Thursday, June 20, 2019

Summarizing ACAMS White Paper on EDD and AML Risk Assessments (Industry Survey)

Posted by OnCourse Staff September 19, 2013 4:47pm

Photo Credit:

The Association of Certified Anti-Money Laundering Specialists recently published a White Paper summarizing an industry survey study of current practices regarding Customer EDD and AML Risk Assessment. The compelling analysis included survey of approximately 500 respondents regarding industry standards for Customer EDD and Bank wide BSA/AML Risk Assessment practices. Evidence suggests that there is real disparity amongst financial institutions regarding the standard approach for completing initial Customer EDD. According to ACAMS, “Respondents indicate there is not an industry standard form or template to meet regulator expectations for AML Risk Assessment or Customer Due Diligence”.  As an auditor in the Community Banking industry, we’ve come across various methods for conducting initial Customer Due Diligence, many of which do satisfy regulatory expectations, however differ greatly from one institution to another.  Some institutions have standard forms which are completed at the time of account opening while others choose to board such information directly onto the core system. Institutions may choose to complete a customer risk assessment at account opening and base such on the information provided by the customer. Others may decide that is it more beneficial to wait between 1-3 months (and sometimes longer) to analyze the customer’s activity before finalizing the customers risk rating. However, there seems to be a lack of consistency in the approach, which the results of the survey clearly indicate. ACAMS concludes, “Without standardization, financial institutions must create a unique AML Risk Assessment and Customer Due Diligence process. Therefore, financial institutions vary greatly in their processes for the collection, maintenance, updating and systems used during Customer Due Diligence and Risk Assessing.”  

The study concluded that greater than half of the respondents stated that they rely on face to face dialogues with new and existing customers when collecting customer due diligence information (ACAMS). This is due in part to the lack of resources available to them. The problem that exists with this method is often customer reluctance to provide information regarding the nature of the business, source of funds, expected use of Bank product/services, and anticipated transaction activity. Thus, in situations where a customer is reluctant to provide information to satisfy due diligence requirements, how can we be so sure that the information the customer does provide is accurate or useful? As we can all agree, bankers are in the business of making money and do not have a real appetite of being positioned in the police-state business which runs contra to their building trusted relationships goals of most community banks.

The survey also asked respondents to respond to several questions regarding the methodology of Bank-wide BSA/AML and OFAC risk assessments. According to survey results, majority of institutions still rely on manual spreadsheets (approximately 62%) and majority update the risk assessment annually opposed to when events warrant a review (only 20%). The industry trend amongst community banks is applying the FFIEC BSA/AML Examination guidance matrices Appendix J: Quantity of Risk Matrix and Appendix M: Quantity of Risk Matrix – OFAC Procedures as a basis for completing the BSA/AML and OFAC risk assessments. Most risk assessments consist of an evaluation of several factors including the Customer Base, Higher risk Products & Services, High-risk customers and businesses, Geography (HIDTA, HIFCA), etc. However, there seems to be a lack of consistency with regard to the analysis of specific risk categories which should be supported by statistics. The need for a more thorough and comprehensive analysis of the factors that the Bank is assessing is ever more relevant in today’s industry. Most importantly, risk assessment often lack the steps needed to mitigate risk as a result of the Bank’s assessment. Those responsible for completing the assessment should be able to support his/her assessment of the Bank’s BSA/AML and OFAC risk, as well as the direction the risk is moving.

So the survey seemed to confirm what we all already know. There is much subjectivity and differences in the way institutions apply the regulatory requirements. While this may perhaps very well have been the regulatory intention, it does create a gap, however, which can give room to an overreaching auditor/examiner to conclude that a given analysis or risk assessment is not consistent with industry practice. But then as this survey clearly indicates, there does not always appear to be consistency in establishing, “industry practice.”    Generally, the larger the institution, the greater the need to establish formality and assessments based on statistical data. We recently had a situation where we were engaged to review an institution’s BSA Risk Assessment. This was a $5 Billion plus entity which engaged in international wire transfers and trade finance.  Following the community banking risk assessment approach the institution had incorrectly rated its trade finance activity as low risk. Upon down loading data of such activity and analyzing the historical patterns, it was quite obvious that such activity needed to be assessed at a High risk level.   Trade finance is currently deemed as a very high risk conduit for suspicious activity and layering.

While there does not seem to be a general consensus or consistency in the format in which institutions elect to document their analysis, it is clear that BSA/AML is receiving a second heightened look from the regulators and we should all take the time to ensure that the analysis and risk assessments are not being updated by rote but do truly represent the risk posture of the institution. 



ACAMS (2013). “Anti-money laundering risk assessment and customer due diligence—a global perspective” (ACAMS Survey White Paper)



Add a comment

  • Required fields are marked with *.

If you have trouble reading the code, click on the code itself to generate a new random code.


OnCourse Staff

The OnCourse writing staff work to keep you informed about the most pertinent financial industry news of the moment

OnCourse Staff's Posts Subscribe to RSS Feed

New Jersey's Corporate Business Tax Legislation: A Look at the Impact for Banks
Correspondent Banking: The Challenges of Data Transparency
Training – An Investment and Risk Management Tool
Are You Gambling with Your BSA Program?
The Case of Foreign Banks and Heightened Scrutiny
IRS and New Jersey Tax Audits of Banks
State Taxation of Financial Institutions in Today's Environment
Does your 401(k) Plan need an Audit?
De-Risking of Foreign Correspondent Banks
Same Day ACH Credits – Phase One
FinCEN Finalizes Ruling on Beneficial Ownership and Ongoing Customer Due Diligence
Is the IRS Status of your Defined Benefit plan in Jeopardy?
The Dilemma of Banking Medical Marijuana Businesses and Other Indirect Risks
Is your Institution Monitoring Working Capital Lines of Credit?
Financial Reporting and Regulatory Update on the Horizon
BSA/AML Training: Is your program effective?
Planning in a Consolidating Banking Industry
To opt-out or not to opt-out, that is the question – A reminder on March 31, 2015 Call Report, Schedule RC-R, item 3.a
Anti-Money Laundering – The Age of Technology
FFIEC Releases Revised BSA/AML Examination Manual: So what’s new?
OFAC Consolidates Non-SDN Listings
Coping with HOPA
Coping with the CFPB’s Ability-to-Repay Rule
Appraisal Disclosure Rule
Cybercriminals Broaden their Attacks in Social Networks
The Importance of Segregating a Bank’s Credit Function from its Lending Function
Appraisal Management Companies in Regulatory Crosshairs
All About the Home Owners Protection Act
Requesting Current Financial Information
Countdown to Windows XP End of Life and Support: Are you still at Risk?
314(b) Distinct Advantages for Financial Institutions
Where is the Document?
The Credit -- Er, IT Crisis?
Building a Better Hen House
Ready the Ramparts! : IT Security and the Modern Bank
Wag the Dog
Consumerization of Technology and its influence on Information Security
Keeping the Balance: IT Security and the Org Chart
IT Security: "IT's" About Process
Detective, Reactive and Preventive: Evolving Your IT Security
Do You Know The Security Features of the New $100 Bill?
Segregation of Duties for Wire Transfer Processing
Summarizing ACAMS White Paper on EDD and AML Risk Assessments (Industry Survey)
Allowance for Loan Loss Tips and Tricks
Community Banks Slowly Warm Up to Private Student Loans
Has your Bank updated the Adverse Action Notice?
How Does Your Bank Handle Customer Requested Maintenance Changes?
OCC Releases Booklet on "Common Sense" Community Banking
New SAR Filing Updates
Is your BSA/AML automated monitoring system up to par?
The Importance of BSA Training
Office of Foreign Assets Control (“OFAC”) introduces the OFAC SDN Fuzzy Logic Search Tool
Filing the New CTR Forms: What you need to Know
FFIEC Proposed Risk Management Guidance on Social Media: Beware and Prepare
Pandemic Preparedness: Are you testing your Pandemic Plan?
FFIEC issues revised “Supervision of Technology Service Providers” booklet
Is Your Institution's Marketing UDAAP Compliant?
What is Enterprise Risk Management?
New OCC Guidance Released on Investor Owned Properties
Electronic Work Papers - Why P&G Made the Switch
OCC to Toughen Exams in Response to United States Senate Permanent Subcommittee On Investigations
Clarifying Regulatory Obligations Regarding Continuing Activity SAR Filings
Federal Regulatory Agencies Proposal New Rule
Risk management - Smaller institutions and the benefits of ERM
Strengthening Your Loan Maintenance Monitoring
New Lending Proposal from CFPB
FDIC Reaches Settlement on Overdraft Fees
FRB Guidance on Foreclosures
Loan Denials and Withdrawals – Tips to Sure Up your Process
The Summer of CFPB Proposals
Community Lenders Seize Market Share From Big Banks by Using Advanced Online Lending Technology
Dodd-Frank Rule to Change Legal Lending Limit Monitoring Requirements
The ABCs of a TDR
Supreme Court ruling for the Freeman, et al. v. Quicken Loans, Inc case
New FinCEN Guidance for CTR Aggregation for Businesses with Common Ownership (FIN – 2012 –G001)
Senior member of House of Financial Services Committee Introduces Overdraft Protection Act
FinCEN is looking to streamline the financial institution reporting process by issuing mandatory E-filing reporting requirements.
Curry: Operational Risk Now OCC’s Top Concern
JOBS Act Client Alert - Rules 506 of Regulation D
New Rules Proposal for Servicers Coming from the CFPB
Wall Street Receives Volcker Rule Clarity
De-stressing with stress testing
Banks Participate in Information Sharing to Battle Online Theft
IT security: Is your program still effective?
Banking Solutions: ALLL and GAAP in Agreement
How are the most recent regulatory enforcement trends that banks are facing today affecting internal audit? Why?
What are the most recent regulatory enforcement trends that banks are facing today?
Mobile banking: How do we get there?
UBS further struggles with $2 Billion loss by Rogue Trader
Capital One Becomes Dodd-Frank Test as Nation’s Fifth Largest Bank
Community Banks to receive US Funding for Small Businesses
FDIC fields questions about overdraft guidance
Negligent Hiring – A mistake can cost more than just money!
Regulatory Burden – Managing the Pain
From Embezzlement to Imprisonment: Former Citigroup employee faces charges with $19.2 million in bank fraud
TDR or Not to TDR …Much Ado about Nothing?
Finding the Right Hire
Model behavior: Is your ALM model capturing your bank’s risks?
ALLL best practices: Pay attention to qualitative factors
Abandoned Property Law, and its new New York State of Mind
Consumerization of Technology and its influence on Information Security
FDIC releases Provisions on Dodd-Frank to help Community Banks
Social Media in the Employment Arena – It Gets Funky!
The Proof is in the Pudding: Affects of Dodd-Frank on Community Banks
Banks and Businesses get "swiped" over Fees
A little bit of this, and a little bit of that: Fed Unveils list of Banks Helped during Financial Crisis of 2008
IT Security: "IT's" About Process
To Test or Not to Test; That is the Question
2011 Failed Bank List Hits 25
Wag the Dog
Committee on Financial Services to Hold Hearing on the Effects of Dodd-Frank on Small Biz and Banks Today
2011 Failed Bank List up to 18
A Culture of Whatever: On the Path to Proper Governance
The Test Drive: Leasing or Buying a HR IT Platform
Detective, Reactive and Preventive: Evolving Your IT Security
Cracking the ALLL Code: How to Develop the Right FAS 114 Methodology
Double Digits: Bank Closings up to 11 in 2011
FCIC Releases Report on the Causes of the Financial Crisis
Part of the In Crowd: Thoughts on the Dodd-Frank Act
Another One Bites the Dust: Regulators Close 4 Banks
Keeping the Balance: IT Security and the Org Chart
On Notice: FDIC Issues Rule for Temp Unlimited Deposit Insurance
2011 Failed Bank List Up to 3
Welcome to OnCourse
Stick 'Em Up!
Time for a Tune-Up: The Necessity of a HR Audit
Visa Instituting Two-Tiered Debit Card Interchange Structure
The First Failed Banks of 2011
The Credit -- Er, IT Crisis?
Painting a Masterpiece: The Art of the ALLL Reserve
The Law on Your Side: Understanding HR Regulations in 2011
Building a Better Hen House
Ready the Ramparts! : IT Security and the Modern Bank
No Respite from RESPA