3-1873.5
IntroductionThe Board of Governors of the Federal Reserve
System, the Federal Deposit Insurance Corporation, the National Credit
Union Administration, the Office of the Comptroller of the Currency
(collectively, “the federal banking agencies”), and the U.S. Department
of the Treasury’s Financial Crimes Enforcement Network (FinCEN) are
issuing this joint statement to emphasize their risk-focused approach
to examinations of banks’ Bank Secrecy Act
1/anti-money laundering (BSA/AML) compliance programs. This statement
is being issued as part of a broader effort to reinforce and enhance
the effectiveness and efficiency of the BSA/AML regime.
2 This statement is intended to improve
transparency into the risk-focused approach used for planning and
performing BSA/AML examinations and does not establish new requirements.
Further, this statement aligns with the federal banking agencies’
long-standing practices for risk-focused safety and soundness examinations.
3
Under existing statutory requirements, specifically section
8(s) of the Federal Deposit Insurance Act and section 206 of the Federal
Credit Union Act, the federal banking agencies have prescribed regulations
requiring each bank
4 to establish and maintain procedures reasonably designed to
assure and monitor compliance with the requirements of the BSA (collectively,
these procedures form the basis of each bank’s “BSA/AML compliance
program”).
5 In addition, pursuant
to these statutes, the federal banking agencies review banks’ BSA/AML
compliance programs during each examination cycle.
6 BSA/AML Compliance Programs and Risk Profiles To assure that BSA/AML compliance programs
are reasonably designed to meet the requirements of the BSA, banks
structure their compliance programs to be risk-based and to identify
and report potential money laundering, terrorist financing, and other
illicit financial activity. A risk-based compliance program enables
a bank to allocate compliance resources commensurate with its risk.
A bank’s well-developed risk assessment is a critical part of sound
risk management and assists examiners in understanding the bank’s
risk profile. Banks determine the levels and types of risks that they
will assume.
7 Banks that
operate in compliance with applicable law, properly manage customer
relationships, and effectively mitigate risks by implementing controls
commensurate with those risks are neither prohibited nor discouraged
from providing banking services.
8 As the federal banking agencies have
previously stated, banks are encouraged to manage customer relationships
and mitigate risks based on customer relationships rather than declining
to provide banking services to entire categories of customers.
9
Federal banking agency examiners evaluate the adequacy
of a bank’s BSA/AML compli
ance program relative to its risk profile, and
that bank’s compliance with applicable laws and regulations. Examiners
review risk-management practices to evaluate and assess whether a
bank has developed and implemented effective processes to identify,
measure, monitor, and control risks. The federal banking agencies
and FinCEN recognize that banks vary in focus
10 and complexity, and that these
differences create for each bank a unique risk profile. Accordingly,
the scope of BSA/AML examinations varies by bank.
Risk-Focused Examinations The federal banking agencies conduct risk-focused
BSA/AML examinations, and tailor examination plans and procedures
based on the risk profile of each bank. Common practices for assessing
the bank’s risk profile include:
- leveraging available information, including the bank’s
BSA/AML risk assessment, independent testing or audits, analyses and
conclusions from previous examinations, and other information available
through the off-site monitoring process or a request letter to the
bank,
- contacting banks between examinations or prior to
finalizing the scope of an examination, and
- considering the bank’s ability to identify, measure,
monitor, and control risks.
The information gained from assessing the bank’s risk
profile assists examiners in scoping and planning the examination
and initially evaluating the adequacy of the BSA/AML compliance program.
The federal banking agencies generally allocate more resources to
higher-risk areas, and fewer resources to lower-risk areas. For example,
the pre-examination request list is tailored to the bank’s risk profile,
complexity, and planned examination scope. Examiners review a bank’s
BSA/AML risk assessment and independent testing to assess the bank’s
ability to identify, measure, monitor, and control risks. Risk assessments
and independent testing that properly consider and test all risk areas
(including products, services, customers, and the geographic locations
in which the bank operates and conducts business) are used in determining
the examination procedures and transaction testing that should be
performed.
The risk-focused approach reflected in this statement
forms the foundation for the information, instructions, and procedures
communicated to examiners through the Federal Financial Institutions
Examination Council BSA/AML Examination Manual.
11 Conclusion Risk-focused BSA/AML examinations consider a bank’s unique risk profile.
Examiners use risk assessments and independent testing when planning
and conducting examinations. Examiners assess the adequacy of a bank’s
BSA/AML compliance program during each examination cycle. The extent
of examination activities necessary to evaluate a bank’s BSA/AML compliance
program generally depends on a bank’s risk profile and the quality
of its risk-management processes to identify, measure, monitor, and
control risks, and to report potential money laundering, terrorist
financing, and other illicit financial activity.
Interagency statement of July 22, 2019 (SR-19-11).