BSA/AML expectations must be tied to institution’s risk

June 11, 2021

CUNA filed comments Friday with Treasury’s Financial Crimes Enforcement Network (FinCEN) and NCUA regarding the use of the Model Risk Management Guidance (MRMG) for Bank Secrecy Act/Anti-Money Laundering (BSA/AML) compliance. The Federal Deposit Insurance Corporation adopted MRMG in 2017, but NCUA has not to date, and as such, the guidance does not explicitly apply to federally insured credit unions.

“While credit unions are not directly governed by the MRMG, it nonetheless has a direct impact on credit unions BSA/AML and OFAC compliance programs as these are often third-party systems that must meet the requirements of the Agencies’ expectations for the financial sector as a whole,” the letter reads. “For that reason, the Agencies must ensure that expectations are tied to the individual risk of the institution, so that the cost of these systems is not unnecessarily inflated.”

The letter also highlights general information about credit union BSA/AML compliance, including that credit unions:

  • Design in-house processes and procedures tailored to the individual credit unions’ risk taking into consideration its members, products, services, geographies, and the needs of a particular credit union’s compliance program;
  • Use an overlay of in-house and third-party processes to ensure accuracy; and
  • Perform periodic audits and review, both internal and external.