BSA risk assessments are an important piece of every credit union’s BSA program. Your risk assessment helps not only determine where your riskier areas are with respect to BSA, but also helps set the foundation for your program as a whole. One question I receive quite often is the following:
Is it required that our board of directors “approve” the BSA risk assessment?
The answer to that is no, but it is not that simple. There is no specific requirement that the board officially approve the BSA risk assessment; however, the FFIEC exam manual states:
The risk assessment should provide a comprehensive analysis of the BSA/AML risks in a concise and organized presentation, and should be shared and communicated with all business lines across the bank, board of directors, management, and appropriate staff; as such, it is a sound practice that the risk assessment be reduced to writing.”
That being said, it is required that the board provide adequate oversight of the credit union’s BSA program and part of that is knowing and understanding the risks to the credit union. Therefore, it may be very difficult to prove the Board has adequate oversight, without having reviewed the risk assessment.
My recommendation is to ensure that you board of directors reviews and understands the credit union’s BSA risk assessment to ensure adequate oversight of the credit union’s BSA program.
Have a great day.