Supporting Statement
Bank Secrecy Act/Money Laundering Risk Assessment
OMB Control No. 1557-0231
A. Justification.
1. Circumstances that make the collection necessary:
The OCC conducts an annual data collection, known as the Money Laundering Risk (MLR) System, from community banks (national banks and federal savings associations), to assist OCC examiners in supervising Bank Secrecy Act (BSA) and sanctions compliance. The MLR system enhances the ability of examiners and bank management to identify and evaluate BSA/money laundering and Office of Foreign Asset Control (OFAC) sanctions risks associated with banks’ products, services, customers, and locations. The OCC is currently considering expanding the data collection to its Midsize and Large Banks populations, but pursuant to OMB requirements, is requesting only renewal of the MLR community bank data collection at this time.
The OCC developed the MLR System to gather and analyze uniform information from the largest population of OCC supervised banks (i.e., community banks). The OCC has collected uniform MLR data from community banks due their broad geographic dispersion, disparity of size, and level of complexity. The MLR information provides OCC examiners the ability to identify higher or lower-risk products, services, and customers for examination scoping, planning, and transaction testing. The MLR is an important tool for the OCC’s BSA/Anti-Money Laundering/OFAC supervision activities because it allows the agency to better identify those institutions, and areas within institutions, that pose heightened risk. This information assists the OCC in allocating examination resources, improves examination scopes, and augments transaction testing capabilities. The MLR is critical in protecting financial institutions from potential abuse from money laundering or terrorist financing, as well as for effective supervision for BSA/AML compliance, and for national security.
2. Use of the information:
The OCC needs the information generated through the MLR to evaluate and examine risks associated with each banks’ products, services, customers, and locations. The OCC evaluates this information on a strategic level (i.e., across the population of supervised community banks), at the OCC district level, at the OCC supervisory office level, and on an individual bank basis. As new products and services are introduced, existing products and services change, and banks expand through mergers and acquisitions, the bank’s BSA compliance program should evolve to ensure compliance and effective risk management of potential new money laundering and terrorist financing threats. The OCC uses this information on an annual and on a multi-year basis to evaluate BSA and OFAC risks in individual banks.
The OCC also provides MLR bank-specific and peer group information to each individual reporting bank.
3. Consideration of the use of improved information technology:
OCC banks reporting MLR information may use any information technology that permits review by OCC examiners.
4. Efforts to identify duplication:
The required information is unique, permits systemic analysis, and is not duplicative of any other information already collected.
5. Methods used to minimize burden if the collection has a significant impact on a substantial number of small entities:
Since banks are expected to develop periodic BSA and OFAC risk assessments, the information collected through the MLR is essential for current risk assessment processes. The collection does not have a significant impact on the reporting entities.
6. Consequences to the Federal program if the collection were conducted less frequently:
The annual data collection cycle is reasonable and ties closely with our statutory examination cycle requirements. In addition, conducting the MLR less frequently would be harmful to the OCC’s risk-based supervisory approach by making it more difficult to determine which banks pose the greatest BSA/money laundering risk and thus producing more inefficient examinations. It would also impede OCC supervised banks from being able to appropriately address their unique BSA/money laundering risks.
7. Special circumstances that would cause an information collection to be conducted in a manner inconsistent with 5 CFR Part 1320:
The information collection will be conducted in a manner consistent with 5 CFR Part 1320.
8. Efforts to consult with persons outside the agency:
The OCC published a 60-day notice in the Federal Register soliciting comments concerning renewal of the collection and possible expansion of the collection to include the OCC’s Midsize and Large Bank populations.1 The OCC received two comment letters, both from OCC-supervised banks. Subsequently, the OCC published a 30-day notice soliciting additional comments concerning the MLR information collection.2 The OCC received two additional comment letters in response to the 30-day notice.
Both
commenters responding to the 60-day notice recommended that the OCC
not expand its data collection requirement beyond the current
community bank population. One comment letter indicated that the
collection of BSA/money laundering related data should not be
performed in a uniform manner since banks serve different customer
types and geographies, and have varied products, transaction volumes,
staffing, and expertise. The commenter went on to state that risk
management is not a universal exercise and that management may tailor
its risk assessment process to meet a bank’s unique needs. The
other commenter indicated that expanding the data collection to
Midsize and Large Banks would create redundancies and unnecessary
burden on these financial institutions. The comment letter stated
Midsize and Large Banks have been performing annual risk assessments
for years, and, as such, these banks are best suited to evaluate
their bank secrecy/money laundering risks. The commenter went on to
suggest the OCC should instead focus on reviewing banks’
analyses and risk assessment methodologies. Finally, the commenter
suggested that the burden estimates are low, as the OCC may not fully
appreciate the variance between bank data metrics and the data
requested by the OCC.
Both commenters responding to the 30-day notice recommended the OCC not expand its data collection requirement beyond the current community bank population. One commenter indicated the MLR is inconsistent with the interagency approach to uniform examinations for BSA compliance. The commenter went on to indicate that there is no evidence presented to validate the usefulness of the MLR to examiners and bank management in identifying and evaluating BSA/money laundering and OFAC sanctions risks. The commenter also indicated that no information has been provided to indicate how or if the MLR is coordinated or connected with a bank’s own risk assessment. In addition, the commenter stated expansion of the MLR to all “national banks” merits a full notice of proposed rulemaking. Also, one commenter suggested the OCC consider reducing the granularity of the information gathered and eliminate categories of information currently requested to minimize the burden on respondents, and that the OCC should establish an industry working group to assist in designing the MLR System. Finally, both commenters indicated the burden estimates are low, with one commenter providing estimates from a large bank.
The
OCC carefully considered all comment letters. The purpose of the MLR
System is to
support the OCC’s supervisory objectives by allowing for the
identification and analysis of BSA/money laundering and OFAC
sanctions risks across the population of supervised banks, to assist
examiners in carrying out risk-based supervision pursuant to the
FFIEC BSA/AML Examination Manual, to improve examination scoping and
transaction testing, and to meet the OCC’s obligations under
applicable statutes and regulations. The MLR System is not intended
to supplant banks’ full BSA and OFAC risk assessments, as the
MLR seeks only to gather certain specific data prior to examinations
to help ensure more efficient examination scopes and transaction
testing. The OCC’s evaluation of the institution’s full
risk assessment is performed during regular examinations. The MLR
System can complement banks’ BSA and OFAC risk assessments, as
data gathered should be substantially similar to the information
needed to perform internal analyses of inherent BSA and OFAC risks.
In addition, the burden estimates provided in this notice were
calculated in conformance with OMB methodologies.
Finally,
the OCC is considering, but has not yet made a decision whether to
expand the MLR reporting requirement to the OCC’s
Midsize and Large Bank populations. A notice of proposed rulemaking
is not necessary, as the OCC is only requesting renewal of the
existing data collection and was requesting approval to expand the
data collection to all OCC-supervised banks. The OCC previously had
OMB approval to include Midsize and Large banks in the annual data
collection, but requested OMB renewal of the data collection in 2010
only for community banks. However, pursuant to OMB requirements, the
OCC is only requesting renewal at this time of the existing community
bank MLR data collection.
9. Payment or gift to respondents:
None.
10. Any assurance of confidentiality:
Appropriate system security safeguards have been put into place to protect against unauthorized access.
11. Justification for questions of a sensitive nature:
There are no questions of a sensitive nature.
12. Burden estimate:
The OCC estimates the burden of this collection of information as follows:
Estimated Number
of Respondents:
1,792
Estimated Number
of Responses:
1,792
Frequency
of Response:
Annually
Estimated
Annual Burden:
10,752 hours
13. Estimate of total annual costs to respondents:
10,752 x $60/hour (combination of management and technical staff) = $645,120
14. Estimate of annualized costs to the Federal government:
Not applicable.
15. Change in burden:
The change in burden was due to a combination of changes to the
form and a reduction in the number of respondents.
Changes to the Form
The OCC updated the annual Risk Summary Form in 2012. The changes enhance the assessment process by requiring the reporting of products, services, and customers (PSCs) related to prepaid access or prepaid cards, a growth industry that is receiving increased attention from regulators, law enforcement, and Congress.
In addition, the Money Services Business (MSB) section of the form was modified to reflect changes in regulatory definitions. The form now includes MSB customers that are Providers of Prepaid Access and Sellers of Prepaid Access. All of these changes were made within the existing subject headers.
Change in Number of Respondents
The number of respondents decreased due to a nonmaterial change in 2011, which was overstated. The non-material change added the thrifts transferred to the OCC via Dodd-Frank.
Former Burden:
1,972 respondents; 11,832 burden hours
New Burden:
1,792 respondents: 10,752 burden hours
Difference:
-180 respondents; -1,080 burden hours
16. Information regarding collections whose results are to be published for statistical use:
The OCC has no plans to publish the information for statistical purposes.
17. Reasons for not displaying OMB approval expiration date:
The OCC is not requesting permission to not display the OMB approval expiration date.
18. Exceptions to the certification statement in Item 19 of OMB Form 83-I:
None.
B. Collections of Information Employing Statistical Methods.
Not applicable.
1 77 FR 70544 (November 26, 2012).
2 78 FR 15121 (March 8, 2013).
| File Type | application/msword |
| File Title | Supporting Statement |
| File Modified | 2013-09-04 |
| File Created | 2013-09-04 |