NCUA issued a Letter to Credit Unions (22-CU-08) on an interagency joint statement noting credit unions must  take a risk-based approach to assessing individual member risk. The statement, which comes from NCUA and other federal financial regulators, does not alter existing Bank Secrecy Act/Anti-Money Laundering (BSA/AML) legal or regulatory requirements, nor does it establish new supervisory expectations.

"The Agencies recognize that it is important for customers engaged in lawful activities to have access to financial services," it reads. "Therefore, the Agencies are reinforcing a longstanding position that no customer type presents a single level of uniform risk or a particular risk profile related to money laundering, terrorist financing, or other illicit financial activity.

Specifically, institutions must adopt appropriate risk-based procedures for conducting ongoing CDD that enables them to

• Understand the nature and purpose of customer relationships for the purpose of developing a customer risk profile
• Conduct ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information.