On July 22, 2019, the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration, the Office of the Comptroller of the Currency and the U.S. Department of Treasury’s Financial Crimes Enforcement Network (FinCEN) (collectively the federal banking agencies), issued a joint statement entitled Joint Statement on Risk-Focused Bank Secrecy Act/Anti-Money Laundering Supervision (the “statement”).

The specific emphasis of the statement is to reiterate that the federal agencies will take a risk-focused approach to examinations. The statement itself does not purport to create new requirements but rather is a tool to enhance transparency in the approach used by the federal banking agencies in planning and performing BSA/AML examinations. As the statement notes, it “aligns with the federal banking agencies’ long-standing practices for risk-focused safety and soundness examinations.”

Risk Profiles

At the outset, the federal banking agencies urge banks to conduct a comprehensive risk assessment, which are deemed “a critical part of sound risk management.” Specifically, banks themselves have unique risk profiles given each bank’s focus (i.e., “a bank with a localized community focus likely has a stable, known customer base”) and complexity, which must be assessed at the outset when developing and implementing an adequate BSA/AML program.

Of particular note, the federal banking agencies state that banks that “operate in compliance with applicable law, properly manage customer relationships and effectively mitigate risk by implementing controls commensurate with those risk are neither prohibited nor discouraged from providing banking services.”  The statement goes on to assert that “banks are encouraged to manage customer relationships and mitigate risks based on customer relationships rather than declining to provide banking services to entire categories of customers.”

Risk-Focused Examinations

The federal agencies state that they take steps before exams in order to assess the bank’s risk profile:

1. Leveraging available information provided to it by the bank, including risk assessments, independent testing, audits, analyses and conclusions from previous audits, and other information available through the off-site monitoring process.
2. Communications between the bank and the examiners between exams and prior to finalizing the scope of the exam.
3. Considerations as to the bank’s ability to identify, measure, monitor and control risks.

What is clear from the statement is that bank examiners are looking to a bank’s comprehensive risk-assessment and documents supporting the process in arriving at that assessment when initially determining the adequacy of the BSA/AML compliance program as a whole. According to the statement, bank examiners will tailor the scope of document requests to the bank’s self-reported risk profile, taking into account the complexity of the bank’s operations and any planned examination scope previously decided upon.

Take-Aways

For the most part, the statement does not tell anything new – federal agencies have always taken a risk-based approach to exams. However, there are a few important nuances in the statement worth drawing out.

First, the emphasis placed on a bank’s own self-assessment of its risk given its client base and complexity of transactional operations is important – this is an area of control the bank has when entering an exam and could be the basis of an initial assessment of the bank’s entire BSA/AML program.

Second, the statement appears to encourage banks not to de-risk customers even if banking them brings risk, so long as the bank still complies with the BSA.  Although the statement is opaque (and includes a Footnote 9 which incorrectly cites to 31 C.F.R. § 1010.210(b)(5), a provision which does not exist – the proper cite is to § 1010.220(b)(5), which pertains to “[a]ppropriate risk-based procedures for conducting ongoing customer due diligence” for banks), it appears to represent a commentary on the problems generally associated with the practice of “de-risking.” As we have blogged, the U.S. Government Accountability Office (“GAO”) issued a statement in June 2018 about the perils of “de-risking.” As described by the GAO, “derisking is the practice of depository institutions limiting certain services or ending their relationships with customers to, among other things, avoid perceived regulatory concerns about facilitating money laundering or other criminal activity such as financing to terrorist groups.”

In particular, the focus by banks on addressing the risks from correspondent banking sometimes has been so intense that many banks in U.S. and European jurisdictions have terminated most correspondent bank relationships, leaving businesses in some countries with little if any access to the global financial system. As we also have blogged, the federal banking agencies previously issued a “Joint Fact Sheet on Foreign Correspondent Banking” to clarify AML enforcement priorities, and highlight the importance of maintaining correspondent banking relationships with foreign financial institutions and the value of the free flow of monies within and across global economies. The Fact Sheet, in conjunction with a blog post by Treasury at that time, attempted to allay concerns raised by industry and groups such as the International Monetary Fund about the trend of “de-risking” by U.S. banks as a result of fear of aggressive BSA/AML enforcement by U.S. regulators and law enforcement. The Fact Sheet suggested that U.S. banks have overreacted to concerns over BSA/AML enforcement by unnecessarily terminating correspondent banking relationships with foreign banks. It noted that these relationships are crucial to the global economy and reflexive “de-risking” may destabilize or disrupt access to U.S. financing, hinder international trade, cross-border business, and charitable activities, and make claim remittances harder to effectuate. Finally, one consequence of de-risking is that potentially riskier customers, shut out by large financial institutions, often turn to smaller banks, who may be hungry for increased business in an increasingly competitive industry.