BSA/AML Manual

Introduction - Customers

The subsections within Risks Associated with Money Laundering and Terrorist Financing (ML/TF) provide information and considerations that may indicate the need for bank policies, procedures, and processes to address potential ML/TF and other illicit financial activity risks related to certain products, services, customers, and geographic locations. Not all of the examination and testing procedures included in the Risks Associated with Money Laundering and Terrorist Financing sections will apply to every bank, or be used during every examination.

Examiners are reminded that no specific customer type automatically presents a higher risk of ML/TF or other illicit financial activity. Further, banks that operate in compliance with applicable Bank Secrecy Act/anti-money laundering (BSA/AML) regulatory requirements and reasonably manage and mitigate risks related to the unique characteristics of customer relationships are neither prohibited nor discouraged from providing banking services to any specific class or type of customer.

Customer relationships present varying levels of ML/TF and other illicit financial activity risks, and the potential risk to a bank depends on the presence or absence of numerous factors. Not all customers pose the same risk, and not all customers of a particular type are automatically higher risk. The potential risk to a bank depends on the facts and circumstances specific to the customer relationship. The federal banking agencies and FinCEN,¹ "Joint Statement on the Risk-Focused Approach to BSA/AML Supervision," issued by the Board of Governors of the Federal Reserve System (Federal Reserve), the Federal Deposit Insurance Corporation (FDIC), the Financial Crimes Enforcement Network (FinCEN), the National Credit Union Administration (NCUA), and the Office of the Comptroller of the Currency (OCC), July 22, 2019. encourage banks to manage customer relationships and mitigate risks based on those customer relationships rather than declining to provide banking services to entire categories of customers.

The following sections on different customer types are intended to be a subset of a broader review of compliance with BSA/AML regulatory requirements, such as customer identification,² 12 CFR 208.63(b)(2), 211.5(m)(2), and 211.24(j)(2) (Federal Reserve); 12 CFR 326.8(b)(2) (FDIC); 12 CFR 748.2(b)(2) (NCUA); 12 CFR 21.21(c)(2) (OCC); and 31 CFR 1020.220 (FinCEN). customer due diligence (CDD),³ 31 CFR 1010.210 and 1020.210(a)(2)(v). beneficial ownership of legal entity customers,⁴ 31 CFR 1010.230. and suspicious activity reporting.⁵ 12 CFR 208.62, 211.5(k), 211.24(f), and 225.4(f) (Federal Reserve); 12 CFR 353 (FDIC); 12 CFR 748.1(c) (NCUA); 12 CFR 21.11 and 12 CFR 163.180 (OCC); and 31 CFR 1020.320 (FinCEN). However, there is no BSA/AML regulatory requirement or supervisory expectation⁶ There may be supervisory expectations for other reasons, such as safety and soundness standards, corporate governance, bank-specific enforcement actions and conditions for obtaining bank charters and deposit insurance. for banks to have unique or additional customer identification requirements or CDD steps for any particular group or type of customer. Consistent with a risk-based approach, the level and type of CDD should be commensurate with the risks presented by the customer relationship.

Banks must have appropriate risk-based procedures for conducting ongoing CDD to understand the nature and purpose of customer relationships, and to develop customer risk profiles.⁷ 31 CFR 1020.210(a)(2)(v). The information collected to create a customer risk profile should also assist banks in conducting ongoing monitoring to identify and report any suspicious activity. Examiners should assess how a bank evaluates customers according to their particular characteristics to determine whether the bank can effectively mitigate the risk customers may pose.

The scoping and planning process will help examiners to focus their reviews of risk management practices and compliance with BSA/AML regulatory requirements on areas with the greatest ML/TF and other illicit financial activity risk, which may include some customer types or groups. The specific examination procedures performed will depend on factors such as the bank's risk profile, size, or complexity, expansionary activities, adoption of new innovations or technologies, changes to the bank's BSA/AML compliance officer or department, the quality of the bank's independent testing, and other relevant factors. As appropriate, examiners will assess whether the bank has developed and implemented adequate policies, procedures, and processes to identify, measure, monitor, and control risks customers may pose, and to otherwise comply with related BSA/AML regulatory requirements.