OCC Continues to Reform Community Bank Supervision and Examination

The OCC: (i) issued a new streamlined BSA/AML Examination Procedures Manual for community banks; (ii) discontinued its annual Money Laundering Risk System data collection for certain community banks; and (iii) solicited comment on community banks’ experiences with core service providers and other third-party vendors. 

In a bulletin, the OCC released Community Bank Minimum Bank Secrecy Act and Anti-Money Laundering Examination Procedures, establishing a streamlined framework, effective February 1, 2026, for OCC-supervised institutions with up to $30 billion in assets. The OCC explained that the new approach tailors the FFIEC Manual to lower-risk community bank activities by expanding examiner discretion—allowing examiners (i) to rely more heavily on satisfactory independent testing, (ii) to carry forward prior-cycle conclusions for the Training and BSA Compliance Officer pillars when the bank’s risk profile is unchanged, and (iii) to scale or limit transaction testing based on risk and analytical review. The OCC noted that these flexibilities operate within a concise, risk-based framework covering scoping, program evaluation, and final conclusions. 

In a separate bulletin, the OCC discontinued its annual Money Laundering Risk ("MLR") System data collection, a requirement that applied uniquely to OCC-supervised community banks with up to $30 billion in assets. The OCC stated that examiners can now obtain money laundering and terrorist financing risk information more efficiently through targeted examination requests. The OCC emphasized that ending the requirement aligns its practices with other federal banking agencies and does not alter banks’ responsibility to understand and manage risks. The OCC noted that institutions may continue using the previous system for internal assessments, though MLR reporting is no longer mandatory.

The OCC also issued a Request for Information seeking comment on community banks’ experiences with core service providers and other essential third-party vendors. The OCC reported that informal outreach has identified several challenges—including (i) limited innovation in areas such as stablecoins, crypto-assets, and AI; (ii) restrictive contract terms, bundled services, high fees, and costly core conversions; (iii) technology and data barriers tied to dated programming languages and limited access to bank-owned data; and (iv) transparency issues stemming from nondisclosure agreements and billing errors. As a result, the OCC is soliciting input across six areas—(i) innovation, (ii) due diligence and transparency, (iii) supervisory burden under TPRM guidance, (iv) cost trends, (v) billing errors, and (vi) opportunities for enhanced dialogue—to assess whether regulatory or supervisory changes could ease these frictions. The OCC stated that comments are due within 60 days of publication in the Federal Register.