OCC updates BSA/AML exams for US community banks

OCC

The US Office of the Comptroller of the Currency (OCC) has confirmed updates to its Bank Secrecy Act and Anti-Money Laundering (BSA/AML) examination procedures for community banks, with the changes set to take effect from February 1, 2026.

According to Moody’s, the revised framework is intended to streamline how compliance is assessed at smaller institutions, while maintaining expectations around robust controls to combat fraud, money laundering and other forms of financial crime.

Financial crime remains a persistent global challenge, and US regulators continue to stress the importance of effective detection and prevention measures. By introducing a more tailored supervisory approach for community banks, the OCC is seeking to strike a balance between regulatory efficiency and strong oversight. In practice, this means institutions may be able to allocate compliance resources more effectively, focusing attention on the areas of highest risk rather than applying uniform controls across all activities.

For risk and compliance teams operating within community banks, the update represents a meaningful procedural shift. While it does not lower regulatory expectations, it provides an opportunity to reassess governance frameworks, optimise compliance operations, strengthen security controls and reinforce trust with both regulators and customers.

The OCC’s decision reflects the important role community banks play in the US financial system, particularly in supporting local economies through consumer lending, small business finance and residential mortgages. Historically, these institutions have faced compliance requirements similar to those applied to far larger banks, despite having simpler business models and lower overall risk exposure. The updated procedures are designed to reduce unnecessary regulatory burden without weakening the integrity of the broader financial system.

Central to the changes is a clearer emphasis on a risk-based approach to AML supervision. Examiners may increasingly prioritise higher-risk areas, such as unusual transaction activity, elevated-risk customer segments or weaknesses in monitoring systems, rather than applying the same level of scrutiny across all institutions. This shift recognises that community banks generally present a lower risk profile in relation to money laundering and terrorist financing.

The OCC is also introducing Community Bank Minimum BSA/AML Examination Procedures, which aim to simplify certain supervisory steps for smaller institutions. While this streamlining may reduce the overall scope of examinations, core requirements remain firmly in place. Community banks will still be expected to maintain effective customer due diligence, suspicious activity reporting processes and sanctions screening controls.

Importantly, the revised approach remains aligned with the Federal Financial Institutions Examination Council (FFIEC) framework. While larger US banks will continue to be examined against the full FFIEC manual, community banks should benefit from greater proportionality, without a divergence from established supervisory standards.

The changes primarily affect OCC-supervised community banks, generally defined as depository institutions with less than $30bn in total assets. These institutions may see examinations that are more closely tailored to their size, complexity and risk exposure. However, the OCC has made clear that strong AML frameworks remain essential to prevent fraudsters and other bad actors from exploiting smaller banks.

For compliance teams, the update does not signal reduced enforcement risk. Examiners will still expect robust controls, and material deficiencies could result in enforcement actions, including civil money penalties. The revised procedures do, however, give examiners greater discretion, including the ability to rely on prior-year conclusions for certain pillars, use independent testing results and determine the scope of transaction testing.

Ahead of the February 2026 implementation date, community banks may want to review and update their risk assessments, validate transaction monitoring effectiveness, ensure documentation remains comprehensive and prepare proactively for examinations. Conducting gap analyses, engaging with internal teams and third-party providers, and reinforcing staff training around risk-based supervision could help institutions remain aligned as regulatory expectations continue to evolve.

Read the daily RegTech news

Copyright © 2026 RegTech Analyst

Enjoyed the story? 

Subscribe to our weekly RegTech newsletter and get the latest industry news & research

Copyright © 2018 RegTech Analyst

Investors

The following investor(s) were tagged in this article.