Guidelines for Bank SecrecY Act / Anti-Money Laundering (BSA/AML)Compliance Program 2023

The new AML whistleblower law signed in December 2022 by President Biden signals a heightened focus on financial crime and the need for financial institutions to tighten the noose around criminals by updating their Bank Secrecy Act / Anti-Money Laundering (BSA/AML) compliance program. 

A BSA/AML compliance program aims at bringing about greater transparency, inclusiveness, and accountability in financial systems. Given the increased regulatory scrutiny and enforcement actions, financial institutions must prioritize BSA/AML compliance and ensure their policies, procedures, and controls are up-to-date.

In this article, we explore some of the fundamentals of BSA/AML regulations (BSA 101), including BSA/AML compliance meaning and examples, the pillars of BSA/AML, the entities subject to BSA/AML compliance, and important steps taken by financial institutions to stay compliant.

What is a BSA/AML compliance program?

BSA/AML compliance program is a set of policies, procedures, and controls adopted by banks and other regulated financial institutions to identify and mitigate the risks of money laundering. A well-designed BSA/AML program is risk-based, flexible, scalable, and proportionate to the size and complexity of the financial entity that adopts it.

To this end, countries all over the world establish agencies that set BSA/AML guidelines for certain financial institutions. For example, in the US, authorities such as FinCEN (Financial Crimes Enforcement Network), OFAC (Office of Foreign Assets Control), and FFIEC (Federal Financial Institutions Examination Council) are responsible for BSA/AML enforcement.

The primary goal of a BSA/AML compliance program is to detect, report and prevent money laundering by customers and employees. It is particularly aimed at protecting businesses from legal liability and reputational damage. As such, an effective compliance program should be designed to help banks quickly identify and comprehensively report criminal activity such as terrorist financing or fraud schemes.

For many banks, BSA/AML compliance programs have become increasingly reliant on technology. For example, the use of BSA/AML software is rising. In 2022, the global market for BSA/AML software market was valued at $1.8 billion and projected to grow at a compound annual growth rate (CAGR) of 13% between 2022 and 2029.

With the growing complexity and volume of financial transactions, the adoption of software solutions as part of a BSA/AML compliance checklist is needed to analyze extensive financial datasets and detect potentially suspicious transactions. BSA/AML software can also provide automated screening against watchlists and databases for both customer due diligence (CDD) and enhanced due diligence (EDD).

What are the pillars of a BSA/AML program? 

A bank’s BSA/AML compliance program consists of eight essential elements. The first five are often quoted as the key pillars, but without the following three pillars, there will be gaps in BSA/AML efforts.

  • Internal Controls
  • AML Officer
  • Training
  • Independent Review
  • Customer Due Diligence
  • Adequate Policies and Procedures
  • Monitoring
  • Board Management and Oversight

1. Internal controls – Internal controls should address risk assessment and record-keeping requirements related to customer due diligence (CDD) activities, suspicious transactions reporting (STR), or suspicious activity reporting (SAR). 

2. The AML officer –A senior employee is usually designated as the BSA/AML officer to ensure that the compliance program operates effectively and efficiently. To be considered qualified, he/she should possess a BSA/AML compliance certification. 

In some cases, the role can be an internal function. However, it can also be outsourced to a third party where there is insufficient in-house expertise or capacity.

3. Training – This should include guidance on what constitutes suspicious activity, how it differs from normal business transactions, how to document such transactions, and how to report them without fear of reprisals from criminals or their associates.

In addition to training staff about how to comply with anti-money laundering regulations, financial institutions should also consider implementing an anonymous tip-off line or an internal whistleblowing system. The benefit of this can be seen in FinCEN’s BSA/AML Whistleblower Program, which provides monetary rewards to individuals who report violations of the Bank Secrecy Act.

4. Independent Review – Financial institutions must appoint an independent third-party auditor or accountant to assess whether the BSA/AML program is effective and meets regulatory requirements. This should be done annually or when there are changes in business operations and government regulations.

5. Customer Due Diligence (CDD)– The  CDD measures should cover all customers, regardless of their relationship with the bank, product type, or account size. Nevertheless, it’s important to closely monitor higher-risk customers through enhanced know-your-customer (KYC) checks.

6. Adequate policies and procedures – Your BSA/AML policy and procedure should be robust and tailored to the specific risks that your financial institution faces. These could be about the customer base, product offerings, and geographic locations. For example, banks that have high-net-worth customers or customers with obscure business ownership structures can face a great risk of money laundering. As such, there would be a special policy and procedure for these types of customers

7. Monitoring–  BSA/AML monitoring systems should involve regular review and analysis of customer activities to identify potentially suspicious behavior and generate alerts for timely review. BSA/AML monitoring systems are often automated, but financial institutions should have a team of trained BSA/AML analysts who can review alerts, investigate suspicious activity, and make reports to appropriate quarters.

8. Board Management and Oversight– An effective BSA/AML program requires the active involvement of the board of directors and other senior management. They must regularly provide direction and support to the BSA/AML officer and his team. According to the AML Manual by FFIEC, the function of the board of directors is to ensure “that the BSA compliance officer has appropriate authority, independence, and access to resources to administer an adequate BSA/AML compliance program.” It further stated that the designated BSA/AML officer should report “the status of ongoing compliance” to the board management in order to ensure proper implementation of new measures where necessary.

Who needs a BSA/AML compliance program? 

According to the BSA Act, the following types of institutions should consider implementing a BSA/AML compliance program:

Banks: Commercial banks, savings banks, credit unions, trust companies, industrial loan companies, and Edge corporations are part of this category.

Money Services Businesses(MSBs):  MSBs include money transmitters, check cashers, and currency exchangers. 

Casinos: Casinos are required to develop anti-money laundering programs designed to deter criminal activity on their premises. The compliance program should include procedures for identifying high-risk customers.

Other businesses that need a BSA/AML compliance program include:

  • Housing government-sponsored enterprises
  • Non-bank mortgage lenders and originators
  • Future Commission Merchants (FCMs)
  • International Business Companies(IB-Cs)
  • Operators of credit card systems
  • Mutual funds
  • Broker-dealers in security 
  • Dealers in precious metals, stones, and jewels. 

What are the steps taken by banks to prevent money laundering?

1. AML Holding Period Policy: This is a policy where banks hold certain transactions or account for a period of time before they are allowed to be processed or released. This is to give the bank time to conduct further due diligence on the customer or transaction to ensure that it is not related to money laundering.

2. Customer Risk Rating: It involves measuring the risk associated with a particular customer based on factors such as their business activities, geographic location, and transaction history. This is needed to enable the bank to allocate resources and apply appropriate money laundering measures to the different categories of customers.

3. Whistleblower program: A whistleblower program involves setting up various channels for employees to report concerns related to money laundering. Needless to say that the channels must always be confidential and accessible. It may be the conventional channels for communication such as email or hotline. However, having a special channel to keep proper records is important.

4. Transaction Monitoring: To perform transaction monitoring, banks use sophisticated software systems that can analyze large volumes of data quickly and accurately. These systems are typically configured with rules and algorithms that flag transactions that meet certain criteria, such as those involving high-risk businesses or individuals.

5. Beneficial Ownership Rule: Under the BSA/AML regulations, financial institutions are required to identify and verify the beneficial owners of ‘legal entity customers. This process is designed to help prevent criminals from using anonymous or hidden accounts to launder money or finance terrorism.


If financial institutions have a responsibility to their clients and to society as a whole to continue fighting against money laundering,  a robust BSA/AML compliance program is the best way to fulfill this obligation.

Find out how RADD LLC’s comprehensive BSA and AML compliance service can help you protect your business from the risks of money laundering and other related financial crimes. Contact us today to learn more about how we can support you.

Download Our Comprehensive Compliance Guide:

Get expert insights on navigating the complex world of financial regulations.