This RegSmartSM Risk Assessment Executive Summary provides a view of your unique BSA/AML Risk Profile.
RegSmart derived your Risk Ratings from your Risk Assessment based on the state of your BSA/AML Risk, as of the effective date. As your business changes(you add or change product offerings, your customers or locations change, you modify your BSA Compliance Program, etc.), your Risk Profile (as reflected by your Composite Risk Rating) will change. RegSmart is built to allow you to continually re-evaluate your risk, which will allow you to update your Risk-Based BSA Compliance Program and stay ahead of regulatory requirements.
The Composite (Institutional) Risk Rating below reflects your overall BSA/AML Risk Profile. In most areas, higher risk is not necessarily bad and lower risk is not necessarily good. Your Composite Risk Rating reflects a compilation of the risks in the Risk Categories summarized below. The Categorical Risk Ratings below present risk ratings for your most important BSA/AML Risk Categories and are most helpful in identifying specific areas in which your BSA/AML Risk is highest--and thus where your Risk-Based BSA/AML Program would direct resources.
The accompanying Risk Items Report details each area (e.g., specific products, services, and customers) that represent higher BSA/AML Risk. It also shows areas that have high Inherent Risk to which your BSA professionals have applied mitigating controls and adjusted the risk profile accordingly. This will give you an idea of the areas in which your BSA/AML Program is expending (or should expend) human capital and technical resources in an effort to reduce risk.
The BSA/AML Examination Manual and AML regulations require that you identify and recognize the sources of your AML risk and create a Risk-Based BSA Compliance Program to mitigate these risks. By helping to direct limited compliance resources to the areas in which AML risks are highest, the RegSmart Risk Assessment is the first and most important step in creating a BSA Compliance Program that meets regulatory requirements and, more importantly, actually mitigates AML risk with appropriate controls.
Calculation of Your Composite Risk Rating
RegSmartSM compiled and weighted the Categorical Risk Ratings below and created a Composite (Institutional) BSA/AML Risk Rating, which is a holistic measurement of your institution's unique BSA/AML Risk Profile. A comprehensive risk assessment and a solid understanding of BSA/AML risk serves as the cornerstone of every effective and efficient BSA/AML Compliance Program.
Categorical Risk Ratings
The RegSmartSM Risk Assessment consists of approximately 40 questions broken down to the categories listed below These questions collect information about BSA/AML risks and the actions you take to mitigate these risks. RegSmart rates your answer to each question on a scale of one to ten (one representing the least risk) then compiles, weights, and converts ratings to a categorical rating of Low, Moderate, or High. These compilations are reflected below.
| Category | Category Risk |
|---|---|
| Historical & Operational Data | Moderate |
| Geographical Data | Low |
| Products & Services | Low |
| Customer Base | Moderate |
| Personnel & Training | Moderate |
| BSA Compliance Administration | Moderate |
Every regulator requires the design and implementation of a Risk-Based BSA/AML Compliance Program. The risk rating/risk assessment process is required and critical for virtually every bank and non-bank financial institution subject to BSA requirements and related AML laws. Far from a futile exercise, risk rating informs the allocation of limited compliance resources and reduces the three critical BSA/AML related risks you face:
- 1. Compliance Risk (the risk to earnings or capital resulting from violations of or nonconformance with, laws, rules, regulations, prescribed practices, internal policies and procedures, or ethical standards),
- 2. Operational Risk (the risk to earnings or capital resulting from fraud or error--this risk is a function of internal controls, employee integrity, and operating processes), and
- 3. Reputation Risk (the current and potential risk to earnings or capital resulting from negative public opinion or perception).
The accompanying Risk Items Report details each area (e.g., specific products, services, and customers) that represent higher BSA/AML Risk. It also shows areas that have high Inherent Risk to which your BSA professionals have applied mitigating controls and adjusted the risk profile accordingly. This will give you an idea of the areas in which your BSA/AML Program is expending (or should expend) human capital and technical resources in an effort to reduce risk.
The BSA/AML Examination Manual and AML regulations require that you identify and recognize the sources of your AML risk and create a Risk-Based BSA Compliance Program to mitigate these risks. By helping to direct limited compliance resources to the areas in which AML risks are highest, the RegSmart Risk Assessment is the first and most important step in creating a BSA Compliance Program that meets regulatory requirements and, more importantly, actually mitigates AML risk with appropriate controls.