BSA/AML Risk Assessment
A BSA/AML risk assessment establishes the foundation for a credit union’s AML/CFT program. When evaluating the BSA/AML risk assessment, examiners determine whether the credit union has developed a BSA/AML risk assessment that identifies ML/TF and other illicit financial activity risks along with compensating controls and if the assessment is updated periodically. Examiners also evaluate whether the credit union has considered all products, services, membership, and geographic locations, and if the credit union has analyzed the information relative to these risk categories.
The BSA/AML risk assessment, while not a specific legal requirement, helps a credit union identify ML/TF and other illicit financial activity risks and develop appropriate policies and procedures (internal controls). Examiners can address deficiencies related to a credit union’s BSA/AML risk assessment without a current regulatory requirement. The FFIEC BSA/AML Examination Manual states that if the credit union’s risk assessment is inadequate, the examiner must complete one based on the available information.
An effective risk assessment is updated when a credit union’s risk profile changes. Additionally, a credit union may update its risk assessment when:
-
New products or services are added
-
FOM changes occur, such as adding geographic locations or completing a merger or acquisition
-
A geographic location served by the credit union becomes a HIDTA or HIFCA
-
FinCEN updates the AML/CFT National Priorities (at least every four years)
For more information, see the BSA/AML Risk Assessment section and Appendix J of the FFIEC BSA/AML Examination Manual.
Last updated on August 19, 2024