centers on a review of the bank’s risk assessment. While banks are not required to perform such an assessment, it is central to ensuring that a BSA/AML/CFT program is appropriate for the bank, given its product and customer mix, as well as location risk factors. The agencies consider that an effective risk assessment should be a composite of multiple factors, and depending on the circumstances, certain factors may be weighed more heavily than others. The information contained in the BSA/AML/CFT risk assessment assists examiners in developing an understanding of the bank’s risk profile, risk-focusing the examination scope, and assessing the adequacy of the bank’s overall BSA/AML/CFT compliance program and its compliance with BSA regulatory requirements. Examiners are directed to focus, when evaluating the bank’s BSA/ AML/CFT risk assessment, on whether the bank has effective processes resulting in a well-developed risk assessment. They are not to take any single indicator as determinative of the existence of a lower- or higher-risk profile for the bank. Any assessment of risk factors is bank-specific, and a conclusion regarding the bank’s risk profile is to be based on a consideration of all pertinent information. Examiners are to assess whether the bank has developed a BSA/ AML/CFT risk assessment that identifies its money laundering, terrorist financing and other illicit financial activity risks. Examiners are also to assess whether the bank has considered all its products, services, customers and geographic locations in its assessment, and whether the bank analyzed the information relative to those risk categories. If a bank has not prepared a BSA/AML/CFT risk assessment, or if its assessment is deemed inadequate, the examiner is directed to discuss this fact with management, as well as prepare their own risk assessment. The reason for this emphasis on a bank-prepared risk assessment is that the bank’s BSA/AML/CFT program should be tailored to the risks it faces, and the agencies see an assessment as an important tool to assist the bank in effectively managing BSA risks and critical in developing appropriate internal controls. Using Your Risk Assessment An appropriate BSA risk assessment provides the bank with a foundation on which to build a successful compliance program addressing this area. This risk assessment is not a static document. You will have to monitor changes in the bank’s product offerings (e.g., virtual currency-related services), business environment, regulatory changes, bank personnel and so forth — and make appropriate changes to policy and procedure — to ensure that the foundation remains strong under the bank’s BSA/AML/CFT compliance program. The agencies expect that the bank will structure its BSA/AML/ CFT compliance program to address its risk profile, based on the bank’s assessment of risks, as well as to comply with BSA regulatory requirements. Specifically, the bank should develop appropriate policies, procedures and processes to monitor and 15 In Touch
RkJQdWJsaXNoZXIy MTg3NDExNQ==