Bank Secrecy Act Compliance

Map of Countries Under Sanction by the US Government

Compliance with regulations coming from governments and from industry associations is a big problem for our clients – whatever the industry. In working with several banks over the years, we’ve become adept at identifying gaps and designing solutions for one of the most wide-reaching regulations for such organizations: the Bank Secrecy Act – aka “BSA”.

The BSA was passed by the US Congress nearly 50 years ago. It stipulates reporting and auditing that banks must perform on themselves and their customers to identify potential money laundering, terrorist financing, and other criminal financial activities. Its requirements have only grown over the years – especially since the 2001 terrorist attacks in the US – when the federal government heightened requirements on banks and financial institutions to “partner” with it in fighting terrorists and their financial networks.

Unlike fraud – where a bank or its customers are the actual victims of monetary loss – the BSA compliance efforts are somewhat thankless in that mainly the federal government and various agencies benefit, though the burden of compliance falls on each individual bank. Nonetheless – BSA is perhaps the most critical set of regulations with which banks must comply. A bank can be blocked from critical business activities – such as merging and acquiring – until it addresses compliance gaps that regulators may find. A bank’s operating charter may even be threatened if its BSA practices are found inadequate.

Below are the key capabilities a bank must currently have to comply with the Bank Secrecy Act:

BSA Capability Description
Customer Screening – Sanctions List Match customers against known sanctions lists. There is movement in the industry to use social media, etc. to discover relationships between customers and individuals on Sanctions Lists. The Office of Foreign Assets Control (OFAC) maintains a list of sanctioned countries, which is typically the starting point for such sanctions screening.
Customer Screening – Political Exposure Match customers against known Politically Exposed Persons to ensure they are risk rated and monitored appropriately.
Customer Screening – Negative Media Reports Screen customers for negative media that could damage the bank directly or indirectly
Know Your Customer An effort to learn more about individual or business customers to determine their riskiness based on the geographies they operate in, industry/occupation, anticipated transaction patterns, etc. Normally carried out via an interview completed during the on-boarding process, with questions based directly on government regulations
Customer Information Profile (CIP) Certain pieces of information must be collected from all customers unless they are exempt for some reason (e.g. they’re a minor). A process is normally put in place to discover customers missing CIP data so an operations group can reach out and collect the information
Customer Due Diligence (CDD) Standard AML due-diligence/investigation performed on all customers regardless of their risk level
Enhanced Due Diligence (EDD) More in-depth AML due-diligence/investigation performed on customers with an elevated risk level
Monetary Transaction Monitoring Daily process to proactively screen transactions which fit patterns that could indicate certain types of risky behavior. As an example, a transaction history could indicate that a customer is performing transactions with entities in a medium or high risk foreign country that was not disclosed during customer or account on-boarding.
Annual High Risk Customer Review Customers with a certain risk level are required to be reviewed on an annual basis, to ensure that they are being monitored and risk-rated appropriately
Currency Transaction Reporting (CTR) Single or aggregate monetary transactions involving currency (cash) over $10,000 USD must be reported to FinCEN
Suspicious Activity Reporting (SAR) Customers with SARs filed against them to FinCEN should be tracked and risk-rated/reviewed appropriately
Monetary Instrument Log (MIL) The MIL must indicate cash purchases of monetary instruments, such as money orders, cashier’s checks and traveler’s checks, in value totaling $3,000 to $10,000, inclusive.

To learn more about our extensive experience helping banks build and shore up these capabilities – both in the business and IT domains – reach out to us at

The following two tabs change content below.

Ben Sommer

was a Principal Consultant with Systems Flow, Inc.

Latest posts by Ben Sommer (see all)


Comments are closed.