes to the BSA/AML program to mitigate and manage risk and comply with BSA regulatory requirements. Although each institution’s risk process will differ slightly, the following best practice steps will enable your financial institution to understand and justify its risk-focused compliance program.

 

STEP 1: IDENTIFY RISK CATEGORIES FOR YOUR UNIQUE FINANCIAL INSTITUTION

  • Products and services
  • Transactions
  • Customer or member base
  • Geographic locations
  • Staffing

 

DOWNLOAD PDF

 

STEP 2: PERFORM FURTHER ANALYSIS FOR EACH IDENTIFIED RISK CATEGORY

  • Products and Services
    • Private banking
    • Trust and asset management
    • Correspondent accounts (foreign and domestic)
    • Payable through accounts
    • Pouch activities
    • Special use accounts
    • Trade finance
    • Bulk cash
    • Consumer or business loan portfolios
    • Online account access/opening
    • Remote deposit capture
    • Non-deposit investment products
    • Prepaid access
  • Transactions
    • Number and amount analysis of cash transactions, automated clearing house (ACH) transactions, wires, monetary instruments, and debit/ATM transactions
    • Number and amount analysis of loan transactions
    • Number of currency transaction reports (CTRs) filed annually
    • Number of suspicious activity reports (SARs) filed annually
    • Volumes and frequencies of international wires compared to domestic
    • Number of international ACH transactions compared to domestic transactions
  • Customer or member base
    • Nonresident aliens (NRAs)
    • Politically exposed persons (PEPs) Cash-intensive businesses (including marijuana-related businesses) Money services businesses (MSBs) Virtual currency exchanges Private ATM owners or operators
    • Embassy, foreign consulate, and foreign mission accounts
    • Charities and nonprofit organizations
    • Third-party payment processors
    • Non-bank financial institutions (NBFIs)
    • Professional service providers
    • Business entities (domestic and foreign)
  • Geographic locations
    • Identify branches or customers doing business within
    • High-Intensity Financial Crime Areas (HIFCAs) or High-Intensity Drug Trafficking Areas (HIDTAs)
    • Assess any branches or customers doing business on the U.S.-Mexico border
    • Compare number of SARs to the number of SARs filed by other institutions in the same geographical area; explain discrepancies
    • Perform additional analysis for customers and transactions in elevated high-risk jurisdictions, such as Russia
  • Staffing
    • Analyze number of full-time and part-time employees in AML function
    • Determine how these numbers compare to the previous year
    • Document whether current staff is sufficient based on AML work duties
    • Review qualifications and experience level of all AML staff, including the BSA Officer
    • Assess the adequacy of enterprise-wide training, and AML staff specifically

STEP 3: IDENTIFY INHERENT VS. RESIDUAL RISK FOR EACH RISK CATEGORY

    • Determine the residual risk after adjusting the inherent risk for effective risk management controls:
      • Strong mitigating controls —covers all bases for the risk of this service or activity; leaves no gaps in monitoring
    • Establish policies and procedures for reviewing transaction and transaction parties and create mitigating internal controls based on OFAC risk assessment
      • Adequate mitigating controls—does just enough to mitigate risk; may or may not be missing some items
      • Weak mitigating controls—does nothing or has a very weak, perhaps manual process in place
    • See FFIEC Examination Manual Appendix J and Appendix K for further BSA/AML risk information

 

STEP 4: ASSESS OFAC RISK

(may be included in BSA risk assessment or a standalone document)

    • Assess for OFAC sanctions risk:
      • Product lines
      • Customer or member base
      • New accounts risk
      • Nature of transactions
      • Identification of higher risk areas for OFAC purposes
        • International funds transfers
        • Nonresident alien accounts
        • Foreign customer accounts
        • Cross-border ACH transactions
        • Commercial letters of credit and other trade finance products
        • Transactional electronic banking
        • Foreign correspondent bank accounts
        • Payable through accounts
        • Concentration accounts
        • International private banking
        • Overseas branches or subsidiaries
    • Establish policies and procedures for reviewing transaction and transaction parties and create mitigating internal controls based on OFAC risk assessment
    • See FFIEC Examination Manual Appendix M for further OFAC risk information

 

DOCUMENT

  • Ensure that all review and analysis documentation is saved as risk assessment working papers; regulators may ask to see this analysis
  • Be certain working papers justify your risk-based BSA/AML decisions

Download pdf

 

 

 

ABOUT ABRIGO

Abrigo enables U.S. financial institutions to support their communities through technology that fights financial crime, grows loans and deposits, and optimizes risk. Abrigo’s platform centralizes the institution’s data, creates a digital user experience, ensures compliance, and delivers efficiency for scale and profitable growth. Make Big Things Happen. Get started at abrigo.com.

Complete the form to continue reading and download.