BSA/AML Compliance Hub
Understand the foundations of the Bank Secrecy Act and anti-money laundering compliance for financial institutions.
Table of Contents
What is BSA AML?
Under the Bank Secrecy Act (BSA) and related anti-money laundering (AML) requirements, financial institutions have a responsibility to monitor, identify, and report on suspicious activities that may indicate financial fraud, money laundering, or the financing of terrorism.
BSA/AML Laws and Regulations
According to the Federal Deposit Insurance Corporation (FDIC), BSA/AML encompasses "a series of laws and regulations enacted in the United States to combat money laundering and the financing of terrorism. The BSA provides a foundation to promote financial transparency and deter and detect those who seek to misuse the U.S. financial system to launder criminal proceeds, finance terrorist acts, or move funds for other illicit purposes. The BSA requires each bank to establish a BSA/AML compliance program. By statute, individuals, banks, and other financial institutions are subject to the BSA recordkeeping requirements." 1
BSA/AML regulations require institutions to combat financial crime through:
- Establishing effective BSA compliance programs
- Establishing effective customer due diligence systems and monitoring programs
- Screening against Office of Foreign Assets Control (OFAC) and other government lists
- Establishing an effective suspicious activity monitoring and reporting process
- Developing risk-based anti-money laundering programs 2
References
- FDIC, Banker Resource Center, Bank Secrecy Act / Anti-Money Laundering (BSA/AML)
- OCC, Bank Secrecy Act (BSA)
What are the five pillars of BSA/AML compliance?
Complying with anti-money laundering requirements under the Bank Secrecy Act requires effective governance, risk, and compliance processes. Federal banking regulators require U.S. financial institutions to have a risk-based BSA/AML compliance program, and examiners "evaluate the adequacy of a bank’s BSA/AML compliance program relative to its risk profile" and "review risk management practices to evaluate and assess whether a bank has developed and implemented effective processes to identify, measure, monitor, and control risks." 1
BSA/AML Compliance Program Components
Banks and credit unions can strengthen their compliance posture by taking steps to build on the five core elements of an effective program: 2
- A system of internal controls to ensure ongoing compliance
- Independent testing of BSA/AML compliance
- The designation of an individual responsible for day-to-day compliance
- Training for appropriate personnel
- Risk-based procedures for conducting ongoing customer due diligence
References
- Federal Reserve, Joint Statement on Risk-Focused Bank Secrecy Act/Anti-Money Laundering Supervision
- NCUA, "FinCEN Adds Fifth BSA Compliance ‘Pillar’"
Learn more about supporting AML compliance:
What are the top BSA/AML compliance issues to watch?
Maintaining BSA/AML compliance — including suspicious activity reporting (SAR), currency transaction reporting (CTR), and customer identification program (CIP) processes — requires careful management and monitoring to meet regulatory obligations and avoid enforcement actions.
Compliance Deficiencies Cited in BSA/AML Examinations
In its supervisory insight on the Bank Secrecy Act, 1 the FDIC identifies common deficiencies in financial institutions’ BSA compliance programs. Violations cited by the agency in examinations fall into four primary categories:
- Suspicious activity reporting
- Currency transaction reporting
- Required information sharing
- Inadequate internal controls
The National Credit Union Association (NCUA) cites the most frequently seen compliance violations at credit unions 2 as:
- Not completing timely 314(a) searches
- Inadequate BSA training
- No written, board-approved BSA compliance program
- Noncompliant SAR and CTR filings
References
Learn more about BSA compliance from Quantivate partner RiskScout:
Which regulators enforce the Bank Secrecy Act?
The Bank Secrecy Act (BSA), also known as the Currency and Foreign Transactions Reporting Act of 1970, and its implementing regulations establish anti-money laundering obligations for financial institutions.
According to the American Bankers Association, "the law has been amended a number of times, adding requirements to report suspicious activities and track possible terrorist activities. The goal is to detect and deter instances of possible illicit finance, to track criminal activity, and to secure the safety of the financial system."
BSA Rules & Regulations
Multiple regulatory agencies have issued rules and regulations that implement the Bank Secrecy Act, including:
Office of the Comptroller of the Currency (OCC)
- 12 CFR Part 21 Subparts B & C | Reports of Suspicious Activities & Procedures for Monitoring Bank Secrecy Act Compliance
- Final Rule | Confidentiality of Suspicious Activity Reports
Financial Crimes Enforcement Network (FinCEN)
- 31 CFR Chapter X
- Final Rule | Customer Due Diligence Requirements for Financial Institutions
- Final Rule | Amendment to the Bank Secrecy Act Regulations – Exemption from the Requirement to Report Transactions in Currency
Federal Reserve Board (FRB)
Federal Deposit Insurance Corporation (FDIC)
- 12 CFR Part 326 | Minimum Security Devices and Procedures and Bank Secrecy Act Compliance
- 12 CFR Part 353 | Suspicious Activity Reports
National Credit Union Administration (NCUA)
- 12 CFR Part 748 | Security Program, Report of Suspected Crimes, Suspicious Transactions, Catastrophic Acts and Bank Secrecy Act Compliance
Learn more about BSA regulation from Quantivate partner RiskScout:
Take the next step toward better GRC management.
Learn more about our governance, risk, and compliance solutions for banks and credit unions.