The Conference of State Bank Supervisors (CSBS) has continued its efforts to promote improvements in Bank Secrecy Act/Anti-Money Laundering compliance with the release in January 2017 of a new BSA/AML Self-Assessment Tool for banks. The optional tool is intended to help state-chartered banks enhance their risk assessment process.
The tool, which is provided in Microsoft Excel format, includes a standard methodology for a risk and control self-assessment (RCSA): determination of inherent risks, assessment of the strength of “risk mitigation/controls” and a residual risk rating. The tool is helpful as far as it goes, which is providing a general methodology and identifying common inherent risk areas for banks. The tool does not provide guidance on what constitutes “low,” “moderate” or “high” inherent risks for each category, nor does it provide a list of expected controls or guidance regarding how to rate the strength of controls. The identification and rating of controls is the more challenging part of conducting an RCSA.
State-chartered banks should consider how they might be able to leverage this tool to enhance their current risk assessment process. Given the critical role of risk assessments in building a robust and sustainable BSA/AML compliance program, this tool can help some banks and other companies supervised by state regulators raise the level of their risk assessment. Banks and others will still have to do so some hard thinking as they build out a meaningful RCSA, but the framework provided by the CSBS should prove helpful to many institutions.