Interagency statement on model risk management for bank systems
AML AND COMPLIANCE NEWS |
Authored by RSM US LLP
The Office of the Comptroller of the Currency (OCC), the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, Financial Crimes Enforcement Network (FinCEN), and the National Credit Union Administration have requested responses from all OCC-supervised banks regarding the supervisory guidance stated on model risk management for bank systems supporting Bank Secrecy Act/anti-money laundering (BSA/AML) compliance. This article will summarize the supervisory guidance issued April 12, 2021, related to model risk management on systems supporting banks’ BSA/AML compliance programs.
There is no predefined definition for a model within the regulation or statute for model risk management; however, the model risk management guidance utilizes the following definition for the term model:
The term model refers to a quantitative method, system or approach that applies statistical, economic, financial or mathematical theories, techniques, and assumptions to process input data into quantitative estimates.
The guidance is called the Supervisory Guidance on Model Risk Management and it focuses on three core areas that should be considered when a model is used to support a financial institution’s BSA/AML compliance program:
- An information input component, which delivers data and assumptions into the model
- A processing component, which transforms the data into estimates
- A reporting component, which transforms the estimates into useable business information
The model risk management guidance also brings to the attention of financial institutions’ examples of what are not models because they lack one or more of the components noted above:
- Stand-alone, simple tools that flag transactions based on singular factors, such as reports that identify cash, wire transfer, or other transaction activity over certain value thresholds
- Systems used to aggregate cash transactions occurring at the bank’s branches to file currency transaction reports.
For automated transaction monitoring systems to have diligent risk management requires periodic reviews and tests of the system’s filtering criteria and thresholds to determine if the current settings are effective and have an independent validation of the system. These reviews are generally performed using a risk-based approach with the frequency of the review determined by the financial institution’s risk profile.
Financial institutions may rely on a third-party monitoring system to support their BSA/AML program; however, the model risk management guidance establishes the following considerations when financial institutions utilize a third-party model:
- Perform reasonable due diligence before entering a contractual relationship
- Establish ongoing monitoring of the third party and the model when the model is utilized for compliance-related activities (currency transaction reporting, monitoring transactions, detection of suspicious activities or suspicious activity reporting)
Financial institutions are ultimately responsible for complying with BSA/AML requirements when utilizing a third-party model so the following risk management approach should be considered:
- Obtain sufficient information from the third party to understand how the model operates and performs (Thresholds, parameters and other settings should be tailored to the specific risk profile of the financial institution.)
- Establish a contingency plan(s) if a third-party model is no longer available or service is disrupted
All of the points of consideration noted within the model risk management guidance are not intended to have the force or effect of law. The points are guidance for a sound risk management approach of the models that are utilized by financial institutions to support their BSA/AML compliance systems. The guidance recognizes that there are many factors to study when considering the model risk management guidance, like the financial institution’s risk profile and the extent to which the model is used to support the BSA/AML compliance program. The model risk management guidance specifically states the use of flexibility as follows:
The model risk management guidance principles provide flexibility for banks in developing, implementing and updating models. Banks may benefit from employing this flexibility, including validation activities, to update BSA/AML models quickly in response to the evolving threat environment and to implement innovative approaches. Banks may establish policies that govern when the bank may implement fewer material changes to models without revalidation or may choose to revalidate certain model components without revalidating the entire model.
The publication of the model risk management guidance reminds financial institutions of the necessary points that should be considered when assessing model(s) used to support a financial institution’s BSA/AML compliance program. The guidance highlights a financial institution’s understanding of what should be considered a model, and how to assess third-party models as key initial steps. In addition, the guidance covered how the financial institution’s risk profile is another consideration when taking a risk-based approach to assessing the BSA/AML models. In closing, the guidance presented is flexible based on the financial institution’s risk profile and the risk-based approach should be implemented over the models that are utilized.
This article was written by RSM US LLP and originally appeared on 2021-07-14.
2021 RSM US LLP. All rights reserved.
RSM US Alliance provides its members with access to resources of RSM US LLP. RSM US Alliance member firms are separate and independent businesses and legal entities that are responsible for their own acts and omissions, and each is separate and independent from RSM US LLP. RSM US LLP is the U.S. member firm of RSM International, a global network of independent audit, tax, and consulting firms. Members of RSM US Alliance have access to RSM International resources through RSM US LLP but are not member firms of RSM International. Visit rsmus.com/about us for more information regarding RSM US LLP and RSM International. The RSM logo is used under license by RSM US LLP. RSM US Alliance products and services are proprietary to RSM US LLP.
Pugh CPAs is a proud member of RSM US Alliance, a premier affiliation of independent accounting and consulting firms in the United States. RSM US Alliance provides our firm with access to resources of RSM US LLP, the leading provider of audit, tax and consulting services focused on the middle market. RSM US LLP is a licensed CPA firm and the U.S. member of RSM International, a global network of independent audit, tax and consulting firms with more than 43,000 people in over 120 countries.
Our membership in RSM US Alliance has elevated our capabilities in the marketplace, helping to differentiate our firm from the competition while allowing us to maintain our independence and entrepreneurial culture. We have access to a valuable peer network of like-sized firms as well as a broad range of tools, expertise and technical resources.
For more information on how Pugh CPAs can assist you, please call 865.769.0660.
Call us at 865.769.0660 or fill out the form below and we'll contact you to discuss your specific situation.