Yesterday, the OCC issued two important bulletins—OCC Bulletin 2025-37 and OCC Bulletin 2025-38.
What both have in common is clear: regulators expect community banks to rely on high-quality, knowledgeable, and truly independent BSA/AML testing. They also emphasize the value of having someone available who understands the regulatory landscape—someone who can answer questions, anticipate examiner expectations, and guide program enhancements before issues develop.
That’s exactly where the right BSA/AML advisor makes all the difference. Partnering with the right organizations can not only make the BSA Officer’s life easier, but it also helps the board and senior management make better decisions.
OCC Bulletin 2025-37
This bulletin—effective February 1, 2026—provides examiners with updated guidance for conducting BSA/AML examinations at community banks. Its objective is to reduce regulatory burden by allowing greater reliance on independent testing, carrying forward satisfactory findings from prior exams, and giving examiners more discretion in determining the scope and depth of examination testing.
Scope and Exam Planning
Examiners may now place significant reliance on a bank’s independent testing report—similar to the NCUA’s approach. Examiners will ask for the recent independent testing report for review. If the testing is strong, examiners may limit their own testing or skip certain areas entirely.
They will adjust scrutiny of their testing based on:
The bank’s risk profile
The quality of independent testing
Quality of independent testing is key. Examiners have been instructed to ensure that a competent and independent party performed the testing (FIN-2014-A007). The bank’s risk assessment and other FinCEN data points will be used to help examiners develop the scope of testing. Examiners may even determine that additional testing steps are needed, especially in higher risk products and services.
Examiners may also carry forward satisfactory findings related to the BSA Officer and Training from the prior cycle, provided the program, staffing, and risk profile has not materially changed, no significant issues appeared in independent testing, and no adverse findings arise during the current exam. However, findings may not be carried forward for two consecutive exam cycles.
Finally, examiners will develop a risk-focused plan that considers the bank’s risk profile, adequacy of independent testing, staffing capabilities, program scope, and adherence to policies and procedures.
BSA/AML Compliance Program
Examiners will review whether the bank’s program is written, board-approved, and tailored to the bank’s Money Laundering/Terrorist Financing (ML/TF) risk profile.
The program must fully address the five pillars:
Internal Controls which ensure ongoing compliance with regulatory requirements
Independent Testing for BSA/AML obligation compliance
BSA/AML Officer who is responsible for oversight of the day-to-day operations of the program
Training of bank personnel and board
Customer Identification Program (CIP),including beneficial ownership requirements, is risk-based and adequate
Internal Controls
Examiners will assess whether controls are reasonably designed to mitigate ML/TF risks and ensure ongoing compliance.
They will evaluate:
Alignment with the bank’s risk profile
Incorporation of the bank’s risk assessment
Program continuity through changes in management, staffing, or operations
Oversight of technology and automated systems which support BSA/AML functions
Dual controls and segregation of duties
Escalation processes and board reporting of compliance issues
Board notifications of program status, such as SAR filing, program deficiencies, corrective actions, and program initiatives
Governance responsibilities delegated to personnel with appropriate oversight to execute program tasks and functions
Independent Testing
Examiners will analyze whether testing:
Is adequate and ongoing
Is performed by qualified, independent personnel or third parties
Addresses overall program adequacy
Occurs at a frequency commensurate with risk
Is reported directly to the board or a designated committee
Includes testing of monitoring and reporting processes
Testing must cover areas such as alert generation, case and alert management, case investigation and research processes, SAR decision-making and filing. Testing should also review additional business lines, such as trust services or private banking, to ensure appropriate transaction reporting is occurring and should ensure accurate regulatory filings, such as CTRs.
BSA/AML Officer
The BSA Officer must be knowledgeable, competent, independent, and adequately resourced.
Examiners will evaluate:
Authority and independence over the functions of the program
Staffing, technology support, and the allocation of adequate resources for program support
Quality of board reporting regarding regulatory landscape changes pertinent program information, SAR filing notifications, and program updates
Reporting lines to the board which ensures clear communication channels
Ability to facilitate the program without undue influence from the lines of business
Findings related to the BSA Officer may carry forward to the next exam cycle.
Training
The bank’s training program must materially address the importance of corporate-wide ongoing education, employee accountability, and compliance.
Examiners will review whether training:
Applies to all personnel
Is tailored to job functions
Includes the bank’s processes and procedures for the business lines
Includes regulatory requirements, ML/TF red flags, and BSA program expectations
Incorporates previous deficiencies identified through testing or examination
Is properly documented, including dates, types of training offered, supporting documentation such as hand-outs or slides, and any personnel failing to attend or adequately complete training
Training received by the BSA Officer and BSA program staff should be periodic and relevant to regulatory requirement changes. The board should also receive tailored training which is designed to assist it in program oversight and governance.
Training-related findings may also carry forward.
Special Note on Testing
Testing may involve transaction-level reviews or broader analytical assessments. Examiners may sample SAR decisions, CTRs and SARs, CIP and beneficial ownership documents, CTR exemptions, training records, and board reporting to verify program accuracy and consistency. Testing may include evaluations on specific areas at every exam cycle or may be tested on alternate exam cycles.
Developing Conclusions and Finalizing the Exam
Examiners will combine findings from their own work and the independent testing to determine the bank’s overall BSA/AML compliance. Final conclusions will address the written and board-approved program, the strength of each pillar, and whether the bank meets regulatory expectations.
OCC Bulletin 2025-38
This bulletin is effective immediately.
For nearly 20 years, the OCC used the Money Laundering Report (MLR) system to evaluate community banks’ ML/TF risk. However, the OCC determined that the system is burdensome and no longer necessary—especially given its success in supervising large, global and midsized, regional banks that do not have obligatory MLR filing requirements. As a result, the OCC is discontinuing the MLR system use in favor of more tailored, risk-focused supervisory processes.
Ready for Your Next Exam? Let NPG Strengthen Your Program.
The message from the OCC couldn’t be clearer: your bank’s independent testing and advisory support matter more than ever.
NPG provides:
Deep BSA/AML expertise grounded in decades of banking experience
Thorough, credible independent testing that examiners can rely on
Actionable recommendations that strengthen your program—not just check a box
On-demand advisory support for questions, regulatory concerns, program updates, and examiner expectations
A partner who genuinely understands BSA/AML challenges and how to prevent exam headaches before they start
Whether you need independent testing, program development, a risk assessment refresh, advisory support, or help preparing for your next exam—NPG is the expert in your corner.
Protect your institution. Strengthen your program. Be exam-ready.
Partner with NPG today.