On July 22, 2019, the Board of Governors of the Federal Reserve System (“FRB”), the Office of the Comptroller of the Currency (“OCC”), the Federal Deposit Insurance Corporation (“FDIC”), the National Credit Union Administration (“NCUA”) and the Financial Crimes Enforcement Network (“FinCEN”) (together, the “Agencies”) issued a joint statement outlining the common practices of supervisory staff in evaluating a financial institution’s money laundering and terrorist financing risk profile, scoping and planning for examinations, and reviewing the adequacy of the institution’s BSA/AML compliance program (the “Joint Statement”).
The Joint Statement emphasizes the risk-focused approach taken by the Agencies when examining the Bank Secrecy Act and anti-money laundering compliance programs of their regulated financial institutions. The Agencies begin with the risk assessment, which is developed by the financial institution itself, to assist examination staff in understanding the bank’s risk profile. Since the products, services, structure, and complexity will vary by financial institution, risk profiles, and therefore examinations, will vary as well.
While the Joint Statement does not impose any new obligations for financial institutions, it is intended to shed light on how the Agencies plan and perform BSA/AML examinations, which are conducted during each financial institution exam cycle. As part of the risk-focused approach to exam planning and scoping, the Agencies tailor the exam plans and procedures based on the risk profile of the financial institution and, as indicated in the Joint Statement, will commonly:
- Leverage available information from the financial institution’s risk assessment (a key component of a BSA/AML compliance program), independent testing or audits, analyses and conclusions from prior examinations, and other information available through off-site monitoring or obtained in response to specific request letters;
- Contact financial institutions between examinations or before finalizing the exam scope; and
- Consider the financial institution’s ability to identify, measure, monitor, and control risks.
- Are your BSA/AML compliance program components updated? Is your risk assessment refreshed periodically to assist in the planning and scoping process?
- The pronouncements in the Joint Statement are meant to increase transparency around exam planning and scoping. Consider your financial institution’s experience in these exams and whether the Joint Statement can be used in discussions with exam staff to improve the exam experience.
- The Agencies also inserted a statement about de-risking which encourages banks to “manage customer relationships and mitigate risks based on customer relationships rather than declining to provide banking services to entire categories of customers.” Consider whether de-risking has impacted your business or potential customer relationships.
Howard & Howard has a dedicated team of financial services attorneys with deep experience handling complex transactional, regulatory, and litigation matters. Our attorneys regularly advise clients on M&A, strategic transactions, third party engagements, enforcement matters, and regulatory compliance. For more information or for questions related to this Financial Institution Advisory, please contact the author(s), your Howard & Howard attorney, or visit our Financial Institutions Group page.