On pages 24-25 of the BSA Exam Manual it says:
"Management should update its risk assessment to identify changes in the bank’s risk profile, as necessary (e.g., when new products and services are introduced, existing products and services change, high-risk customers open and close accounts, or the bank expands through mergers and acquisitions). Even in the absence of such changes, it is a sound practice for banks to periodically reassess their BSA/AML risks at least every 12 to 18 months."
So if you haven't had the changes mentioned and you're within 18 months maybe you can use this quote.