BSA Risk Assessment Problems

A bank’s risk assessment should assist in effectively managing the BSA/AML risk and, therefore, is critical in the development of applicable internal controls, as required for your BSA/AML compliance program.

Common Problems with Risk Assessments are:

  • Incomplete Identification of relevant risk factors is .
  • Insufficient detail of a risk factor to evaluate potential risk.
  • Mitigating controls are not identified for the risk factors.
  • Mitigating controls are inconsistent with the level of risk associated with a risk factor.
  • The process to periodically review or update the risk assessment is not formalized.
  • Communication with the Board of Directors, regarding either the initial risk assessment or subsequent changes to the risk assessment, is not adequate.

What Regulators Look for in Your Risk Assessment:

  • Quantitative support for assessment conclusions
  • Involvement of all department heads in assessment formulation
  • Consideration of all types of high-risk customers, not just a specific business line
  • Consideration of location of FI/Customers (e.g., HIDTA/HIFCA)
  • Board of Directors involvement

Tools & Checklists Which can Help you Correctly Asses Risk :

Bank IT Risk Assessment Checklist & Form

Risk Scoring Form For BSA/AML Risk Assessment

GLBA Information Security Risk Assessment Process & Worksheets

Third Party IT Vendor Risk Assessment -Checklist-forms-for banks


Quantitative Support for Assessment:

Here are some examples of how management might have used quantity to determine its risk for wire and monetary instrument activity.

  • Wire Activity
  • Provided the average daily volume of retail wires, both incoming and outgoing combined
  • Used estimates by using the total monthly volume divided by the days of activity, weekly volume divided by the days of activity, or longer period
  • Monetary Instruments
  • Provided the average daily volume of instruments (e.g., number and total dollar of cashier’s checks, individual money orders, traveler’s checks)
  • Computed the average daily volume using the actual day’s volume, or it may be based on estimates for the week, month, or longer periods (divided by the days in the period)