BSA/AML Risk Assessment

The BSA/AML risk assessment has to be reviewed with the Board to determine that it is adequate and that all risks are properly identified and mitigated via the program. Without understanding the risk assessment, the Board cannot make a determination as to the adequacy of the program. While there is no specific requirement for an approval, documentation of the review and acceptance would be advisable.

From the FFIEC manual:

"The same risk management principles that the bank uses in traditional operational areas should be applied to assessing and managing BSA/AML risk. A well-developed risk assessment will assist in identifying the bank’s BSA/AML risk profile. Understanding the risk profile enables the bank to apply appropriate risk management processes to the BSA/AML compliance program to mitigate risk. This risk assessment process enables management to better identify and mitigate gaps in the bank’s controls. The risk assessment should provide a comprehensive analysis of the BSA/AML risks in a concise and organized presentation, and should be shared and communicated with all business lines across the bank, board of directors, management, and appropriate staff; as such, it is a sound practice that the risk assessment be reduced to writing."

First published on BankersOnline.com 4/20/09