The Federal Deposit Insurance Corporation, the Board of Governors of the Federal Reserve System, and the Office of the Comptroller of the Currency, in consultation with the Financial Crimes Enforcement Network and the National Credit Union Administration (collectively, the agencies), issued a joint statement to address industry questions regarding how the risk management principles described in the “Supervisory Guidance on Model Risk Management” (MRMG) relate to systems or models used by banks to assist in complying with Bank Secrecy Act/anti-money laundering (BSA/AML) requirements.
The agencies also published a request for information (RFI) in the Federal Register that seeks information and comment on the extent to which the principles discussed in the MRMG support compliance by banks with BSA/AML and Office of Foreign Assets Control requirements.
Statement of Applicability to Institutions: This Financial Institution Letter applies to FDIC-supervised banks and savings associations.
- The statement clarifies that it does not alter existing BSA/anti-money laundering (AML) legal or regulatory requirements or establish new supervisory expectations, and that no specific model risk management framework is required.
- The MRMG is intended to provide flexibility in applying principles of risk management commensurate with a bank’s risk profile, and the complexity and materiality of its models.
- There is no specific or recommended organizational structure for BSA/AML system oversight; it may be conducted solely by the bank’s compliance area, a model risk management group, another functional area, or some combination of these functions.
- Banks are ultimately responsible for complying with BSA/AML requirements, even if they choose to use third-party models to assist with their BSA/AML compliance programs. It is critical that banks understand how third-party models operate, ensure models are working as expected, and ensure they are tailored to the unique risk profile of the bank.
- Concurrently with this statement, the agencies published in the Federal Register an RFI that seeks information and comment on the extent to which the principles discussed in the MRMG support compliance by banks with BSA/AML and Office of Foreign Assets Control requirements.
- The statement neither alters existing BSA/AML legal or regulatory requirements, nor establishes supervisory expectations.
Chief Executive Officer
BSA Compliance Officer
Supervisory Guidance on Model Risk Management