BSA-AML Examiner School Case Study eBook

Internal Use Only OFAC RISK ASSESSMENT WORKSHEET

The federal banking agencies evaluate OFAC compliance programs to ensure that all banks subject to their supervision comply with the sanctions. Unlike the BSA, the laws and OFAC-issued regulations apply not only to U.S. banks, their domestic branches, agencies, and international banking facilities, but also to their foreign branches, and often overseas offices and subsidiaries. OFAC encourages banks to take a risk-based approach to designing and implementing an OFAC compliance program. In general, the regulations that OFAC administers require banks to do the following: - Block accounts and other property of specified countries, entities, and individuals. - Prohibit or reject unlicensed trade and financial transactions with specified countries, entities, and individuals. COMPLIANCE PROGRAM OVERVIEW Yes/No or N/A Comments Does the bank have a history of recent OFAC actions or violations within the last 5 years such as notice letters or civil money penalties? No

Does the bank have policies, procedures, and processes that address how it will identify and review transactions and accounts for possible OFAC violations, whether conducted manually, through interdiction software, or a combination of both? Does the bank have policies, procedures, and processes for timely updating of the lists of sanctioned countries and blocked entities, and individuals, and disseminating such information throughout the bank's domestic operations and its offshore offices, branches and, in the case of Iran and Cuba, foreign subsidiaries? Does the bank conduct an independent test of its OFAC compliance program that is performed by the internal audit department, outside auditors, consultants, or other qualified independent parties? Does the bank designate a qualified individual(s) to be responsible for the day-to-day compliance of the OFAC compliance program, including changes or updates to the various sanctions programs, and the reporting of blocked or rejected transactions to OFAC and the oversight of blocked funds? Does the bank follow record retention requirements for OFAC blocked property (generally for as long as it is blocked and 5 years once unblocked)? Does the bank provide adequate training for all appropriate employees on its OFAC compliance program, procedures and processes?

Yes

Yes

Yes

Yes

Yes

Yes The Bank's overall OFAC Program is stable and strong. As of July 2023, the bank approved an enhanced BSA Policy and appointed a new CCO and BSA Officer. The new BSA Officer has subsequently reviewed and enhanced additional OFAC processes and procedures across the Bank, established tracking and reporting, and provided additional training to impacted staff.

GEOGRAPHIC LOCATION & BANK INFO

Yes/No or N/A

Comments and description of mitigating controls

Does the bank operate in a high intensity drug trafficking area or high intensity financial crime area?

The Omaha / Lincoln area may be considered HIDTA due to the proximity to I-80 highways.

Yes

Does the bank operate branches or subsidiaries overseas?

No No

Has the bank experienced an increase in OFAC "hits" over the past year?

Has the bank experienced high employee turnover over the last year which would negatively impact its ability to identify and report BSA/AML or OFAC requirements?

No

Limited

Assign Inherent Risk → Assign Controls Rating → Assign Residual Risk → Assign Overall Trend →

2 2 2

Satisfactory

Limited

Summary of Risk Ratings:

Stable

Overall, low risk area. And no volume shifts of OFAC hits as portfolio tendencies have not changed. No unexpected increase in employee turnover.