IT'S TIME TO START SELECTING YOUR RISK ASSESSMENT TEAM

By now you have probably read my article detailing the proposed new FinCEN rule on AML, which added the requirement of a continuous process of Risk Assessment to your already bulging plate of mandatory components of an effective AML./CFT risk-based compliance program. Although it will be several months before official adoption, it is best if you start assembling a team from your staff, to discharge that new obligation, and document that action for regulators and auditors will most certainly be looking for their presence down the road.

You should also create a written SOP for your people, so that not only are they literally "checking the boxes" and confirming low-risk status after their inquiries, but they know what to look for. In that vein, it is humbly suggested that you rely upon your more experienced staff to draft it, which means those individuals who have decades on the job, and fully understand what risks exist in your specific environment, and can enumerate what to look for. Should you may have already retired those old timers, it is recommended that you bring them back as consultants, as their post-9/11 experience, as well as threats observed over the years will best equip them to build a comprehensive checklist. Alternatively, you might have to outsource it.

It might be best to insert the Risk Assessments into regularly scheduled dates, so that no busy compliance staff members will take the time to examine existing clients, and discharge the continuous obligation now imposed on you. It is humbly suggested that you do this over the Summer, when you have more time to dedicate to it.