FFIEC’s Third Update 2021 of the BSA / AML Exam Manual | Ballard Spahr srl


On December 1, 2021, the Federal Financial Institutions Review Council (“FFIEC”) published updates to his Bank Secrecy Act / Anti-Money Laundering (BSA / AML) review Manual (the “Manual”), which provides guidance to examiners to assess a financial institution’s BSA / AML compliance program and its compliance with related regulatory requirements. This update is the third for 2021: FFIEC has also published updates to the Handbook on February 25, 2021 and June 21, 2021.

This most recent manual update adds a new introductory section, Presentation – Customers. The updated manual also includes changes to the sections relating to Charitable and non-profit organizations, Independent ATM owners or operators, and Politically exposed persons (“DYNAMISM”). The scope of this most recent manual update is consistent with previous updates from 2021. In February, FFIEC released an introductory section and updates to three sections related to identification programs. (“CIP”), Foreign Currency Transaction Reports (“CTR”) and Exempt Person Transactions. In June, FFIEC released updates to four sections related to reporting the international transport of currency or monetary instruments, buying and selling monetary instruments, keeping records, reporting on foreign finances and special measures.

In line with previous FFIEC interagency press releases associated with manual updates, FFIEC explained that “[t]Updates should not be interpreted as new requirements or as a new or increased focus on certain areas “, but rather” to provide information and considerations relating to certain customers which may indicate the need for banking policies, procedures and processes. to combat potential money laundering, terrorist financing and other risks associated with illicit financial activities. Despite this disclaimer, the updates provide useful information about examiners’ priorities for BSA / AML compliance.

The introduction of the manual concerning the type of client

The new introductory section of the Handbook focuses on the principle that “no specific type of client automatically presents a higher risk of [Money Laundering and Terrorist Financing] or any other illicit financial activity[,]And that BSA / AML compliant banks “are neither prohibited nor discouraged from providing banking services to a specific class or type of customer.” On the contrary, the FFIEC indicates that the “potential risk of a customer for a bank depends on the presence or absence of many factors”. New introductory section highlights sections of the manual that relate to client types, such as sections dealing with client due diligence, beneficial ownership of corporate clients, and suspicious activity reports. .

Changes to existing sections

Updates to three existing sections of the Handbook are twofold. First, the update expands the objectives of these sections and adds additional detail to the subsections dealing with risk factors and risk mitigation, both of which were included in previous iterations of these sections. Second, the update adds two entirely new subsections describing the reviewer assessment process. These new subsections regarding the reviewer assessment process, which are described below, are almost identical in all three section updates.

Examiner assessment

Each of the three updated sections of the manual includes a new subsection titled “Examiner Assessment”. These subsections ask reviewers to “determine whether the bank’s internal controls are designed to ensure continued compliance and are commensurate with the risk profile of the bank”. Specifically, these subsections ask reviewers to consider whether the bank’s controls ‘manage and mitigate’ money laundering and terrorist financing (‘ML / FT’) and other risks of illicit financial activity. for charities and other clients of non-profit organizations, PEPs identified by the bank, or independent ATM owners or operators.

Examination and testing procedures

Each updated section also includes a subsection dealing with examination and testing procedures. The stated objective of these examination and testing procedures is to “[e]evaluate the bank’s policies, procedures and processes to assess, manage and mitigate the risks associated with customers. In the context of these three updated sections, the review and test guide proposes to focus on Client Identification, Client Due Diligence (“CDD”), Beneficial Ownership of Corporate Clients and reporting suspicious activity, as there are no BSA regulations specific to charities and other clients of non-profit organizations, PEPs identified by a bank, or independent owners or operators of ATMs.

There are minimal variations in the step-by-step exam and test procedure for each of the updated sections, but these instructions are largely the same for each of the updated sections. These instructions are described below:

  • First, the reviewer should determine whether the bank has developed and implemented appropriate written risk-based procedures for conducting CDDs. In the case of PEPs, the reviewer should determine whether risk-based testing is appropriate based on the review of a risk assessment.
  • Second, the reviewer must determine, as part of their CDD program, whether the bank has effective processes for developing client risk profiles.
  • Third, the examiner should determine whether the bank has policies, procedures and processes to identify customers who may be at higher risk of ML / FT and other illicit activities. These policies, procedures and processes should indicate whether and when it is appropriate for the bank to obtain and review additional customer information when insufficient, inaccurate or unverifiable information is obtained.
  • Fourth, the examiner should determine whether the bank’s system for monitoring the potentially high-risk customer (customers of non-profit organizations, PEPs, or independent ATM owners or operators) for suspicious activity is adequate given the the bank’s risk profile.
  • Fifth, in the context of ATM owners or independent client operators, the reviewer should determine whether the bank’s policies, procedures and processes adequately address the preparation, classification and retention of foreign currency transaction reports. .
  • Sixth, the reviewer must determine whether risk-based testing is appropriate based on a review of a risk assessment, previous review reports, other review information, or a review of bank audit findings. If risk-based testing is required, the manual describes the appropriate risk-based examination procedures that the examiner should follow.
  • Finally, based on the examination and testing procedures, the examiner should draw a conclusion about the adequacy of the bank’s policies, procedures and processes.

As with previous updates to the FFIEC, updates to the manual, in particular the sections regarding assessment, review, and testing procedures, help clarify reviewer expectations as Covered Financial Institutions move forward. implement their BSA / AML policies, procedures and processes, keeping in mind the risk-based direction of the regulation.

[View source.]

About Irene J. O'Donnell

Check Also

Denver Manual High School to Lose JROTC Program

One of Denver’s oldest and most reputable high schools is losing a program that former …