“Mitigate and Manage” vs. “Limit and Control” Risk

One of the changes in the recent FFIEC BSA Examination Manual updates was a move from having internal controls that “limit and control risk” to achieve compliance with BSA, to having internal controls that “mitigate and manage” risk associated with money laundering, terrorist financing (ML/TF) and other illicit financial activity.

This change stems from the July 22, 2019, Joint Statement on Risk-Focused Bank Secrecy Act/Anti-Money Laundering Supervision.  The Statement said, “to assure BSA/AML compliance programs are reasonably designed to meet the requirements of the BSA, banks structure their compliance programs to be risk-based and to identify and report potential money laundering, terrorist financing and other illicit financial activity…Banks determine the levels and types of risks that they will assume and are encouraged to manage customer relationships and mitigate risks based on customer relationships, rather than declining to provide banking services to entire categories of customers.”

Limiting risk may have led many financial institutions to de-risk, in other words, they decline to provide banking services to entire categories of customers.  For example, de-risking drove a lot of financial institutions to get out of high-risk activities, such as banking MSBs, marijuana-related businesses, etc.  The updates to the BSA Examination Manual make it clear that examiners don’t want you to run away from risk, they want you to put appropriate controls in place and…manage it!

If you want more on the updates to the BSA Examination Manual, be sure to check out our webinar, The New BSA/AML Examination Manual, which is available now OnDemand.

Published
2020/06/03

See BSA/AML Free Tools Here – https://store.bankerscompliance.com/link/BSAFreeTools

Share This