Assessing Compliance With Bank Secrecy Act Regulatory Requirements

Assessing Compliance with BSA Regulatory Requirements

FFIEC BSA/AML Examination Manual 1 February 2021

ASSESSING COMPLIANCE WITH BANK SECRECY ACT

REGULATORY REQUIREMENTS

Introduction

In addition to the Bank Secrecy Act/anti-money laundering (BSA/AML) compliance program

requirements, banks must comply with other program, reporting, and recordkeeping

requirements; special information sharing procedures; and special standards of diligence,

prohibitions, and special measures set forth in 31 CFR Chapter X Part 1020. Although the rules

for banks are set forth in Part 1020, many of the specific requirements cross-reference to 31 CFR

Chapter X Part 1010.

Consistent with the approach described in the BSA/AML compliance program section, written

policies, procedures, and processes alone are not sufficient to comply with these other BSA

regulatory requirements. Practices that correspond to the bank’s written policies, procedures,

and processes are needed for implementation. Importantly, policies, procedures, processes, and

practices should align with the bank’s unique money laundering, terrorist financing (ML/TF),

and other illicit financial activity risk profile.

During the scoping and planning process, examiners should determine on the basis of risk what,

if any, specific BSA regulatory requirements to review in addition to the review of the

BSA/AML compliance program.

The specific examination procedures performed to assess the

bank’s compliance with BSA regulatory requirements depend on the bank’s risk profile, size or

complexity, quality of independent testing, changes to the bank’s BSA/AML compliance officer

or department, expansionary activities, new innovations and technologies,

or other relevant

factors. Given that banks vary in size, complexity, and organizational structure, and have unique

risk profiles, the scope of a BSA/AML examination should be tailored to each bank. Examiners

should focus their review of risk management practices and compliance with BSA regulatory

requirements on areas of greatest ML/TF and other illicit financial activity risks. Examiners will

assess whether the bank has developed and implemented adequate processes to identify,

measure, monitor, and control those risks and comply with BSA regulatory requirements.

Testing performed for BSA regulatory requirement areas will assess the implementation of

policies, procedures, and processes; and evaluate controls, information technology sources,

systems, and processes used for BSA/AML compliance. Testing should be risk-focused and can

take the form of testing specific transactions or performing analytical or other reviews.

Examiners must perform some testing during each BSA/AML examination cycle. Testing may

focus on any of the regulatory requirements and may address different BSA areas, but may not

be necessary for every regulation or BSA area examined. Not all of the examination and testing

procedures included in this Manual are likely to be applicable to every bank or during every

examination.

Federal Reserve, FDIC, FinCEN, NCUA, OCC (July 22, 2019), “Joint Statement on Risk-Focused Bank Secrecy

Act/Anti-Money Laundering Supervision.”

Federal Reserve, FDIC, FinCEN, NCUA, OCC (December 3, 2018), “Joint Statement on Innovative Efforts to

Combat Money Laundering and Terrorist Financing.”