BSA/AML Risk Assessment
A BSA/AML risk assessment establishes the foundation for a credit union’s compliance program. When evaluating the BSA/AML risk assessment, examiners assess whether the credit union has developed a BSA/AML risk assessment that identifies ML/TF and other illicit financial activity risks along with compensating controls and is updated periodically. Examiners also assess if the credit union has considered all products, services, membership, and geographic locations, and if the credit union has analyzed the information relative to these risk categories.
The lack of a current regulatory requirement does not preclude an examiner from addressing deficiencies related to a credit union’s BSA/AML risk assessment. The FFIEC BSA/AML Examination Manual states that if the credit union’s risk assessment is inadequate, the examiner must complete one based on the available information.
The BSA/AML risk assessment, while not a specific legal requirement, helps a credit union identify ML/TF and other illicit financial activity risks and develop appropriate policies and procedures (internal controls). An effective risk assessment is updated when a credit union’s risk profile changes. Additionally, a credit union may update its risk assessment when:
-
New products or services are added
-
FOM changes occur, such as adding geographic locations or completing a merger or acquisition
-
A geographic location served by the credit union becomes a HIDTA or HIFCA
-
FinCEN updates the AML/CFT National Priorities (at least every four years)
For more information, see the BSA/AML Risk Assessment section and Appendix J of the FFIEC BSA/AML Examination Manual.
Last updated on February 02, 2023
