On April 15, 2020, the FFIEC released a 43 page update to their BSA/AML Exam Manual. This long-awaited update includes many revisions designed to emphasize and enhance the regulators’ risk-focused approach to BSA/AML supervision. For example, revisions to the updated sections emphasize the need for examiners to evaluate a bank’s BSA/AML compliance program based on its risk profile for money laundering, terrorist financing, and other illicit financial activities.
The FFIEC explains that revisions throughout the updated sections were made to ensure language clearly distinguishes between mandatory regulatory requirements and supervisory expectations set forth in guidance. The revisions also incorporate regulatory changes since the last update of the Manual in 2014. Significant revisions include:
Risk-Focused BSA/AML Supervision – The Manual provides instructions to examiners for tailoring BSA/AML examinations to a bank’s risk profile, including examination and testing procedures, and conducting risk-focused testing or analytical reviews. Assessing the
BSA/AML Compliance Program – The Manual provides instructions to examiners for assessing the adequacy of a bank’s BSA/AML compliance program and constitutes a minimum set of procedures for full scope BSA/AML examinations. It separates internal controls, independent testing, BSA compliance officer, and training into individual sections.
BSA/AML Risk Assessment – The Manual provides instructions to examiners for assessing the adequacy of a bank’s BSA/AML risk assessment processes, including: (i) the identification of specific risk categories (e.g., products, services, customers, and geographic locations) unique to the bank, and (ii) an analysis of the information identified to better assess risk within these categories. The Manual also provides instructions to examiners that there is no particular method or format a bank must use for the risk assessment and that risk categories can vary based on a bank’s size, complexity, or organizational structure. The Manual also instructs examiners that there is no requirement for risk assessment updates on a continuous or specified periodic basis, but these updates may occur as necessary to align the risk assessment with a significant change in a bank’s risk profile.
Developing Conclusions and Finalizing the Exam – The Manual reminds examiners that banks have flexibility in the design of their BSA/AML compliance programs, and minor weaknesses, deficiencies, and technical violations alone are not indicative of an inadequate program.
The 43 pages of updates can be found here.