When conducting recent examinations for Bank Secrecy Act/anti-money laundering compliance, regulatory officials flagged deficiencies in risk assessments, a need for more maturity in compliance systems and processes and data integrity issues, particularly as a result of mergers, as areas of concern during a panel discussion at the American Bankers Association/American Bar Association Financial Crimes Enforcement Conference in Washington, D.C., today.
According to the OCC’s Spencer Doak, examiners are seeing “risk assessments that are too narrowly focused [or] outdated,” which may lead to “inadequate or incorrect customer risk identification or ratings. He added that in some cases, “banks have outgrown their monitoring systems,” and urged institutions to “pause every once and awhile” and assess how their risk profiles, customer bases and product offerings have changed, and adjust their compliance program as necessary.
Regulators noted that they are working to update the FFIEC’s examination manual, signaling that they would take a “phased approach” to issuing updates,. The first phase will involve an assessment of the BSA compliance program, said the FDIC’s Debra Novak, who added that “we’re trying to release something close to the end of the year” or soon after.
Regulators also said that they are working collaboratively to explore the possibility of providing additional clarity on model risk management with respect to Bank Secrecy Act/anti-money laundering compliance through an interagency statement, similar to previous statements issued on innovation and information sharing.