Resources | AML RightSource

Can you take “statements” to the bank? Risk-Focused BSA? “Showdown.”*

Written by John Byrne | August 02, 2019

“Banks that operate in compliance with applicable law, properly manage customer relationships and effectively mitigate risks by implementing controls commensurate with those risks are neither prohibited nor discouraged from providing banking services.” (From the July 22nd Statement)

“Governments and banking regulators should focus on ways they can send an appropriate message that not all NPOs are high-risk and that, with proper due diligence, FIs can open bank accounts for NPOs and provide them with banking services.” (From Banking Nonprofit Organizations-The Way Forward)

As we close in on 18 years after the most comprehensive actions/debates on the AML regime (The Patriot Act), our community is pressing for reason, regulatory reduction, and reporting relevance. Congress is contemplating reform and a number of studies for possible future action, and the banking agencies are making quite a bit of “noise” on encouraging innovation and improving examinations.

So where are we, exactly?

The July 22nd Joint Statement on Risk-Focused BSA/AML Supervision

In reaction to the aforementioned legislative proposals and the legitimate complaints from the financial sector and some clients regarding regulatory risk management criticisms, attempts to navigate and manage this confusing statement have resulted in very harmful de-risking practices to humanitarian groups (among others). In response, the federal banking agencies (and in this case FinCEN) have issued yet another statement on exam “consistency”. They have indicated that this release is their attempt at transparency.

Prior to the recent statement, the FFIEC, as part of their “Examination Modernization Project”, told us in November of 2018 that they were “focused on tailoring examination plans and procedures based on risk, which is another area that holds promise for reducing burden.” https://www.ffiec.gov/press/pr112718.htm

So by definition this is a recent development, correct?

The reason to point this out is that the July 22nd statement, while crafted in a reasonable manner and one that would make a solid policy if actually implemented, says that the statement “aligns with the federal banking agencies’ long standing practices for risk-focused safety and soundness examinations.” (emphasis added)

So wait, what? How can you both modernize and also boast of “long-standing practices?”

Moving to the substance of the statement, emphasizing a risk-focused approach to exams is certainly welcome, especially if the agencies adhere to the maxim in the document to “recognize that banks vary in focus and complexity, and that these differences create for each bank a unique risk profile.” Their conclusion then, “the scope of BSA/AML examinations varies by bank”, would be great if actually true.

The problem is that our community argues that this position is not being followed by many examiners and we have many examples where that is certainly a question. For example, how often have examiners said to an institution, “why don’t you have the same SAR volume as your neighbor?”

Returning to the statement, here are the particulars on how the agencies say they will assess a bank’s risk profile:

  • Review the bank’s BSA/AML risk assessment (even though one is actually not required), independent tests or audits, information from previous examinations, and other information
  • Contacting a bank between examinations (or perhaps there are ongoing communications between the examiner staff and the bank on a regular basis)
  • Consider the institution’s ability to identify, measure, monitor, and control risks

On the risk assessment review; the agencies emphasize they will allocate more resources to higher-risk areas. In return, the assessment will test all risk areas including products, services, customers and the geographic locations in which the bank operates. Here’s the dilemma: since risk assessments are not required by regulation and this statement is “guidance” so also not regulation, where does all of this actually fall? AML professionals would be happy to engage in an informed debate on the value of risk assessments (which many already perform) and how to ensure true risk-focused examinations, if we actually knew what the measuring requirements were.

I firmly believe legislation that requires additional examiner training and mandates the “risk-based approach” that we have all trumpeted for 20 years will result in any real change. I’m afraid anything short of this, will result in little to no clear change.

Statements can be useful, but need to be consistent, clear, and actually reflective of practice.

Without that, it looks as though there’ll be more pain, as we’re unavoidably headed for a showdown.

* “Showdown” with the line “looks as though there’ll be more pain” was a 1973 song by Electric Light Orchestra (ELO) and written by Jeff Lynne. Lynne re-recorded the song in 2012 and is currently touring in arenas in the US and Canada.

https://www.fincen.gov/sites/default/files/2019-07/Joint%20Statement%20on%20Risk-Focused%20Bank%20Secrecy%20Act-Anti-Money%20Laundering%20Supervision%20FINAL1.pdf