AuditXYZ

Compliance Framework

Bank Secrecy Act / Anti-Money Laundering Regulations

The Bank Secrecy Act and AML regulations require financial institutions to detect and prevent money laundering and terrorist financing. This guide covers KYC, transaction monitoring, SAR filing, and compliance programs.

$50,000–$3,000,0006–18 monthsAudit Required2021 (Anti-Money Laundering Act as part of NDAA 2021)
Request a ConsultationSee process
Issuing BodyUnited States Department of the Treasury / Financial Crimes Enforcement Network (FinCEN)
First Published1970-10-26
Latest Version2021 (Anti-Money Laundering Act as part of NDAA 2021)
Typical Cost$50,000–$3,000,000
Typical Timeline6–18 months
Audit RequiredYes
Audit FrequencyAnnual independent testing required. Regulatory examinations vary by institution type and risk profile.
Geographyunited-states

AML/BSA: Anti-Money Laundering and Bank Secrecy Act Guide

The Bank Secrecy Act (BSA), enacted in 1970 and significantly strengthened by the USA PATRIOT Act and the 2021 Anti-Money Laundering Act, forms the foundation of the United States' anti-money laundering (AML) regulatory regime. It requires financial institutions to assist government agencies in detecting and preventing money laundering, terrorist financing, and other financial crimes.

What AML/BSA Covers

BSA/AML compliance requires financial institutions to implement a comprehensive program with five pillars: a system of internal controls, independent testing, a designated BSA/AML officer, training for relevant personnel, and customer due diligence procedures including beneficial ownership identification.

In practice, this means implementing Know Your Customer (KYC) processes, monitoring transactions for suspicious patterns, filing Suspicious Activity Reports (SARs) and Currency Transaction Reports (CTRs) with FinCEN, and maintaining records that enable law enforcement investigations. The 2021 AML Act introduced the beneficial ownership reporting requirement and established national AML priorities.

Who Needs AML/BSA Compliance

BSA/AML requirements apply to banks, credit unions, broker-dealers, money services businesses, casinos, insurance companies, mutual funds, and other financial institutions. The definition has expanded over time to include virtual currency businesses and certain non-financial businesses involved in high-value transactions. Fintech companies providing money transmission services face full BSA/AML obligations.

Implementation Approach

Develop a risk-based AML program starting with a comprehensive risk assessment that considers your products, services, customers, and geographic footprint. Implement automated transaction monitoring calibrated to your risk profile. Build KYC processes that include identity verification, beneficial ownership identification, and ongoing due diligence. Establish clear SAR investigation and filing procedures with defined timelines.

Cost Considerations

AML compliance is one of the largest ongoing operational costs for financial institutions. Large banks employ hundreds of AML analysts and invest millions in transaction monitoring technology. Mid-sized institutions typically spend $50,000 to $500,000 annually. The cost of non-compliance is far higher — recent AML enforcement actions have resulted in penalties exceeding $1 billion.

Get the AML/BSA starter pack

By submitting, you agree to our privacy policy.

Framework Mappings

Related frameworks

fatfglbadodd-frankpci-dss

Get matched with a AML/BSA auditor in 24 hours

Free, no-obligation — just tell us your email and we'll do the rest.

By submitting, you agree to our privacy policy.

Related Frameworks

Dodd-Frank
Framework
The Dodd-Frank Act reshaped US financial regulation after the 2008 crisis. This guide covers the Volcker Rule, stress testing, derivatives reform, consumer protection, and compliance requirements.
View
FATF
Framework
The FATF Recommendations are the global standard for combating money laundering and terrorist financing. This guide covers the 40 recommendations, mutual evaluations, and implementation requirements.
View
GLBA
Framework
The Gramm-Leach-Bliley Act requires financial institutions to protect consumer financial data. This guide covers the Safeguards Rule, Privacy Rule, and the 2023 FTC updates with practical compliance steps.
View
PCI DSS
Framework
PCI DSS v4.0 is the global standard for protecting payment card data. This guide covers all 12 requirements, merchant levels, SAQ types, cost breakdowns, and the transition from v3.2.1 to v4.0.
View

Recommended Tools

6clicks Review 2026: Pricing, Features, and Verdict
Tool
Review of 6clicks, the AI-powered GRC platform with hub-and-spoke architecture. Covers Hailey AI, multi-entity support, pricing, and ideal use cases.
View
Akitra Review 2026: Pricing, Features, and Verdict
Tool
Review of Akitra, a compliance automation platform with broad framework coverage including FedRAMP and CMMC. Covers pricing, features, and who should use it.
View
Anecdotes Review 2026: Pricing, Features, and Verdict
Tool
Review of Anecdotes, a compliance OS that aggregates security tool data. Covers the aggregation approach, AI gap analysis, and comparison with Vanta.
View
Anecdotes Trust Center Review 2026: Pricing, Features, and Verdict
Tool
Review of Anecdotes Trust Center, the compliance-as-code trust portal. Covers live compliance sync, developer-friendly approach, pricing, and positioning.
View