Section 352 of USA PATRIOT Act 2001 requires Financial Institutions (FIs) to establish Bank Secrecy Act/Anti-Money Laundering Programs (“AML Programs”). While banks and other institutions, deemed to be FIs, developed and documented their AML Programs, quite often these were not aligned to their AML risks, defeating the purpose of having an AML Program. When the Federal Banking Regulators started to focus on this risk-based approach in 2005 (this is the focus of all regulators now), the FIs started documenting their Bank Secrecy Act/Anti-Money Laundering (“BSA/AML”) Risk Assessments. Though the risk assessments of a few institutions are still not analytical and/or detailed enough to enable a true assessment whether the AML Program is aligned to institution’s risks, the overall BSA/AML risk assessments of FIs are becoming robust.
While a well-documented BSA/AML Risk Assessment enables a determination regarding the adequacy of the institution’s AML Program, it also enables the Regulators in developing a risk-based approach towards examining the institution and conduct risk-focused BSA/AML examinations, tailoring their examination plans to the risk profile of the FI concerned. The risk based approach of the Federal Regulators, which is also followed by State Regulators and other industry regulators, has been recently emphasized in the Joint Statement dated July 22, 2019. FIs should note that the Risk Based examinations are primarily based on a few factors, as under, that are already known to the institution:
- BSA/AML Risk Assessment,
- Independent Testing of BSA/AML Compliance (Internal Audit),
- Findings and conclusions from previous examinations (Prior Examination Report), and
- Other information, e.g. changes in products, services, asset, people, system and processes
While well-documented detailed BSA/AML and OFAC Risk Assessments are the starting point for institution’s AML and OFAC Programs, the assessment through Independent Testing performed by qualified and experienced in-house or outsourced Internal Auditors should be able to highlight potential weaknesses or gaps in the institution’s AML and OFAC Programs in its Report. While both documents help the Regulators in understanding your profile and developing their risk-based approach for examination, depending on their quality, they should be extremely useful to you in mitigating your risks.
What should the financial institutions do to be ready for risk-based Examinations?
- Ensure that your Risk Assessments are analytical, detailed and well-documented
- Ensure detailed documented AML and OFAC Programs
- Ensure appropriate and qualified BSA and OFAC staffing
- Provide periodic relevant BSA/AML and OFAC Training
- Monitor for proper implementation of AML and OFAC Program, including filing of Reports
- Ensure Independent Testing only by qualified and experienced resources, who can challenge your BSA Officer and OFAC Officer
RGS Global Advisors is a leading provider of BSA/AML/OFAC Compliance and Internal Audit services to Community Banks and Foreign Banking Organizations. For further guidance or assistance contact us at: info@RGSGlobalAdvisors.com