Auditing and Updating an AML Risk Assessment
Author: Donna Davidek, CAMS-Audit
The risk assessment process is not new to the Banking industry. Risk assessments have been conducted in many areas within banking organizations for years, so it seemed appropriate when the BSA area came into regulatory focus. Since at least 2005, every depository financial institution has been required to perform and document a written BSA/AML Risk Assessment. The purpose of a comprehensive risk assessment is to assess the enterprise wide BSA/AML risk profile of the organization, including the Bank and all subsidiaries. By determining the enterprise wide BSA/AML risk profile, the organization can evaluate the adequacy of existing processes and where required, modify and update the risk management processes in an effort to more effectively identify and mitigate risk. A risk assessment can serve as a valuable tool for any Banking institution that wants to manage its BSA/AML risk effectively. The key is to understand the Bank’s risk exposure and develop the necessary policies, procedures, systems, and controls to mitigate the risk. The emphasis by regulators for financial institutions to conduct detailed risk assessments has increased substantially over the years.