Regulatory Expectations For the BSA/OFAC Risk Assessment are Increasing. Are you ready?
Assess The Risk to Mitigate It.
For sure, risk assessments are far more important now than in years past. Regulators are demanding the risk assessment be “risk focused”. This will require more information and analysis. Now, every institution is expected to do a granular, down to specific products or services and account geographic, analysis.
The institution is also expected to use the risk assessment as a “Project Risk Scope” or a guide for the institution’s day to day conduct of business. (Many financial institutions used the form contained in the Exam Manual, referred to as “Appendix J” as a defacto Risk Assessment. That may have worked in the past. Now, in 2022, not so much.)
Even if not explicitly required, examination teams often look favorably on institutions who perform risk assessments more frequently, not just to satisfy the examiners. But, even more important, a risk assessment should be performed before undertaking any significant project (new products, loss of key employees, change in core processor procedures, etc.).
COVID-19 pandemic became another reason to perform a Risk Assessment, since institutions needed to analyze the pandemic effects on their operations and business risks.
A risk assessment payoff: an example to think about.
In the middle of the process to roll out mobile banking, our client lost the Chief Deposit Operations officer. That person’s areas of supervision included Online Banking, ACH and Wire Transfers plus Reg E disputes. The key employees in the department were stable. The bank’s question was: can we continue with mobile banking or is the risk associated with the loss of the employee big enough to warrant postponing the introduction of Online Banking? The answer was found with a Risk Assessment.
The assessment documented the risks associated with proceeding with the plan while recruiting a replacement. Those risks were determined to be manageable. Which is what the bank decided to do. Guess what? The next independent audit team asked how that decision was made and did the bank have documentation in hand. (Of course, a more embarrassing question could have been, “Can I see the risk assessment you did before you decided to go with mobile banking?” But, we won’t go there.)
Want to to talk it over?
Call 828-230-5803 or fill in the Contact Form.
Watch the video:
How to Risk-Focus Your BSA/OFAC Risk Assessment
These guys are good. They helped get our program out of the ditch with a workable compliance plan – which they’ve updated for us twice. They managed to get a compliance team spirit going in the bank – even the BDOs are on board. The outside auditor has rated our program at a “9” (out of 10) for the past four years – and the auditor say, “I never give anybody a 10.”
Let's Talk It Over (No Charge!)
Call us at 828-230-5803 or go here and fill out the form.