Risk Assessment & OFAC

Posted By: PrimeTime

Risk Assessment & OFAC - 02/11/15 10:03 PM

I've seen two schools of thought in regards to the Risk Assessment and its relation to OFAC, and I was looking to find out what other members of this site are doing.

Some information I've read says that the OFAC Risk Assessment can be included in the BSA/AML Risk Assessment, however other sources state that they need to be separate. I'm wondering if this is based off institution size, as well as risk appetite.

I'm from a moderate size community bank, only located in 2 states, and have what I believe to be an extremely low amount of risk. As a result, I think it's completely feasible to include the OFAC risk assessment as a section of the BSA/AML risk assessment, however I didn't want to get slammed by the examiners for doing so.

Thoughts? Examples? Feedback is much appreciated!
Posted By: Doug Hendrickson

Re: Risk Assessment & OFAC - 02/11/15 10:10 PM

We have one BSA/AML/OFAC risk assessment document. One section has the risks for BSA/AML and the second section has the risks for OFAC. We've never had a problem with them both being in the same document.
Posted By: Cape Codder

Re: Risk Assessment & OFAC - 02/11/15 11:55 PM

Same here.
Posted By: Greg

Re: Risk Assessment & OFAC - 02/12/15 12:42 AM

I have them in one document but they are not combined. Each is presented as a distinct risk statement.
Posted By: New Manager

Re: Risk Assessment & OFAC - 02/12/15 01:41 PM

Same here and at my last two jobs.
Posted By: happyauditor

Re: Risk Assessment & OFAC - 02/12/15 02:06 PM

Our regulatory examiner "suggested" (aka required) we make the risk assessments separate and also to make our audits separate (even though when both the risk assessment and audit was incorporated within the BSA risk assessment and BSA audit, they did not have any comments on either being deficient.)
Posted By: PrimeTime

Re: Risk Assessment & OFAC - 02/12/15 03:08 PM

Awesome! Thanks for the feedback everyone. Maybe it was the wording that was giving me the confusion, they can be "combined" into the same document, but a SEPARATE risk assessment needs to be performed on each.
Posted By: P*Q

Re: Risk Assessment & OFAC - 02/23/15 02:06 PM

One document but risk assessed separately.