Skip to main content
U.S. flag
An official website of the United States government
Dot gov
The .gov means it’s official. 
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.
Https
The site is secure. 
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.
Financial Institution Letter

Bank Secrecy Act: Agencies Address Model Risk Management for Bank Models and Systems Supporting Bank Secrecy Act/Anti-Money Laundering and Office of Foreign Assets Control Compliance

Summary:

The Federal Deposit Insurance Corporation, the Board of Governors of the Federal Reserve System, and the Office of the Comptroller of the Currency, in consultation with the Financial Crimes Enforcement Network and the National Credit Union Administration (collectively, the agencies), issued a joint statement to address industry questions regarding how the risk management principles described in the “Supervisory Guidance on Model Risk Management” (MRMG) relate to systems or models used by banks to assist in complying with Bank Secrecy Act/anti-money laundering (BSA/AML) requirements.

The agencies also published a request for information (RFI) in the Federal Register that seeks information and comment on the extent to which the principles discussed in the MRMG support compliance by banks with BSA/AML and Office of Foreign Assets Control requirements.

Statement of Applicability to Institutions: This Financial Institution Letter applies to FDIC-supervised banks and savings associations.

Highlights:

  • The statement clarifies that it does not alter existing BSA/anti-money laundering (AML) legal or regulatory requirements or establish new supervisory expectations, and that no specific model risk management framework is required.
  • The MRMG is intended to provide flexibility in applying principles of risk management commensurate with a bank’s risk profile, and the complexity and materiality of its models.
  • There is no specific or recommended organizational structure for BSA/AML system oversight; it may be conducted solely by the bank’s compliance area, a model risk management group, another functional area, or some combination of these functions.
  • Banks are ultimately responsible for complying with BSA/AML requirements, even if they choose to use third-party models to assist with their BSA/AML compliance programs. It is critical that banks understand how third-party models operate, ensure models are working as expected, and ensure they are tailored to the unique risk profile of the bank.
  • Concurrently with this statement, the agencies published in the Federal Register an RFI that seeks information and comment on the extent to which the principles discussed in the MRMG support compliance by banks with BSA/AML and Office of Foreign Assets Control requirements.
  • The statement neither alters existing BSA/AML legal or regulatory requirements, nor establishes supervisory expectations.

Distribution:

FDIC-Supervised Institutions

Suggested Routing:

Chief Executive Officer 
BSA Compliance Officer


Additional Related Topics:

  • Supervisory Guidance on Model Risk Management
FIL-27-2021
Attachment(s)

Last Updated: April 9, 2021