Bank Regulators Remind Institutions of BSA/AML CDD Obligations

Steven Lofchie Commentary by Steven Lofchie

The Federal Reserve Board, the FDIC, FinCEN, the NCUA and the OCC ("the Agencies") reminded banks to apply a risk-based approach when assessing customer relationships and conducting customer due diligence ("CDD") on anti-money laundering ("AML/CFT") risks.

In a joint statement, the Agencies reinforced their long-standing position that institutions should not maintain relationships with customers that pose a risk of money laundering, terrorist financing and other illicit activities. The Agencies emphasized the need for banks to adopt appropriate risk-based procedures for developing the risk profiles of customers, which would allow the banks to (i) understand the nature of customer relationships for the purpose of developing a customer risk profile, (ii) conduct ongoing monitoring to identify suspicious transactions and (iii) maintain updated customer information.

The Agencies reiterated that "[b]anks that operate in compliance with applicable BSA/AML legal and regulatory requirements, and effectively manage and mitigate risks related to the unique characteristics of customer relationships, are neither prohibited nor discouraged from providing banking services to customers of any specific class or type." To achieve compliance, the Agencies encouraged banking institutions to manage relationships and mitigate risks by assessing each relationship instead of declining certain customers by "customer type" as referenced in the Federal Financial Institutions Examination Council BSA/AML Examination Manual.


In this statement, the regulators urge banks to make customer-by-customer decisions and not to make determinations solely on the basis of group characteristics or "customer types." Essentially, the bank regulators don't want to be held responsible for banks refusing to provide services to customers who are deemed to be high-risk. 

So long as banks are slammed with huge penalties for carrying bad accounts, it makes sense for any individual bank to be extremely cautious in accepting the account of any customer for whom there is even the slightest red flag. Better safe than sanctioned.

Email me about this