The Federal Financial Institutions Examination Council (FFIEC) Bank Secrecy Act/Anti-Money Laundering (BSA/AML) Examination Manual is used by federal and state regulators to examine for compliance with BSA and AML requirements, and it is widely used throughout the financial services industry for BSA/AML guidance. The April 15, 2020, updates are the most recent updates to the FFIEC BSA/AML Examination Manual since the FFIEC Manual was last issued in 2014.
Subtle Changes Add Broad Implications to Examination Process
Particularly in this time of crisis and uncertainty given the pandemic and impact on domestic and global economies and businesses, understanding regulatory focus and expectations is critical. This provides boards of directors and senior management the opportunity to better manage strained, and in many cases, insufficient resources, amid increasing risks, while continuing to comply with anti-money laundering standards.
The April 2020 Updates to the FFIEC BSA/AML Examination Manual do not establish any new requirements. Instead, the updates provide some subtle changes and additional transparency in the examination process, as well as guidance to examiners for performing risk-based BSA/AML assessments of a bank’s BSA/AML compliance program.
The April 2020 Updates are organized into four sections: Scoping and Planning, BSA/AML Risk Assessment, Assessing the BSA/AML Compliance Program, and Developing Conclusions/Finalizing the Exam. Focusing on the overall examination program, this differs from the Core Examination and Overview sections of the 2014 Manual.
Although the 2014 Manual emphasizes the importance of the BSA/AML Risk Assessment with a separate section, the 2020 Updates stress that regulators will perform BSA/AML examinations based on the risk profile of the respective financial institution.
The 2020 Updates include regulatory changes since the 2014 Manual, and updated sections distinguish between regulatory requirements and regulatory expectations.
In comparing the 2014 Manual and the 2020 Updates, there are wording changes reflecting focus on adequacy versus effectiveness in some BSA program areas. It is unclear if the regulators intended to lower the standard for evaluating those program areas. Examples include:
Scoping and Planning Section
2014 Manual: “The BSA/AML Examination is intended to assess the effectiveness of the bank’s BSA/AML compliance program…” (page 11)
2020 Updates: “Examiners assess the adequacy of the bank’s BSA/AML compliance program…” (page 1)
2014 Manual: “The training program should reinforce the importance that the board and senior management place on the bank’s compliance with the BSA and ensure that all employees understand their role in maintaining an effective BSA/AML Compliance program.” (page 33)
2020 Updates: “The training program may be used to reinforce the importance that the board of directors and senior management place on the bank’s compliance with the BSA and that all employees understand their role in maintaining an adequate BSA/AML compliance program.” (page 32)
The April 2020 Updates provide clarifications to the 2014 Manual. Examples are:
The April 2020 Updates reflect there is no requirement to update the BSA/AML risk assessment on a continuous or specified periodic basis. Risk assessments should instead be updated (in whole or in part) when there are changes in the bank’s risk profile. This is a substantial change from the 2014 Manual that stated that banks should reassess their BSA/AML risks at least every 12 to 18 months.
BSA Compliance Officer:
Both the 2014 Manual and the 2020 Updates reflect that the board of directors must designate a qualified individual to serve as the BSA compliance officer.
The April 2020 Updates further state that the board is responsible for ensuring that the BSA compliance officer has the appropriate authority, independence, and access to resources to administer an adequate BSA/AML program based on the bank’s risk profile. This change focuses on the board’s responsibility for ensuring adequate resources for compliance.
The 2020 Updates add that the board of directors and senior management should receive foundational training, and the board should be provided with an understanding of the bank’s risk profile and BSA regulatory requirements to ensure proper oversight of the BSA/AML program. This is another change that puts the focus on the front line, the board, and senior management, for risk management.
Steps Leaders Must Take to Balance Strained Resources with Increased Risk
Banks should review their policies, procedures, and internal controls to make sure they align with the subtle changes to the FFIEC manual.
Banks should review their programs to ensure they are reflective of the institution’s risk profile for money laundering, terrorist financing, and other illicit financial activity, and focus resources on higher-risk areas and functions.
The board and senior management should ensure that they receive comprehensive AML training and receive more information about the bank’s regulatory requirements, risk profile, and mitigation measures.
Boards of directors and senior management should receive, or ask for, sufficient information about resources, including staffing and technology, to meet the bank’s BSA obligations. The board must also ensure that the BSA officer has the appropriate authority, independence, and access to needed resources, to administer the BSA program based on the bank’s risk profile. Guidehouse recommends that the BSA officer have some direct access to the board for both risk and resource discussions.
Without further guidance or enforcement actions, Guidehouse does not recommend assuming that the language changes in the April Update from effective to adequate signals some lower standard. It may be that the regulators assume that for a program to be adequate, it must be effective. It would be wise to wait for further elaboration.
Guidehouse Assists You in Uncertain Times
In this unprecedented time of upheaval and uncertainty, Guidehouse is positioned to quickly respond to the anti-financial crime needs of financial institutions, both within the U.S. and globally, to help protect the institution, its investors, customers, and employees. Given the deep expertise and experience of our anti-financial crime professionals, we are prepared to assist with customized, realistic, and sustainable solutions for anti-money laundering, sanctions, fraud, and cybersecurity during the immediate crisis, as well as going forward.