Which reports are mandatory?

Currency Transaction Reports for qualifying cash activity and Suspicious Activity Reports when transactions lack apparent lawful purpose or fit typologies. Keep supporting documentation and timelines.

How does BSA relate to KYC?

KYC and CDD are foundational program components. Identity verification, risk rating, and screening directly support monitoring and reporting obligations under the statute.

What are frequent exam findings?

Weak risk assessments, delayed or poor quality SARs, inadequate staffing, and model governance gaps. Remediation plans should address root causes with measurable milestones.

How to demonstrate effectiveness?

Show metrics like alert precision, timely filings, and remediation outcomes, with audit trails proving decisions and control tuning tied to confirmed cases.

← Back to Glossary

BSA (Bank Secrecy Act)

Overview

The Bank Secrecy Act is the cornerstone United States law for anti money laundering and countering the financing of terrorism. It requires covered institutions to implement written AML programs, designate an officer, conduct training, perform independent testing, and maintain records. Obligations include Customer Identification Program, beneficial ownership collection for legal entities, and filing of Currency Transaction Reports and Suspicious Activity Reports through FinCEN.

Programs must conduct risk assessments, screen customers against sanctions and watchlists, and monitor transactions for typologies. Governance covers model validation, data quality, and timely regulatory reporting. Examiners assess effectiveness, not just policy existence, so institutions need coherent narratives linking risk, controls, and outcomes. Strong BSA compliance protects institutions from penalties, maintains correspondent relationships, and supports broader financial system integrity.