The Bank Secrecy Act (BSA), passed by the US Congress in 1970, established the foundation for anti-money laundering (AML) compliance in the financial sector.
Its aim was to ensure banks and other financial institutions played an active role in detecting and preventing illicit financial activities. Over the decades, amendments have expanded its scope, reinforcing its role as a cornerstone of financial integrity, claims Moody’s.
Under the BSA, financial institutions must keep records of cash purchases of negotiable instruments such as cheques and money orders. They are required to report cash transactions over $10,000 and flag any suspicious activity that could signal money laundering, tax evasion or other criminal conduct. These measures have shaped how firms monitor and report financial activity.
Central to BSA AML compliance are five pillars that together form the backbone of an institution’s programme. These are: establishing internal controls, appointing a BSA AML officer, providing training programmes, ensuring independent testing, and conducting customer due diligence (CDD). Each pillar is designed to create a holistic framework that enables firms to detect risks, monitor compliance, and address vulnerabilities.
Internal controls are a key element of this framework, ensuring risks are managed through systems and processes that reflect an institution’s profile. Boards of directors are expected to receive updates and oversight to ensure these controls are effective. Equally critical is the appointment of a compliance officer with the authority, independence, and resources to manage AML operations on a daily basis.
Training is another vital component, equipping both frontline staff and senior management with the knowledge to understand risks and regulatory requirements. Training programmes are often updated to reflect changes in legislation or new forms of financial crime. Independent testing also plays an important role, providing regular evaluations—either through internal staff not involved in daily compliance or external parties—that help institutions identify gaps and strengthen controls.
CDD rounds out the five pillars, requiring banks to know their customers, the purpose of their accounts, and to update records over time. This is considered essential for spotting unusual or suspicious behaviour that might otherwise go undetected.
Oversight of the BSA is led by the Financial Crimes Enforcement Network (FinCEN), a bureau of the US Treasury Department created in 1990. Its mission is to safeguard the financial system from misuse, whether through money laundering, terrorist financing or other illicit activity. FinCEN enforces rules such as reporting transactions above $10,000 via Currency Transaction Reports, ensuring accurate customer identification, and maintaining records to provide a clear audit trail. Other regulators, including the OCC, Federal Reserve, FDIC, NCUA, CFPB, and state-level authorities, also have supervisory roles depending on the institution.
Looking ahead, regulatory changes are set to broaden the scope of AML compliance. From 2028, registered investment advisors will be treated as financial institutions under the BSA, requiring them to adopt full AML programmes. Meanwhile, digital assets are coming under increasing scrutiny. The 2025 passage of the GENIUS Act created the first federal framework for stablecoins, reflecting how regulators are responding to new forms of value transfer.
Technology is also influencing the landscape. Generative AI, for example, offers financial institutions powerful tools for improving risk detection and compliance efficiency. At the same time, it introduces fresh challenges, with fraudsters exploring AI-driven tactics to evade verification systems. This duality means institutions must carefully govern their use of AI within compliance frameworks.
To prepare for these shifts, financial institutions are encouraged to conduct gap assessments to ensure their AML programmes meet evolving regulatory standards. Updating training to reflect emerging risks, reviewing AI governance policies, and considering how digital assets fit into compliance frameworks are all steps that could provide an advantage.
Firms that anticipate regulatory change and adapt early will not only avoid penalties but also strengthen trust with customers and regulators, positioning themselves as leaders in financial integrity.
Copyright © 2025 RegTech Analyst
Copyright © 2018 RegTech Analyst
