Board of Governors of the Federal Reserve System
Federal Deposit Insurance Corporation
Financial Crimes Enforcement Network
National Credit Union Administration
Office of the Comptroller of the Currency
Joint Statement on the Risk-Based Approach to Assessing Customer Relationships and Conducting Customer Due Diligence
July 6, 2022
The Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the Financial Crimes Enforcement Network, the National Credit Union Administration, and the Office of the Comptroller of the Currency (collectively, the Agencies) are issuing this joint statement to remind banks[1] of the risk-based approach to assessing customer relationships and conducting customer due diligence (CDD). This statement does not alter existing Bank Secrecy Act/ Anti-Money Laundering (BSA/AML) legal or regulatory requirements, nor does it establish new supervisory expectations.
The Agencies recognize that it is important for customers engaged in lawful activities to have access to financial services. Therefore, the Agencies are reinforcing a longstanding position that no customer type presents a single level of uniform risk or a particular risk profile related to money laundering, terrorist financing, or other illicit financial activity.
Banks must apply a risk-based approach to CDD, including when developing the risk profiles of their customers.[2] More specifically, banks must adopt appropriate risk-based procedures for conducting ongoing CDD that, among other things, enable banks to: (i) understand the nature and purpose of customer relationships for the purpose of developing a customer risk profile, and (ii) conduct ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information.[3]
Customer relationships present varying levels of money laundering, terrorist financing, and other illicit financial activity risks. The potential risk to a bank depends on the presence or absence of numerous factors, including facts and circumstances specific to the customer relationship. Not all customers of a particular type automatically represent a uniformly higher risk of money laundering, terrorist financing, or other illicit financial activity.
Banks that operate in compliance with applicable
BSA/AML legal and regulatory requirements, and effectively manage and mitigate risks related to the unique characteristics of customer relationships, are neither prohibited nor discouraged from providing banking services to customers of any specific class or type. As a general matter, the Agencies do not direct banks to open, close, or maintain specific accounts. The Agencies continue to encourage banks to manage customer relationships and mitigate risks based on customer relationships, rather than decline to provide banking services to entire categories of customers.[4]
In addition, the Agencies recognize that banks choose whether to enter into or maintain business relationships based on their business objectives and other relevant factors, such as the products and services sought by the customer, the geographic locations where the customer will conduct or transact business, and banks’ ability to manage risks effectively.[5]
This statement addresses the Agencies’ perspective on assessing customer relationships as well as CDD requirements. It applies to all customer types referenced in the Federal Financial Institutions Examination Council (FFIEC) Bank Secrecy Act/Anti-Money Laundering Examination Manual,[6] including, for example, independent automated teller machine owners or operators,[7] nonresident aliens and foreign individuals, charities and nonprofit organizations, professional service providers, cash intensive businesses, nonbank financial institutions, and customers the bank considers politically exposed persons. This statement also applies to any customer type not specifically addressed in the FFIEC BSA/AML Examination Manual.
The FFIEC BSA/AML Examination Manual, including sections on certain customer types, provides guidance to examiners for carrying out BSA/AML examinations and assessing a bank’s compliance with the BSA; it does not establish requirements for banks. Further, the inclusion of sections on specific customer types provides background information and procedures for examiners related to risks associated with money laundering and terrorist financing; inclusion of these sections is not intended to signal that certain customer types should be considered uniformly higher risk.
[1]. Under the Bank Secrecy Act, the term “bank” is defined in 31 CFR
1010.100(d) and includes each agent, agency, branch, or office within the United States of banks, savings associations, credit unions, and foreign banks.
[2]. 31 CFR
1020.210(a)(2)(v).
[3]. Ibid.
[4]. See Joint Statement on the Risk-Focused Approach to BSA/AML Supervision, issued by the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the Financial Crimes Enforcement Network, the National Credit Union Administration, and the Office of the Comptroller of the Currency (July 22, 2019).
[5]. This statement does not require banks to cease or modify existing risk management practices if the bank considers them necessary to effectively manage risk.
[6]. https://bsaaml.ffiec.gov/manual.
[7]. See
FinCEN’s
Statement on Bank Secrecy Act Due Diligence for Independent ATM Owners or Operators (June 22, 2022).
Federal Deposit Insurance Corporation
Financial Crimes Enforcement Network
National Credit Union Administration
Office of the Comptroller of the Currency
Joint Statement on the Risk-Based Approach to Assessing Customer Relationships and Conducting Customer Due Diligence
July 6, 2022
The Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the Financial Crimes Enforcement Network, the National Credit Union Administration, and the Office of the Comptroller of the Currency (collectively, the Agencies) are issuing this joint statement to remind banks[1] of the risk-based approach to assessing customer relationships and conducting customer due diligence (CDD). This statement does not alter existing Bank Secrecy Act/ Anti-Money Laundering (BSA/AML) legal or regulatory requirements, nor does it establish new supervisory expectations.
The Agencies recognize that it is important for customers engaged in lawful activities to have access to financial services. Therefore, the Agencies are reinforcing a longstanding position that no customer type presents a single level of uniform risk or a particular risk profile related to money laundering, terrorist financing, or other illicit financial activity.
Banks must apply a risk-based approach to CDD, including when developing the risk profiles of their customers.[2] More specifically, banks must adopt appropriate risk-based procedures for conducting ongoing CDD that, among other things, enable banks to: (i) understand the nature and purpose of customer relationships for the purpose of developing a customer risk profile, and (ii) conduct ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information.[3]
Customer relationships present varying levels of money laundering, terrorist financing, and other illicit financial activity risks. The potential risk to a bank depends on the presence or absence of numerous factors, including facts and circumstances specific to the customer relationship. Not all customers of a particular type automatically represent a uniformly higher risk of money laundering, terrorist financing, or other illicit financial activity.
Banks that operate in compliance with applicable BSA/AML legal and regulatory requirements, and effectively manage and mitigate risks related to the unique characteristics of customer relationships, are neither prohibited nor discouraged from providing banking services to customers of any specific class or type. As a general matter, the Agencies do not direct banks to open, close, or maintain specific accounts. The Agencies continue to encourage banks to manage customer relationships and mitigate risks based on customer relationships, rather than decline to provide banking services to entire categories of customers.[4]
In addition, the Agencies recognize that banks choose whether to enter into or maintain business relationships based on their business objectives and other relevant factors, such as the products and services sought by the customer, the geographic locations where the customer will conduct or transact business, and banks’ ability to manage risks effectively.[5]
This statement addresses the Agencies’ perspective on assessing customer relationships as well as CDD requirements. It applies to all customer types referenced in the Federal Financial Institutions Examination Council (FFIEC) Bank Secrecy Act/Anti-Money Laundering Examination Manual,[6] including, for example, independent automated teller machine owners or operators,[7] nonresident aliens and foreign individuals, charities and nonprofit organizations, professional service providers, cash intensive businesses, nonbank financial institutions, and customers the bank considers politically exposed persons. This statement also applies to any customer type not specifically addressed in the FFIEC BSA/AML Examination Manual.
The FFIEC BSA/AML Examination Manual, including sections on certain customer types, provides guidance to examiners for carrying out BSA/AML examinations and assessing a bank’s compliance with the BSA; it does not establish requirements for banks. Further, the inclusion of sections on specific customer types provides background information and procedures for examiners related to risks associated with money laundering and terrorist financing; inclusion of these sections is not intended to signal that certain customer types should be considered uniformly higher risk.
[1]. Under the Bank Secrecy Act, the term “bank” is defined in 31 CFR 1010.100(d) and includes each agent, agency, branch, or office within the United States of banks, savings associations, credit unions, and foreign banks.
[2]. 31 CFR 1020.210(a)(2)(v).
[3]. Ibid.
[4]. See Joint Statement on the Risk-Focused Approach to BSA/AML Supervision, issued by the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the Financial Crimes Enforcement Network, the National Credit Union Administration, and the Office of the Comptroller of the Currency (July 22, 2019).
[5]. This statement does not require banks to cease or modify existing risk management practices if the bank considers them necessary to effectively manage risk.
[6]. https://bsaaml.ffiec.gov/manual.
[7]. See FinCEN’s Statement on Bank Secrecy Act Due Diligence for Independent ATM Owners or Operators (June 22, 2022).