The Bank Secrecy Act (“BSA”) requires that every Money Services Businesses (“MSB”) implement a BSA/Anti-Money Laundering (“AML”) Compliance Program. Risk assessments provide a clear view as to the organization’s policies and procedures. Failure to implement a comprehensive BSA/AML Compliance Program may result in significant fines and/or penalties by state and federal regulators. So, what does this have to do with risk management? Having a risk assessment allows the company to establish a comprehensive Anti-Money Laundering (AML) Compliance Program.
Regulations state that a company’s BSA/AML Compliance Program must be commensurate with the risks posed. This means that a comprehensive risk assessment must effectively evaluate the adequacy of policies, procedures, and internal controls that have been developed to mitigate the company’s risk.
While there is no “one size fits all” approach when creating a risk assessment, it should encompass all key areas of the company. There are many formats and templates that can be used in creating a risk assessment. The method used should be based upon the company’s risk profile and should be easy to understand. It is recommended that the risk assessment contain the following four risk categories:
These four risk categories can then be given risk ratings. It is important to consider all areas of the company when creating a risk assessment. When creating a comprehensive risk assessment, the following should also be considered:
The first step in knowing if you are properly managing your risk is by reviewing the risk assessment on a regular basis to determine if the risks of the company are still adequately assessed.
So, how do you manage your risk? The key is to understand the company’s risk exposure and develop the necessary policies, procedures, and internal controls to mitigate the risk. Regulators expect MSBs to conduct an in-depth review of all areas of the organization as part of their risk management. To understand your risk and know if you are properly managing it, you should be able to answer the following questions:
The BSA/AML Risk Assessment will allow you to have a better understanding of your overall risk. The risk assessment should be comprehensive and well documented. When complete, an effective risk assessment should enable the MSB to establish policies, procedures, and internal controls to develop the company’s BSA/AML Compliance Program.