BSA Risk Assessments


Numerous banks have been the subject of public BSA enforcement actions within the past year and one common theme throughout these public, written actions was either the lack of, or deficiencies associated with, the subject bank’s BSA Risk Assessment.

There is no FinCEN or prudential agency mandatory requirement to conduct a BSA Risk Assessment but risk assessments are the second topic addressed in the BSA/AML Examination Manual. The strength of the language in the exam manual makes it easy to deduce that a comprehensive, risk-based assessment will be the focal point of a bank’s BSA examination.

The examination manual specifies that risk assessment was given its own section in order to "emphasize its the bank's design of risk-based controls." Let’s all heed the examiners strongly worded advice on this issue and follow their expectations.


The examination manual clearly states that if a bank has not completed a risk assessment on its own the issue will be discussed during the examination and the examiner will conduct their own risk assessment based on available information. The examiner will also conduct a new risk assessment if the bank’s is judged to be inadequate. Tell your own story completely by putting your best foot forward before the examiners tell it for you.

A risk assessment is the first step in determining the focus and parameters of the bank’s BSA monitoring program, determining the scope and coverage of its compliance audit program and in validating its transaction monitoring system.

Participants receive a detailed manual that serves as a valuable resource long after the conclusion of the program which will serve as a vital resource in developing or enhancing the bank's BSA risk assessment program.

Covered Topics:

  • Levels of management, business units, and appropriate staff that should be involved in the BSA risk assessment process including report distribution
  • How to identify and measure residual risks, assess and rate mitigating controls, and arrive at a final residual risk rating for segment and composite ratings
  • Determination of which products, services, customers, entities, transactions, and geographies to include within the assessment
  • Metrics necessary and timing methodology for year to year or quarterly comparison
  • Development of framework for scoping, identifying, assessing, testing, monitoring, and reporting
  • What should be documented and reported versus addressed informally

Who Should Attend?

The program is designed for BSA Officers, Compliance Officers, Risk Officers, Auditors and supporting staff members.