OCC BULLETIN 2012-30
Subject: BSA/AML Compliance Examinations
Date: September 28, 2012
To: Chief Executive Officers of All National Banks and Federal Savings Associations, General Managers of Federal Branches and Agencies, Department and Division Heads, All Examining Personnel, and Other Interested Parties
Description: Consideration of Findings in Uniform Rating and Risk Assessment Systems
This bulletin summarizes refinements that the Office of the Comptroller of the Currency (OCC) has made to its guidance with respect to how examiners consider Bank Secrecy Act/Anti-Money Laundering (BSA/AML) examination findings in
- the Federal Financial Institutions Examination Council’s (FFIEC) Uniform Rating Systems and the OCC’s risk assessment system (RAS) for national banks and federal savings associations (collectively, banks), and
- the ROCA ratings1 and RAS for federal branches and agencies of foreign banking organizations.
These refinements reflect the OCC’s longstanding policy that weaknesses in a bank’s BSA/AML program are serious safety and soundness concerns that require management’s prompt attention.
Consumer Compliance Rating
Effective July 18, 2012, examiners no longer consider BSA/AML examination findings when assigning a rating under the FFIEC Uniform Interagency Consumer Compliance Rating System. This change aligns the OCC’s policy with those of the other federal banking agencies.
Management Component Rating
In keeping with current policy, examiners consider BSA/AML examination findings in a safety and soundness context when assigning the management component of the FFIEC Uniform Financial Institutions Rating System (CAMELS ratings).2 Serious deficiencies in a bank’s BSA/AML compliance create a presumption that the bank’s management component rating will be adversely affected because its risk management practices are less than satisfactory.
Risk Management and Compliance Component Ratings of ROCA
In keeping with current policy, examiners consider BSA/AML examination findings in a safety and soundness context when assigning the risk management component of the ROCA rating system for federal branches and agencies. Serious deficiencies in a branch or agency’s BSA/AML compliance create a presumption that the branch or agency’s risk management component rating will be adversely affected because its risk management practices are less than satisfactory. Examiners also continue to consider BSA/AML examination findings when assigning the compliance component rating of ROCA. This treatment is consistent with the other federal banking agencies and reflects that the compliance component of ROCA is not limited to consumer compliance but rather compliance with all regulatory requirements.
Risk Assessment System
While examiners no longer consider BSA/AML examination findings when assigning the interagency consumer compliance rating, BSA/AML findings are still considered when assessing compliance risk under the OCC’s RAS. Compliance risk reflects a bank’s compliance with all applicable laws and regulations. The overall quantity of risk and quality of risk management related to BSA/AML compliance, as well as the four pillars of a bank’s BSA/AML program, are considered in assessments of compliance risk. BSA/AML examination findings should also continue to be reflected in assessments of reputation, strategic, and operational risks, as warranted.
The OCC has incorporated these refinements into interim updates of the “Bank Supervision Process,” “Large Bank Supervision,” and “Community Bank Supervision” booklets of the Comptroller’s Handbook. Examination procedures used to evaluate the adequacy of a bank’s BSA/AML compliance remain unchanged and can be found in the FFIEC Bank Secrecy Act/Anti-Money Laundering Examination Manual.
John C. Lyons Jr.
Senior Deputy Comptroller and Chief National Bank Examiner