Financial Institutions Must Assess Risk Profiles to Meet New BSA Requirements. The changes include an enhanced discussion of the risk assessment process which a financial institution uses to identify and develop its overall BSA/AML risk profile. The manual no longer requires financial institutions to provide for dual controls and segregation of duties, such that employees that complete reporting forms (e.g., SARs, CTRs, and CTR exemptions) are not also responsible for filing the reports or granting the exemptions. The majority of changes to the Suspicious Activity Reporting section of the manual incorporate guidance issued by regulatory agencies.”]