Risk Assessment Costs and Observations
Review of the Foundation: As discussed in the previous article, the BSA risk assessment is the cornerstone of the BSA program. Since all activities in the lifecycle of the BSA process flow from the risk assessment, a complete, compliant risk assessment can make the difference in the success of your BSA program. Clear identification of the inherent risks, mitigating controls and residual risks is the foundation of a program that will pass regulatory scrutiny.
Recently, I had the opportunity to hear from examiners from OCC, FDIC, NYDFS and the Federal Reserve about the most common deficiencies in BSA examinations. They agreed that Inadequate risk assessments are, across the board, the number one deficiency in BSA examinations.
Part 2
External Costs
This series of articles grew from a survey that we recently conducted to understand how much financial institutions spend on the BSA risk assessment process. In the first installment we discussed the internal costs to the institution. This cost factor focused on the consumption of internal resources required to assemble the annual risk assessment. The results, by tier, were as follows:
Tier 1 average spend: $66,144
Tier 2 average spend: $64,084
Tier 3 average spend: $23,632
These results were exclusive of preparation of board reports and ongoing metrics. It included only resource costs for the AML department and so did not include data warehouse resources, analytics resources, or IT resources.
Here, we examine the external cost estimates by asset size. Based on the responses of the organizations by asset size, the Tier 3 institutions are split. About 50% of the respondents utilize outside consultants to manage and complete their risk assessment. The spend range is typically $75,000 to $100,000 per year. The 50% of the Tier 3 institutions that do not use external resources often occupy the higher range of internal costs shown above. More than 75% of the respondents in Tier 2 utilize outside firms to handle their annual risk assessment. Spend ranges, according to the respondents, are $75,000 to $150,000 annually. 85%+ of Tier 1 institutions (based on respondents and discussions with regulators) use outside resources for some or most of their risk assessments. The spend ranges are much higher in this tier. Most start at $100,000 and go as high as $1,000,000+ with an average of $350,000 in spend. This is a broad range but shows that each institution is spending more than six figures in the annual process.
Combining internal and external costs, the median total resource spend (internal and external costs) is as follows:
Tier 1—$416,144.23
Tier 2—$189,084.62
Tier 3—$113,632.62
You can see the average spend for the risk assessment process creates a large line item in the BSA budget. What if we could reduce those hours and costs? What if we could automate the process and save tens or even hundreds of thousands of dollars?
In the next installment, I will discuss best practices in the risk assessment process. In addition, I will introduce you to a technology that will allow you to do all the things discussed above—create automation and a path to operations that will connect the dots from risk assessment to risk identification to risk mitigation and provide documentation at each step of the process. That type of automation will not only reduce manual input but give you more visibility and control into the process so that you can shift your focus from mechanics to strategy.
Our final installment in this series will focus on managing the costs and driving best practices through your BSA risk assessment. We will touch on the options for creating and automating risk assessments that are responsive to your business environment without increasing costs. These articles and others can be found atwww.beregsmart.com.
Next Installment: Best practices in the risk assessment process.
About the Author
Debra Geister is Manager and CEO of Section 2 Financial Intelligence Solutions. Section 2 (S2) focuses exclusively on the tracking and documentation of the “hybrid threat.” She and her team are passionate about education and detection of transnational criminal organizations in our financial systems. Previously, she was Managing Director for AML Advisory Services at Matrix International Financial Services. Geister has 15 years of experience in leadership roles in banking compliance. She worked at US Bank as a VP of Risk and Compliance and spent three years at Meta Bank as Senior Vice President, leading the combined Fraud and Bank Secrecy Act (BSA) Unit.
About RegSmart
RegSmart offers the best-in-class automated BSA/AML risk assessment. Supported by subject matter experts, RegSmart collects data with intuitive wizards and stores that data for regulatory compliance and change management. RegSmart delivers complete, plain language reports with actionable intelligence. Please visit us at www.beregsmart.com.
If you would like to see a demonstration of our best-in-class automated BSA/AML risk assessment and audit applications, please contact us at 214.919.4670, or email John Ravita at jrravita@beregsmart.com or Mark Stetler at mstetler@beregsmart.com. We look forward to visiting with you.