OCC updates BSA/AML examination procedures for community banks

On November 24, 2025, the Office of the Comptroller of the Currency (OCC) announced two actions intended to tailor Bank Secrecy Act/Anti-Money Laundering (BSA/AML) supervision and reduce compliance burdens for community banks.[1] First, the OCC released new procedures for OCC examiners to follow when assessing the anti-money laundering and countering the financing of terrorism (AML/CFT) programs of community banks (the Community Bank Procedures).[2] Second, the OCC announced that it will no longer annually collect information from community banks through the Money Laundering Risk (MLR) System.[3] Comptroller of the Currency Jonathan Gould said that these changes were designed to “relieve community banks of unnecessary regulatory requirements,” consistent with the administration’s broader efforts to reduce costs and burdens under the BSA.

Over the past year, the new administration has prioritized BSA reform through deregulatory actions and updates to guidance. For example, the federal banking agencies released updated guidance this October intended to streamline suspicious activity report (SAR) filing for financial institutions (as discussed in our client update). Like the updated SAR guidance, the Community Bank Procedures represent an incremental change to BSA/AML supervision, rather than a rollback of regulatory requirements. The new procedures do not dramatically alter BSA/AML supervision for community banks (defined as institutions with up to $30 billion in assets), but they do provide discretion to examiners to reduce the burdens and scope of exams in key areas. They will become effective for examinations starting February 1, 2026.

Whether the new examination procedures successfully reduce burdens for community banks will turn on examiner implementation. It also remains unclear how they will interact with existing procedures in the Federal Financial Institutions Examination Council’s (FFIEC) BSA/AML Examination Manual. Notably, the other federal banking agencies have not released comparable guidance for examination staff – meaning the Community Bank Procedures currently apply only to OCC-supervised institutions. That said, given the broader interagency focus on BSA reform, we expect further actions over the coming months. We provide below a summary of the key changes and the implications for institutions subject to the OCC’s supervision.

Key changes under the new procedures

Community Bank Procedures

According to the OCC, the Community Bank Procedures are intended to “reduce regulatory burden by tailoring examination activities” for smaller and lower risk institutions. To that end, the procedures set out standards and guidelines for examiners when evaluating the AML/CFT programs of community banks supervised by the OCC. In substance, this consists of a high-level summary of the steps that examiners should take through the various stages of the examination process (e.g., scoping and planning the exam, assessing the AML/CFT program, and developing conclusions), as well as standards for scoping and assessing each of the components of a community bank’s AML/CFT program (generally focusing on material elements).

For the most part, the Community Bank Procedures restate principles and standards that are already set out in the FFIEC BSA/AML Examination Manual. The Community Bank Procedures do, however, provide discretion to examiners to reduce the scope and burdens of exams in a few notable areas:

• Examiners may use their discretion to carry forward examination findings for the BSA Officer and Training pillars[4] from a prior examination cycle if: (a) prior cycle findings were satisfactory; (b) there have been no material changes to the bank’s AML/CFT risk profile, staffing, or operations; (c) there have been no material findings from independent testing performed; and (d) there are no adverse findings from the work performed during the current examination related to these pillars. Examination findings may be carried forward for a maximum of two cycles.
• Examiners may rely on satisfactory independent testing to form a basis for conclusions. This is ultimately a risk-based decision, and examiners “may leverage certain areas of testing completed, but not others, depending on the quality of the work performed covering specific areas of the examination.” Notably, the FFIEC BSA/AML Examination Manual already permits examiners to rely on satisfactory independent testing;[5] however, the Community Bank Procedures provide more explicit guidance on this point and offer greater clarity to examiners.
• Examiners may use their discretion to determine whether and to what extent to perform transaction testing or whether it is appropriate to limit testing to analytical or other reviews. In other words, transaction testing is not a baseline expectation for each exam. This is ultimately a risk-based decision that requires examiner to consider, among other things, the risk profile of the institution, the adequacy of its independent testing, and any changes to its products or services.[6]

In all cases, these decisions are discretionary for examiners, and the Community Bank Procedures reiterate that more extensive procedures may be appropriate depending on the risk profile of an institution.

The interaction between the new Community Bank Procedures and existing FFIEC BSA/AML Examination Manual standards remains uncertain, however. While the OCC’s press release describes the new procedures as “supplement[ing]” the FFIEC Manual, the Community Bank Procedures themselves state that they should serve as the “baseline,” with “additional procedures from the FFIEC BSA/AML Examination Manual” to be applied “as appropriate” according to an institution’s risk profile. The OCC is likely to provide clarification through examiner training, but it remains unclear how these new procedures will be implemented in practice.

Discontinuance of data collection through the MLR System

On November 24, the OCC also announced that it would discontinue its practice, dating from 2005, of annually collecting data from community banks through the MLR System (in response to longstanding requests from many industry groups). The MLR System required community banks supervised by the OCC to complete an annual Risk Summary Form collecting data on products, services, customers, and geographies to assess AML/CFT and sanctions risks. This information was used to help the OCC scope and plan examinations, identify potentially high-risk activities in the community bank portfolio, and allocate examination resources. The data was also intended to assist community banks in assessing their own risks.

Many in the industry have questioned whether the MLR process provided enough value to justify the burdens placed on community banks. The OCC generally agreed with this conclusion in announcing its decision to discontinue annual MLR data collection, stating that “the MLR System is no longer necessary” and “the OCC can obtain appropriate information” on AML/CFT risks in the community bank portfolio through other means. The OCC reiterated, however, that it will continue to expect community banks to understand the AML/CFT risks associated with their activities.

Looking forward: what does this mean for community banks?

For community banks, the discontinuance of annual data collection through the MLR System may provide welcome relief. Less clear, however, are the long-term implications of the Community Bank Procedures.

The notion that BSA/AML examinations should be tailored to the risk profile of an institution is a longstanding principle under the FFIEC BSA/AML Examination Manual.[7] Nevertheless, community and mid-sized banks have historically complained that their examiners hold them to the same standards as larger, more complex financial institutions, regardless of their size and risk profile. Many banks will also attest that regulatory recommendations or “best practices” for larger institutions have transformed, over time, into baseline expectations for all banks. Over the past year, Treasury and the federal banking agencies have attempted to break that trend, and the OCC has framed the Community Bank Procedures as a continuation of those efforts.

Whether the Community Bank Procedures will have the desired effect is an open question. Effectuating real change will require extensive training for examiners – and, in all likelihood, substantially more detailed guidance than the Community Bank Procedures offer. For the most part, the Community Bank Procedures restate existing principles under the FFIEC BSA/AML Examination Manual, and it remains discretionary for examiners to take a lighter touch approach. Given the varying risk profiles of community banks, the OCC was likely mindful of taking a measured approach (despite the blanket statement in the press release suggesting that all community banks have “generally low levels of money laundering and terrorist financing risk”).

Nevertheless, the OCC’s actions offer further data points on the administration’s efforts to update BSA/AML supervision. If the OCC succeeds in clarifying and communicating the new standards to examiners, the Community Bank Procedures may help rationalize compliance burdens for community banks. We expect further actions over the next year as the new administration continues its focus on BSA reform.