Banking Regulators Release Updates to BSA/AML Examination Manual

17 April 2020
View the Debrief

On April 15, 2020, the Federal Financial Institutions Examination Council (“FFIEC”) released updates to its Bank Secrecy Act/Anti-Money Laundering Examination Manual (“BSA/AML Manual”). The BSA/AML Manual, which serves as an important reference tool to depository institutions and their affiliates, outlines regulatory expectations regarding BSA/AML compliance programs and provides transparency into the examination process.

The updates to the BSA/AML Manual are a result of a two-year process evaluating BSA/AML effectiveness by the Federal Reserve Board, the Federal Deposit Insurance Corporation, the National Credit Union Administration, the Office of the Comptroller of the Currency, the Financial Crimes Enforcement Network and the State Liaison Committee. Updates to the BSA/AML Manual, which was last subject to comprehensive revisions in 2014, have been long awaited, and the press release accompanying the updates suggests that additional revisions are forthcoming.

The updates are focused on improving and clarifying the “risk-focus of BSA examinations by providing more focused instructions to examiners.” The updates also include revisions meant to distinguish between mandatory regulatory requirements and supervisory expectations set forth in guidance – a distinction that has not always been clear in the BSA/AML Manual and as to which the Manual has received criticism.

The updates to the BSA/AML Manual are focused on the manual’s first section entitled “Core Examination Overview and Procedures for Assessing the BSA/AML Compliance Program.” The key revisions, which generally are designed to make clear that firms have flexibility in designing the particulars of the BSA/AML compliance programs, include:

  • A new introductory section entitled “Risk-Focused BSA/AML Supervision” that focuses on tailoring examination plans to an institution’s risk profile;
  • A new section noting that testing, which must be performed during each examination cycle, should be risk-focused, based on an institution’s risk profile and the examination scope;
  • Revisions to the BSA/AML Risk Assessment section highlighting that various methods and formats may be used and noting the absence of an expectation that a particular method or format will be used when completing a risk assessment;
  • Revisions to the previously entitled “BSA/AML Compliance Program” section now titled “Assessing the BSA/AML Compliance Program” that includes updated references to regulatory requirements, such as explicit reference to the Customer Due Diligence Rule;
  • Revisions to the section discussing internal controls that explicitly state internal controls are meant to “mitigate and manage” risks posed as opposed to prior language which stated internal controls were meant to “limit and control” risks and a new set of corresponding procedures;
  • Revisions to the BSA/AML Manual’s discussion of independent testing that draws clear distinctions between regulatory requirements and expectations, such as noting that the frequency of independent testing may vary based on risk and other relevant considerations;
  • Revisions to the BSA/AML Manual’s discussion of a BSA Compliance Officer, which adds a new corresponding procedures section and language explicitly calling out, among other requirements, that BSA Compliance Officers should regularly report the status of ongoing compliance to the board of directors, have access to suitable resources, have adequate authority, and be qualified,;
  • Revisions to the BSA/AML Manual’s discussion of training, noting that directors and senior management should receive “foundational training,” that training should be tailored to each individual’s specific responsibilities and the activity risks applicable to specific business lines or operational units; and
  • Revisions to the “Developing Conclusions and Finalizing the Examination” section, including a reminder that banks have flexibility in the design of their BSA/AML compliance program.

Reviewing these revisions may be helpful as institutions continue to implement their BSA/AML programs. We would be pleased to discuss these revisions or other aspects of the BSA/AML Manual.