On 15 April 2020, the Federal Financial Institutions Examination Council (FFIEC) released several updates to the Bank Secrecy Act/Anti-Money Laundering (BSA/AML) examination manual. This manual is used by regulators to evaluate an institution’s compliance with the Bank Secrecy Act and other financial crime related requirements. The principle theme of the updates was to emphasize the need for financial institutions to build their AML compliance program based on its risk profile for financial crime-related abuses (i.e. money laundering, terrorist financing, sanctions avoidance, human-trafficking, etc.). The 2020 revision incorporates various regulatory changes since the last update in 2014.  Notable revisions include:

  • Risk-Focused BSA/AML Supervision
    • Stresses the approach, design, and execution of the exam should be based on the institution’s risk profile
  • Assessing the BSA/AML Compliance Program
    • Provides comprehensive instructions for assessing each of the four aspects of a compliance program and a minimum set of exam procedures
  • BSA/AML Risk Assessment
    • Outlines how to assess the adequacy of an institution’s risk assessment process while stressing the approach, design and execution should align with the institution’s risk profile
  • Developing Conclusions and Finalizing the Exam
    • Emphasizes an institution has the flexibility to design their own program and minor flaws do not necessarily demonstrate failure or fundamental inadequacies

While these revisions were under development long before the pandemic and the FFIEC stressed the updates of offering transparency and not new requirements, the “risk-based” theme is quite befitting the times. Since early March, multiple supervisory agencies have issued guidance for financial institutions as they attempt to respond to challenges of the global pandemic. See the guidance by agency:

  • Small Business Administration
    • Interim Final Rule outlines the AML compliance requirements for participants in the Paycheck Protection Program (PPP) created under the CARES ACT
  • FinCEN
    • On 3 April 2020 issued guidance to assist financial institutions on complying with BSA/AML obligations
  • Office of the Comptroller of the Currency (OCC)
    • Bulletin 2020-34 underscored FinCEN’s April 3rd guidance on AML compliance during the pandemic
  • Federal Reserve Board
    • Has issued ongoing guidance on loan, mortgages, and other entities and financial services affected by the pandemic
  • FINRA
    • On 24 March 2020, FINRA published FAQs detailing specific circumstances for temporary regulatory relief during the pandemic
  • NY DFS
    • On 12 March 2020, NY DFS issued a temporary relief order for regulated entities/persons during the pandemic

The common thread across much of the guidance is acknowledgement and understanding of deviations or gaps in BSA/AML compliance. Despite the “pandemic consideration” given for any delays or gaps in BSA/AML compliance, regulators are signaling it will not be an acceptable excuse for fundamental non-compliance. For example, the OCC stated in its bulletin, “[it] recognizes the recent disruptions and significant challenges faced by banks as a result of the coronavirus disease … and encourages all banks to follow a risk-based approach to managing their BSA compliance programs.” There is no statement of understanding for non-compliment. 

Furthermore, the “risk-based approach” referenced by the OCC here underscores the expectation that BSA compliance remains relevant and applicable. If any financial institutions find themselves deviating from compliance standards, material changes should be well-documented and approved. Ultimately, even if the “risk-based” theme of the updates to the FFIEC manual were not influenced by the regulatory response to the pandemic, it’s release and instruction may prove to be quite serendipitous.