I don't see a specific retetion requirement for the documentation supporting a customer's risk assessment; does it fall into the typical five year BSA bucket?

We have both paper files from several years ago and electronic files from the past couple of years. These files include our risk assessment form, customer statistics, account documentation, etc. Also, we log all risk assessment customers (including date and level of risk) on a monitoring spreadsheet and we just keep building on this document - I don't see a reason to delete anything on the spreadsheet.

Just curious how long others are keeping actual documentation of the customer's risk assessment.

Thanks in advance! Happy Friday!

Generally, there are two fall back positions for BSA related record retention: "until the next examination" or "5 years." CIP verfication processes trigger that 5 year requirement, but there is no requirement to perform written due diligence on an individual customer beyond that. So, you are not required to keep it for a specfic period. On the other hand, in a few cases the information has some utility and destroying it after each examination simply makes no sense.

I'll be interested to see if others chime in and offer a "facts and circumstances" response that translates to a specific period of time. I can only offer the observation that my record retention would be on a sliding scale with unremarkable consumer accounts having the shortest shelf life and high risk customers (almost always businesses) having the longest. I can envision some circumstances where it would be helpful to compare a high risk customer's recorded statements and account activity over a period of years.

We generally retain files of periodic customer risk reviews; cases that were monitored but never developed into a SAR; routine reports,etc. for a period of two years.

I couldn't agree more and appreciate your comments, Ken, and those of Cape Codder. Sometimes in our "rules" based world, I find it hard to think outside the box and I tend to be conservative anyway. I'm trying to balance the "I might need that some day" mentality with a more practical approach.