LogoAI Finance Tools

BSA (Bank Secrecy Act)

U.S. primary anti-money laundering law requiring financial institutions to assist in detecting and preventing financial crimes.

The Bank Secrecy Act (BSA, 1970), also known as the Currency and Financial Transactions Reporting Act, is the cornerstone of the U.S. anti-money laundering regulatory framework. It requires financial institutions to maintain records and file reports that are useful in detecting, identifying, and preventing money laundering and tax evasion. FinCEN (Financial Crimes Enforcement Network) administers the BSA; the OCC, Federal Reserve, FDIC, NCUA, and state regulators examine banks for BSA compliance.

Core BSA requirements: Currency Transaction Reports (CTRs) filed for cash transactions exceeding $10,000; Suspicious Activity Reports (SARs) filed for potentially illegal transactions; record-keeping for wire transfers and certain instruments; Customer Identification Program (CIP) requirements; AML program maintenance (written policies, internal controls, independent testing, designated compliance officer, employee training); and Customer Due Diligence (CDD) for beneficial ownership identification.

The BSA has been significantly expanded through subsequent legislation: the USA PATRIOT Act (2001) added enhanced due diligence for correspondent and private banking, prohibited shell bank accounts, and required information sharing between institutions (Section 314(b)). The Anti-Money Laundering Act of 2020 made the most sweeping BSA reforms in decades, including the Corporate Transparency Act, enhanced whistleblower protections for BSA reporters, FinCEN innovation office establishment, and stricter penalties for BSA violations.

BSA enforcement has been robust: banks and MSBs have paid billions in BSA/AML penalties including HSBC ($1.9B, 2012), BNP Paribas ($8.9B for sanctions violations, 2014), and Capital One ($390M, 2021). Egregious violations result in Deferred Prosecution Agreements, consent orders, and Federal Reserve enforcement actions imposing enhanced compliance obligations.

FAQs

What is a Currency Transaction Report (CTR) and how does it differ from a SAR?

A Currency Transaction Report (CTR) is a mandatory report filed for every cash transaction (or series of related transactions) involving more than $10,000 in a single business day—it is an objective, threshold-based reporting requirement with no discretion required. A SAR is filed based on the institution's judgment that activity appears suspicious, regardless of amount (above $5,000). CTRs report lawful but large cash transactions; SARs report suspected illegal activity. Every large cash transaction must be CTR-reported; not every large cash transaction is SAR-worthy. Importantly, 'structuring'—deliberately keeping transactions below $10,000 to avoid CTR filing—is itself a federal crime requiring a SAR filing.

What is Section 314(b) information sharing under the PATRIOT Act?

Section 314(b) of the USA PATRIOT Act establishes a voluntary information-sharing program allowing participating financial institutions to share information with each other about individuals, entities, and organizations reasonably suspected of involvement in terrorism or money laundering. Institutions must register with FinCEN to participate. When one institution suspects suspicious activity involving a customer, they can query other registered institutions to see if the customer appears in their SAR filings or monitoring systems, helping build a fuller picture of potential illicit financial activity. 314(b) sharing is protected by safe harbor from civil liability and is widely used in correspondent banking due diligence and complex multi-bank money laundering investigations.

What are the elements of an adequate BSA/AML compliance program?

FinCEN's five pillars of an adequate BSA/AML compliance program are: (1) written policies, procedures, and controls implementing BSA requirements; (2) a designated compliance officer responsible for day-to-day BSA program management; (3) ongoing employee training covering BSA requirements and the institution's specific procedures; (4) independent testing (internal audit) of the BSA program's effectiveness at least annually; and (5) Customer Due Diligence procedures including beneficial ownership identification for legal entity customers. Regulators examine each pillar during BSA examinations, and deficiencies in any pillar—particularly the independence and scope of testing or the adequacy of CDD—frequently trigger enforcement actions.

Related Terms

Tools for this concept

Ideagen is a governance, risk, and compliance software provider specializing in quality management, audit management, and safety compliance for highly regulated industries including aviation, banking, life sciences, and manufacturing. Founded in the UK in 1993, Ideagen has grown through acquisitions to serve over 11,500 customers globally. The Ideagen platform covers internal audit management, quality management systems, document control, CAPA management, incident reporting, and supplier quality. PaperLess provides document management and audit evidence organization for accounting firms. Huddle is a secure collaboration and document management platform for regulated industries. Medforce serves healthcare with compliance and quality management tools. Internal audit capabilities include risk-based planning, fieldwork documentation, and finding management similar to dedicated audit tools. Quality management modules support ISO 9001, ISO 14001, AS9100, and other quality standards with document control, non-conformance management, and audit scheduling. Aviation clients use Ideagen's ACAS (Aviation Compliance and Safety) solution for regulatory compliance, safety management, and occurrence reporting. Banking clients leverage audit and regulatory change management capabilities. Ideagen's strength is the breadth of compliance disciplines covered in a single platform, making it attractive for organizations managing multiple compliance programs across quality, safety, and audit. The company continues to expand through strategic acquisitions in the GRC and quality management space.

CaseWare is a leading provider of cloud audit, assurance, and financial reporting software used by accounting firms, corporate finance teams, and government auditors worldwide. Founded in Toronto in 1988, CaseWare has served the accounting profession for over 35 years with tools that streamline audit engagements and financial statement preparation. CaseWare Working Papers is the flagship product—a structured workpaper environment for external audit engagements that organizes evidence, links to financial statements, and facilitates review and sign-off workflows. Cloud-based deployment enables distributed audit teams to collaborate in real time on engagement files. Financial statement preparation tools support local GAAP, IFRS, and other accounting standards with automated disclosure checklists and ratio analysis. CaseWare Analytics provides data analytics capabilities for sampling, population analysis, and exception testing within audit workflows. IDEA (now CaseWare IDEA) is a standalone data analysis tool widely used for audit analytics, fraud detection, and continuous monitoring. CaseWare's cloud migration has modernized the platform with improved collaboration and real-time data access. The platform is particularly popular with public accounting firms, government audit offices, and large internal audit departments. Its audit evidence organization, review workflow, and financial statement linkage capabilities are tailored specifically for assurance professionals. CaseWare's deep accounting focus differentiates it from broader GRC platforms.

Wolters Kluwer TeamMate is a comprehensive audit management platform specifically designed for internal audit departments, providing dedicated tools for risk-based audit planning, fieldwork execution, issue management, and reporting. Part of Wolters Kluwer's financial and risk advisory solutions, TeamMate has served internal audit professionals for over 30 years and is deployed at thousands of organizations worldwide. TeamMate+ is the current cloud-based version, supporting the complete internal audit lifecycle from risk assessment through audit reporting. Risk Assessment tools enable auditors to evaluate and prioritize risk across the audit universe, creating defensible risk-based audit plans. Audit Project Management provides structured workpaper management, task assignment, and review workflows. Time Tracking captures audit hours for budgeting and efficiency analysis. Issue Management tracks findings, root causes, and management action plans through resolution. Analytics and Reporting provide real-time dashboards on audit status, key risk indicators, and portfolio metrics. The platform integrates with data analytics tools including IDEA and ACL for transaction-level testing. Wolters Kluwer's regulatory content expertise complements TeamMate's process capabilities with up-to-date guidance on audit standards and regulatory changes. TeamMate is particularly popular with financial services internal audit departments, government internal auditors, and large corporate audit functions. Its dedicated audit focus—as opposed to broader GRC platforms—means features are optimized for auditor workflows.