Author Note from Stanley Foodman:
“After more than three decades in financial compliance, I’ve seen regulatory trends come and go. But FinCEN’s proposed sixth pillar feels different — not just another mandate, but a shift in how we approach risk. It’s a chance for compliance to move from reactive to strategic. Here’s what that means for your institution.”
— Stanley Foodman, CEO, Foodman CPAs & Advisors
In the evolving world of anti-money laundering (AML) compliance, FinCEN’s proposed sixth pillar of risk assessment represents a significant shift in how financial institutions approach risk. Rather than offering a prescriptive framework, the guidance encourages organizations to develop customized, intelligent strategies that align with their specific operations.
The Myth of Standardization – A Methodology with Flexibility
While FinCEN’s proposal avoids rigid templates, it does not completely dismiss standardization. According to Stanley Foodman, “There’s no one-size-fits-all approach to risk, but there is a one-size-fits-all methodology that can be created.” This methodology serves as a foundation for building tailored frameworks specific to each financial institution. Judgment sampling and the “smell test” — informed by experience — complement this methodology, guiding the depth and scope of testing during assessments.
Foodman emphasizes that an audit program, rather than a simple checklist, is key. “A checklist can be part of an audit program, but beyond that checklist, there needs to be substantiation and support for every answer,” he explains. Statistical sampling alone cannot capture all nuances; judgment sampling and qualitative insights are critical for identifying risks that models might miss.
Beyond Numbers: The Human Element in Risk Management
Quantitative tools like statistical sampling and algorithmic models are essential but insufficient on their own. Foodman underscores the importance of cultivating intuition: “The ability to sense when something’s off — a gut check or smell test — is developed through experience.”
In the absence of a standardized methodology, financial institutions should consider three key elements:
- Institutional Uniqueness: Design risk assessment frameworks that reflect the specific operational and customer landscape.
- Integrated Methodologies: Combine quantitative analysis with qualitative judgment, ensuring both data-driven insights and human expertise inform decisions.
- Robust Internal Controls: Develop scalable control systems that evolve with emerging risks.
Implementing FinCEN’s Guidance: A Strategic Approach
To align with FinCEN’s proposed sixth pillar, institutions should:
- Build a customized risk assessment matrix informed by a foundational methodology promulgated by FinCEN. This matrix should reflect an institution’s unique characteristics while adhering to core methodological principles.
- Provide advanced training to compliance staff, emphasizing critical thinking and practical application.
- Establish multi-layered control systems capable of adapting in real time.
- Align compliance strategies with business realities while maintaining regulatory adherence.
Leadership Advice for Compliance Teams
Foodman stresses that true transformation requires investment in people, not just systems. His recommendations include:
- Train for Panoramic Thinking: Critical thinking must go beyond policy knowledge to encompass a 360-degree perspective. Panoramic thinking involves looking at issues from multiple angles — much like using a wide-angle lens instead of a narrow peephole.
- Foster Cross-Departmental Risk Awareness: Promote a culture where risk awareness is shared across all levels and departments.
- Leverage Multi-Touchpoint Data Sources: Use diverse data inputs to triangulate risks and identify emerging threats effectively.
“Critical thinking isn’t just about adding numbers,” Foodman explains. “It’s about understanding secondary effects and broader implications — like analyzing how tariffs might ripple through an economy.”
The Road Ahead
The sixth pillar represents more than additional compliance requirements; it signifies an attempt to codify practices already gaining traction in areas like correspondent banking. However, as Foodman notes, this step is incomplete without clear guidance on building risk assessment matrices or safe harbors for institutions navigating complex risks.
Final Thought from Stanley Foodman
“The sixth pillar isn’t more red tape,” says Foodman. “It’s a challenge to become smarter, faster, and more precise in how we assess risk. If done right, it transforms compliance into a true business advantage.”
