3 Reasons Why BSA/AML Risk Assessments Are Essential for Compliance
An AML risk assessment is the foundation of a strong BSA/AML compliance program, and here's why.
The foundation of any good BSA/AML program is your organization's risk assessment. A risk assessment provides insights into your business practices, and helps you understand the associated compliance risk.
Here are three essential questions that a well-performed BSA/AML risk assessment will help answer:
- Who you are: A BSA/AML risk assessment will help identify what products and services you sell, and what the institution looks like, historically.
- Where you operate: A risk assessment will also help identify the geographic areas you serve. Are you operating in a foreign country? Do you operate in any HIFCAs or HIDTAs? Do your customers reside in these areas? Work there?
- Who are your customers: You'll also learn more about your customers. Do you work with PEPs (politically exposed persons) or non-resident aliens, and who are your beneficial owners?
A risk assessment allows you to evaluate your organization objectively and holistically, and to say with confidence that you know and understand your organization. A risk assessment also provides the foundation of the independent review required by the regulations.
The Difference Between a Risk Assessment & an Independent Review
"An effective BSA/AML compliance program controls risks associated with the [financial institution's] products, services, customers, entities, and geographic locations; therefore, an effective risk assessment should be an ongoing process, not a one-time exercise...it is a sound practice for [financial institutions] to periodically reassess their BSA/AML risks at least every 12 to 18 months," according to the FFIEC's BSA Examination Manual.
The independent review monitors that the BSA/AML program is adequate, and it's based on the risk assessment findings. According to the FinCEN FAQs, "The Bank Secrecy Act requires [financial institutions] to establish anti-money laundering programs that include 'an independent audit function to test programs.'" The scope of the independent review will be determined by the findings of a risk assessment. Both the review and the risk assessment should be conducted no less than every 12 to 18 months, though it's recommended that both are conducted as products, services or your business changes.
Risk Assessments are Roadmaps to Compliance Success
A good risk assessment is essential, because it focuses your BSA/AML efforts on ensuring that your areas of greatest risk are monitored and managed first.
You wouldn't plan a trip without looking at a map, because you need to understand where you're going and how you'll get there. A risk assessment is like a map; it provides the information you need to effectively understand your compliance risk and how to successfully mitigate it.
The regulators expect you to conduct a BSA/AML risk assessment as stated in the FFIEC examination manual. If you don't, the regulators must conduct a risk assessment on your behalf. To put that into perspective, ask yourself: who is better qualified to talk about your organization – your regulator or you?
If a regulator conducts the risk assessment, you'll have to follow their findings to build your compliance program - even if the regulatory opinions and perspectives don't align with what's actually happening in your business.
TRUPOINT Viewpoint: We know that a risk assessment provides the foundation for a strong BSA/AML compliance risk management program.
"The review should be conducted on a periodic basis," according to the FFIEC. "The scope and frequency of the review will depend on the [financial institution’s] risk assessment, which should take into account the business’ products, services, customers, and geographic locations. For some [financial institutions], based on their risk assessments, an annual review may not be necessary; for others, more frequent review may be warranted."
To prep for success this year, you need to accurately know your risk exposure. If you haven't conducted a risk assessment in the last 12 months, consider scheduling a risk assessment for early 2015.
To learn more abour TRUPOINT Partners' BSA/AML and Fair Lending risk assessments, sign up for a free, quick consultation today!
- FFIEC Press Release Regarding Updated Exam Manual: http://www.ffiec.gov/press/pr120214.htm
- BSA/AML Examination Manual: http://www.occ.gov/publications/publications-by-type/other-publications-reports/ffiec-bsa-aml-examination-manual.pdf
- Fincen FAQ: http://www.fincen.gov/statutes_regs/bsa/bsa_faqs.html