<img src="https://ws.zoominfo.com/pixel/pIUYSip8PKsGpxhxzC1V" width="1" height="1" style="display: none;">

20 Questions to Risk Assess Your BSA/AML Program in a Post-Pandemic World

3 min read
Sep 1, 2022

The pandemic fundamentally changed much of our world, including Bank Secrecy Act (BSA) and Anti-Money Laundering (AML) compliance.

New risks have emerged while existing risks, including, fraud, cybercrime, and domestic terrorism financing, have evolved. The basic components of financial institutions' BSA/AML risk profile, especially their customer base, expected transactional behavior, and geographical footprint, have shifted significantly. The Great Resignation has led to high levels of staff turnover, including in BSA/AML programs.

When the risk environment changes, risk assessments should be updated to reflect the new circumstances. This includes BSA/AML programs. Financial institutions should take steps to ensure that their BSA/AML programs remain effective, paying particular attention to BSA/AML risk assessments and the expertise of risk management staff.

Risk management, including BSA/AML compliance risk assessments, are dynamic processes

Risk management is, by nature, a dynamic process. It’s proactively monitoring the risk environment and responding to changes in the risk and compliance landscape to keep financial institutions in step with changing conditions—whether that’s changes in rules and regulations themselves or outside changes that impact how an institution complies with existing rules and regulations. 

A static environment is reactive, rather than proactive. A static approach often means playing catch-up, which can result in noncompliance, costly penalties, and fines.

A dynamic environment is also scalable for future growth and can adapt to increased complexity, including when it comes to BSA/AML. Additionally, a dynamic risk assessment environment ties BSA/AML risks into the financial institution’s overall Enterprise Risk Management (ERM) strategy.

Are your compliance risk assessments outdated?
Here are four tips for keeping compliance risk assessments up to date 

Internal controls critical to BSA/AML compliance 

Every financial institution needs to monitor it’s BSA/AML program. Ask if your institution:

  • Has a comprehensive BSA/AML compliance auditing process?  
  • Outsources the auditing function? 
  • Is confident in outsourced BSA/AML compliance testing programs? 

Both compliance reviews, tests, and audits need to be done in a timely and efficient manner. Additionally, the resulting reports need to be produced quickly and highlight any deficiencies and findings in such a way that they can easily be understood and acted upon by the institution’s board and C-suite. 

A risk and compliance culture promotes BSA/AML compliance 

It has never been more important to retain top-level risk talent as well as attract new talent for your risk department. Part of that challenge is creating a risk management culture that shows employees that their work is valued by the organization.

This makes having a risk and compliance culture doubly valuable. Not only does this “tone from the top” educate and motivate employees to prioritize important issues like BSA/AML compliance, risk management, and ethics, while proactively identifying and addressing problems, it also shows those working the fields of risk and compliance that they have the support of the board and management

Want Engaged Employees?
Here Are 5 Things Your Employees Need to Hear from You 

Questions your financial institution should consider 

Now is time to re-evaluate your institution's BSA/AML program, including your BSA risk assessment and any related assessments (ex: fraud, OFAC), key controls (ex: BSA/AML transactional monitoring thresholds), and staffing levels (including any vacancies or turnover in key positions).

Here are 20 questions to help navigate these considerations:

  1. Have you made any significant changes to your BSA risk assessment because of pandemic-related changes to the risk environment?

  2. How are you currently conducting BSA risk assessments? 

  3. Is the process dynamic or static? 

  4. Do you believe your BSA risk assessment process is efficient?

  5. Is your current BSA risk assessment and process scalable for future growth?

  6. How easy is it to change your BSA risk assessment when new threats emerge?

  7. How are you assessing the effectiveness of the BSA/AML internal control environment? 

  8. How often are you doing this?

  9. Do your BSA/AML risks tie into your overall ERM strategy?

  10. How are you providing assurance services over the BSA/AML program and control environment?

  11. If you have an internal auditor, are you confident in the comprehensiveness of the BSA/AML audit program?

  12. If conducting second-line compliance testing but have an outsourced audit function, are you confident in the comprehensiveness of the BSA/AML compliance testing program?

  13. Are compliance tests and/or audits are being done in a timely and efficient manner?

  14. Are the reports produced by compliance tests and/or audits sufficient to highlight key program deficiencies in a way that can be easily understood by and acted upon by the board and C-suite?

  15. In what ways are you promoting a positive corporate culture?

  16. How are you sending a consistent corporate message about your corporate culture?

  17. How are you disseminating a consistent "tone at the top" message, especially around key topics like BSA/AML compliance, risk management, inclusion, and ethics?

  18. How are you keeping remote workers engaged in your corporate culture?  

  19. What messaging do they receive regarding the institution's expectations of them? 

  20. Does this messaging also include key topics like BSA compliance, risk management, inclusion, and ethics?

Does your risk management strategy meet the demands of today’s risk environment?

Learn how to assess your current risk management strategy in our on-demand webinar: Risk Assessments in a Time of Volatility: What You Need to Do Today


Subscribe to the Nsight Blog