The Currency and Foreign Transactions Reporting Act of 1970 (commonly referred to as the "Bank Secrecy Act") requires U.S. financial institutions to assist U.S. government agencies to detect and prevent money laundering.

(Source: FinCEN)

A uniform interagency rating system adopted by the FFIEC. CAMELS originated in the U.S. to classify a bank's overall condition and is now used globally. The ratings range from 1 (strong) to 5 (critically deficient). Ratings are based on analysis of financial statements combined with on-site examinations. A bank's CAMELS rating is typically known only to the primary regulator that decides the score and senior management. 

The CFR is an annual codification of the general and permanent rules published in the Federal Register by the executive departments and agencies of the federal government.

[Source: the Federal Register]  

All banks must have a written CIP that is incorporated into the bank's BSA/AML compliance program. The CIP is intended to enable a bank to form a reasonable belief that it knows the true identity of each customer. It must include account opening procedures that specify the identifying information to be obtained from each customer.

Development of the risk assessment generally involves two steps: first, the bank's specific risk categories (products, services, customers, entities, transactions, and geographic locations) are identified; and second is a detailed analysis of the data identified to assess the inherent risk and residual risk within those categories. The resulting risk profile determines the composition of the bank's written compliance program.

Holding companies or lead financial institutions that implement enterprise-wide compliance programs should assess risk vertically within business lines and horizontally across all activities and legal entities.   

(Source: FFIEC Examiners Manual)

There are many definitions of enterprise risk management, but for the purpose of this business topic, it refers to an integrated approach to identifying, assessing, managing, and monitoring risk across the enterprise to promote business success.

Enterprise risk management recognizes and leverages the interconnectivity of different risks and gauges how they can interact to magnify the total impact. This enterprise view can streamline the control structure and increase its efficiency.

An inter-governmental policy making body whose purpose is to establish international standards, and to develop and promote policies, both at national and international levels, to combat money laundering and financing of terrorism

Member FFIEC agencies include the Federal Deposit Insurance Corporation (FDIC), National Credit Union Administration (NCUA), Office of the Comptroller of the Currency (OCC), the Board of Governors of the Federal Reserve System, and the Consumer Financial Protection Bureau (CFPB)

In the context of this business topic, FIU refers to commercial bank units responsible for identifying, investigating, and reporting suspicious activity including money laundering, terrorist financing, and fraud, as well as providing analytical and operational support to such compliance programs.

More generally, FIU is defined as "A central national agency responsible for receiving (and, as permitted, requesting), and analyzing and disseminating to the competent authorities, disclosures of financial information (i) concerning suspected proceeds of crime, or (ii) required by national legislation or regulation, in order to counter money laundering." [Source: The Egmont Group].

The Financial Crimes Enforcement Network (FinCEN) serves as the FIU for the U.S.

Inherent risk assesses the nature, complexity, and volume of activities giving rise to risk in question. It is important to remember that this assessment of risk is made without considering management processes and controls; rather, these factors are considered in evaluating the adequacy of the institution's risk management systems. Inherent risk is described as high, moderate, or low

Source: Federal Reserve Board's "Framework for Risk-Focused Supervision of Large Complex Institutions," August 8,1997 

KYC is a foundational requirement of an anti-money laundering compliance program. It involves the Customer Identification Program (CIP) to have reasonable assurance of the true identity of a customer, and Customer Due Diligence (CDD) to understand the account purpose, the nature of a customer's business, and anticipated patterns of transaction. CDD results in an initial customer risk ranking, High, Medium, and Low. If the ranking is medium to high, Enhanced Due Diligence (EDD) should be employed to learn more about the customer and the degree of AML risk. Accounts of higher risk customers should either not be opened, or be subject to enhanced transaction monitoring. 

An OCC risk identification and analytical tool used in community banks to identify potentially high-risk banks and activities. The combination of ongoing supervision and targeted examinations allows the OCC to determine the adequacy of a bank's BSA/AML compliance program  

Constitute matters arising from an examination that are important and that regulators expect a banking organization to address over time.

Matters arising from an examination that require a bank to address immediately. These tend to be matters of significant importance and urgency and may relate to safety and soundness.

OFAC is an office of the U.S. Treasury that administers and enforces economic and trade sanctions based on U.S. foreign policy and national security goals against entities such as targeted foreign countries, terrorists, international narcotic traffickers, and those engaged in activities related to  the proliferation of weapons of mass destruction

Residual risk is the level of risk remaining after controls have been implemented. Residual risk typically categorized as high, moderate, or low.

Under 12 CFR 21.11, national banks are required to report known or suspected criminal offenses at specified thresholds, or transactions over $5,000 that they suspect involve money laundering or violate the Bank Secrecy Act. To make that report, the filing institution prepares a SAR, which it files  with the Financial Crimes Enforcement Network (FinCEN) of the Treasury Department. The reports are then made available electronically to appropriate law enforcement agencies. Similar regulations by other regulators apply to other financial institutions