I have just started at a new bank and the BSA program is lets just say a little weak. I am trying to put together a report of what areas are of concern and my first being that there is a total of 550 business accounts and looks like they only have 4 accounts rated as moderate and 8 high risk. From my first look there should be quite a few more high risk accounts... I was just wondering what everyone's average number of high risk accounts are...

1. Start with most recent audit and exam. Make sure all items are addressed.
2. Make sure you are good with OFAC and 314a and are filing reasonable numbers of CTR's and SAR's timely.
3. Then I would follow the 4 (soon to be 5) pillars and identify and address all program weaknesses there as fast as you are able.
4. As for risk rating, understand how they have been trained and address weaknesses there early. Prevent new problems
5. Work alerts for 2-3 months and you will probably spot many of the mis-rated customers. Locate your MSB's, NBFI's, NGO's, Private ATM's, high volume wires, NRA accounts, etc.

Just my thoughts.

Perform a AML and OFAC Risk Assessment. That will help you identify your overall risk profile and help you build your AML program.

There is no formula for how many high risk customers a bank with $xx in assets or #YY business customers. It will vary by bank depending on their risk profile (customers, geography and products)

If you don't have a recent audit/exam you could always use the FFIEC exam manual and do one on your bank. I would address items 1 & 2 prior to tackling this.

I agree with Big Dog start with developing a BSA/AML Risk Assessment, this could always be adjusted based on exam/audit findings.

You could have 500 check casher accounts for all we know.

However, if I assume you're in a fairly vanilla community bank, I would not expect more than say 50-75 accounts. Bit that's an extremely rough and willfully ignorant guess.