BSA/AML Manual

INTRODUCTION

In addition to the Bank Secrecy Act/anti-money laundering (BSA/AML) compliance program requirements, banks must comply with other program, reporting, and recordkeeping requirements; special information sharing procedures; and special standards of diligence, prohibitions, and special measures set forth in 31 CFR Chapter X Part 1020.  Although the rules for banks are set forth in Part 1020, many of the specific requirements cross-reference to 31 CFR Chapter X Part 1010. 

Consistent with the approach described in the BSA/AML compliance program section, written policies, procedures, and processes alone are not sufficient to comply with these other BSA regulatory requirements.  Practices that correspond to the bank’s written policies, procedures, and processes are needed for implementation.  Importantly, policies, procedures, processes, and practices should align with the bank’s unique money laundering, terrorist financing (ML/TF), and other illicit financial activity risk profile. 

During the scoping and planning process, examiners should determine on the basis of risk what, if any, specific BSA regulatory requirements to review in addition to the review of the BSA/AML compliance program.¹ Federal Reserve, FDIC, FinCEN, NCUA, OCC (July 22, 2019), “Joint Statement on Risk-Focused Bank Secrecy Act/Anti-Money Laundering Supervision.” The specific examination procedures performed to assess the bank’s compliance with BSA regulatory requirements depend on the bank’s risk profile, size or complexity, quality of independent testing, changes to the bank’s BSA/AML compliance officer or department, expansionary activities, new innovations and technologies,² Federal Reserve, FDIC, FinCEN, NCUA, OCC (December 3, 2018), “Joint Statement on Innovative Efforts to Combat Money Laundering and Terrorist Financing.” or other relevant factors.  Given that banks vary in size, complexity, and organizational structure, and have unique risk profiles, the scope of a BSA/AML examination should be tailored to each bank.  Examiners should focus their review of risk management practices and compliance with BSA regulatory requirements on areas of greatest ML/TF and other illicit financial activity risks.  Examiners will assess whether the bank has developed and implemented adequate processes to identify, measure, monitor, and control those risks and comply with BSA regulatory requirements. 

Testing performed for BSA regulatory requirement areas will assess the implementation of policies, procedures, and processes; and evaluate controls, information technology sources, systems, and processes used for BSA/AML compliance.  Testing should be risk-focused and can take the form of testing specific transactions or performing analytical or other reviews.  Examiners must perform some testing during each BSA/AML examination cycle.  Testing may focus on any of the regulatory requirements and may address different BSA areas, but may not be necessary for every regulation or BSA area examined.  Not all of the examination and testing procedures included in this Manual are likely to be applicable to every bank or during every examination.