US Agencies on Model Risk Management for BSA/AML Compliance by Banks
FHFA issued Orders to Fannie Mae and Freddie Mac (the Enterprises), along with the summary instructions and guidance, with respect to the stress test reporting as of December 31, 2020. The Orders mention that each Enterprise shall report to FHFA and to FED the results of the stress testing as required by the FHFA rule on stress testing of regulated entities (12 CFR 1238), in the form and with the content described therein and in the summary instructions and guidance, accompanying the Orders. In addition, US Agencies (FDIC, FED, NCUA, and OCC), including the Financial Crimes Enforcement Network (FinCEN), are requesting information on the extent to which the principles discussed in the interagency supervisory guidance on model risk management support bank compliance with the Bank Secrecy Act/Anti-Money Laundering (BSA/AML) and Office of Foreign Assets Control (OFAC) requirements.
The agencies seek this information to enhance their understanding of bank practices in these areas and determine whether additional explanation or clarification may increase transparency, effectiveness, or efficiency. Comments will be accepted for 60 days following publication of the request for information in the Federal Register. The US Agencies concurrently issued a joint statement to clarify that the risk management principles discussed in the supervisory guidance are appropriate considerations in the context of the BSA/AML statutory and regulatory requirements. The statement clarified the following key points
- The supervisory guidance on model risk management does not have the force and effect of law. Banks may use some or all of the principles in the supervisory guidance in their risk management processes to support meeting the regulatory requirements of an effective BSA/AML compliance program. Banks with limited model use may not have formal model risk management frameworks.
- The supervisory guidance is not meant to serve as a set of testing procedures, including with regard to BSA/AML systems.
- The supervisory guidance does not establish any requirements or supervisory expectations that banks have duplicative processes for complying with BSA/AML regulatory requirements.
- Certain processes and systems used in BSA/AML compliance may not be models. The determination by a bank of whether a system used for BSA/AML compliance is considered a model is bank-specific. When making this determination, a bank may consider the supervisory guidance model definition and the three components that characterize models.
- Banks assess different models in different ways. The nature of testing and analysis of models depends on the type of model and the context in which the models are used.
- The principles in supervisory guidance provide flexibility for banks in developing, implementing, and updating models. Banks may benefit from employing this flexibility, including for validation activities, to update BSA/AML models quickly in response to the evolving threat environment and to implement innovative approaches. Banks may establish policies that govern when the bank may implement less material changes to models without revalidation, or may choose to revalidate certain model components without revalidating the entire model.
- Banks may choose to use a third-party model. When doing so, banks may consider the principles discussed in the agencies’ third-party risk management issuances and the aspects of the supervisory guidance that address third-party models.
- Regardless of how a BSA/AML system is characterized, sound risk management is important, and banks may use the principles discussed in the supervisory guidance to establish, implement, and maintain their risk management framework.
Related Links
- FHFA Notice
- Accompanying Guidance from FHFA
- Press Release on Supervisory Guidance
- Request for Information on BSA/AML Compliance (PDF)
- Statement on Model Risk Management (PDF)
Comment Due Date: FR+60 Days
Keywords: Americas, US, Banking, Reporting, Stress Testing, Fannie Mae, Freddie Mac, Dodd-Frank Act, AML, EGRRCP Act, COVID-19, Regulatory Capital, BSA, Model Risk Management, FHFS, US Agencies
Featured Experts
Laurent Birade
Advises U.S. and Canadian financial institutions on risk and finance integration, CCAR/DFAST stress testing, IFRS9 and CECL credit loss reserving, and credit risk practices.
María Cañamero
Skilled market researcher; growth strategist; successful go-to-market campaign developer
Nicolas Degruson
Works with financial institutions, regulatory experts, business analysts, product managers, and software engineers to drive regulatory solutions across the globe.
Previous Article
ESMA Issues Notification Templates for STS Synthetic SecuritizationsRelated Articles
BIS and Central Banks Experiment with GenAI to Assess Climate Risks
A recent report from the Bank for International Settlements (BIS) Innovation Hub details Project Gaia, a collaboration between the BIS Innovation Hub Eurosystem Center and certain central banks in Europe
Nearly 25% G-SIBs Commit to Adopting TNFD Nature-Related Disclosures
Nature-related risks are increasing in severity and frequency, affecting businesses, capital providers, financial systems, and economies.
Singapore to Mandate Climate Disclosures from FY2025
Singapore recently took a significant step toward turning climate ambition into action, with the introduction of mandatory climate-related disclosures for listed and large non-listed companies
SEC Finalizes Climate-Related Disclosures Rule
The U.S. Securities and Exchange Commission (SEC) has finalized the long-awaited rule that mandates climate-related disclosures for domestic and foreign publicly listed companies in the U.S.
EBA Proposes Standards Related to Standardized Credit Risk Approach
The European Banking Authority (EBA) has been taking significant steps toward implementing the Basel III framework and strengthening the regulatory framework for credit institutions in the EU
US Regulators Release Stress Test Scenarios for Banks
The U.S. regulators recently released baseline and severely adverse scenarios, along with other details, for stress testing the banks in 2024. The relevant U.S. banking regulators are the Federal Reserve Bank (FED), the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC).
Asian Governments Aim for Interoperability in AI Governance Frameworks
The regulatory landscape for artificial intelligence (AI), including the generative kind, is evolving rapidly, with governments and regulators aiming to address the challenges and opportunities presented by this transformative technology.
EBA Proposes Operational Risk Standards Under Final Basel III Package
The European Union (EU) has been working on the final elements of Basel III standards, with endorsement of the Banking Package and the publication of the European Banking Authority (EBA) roadmap on Basel III implementation in December 2023.
EFRAG Proposes XBRL Taxonomy and Standard for Listed SMEs Under ESRS
The European Financial Reporting Advisory Group (EFRAG), which plays a crucial role in shaping corporate reporting standards in European Union (EU), is seeking comments, until May 21, 2024, on the Exposure Draft ESRS for listed SMEs.
ECB to Expand Climate Change Work in 2024-2025
Banking regulators worldwide are increasingly focusing on addressing, monitoring, and supervising the institutions' exposure to climate and environmental risks.