US Bank Secrecy Act / AML
Bank Secrecy Act (Currency and Foreign Transactions Reporting Act) — 31 U.S.C. 5311 et seq. and 31 CFR Chapter X
Standard Introduction
US Bank Secrecy Act / AML is an active standard published by U.S. Financial Crimes Enforcement Network (FinCEN). It is commonly used across Finance & Banking, Services, Technology, Retail and applies in United States.
Use this page to review the official documentation, current status, and the certification or assessment bodies most commonly associated with US Bank Secrecy Act / AML.
Implementation Roadmap
Define US anti-money laundering compliance scope
Identify the products, services, systems, entities, jurisdictions, teams, vendors, data flows, and stakeholders covered by US Bank Secrecy Act / AML. Confirm owners, boundaries, applicable obligations, documentation, and evidence expectations for BSA/AML program, customer due diligence, beneficial ownership where applicable, suspicious activity reporting, currency transaction reporting, sanctions interface, funds transfer records, risk assessment, training, independent testing, and board oversight.
Assess obligations and gaps
Compare current practices with the expected US anti-money laundering compliance approach. Review enterprise AML risk assessment, customer identification, CDD and EDD, transaction monitoring, SAR escalation, CTR filing, sanctions screening, record retention, model governance, training, independent testing, and issue remediation, then prioritize gaps by legal exposure, user or safety impact, customer commitments, operational dependency, reporting deadlines, and assurance readiness.
Implement controls and evidence
Deploy required procedures, technical controls, review gates, training, supplier workflows, reporting paths, and operational records. Maintain risk assessments, AML policies, CIP records, CDD files, screening logs, transaction alerts, SAR and CTR decisions, training records, independent testing reports, board minutes, regulator communications, and remediation plans as traceable evidence.
Review, report, and improve
Run management reviews, internal checks, technical testing or independent assessments where applicable, corrective actions, and change reviews. Refresh the program when products, vendors, laws, incidents, reporting cycles, or stakeholder expectations change.
Compliance Checklist
checklist Scope and accountability
checklist Controls and records
checklist Monitoring and assurance
Frequently Asked Questions
Who needs US Bank Secrecy Act / AML?
expand_more
US Bank Secrecy Act / AML is most relevant to financial institutions, money services businesses, broker-dealers, casinos, banks, fintechs, and other covered entities under FinCEN and prudential regulator rules. The exact scope depends on products, services, jurisdictions, reporting duties, customer commitments, technical requirements, and the organization's role in the relevant ecosystem.
Is US Bank Secrecy Act / AML certifiable?
expand_more
The BSA/AML regime is a legal compliance obligation, not a certification. Covered institutions must maintain risk-based AML programs, reporting, recordkeeping, customer due diligence, and independent testing.
What should implementation focus on first?
expand_more
Start by defining scope, obligations, accountable owners, and the evidence expected by regulators, customers, auditors, assurance providers, or governance bodies. Then perform a gap assessment against current controls and prioritize remediation by risk and deadline.
What evidence is useful for US Bank Secrecy Act / AML?
expand_more
Useful evidence includes risk assessments, AML policies, CIP records, CDD files, screening logs, transaction alerts, SAR and CTR decisions, training records, independent testing reports, board minutes, regulator communications, and remediation plans. Evidence should be version-controlled, attributable to owners, linked to obligations and controls, and retained for the required review or audit period.
How often should the program be reviewed?
expand_more
Review it at planned intervals and whenever laws, products, vendors, incidents, reporting cycles, customer commitments, technical standards, or assurance expectations change. Higher-risk obligations should have more frequent monitoring and management reporting.
Official Documentation
Official PDF for US Bank Secrecy Act / AML
Official publication or summary for US Bank Secrecy Act / AML
Official online resource
U.S. Financial Crimes Enforcement Network (FinCEN) guidance and reference material
Implementation toolkit
Templates, guidance, or companion resources for US Bank Secrecy Act / AML