The Bank Secrecy Act (BSA), enacted in 1970, remains a cornerstone of the United States’ fight against financial crime. Its purpose is to ensure financial institutions support government agencies in identifying, reporting, and preventing money laundering.
Since its introduction, the BSA has undergone several amendments, broadening its scope and reinforcing the responsibility of banks and other firms in safeguarding financial integrity, claims Moody’s.
Under the BSA, financial institutions must keep detailed records of cash purchases of negotiable instruments, such as cheques or money orders, file reports on transactions over $10,000, and notify regulators of suspicious activity that may point to money laundering, tax evasion, or other criminal behaviour. These measures form the backbone of a system designed to preserve transparency and accountability across the financial sector.
To ensure effectiveness, BSA anti-money laundering (AML) compliance is built around five key pillars: internal controls, designation of a BSA AML officer, a structured training programme, independent testing, and customer due diligence (CDD). Together, these elements provide the framework for financial institutions to maintain robust compliance programmes.
Internal controls are central to the process, requiring institutions to develop systems that manage operations, align with their unique risk profiles, and provide regular updates to their boards of directors. This oversight ensures that compliance is embedded at every level.
Equally important is the appointment of a BSA AML officer, designated by the board of directors. This officer is tasked with coordinating day-to-day compliance and ensuring that programmes are effectively implemented. While the officer manages operations, the board retains ultimate responsibility for compliance, and must therefore provide the officer with sufficient authority and resources to fulfil their role.
Training is another critical component. Banks frequently provide BSA AML education to employees whose roles involve risk management or compliance activity. Foundational training for board members and senior management is also common, ensuring awareness of emerging risks and regulatory developments at the highest levels.
Independent testing acts as a safeguard, with reviews carried out by staff not involved in daily compliance or by external auditors. Typically conducted every 12–18 months, these assessments identify potential gaps, evaluate programme effectiveness, and keep leadership informed of vulnerabilities that may require stronger controls.
The fifth pillar, customer due diligence, is designed to help institutions better understand their clients, the purpose of their relationships, and to maintain accurate records over time. CDD helps detect and deter bad actors who may attempt to exploit financial services for illegal activities.
Oversight of BSA AML compliance falls under the United States Treasury’s Financial Crimes Enforcement Network (FinCEN), established in 1990. FinCEN is tasked with safeguarding the financial system from abuses such as money laundering and terrorist financing. It enforces requirements including currency transaction reports for transactions over $10,000, proper identification of individuals conducting transactions, and recordkeeping obligations. Other agencies, including the OCC, Federal Reserve, NCUA, FDIC, CFPB, and state regulators, also play a role depending on the type of institution.
Looking ahead, several regulatory changes are on the horizon. From 2028, Registered Investment Advisors will be formally classified as financial institutions for BSA AML purposes, bringing them into the regulatory net. Meanwhile, in 2025 the US passed the GENIUS Act, its first federal law on stablecoins, introducing a framework that institutions must consider when addressing risks related to digital assets.
Technology is also reshaping compliance. Generative AI is increasingly being deployed to boost efficiency and provide insights for risk management, though it also brings challenges, such as the potential misuse by fraudsters to evade verification systems.
Financial institutions preparing for these developments can take proactive steps. Conducting gap assessments can highlight areas for improvement, while updating training ensures staff are equipped to handle new risks linked to digital assets or AI. Institutions are also beginning to refine AI governance policies, ensuring transparent and controlled use of emerging technologies. By considering how digital assets fit into existing frameworks, firms can prepare for increased oversight and stay ahead of regulatory change.
Institutions that plan early, adapt training, and strengthen controls stand to gain a competitive edge, not only by remaining compliant but also by building resilience against the next generation of financial crime.
Find more on RegTech Analyst.
Copyright © 2025 FinTech Global
The post BSA and AML compliance: what financial firms need to know appeared first on FinTech Global.