April 27, 2020
The Federal Financial Institutions Examination Council (“FFIEC”) recently announced the publication of substantial revisions to the first section of its Bank Secrecy Act/Anti-Money Laundering Examination Manual (the “Manual”) regarding the BSA/AML examination process and the examination of a bank’s overall BSA/AML program. The revisions including the risk assessment and the required elements of the program (i.e., internal controls, BSA/AML compliance officer, independent testing, and training). Other than the update in 2018 to reflect the changes resulting from the U.S. Department of the Treasury Financial Crime Enforcement Network’s (“FinCEN”) Customer Due Diligence Rule, the Manual had not been revised since 2014.
With financial institutions and regulators focused on responding to the COVID-19 pandemic, these long-awaited revisions to the FFIEC Manual received scant attention. Although addressed to examiners, the Manual was and continues to be a window into how regulators understand BSA requirements and an expression of regulatory expectations.
The revisions to the Manual were the work of an interagency BSA/AML Working Group (the “Working Group”) composed of FinCEN and the federal depository institution regulators. The Working Group is charged with promoting BSA/AML compliance efficiency and fostering better communication between federally regulated depositary institutions and their regulators. This group has issued several joint statements related to BSA/AML compliance on issues including the Customer Identification Program rules for premium finance lending, the sharing of BSA/AML compliance resources, the promotion of innovation in BSA/AML compliance, the use of a risk-focused approach to BSA/AML compliance, and the provision of services to hemp-related businesses. Other joint statements from the Working Group are expected.
Initially, it was anticipated that the Working Group would put forward a revision of the entire Manual as early as 2018, but that did not occur. Last year, members of the Working Group indicated that the revisions to the Manual would be not be rolled out all at once, as with revisions to previous editions to the Manual. Instead, the revisions would begin with the first section—which was included in the recent revisions—and additional revised chapters would follow.
Importantly, Working Group members had indicated that they would try to ensure that the revised language would differentiate between what examiners should consider a regulatory or legal requirement as opposed to guidance. This approach can been seen in the newly revised chapters. For instance, the previous language on what independent testing should include has been revised to what testing may include in the newly issued guidance.
Turning to the recent revisions, the overarching theme of these revisions is to reinforce and better describe the risk-based nature of BSA/AML compliance and the examination process. Consistent with its July 22, 2019 joint statement on using a risk-focused approach, “[m]any of the revisions [to the Manual] are designed to emphasize and enhance the Agencies’ risk-focused approach to BSA/AML supervision.” Some of the key changes in the recent revisions include:
The revisions are not intended to set forth any new requirements and none of the recent revisions should come as a surprise. Instead, the revisions reflect further clarification of BSA/AML requirements, regulatory expectations, and examination practices that have been communicated through the examination process and in public fora by the regulators for many years. The changes also reinforce that the examiners are encouraged to exercise discretion in the execution of the examinations based on the risk profile and compliance history of the institution.
 The member agencies of the FFIEC are the Federal Reserve Board (“FRB”), the Federal Deposit Insurance Corporation (“FDIC”), the Office of the Comptroller of the Currency (“OCC”), the National Credit Union Administration (“NCUA”), and the Consumer Financial Protection Bureau (“CFPB”).
 Federal Financial Institutions Examination Council, Interagency Statement on April 2020 Updates to the Bank Secrecy Act/Anti-Money Laundering Examination Manual (Apr. 15, 2020), https://www.ffiec.gov/press/PDF/Interagency%20Statement.pdf; Federal Financial Institutions Examination Council, Bank Secrecy Act/Anti-Money Laundering Examination Manual (Apr. 2020), https://www.ffiec.gov/press/PDF/FFIEC%20BSA-AML%20Exam%20Manual.pdf (the “Revised Manual”). While customer due diligence (“CDD”) is also a required element of a BSA/AML program, it is addressed in a later section of the Manual that was not revised at this time.
 See Federal Financial Institutions Examination Council, Customer Due Diligence — Overview (May 5, 2018), https://www.ffiec.gov/press/pdf/Customer%20Due%20Diligence%20-%20Overview%20and%20Exam%20Procedures-FINAL.pdf.
 Working Group, Order (Sept. 27, 2018), https://www.fdic.gov/news/news/financial/2018/fil18052a.pdf.
 Working Group, Interagency Statement on Sharing Bank Secrecy Act Resources (Oct. 3, 2018), https://www.federalreserve.gov/newsevents/pressreleases/files/bcreg20181003a1.pdf.
 Working Group, Joint Statement on Innovative Efforts to Combat Money Laundering and Terrorist Financing (Dec. 3, 2018), https://www.occ.gov/news-issuances/news-releases/2018/nr-occ-2018-130a.pdf.
 Working Group, Joint Statement on Risk-Focused Bank Secrecy Act/Anti-Money Laundering Supervision (July 22, 2019), https://www.fdic.gov/news/news/press/2019/pr19065a.pdf.
 Working Group, Providing Financial Services to Customers Engaged in Hemp-Related Businesses (Dec. 3, 2019), https://www.federalreserve.gov/newsevents/pressreleases/files/bcreg20191203a1.pdf.
 Federal Financial Institutions Examination Council, Interagency Statement on April 2020 Updates to the Bank Secrecy Act/Anti-Money Laundering Examination Manual at 1 (Apr. 15, 2020), https://www.ffiec.gov/press/PDF/Interagency%20Statement.pdf
 Federal Financial Institutions Examination Council, Bank Secrecy Act/Anti-Money Laundering Examination Manual at 24 (2014), https://bsaaml.ffiec.gov/docs/manual/BSA_AML_Man_2014_v2_CDDBO.pdf.
The following Gibson Dunn lawyers assisted in preparing this client alert: Matthew Biben, Stephanie Brooker, Joel Cohen, M. Kendall Day, Mylan Denerstein, Arthur Long, Joseph Warin, Linda Noonan, and Chris Jones.
Gibson Dunn has deep experience with issues relating to the defense of financial institutions. For assistance navigating white collar or regulatory enforcement issues involving financial institutions, please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Financial Institutions Group, or the authors:
Matthew L. Biben – New York (+1 212-351-6300, firstname.lastname@example.org)
Stephanie Brooker – Washington, D.C. (+1 202-887 3502, email@example.com)
Joel M. Cohen – New York (+1 212-351-2664, firstname.lastname@example.org)
Kendall Day– Washington, D.C. (+1 202-955-8220, email@example.com)
Mylan L. Denerstein – New York (+1 212-351-3850, firstname.lastname@example.org)
Arthur S. Long – New York (+1 212-351-2426, email@example.com)
Joseph Warin– Washington, D.C. (+1 202-8870-3609, firstname.lastname@example.org)
Linda Noonan – Washington, D.C. (+1 202-887-3595, email@example.com)
Chris Jones* – San Francisco (+1 415-393-8320, firstname.lastname@example.org)
*Mr. Jones is admitted only in New York and Washington, D.C. He is practicing under the supervision of Principals of the Firm.
© 2020 Gibson, Dunn & Crutcher LLP
Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.