I've seen two schools of thought in regards to the Risk Assessment and its relation to OFAC, and I was looking to find out what other members of this site are doing.
Some information I've read says that the OFAC Risk Assessment can be included in the BSA/AML Risk Assessment, however other sources state that they need to be separate. I'm wondering if this is based off institution size, as well as risk appetite.
I'm from a moderate size community bank, only located in 2 states, and have what I believe to be an extremely low amount of risk. As a result, I think it's completely feasible to include the OFAC risk assessment as a section of the BSA/AML risk assessment, however I didn't want to get slammed by the examiners for doing so.
Thoughts? Examples? Feedback is much appreciated!
Life is like a bicycle. To keep your balance, you must keep moving.