US Agencies on Model Risk Management for BSA/AML Compliance by Banks
FHFA issued Orders to Fannie Mae and Freddie Mac (the Enterprises), along with the summary instructions and guidance, with respect to the stress test reporting as of December 31, 2020. The Orders mention that each Enterprise shall report to FHFA and to FED the results of the stress testing as required by the FHFA rule on stress testing of regulated entities (12 CFR 1238), in the form and with the content described therein and in the summary instructions and guidance, accompanying the Orders. In addition, US Agencies (FDIC, FED, NCUA, and OCC), including the Financial Crimes Enforcement Network (FinCEN), are requesting information on the extent to which the principles discussed in the interagency supervisory guidance on model risk management support bank compliance with the Bank Secrecy Act/Anti-Money Laundering (BSA/AML) and Office of Foreign Assets Control (OFAC) requirements.
The agencies seek this information to enhance their understanding of bank practices in these areas and determine whether additional explanation or clarification may increase transparency, effectiveness, or efficiency. Comments will be accepted for 60 days following publication of the request for information in the Federal Register. The US Agencies concurrently issued a joint statement to clarify that the risk management principles discussed in the supervisory guidance are appropriate considerations in the context of the BSA/AML statutory and regulatory requirements. The statement clarified the following key points
- The supervisory guidance on model risk management does not have the force and effect of law. Banks may use some or all of the principles in the supervisory guidance in their risk management processes to support meeting the regulatory requirements of an effective BSA/AML compliance program. Banks with limited model use may not have formal model risk management frameworks.
- The supervisory guidance is not meant to serve as a set of testing procedures, including with regard to BSA/AML systems.
- The supervisory guidance does not establish any requirements or supervisory expectations that banks have duplicative processes for complying with BSA/AML regulatory requirements.
- Certain processes and systems used in BSA/AML compliance may not be models. The determination by a bank of whether a system used for BSA/AML compliance is considered a model is bank-specific. When making this determination, a bank may consider the supervisory guidance model definition and the three components that characterize models.
- Banks assess different models in different ways. The nature of testing and analysis of models depends on the type of model and the context in which the models are used.
- The principles in supervisory guidance provide flexibility for banks in developing, implementing, and updating models. Banks may benefit from employing this flexibility, including for validation activities, to update BSA/AML models quickly in response to the evolving threat environment and to implement innovative approaches. Banks may establish policies that govern when the bank may implement less material changes to models without revalidation, or may choose to revalidate certain model components without revalidating the entire model.
- Banks may choose to use a third-party model. When doing so, banks may consider the principles discussed in the agencies’ third-party risk management issuances and the aspects of the supervisory guidance that address third-party models.
- Regardless of how a BSA/AML system is characterized, sound risk management is important, and banks may use the principles discussed in the supervisory guidance to establish, implement, and maintain their risk management framework.
Related Links
- FHFA Notice
- Accompanying Guidance from FHFA
- Press Release on Supervisory Guidance
- Request for Information on BSA/AML Compliance (PDF)
- Statement on Model Risk Management (PDF)
Comment Due Date: FR+60 Days
Keywords: Americas, US, Banking, Reporting, Stress Testing, Fannie Mae, Freddie Mac, Dodd-Frank Act, AML, EGRRCP Act, COVID-19, Regulatory Capital, BSA, Model Risk Management, FHFS, US Agencies
Featured Experts

Laurent Birade
Advises U.S. and Canadian financial institutions on risk and finance integration, CCAR/DFAST stress testing, IFRS9 and CECL credit loss reserving, and credit risk practices.

María Cañamero
Skilled market researcher; growth strategist; successful go-to-market campaign developer

Nicolas Degruson
Works with financial institutions, regulatory experts, business analysts, product managers, and software engineers to drive regulatory solutions across the globe.
Previous Article
ESMA Issues Notification Templates for STS Synthetic SecuritizationsRelated Articles
US Agencies Issue Several Regulatory and Reporting Updates
The Board of Governors of the Federal Reserve System (FED) adopted the final rule on Adjustable Interest Rate (LIBOR) Act.
ECB Issues Multiple Reports and Regulatory Updates for Banks
The European Central Bank (ECB) published an updated list of supervised entities, a report on the supervision of less significant institutions (LSIs), a statement on macro-prudential policy.
HKMA Keeps List of D-SIBs Unchanged, Makes Other Announcements
The Hong Kong Monetary Authority (HKMA) published a circular on the prudential treatment of crypto-asset exposures, an update on the status of transition to new interest rate benchmarks.
EU Issues FAQs on Taxonomy Regulation, Rules Under CRD, FICOD and SFDR
The European Commission (EC) adopted the standards addressing supervisory reporting of risk concentrations and intra-group transactions, benchmarking of internal approaches, and authorization of credit institutions.
CBIRC Revises Measures on Corporate Governance Supervision
The China Banking and Insurance Regulatory Commission (CBIRC) issued rules to manage the risk of off-balance sheet business of commercial banks and rules on corporate governance of financial institutions.
HKMA Publications Address Sustainability Issues in Financial Sector
The Hong Kong Monetary Authority (HKMA) made announcements to address sustainability issues in the financial sector.
EBA Updates Address Basel and NPL Requirements for Banks
The European Banking Authority (EBA) published regulatory standards on identification of a group of connected clients (GCC) as well as updated the lists of identified financial conglomerates.
ESMA Publishes 2022 ESEF XBRL Taxonomy and Conformance Suite
The General Board of the European Systemic Risk Board (ESRB), at its December meeting, issued an updated risk assessment via the quarterly risk dashboard and held discussions on key policy priorities to address the systemic risks in the European Union.
FCA Sets up ESG Committee, Imposes Penalties, and Issues Other Updates
The Financial Conduct Authority (FCA) is seeking comments, until December 21, 2022, on the draft guidance for firms to support existing mortgage borrowers.
FSB Reports Assess NBFI Sector and Progress on LIBOR Transition
The Financial Stability Board (FSB) published a report that assesses progress on the transition from the Interbank Offered Rates, or IBORs, to overnight risk-free rates as well as a report that assesses global trends in the non-bank financial intermediation (NBFI) sector.