USA PATRIOT Act — AML Provisions

What are the USA PATRIOT Act AML provisions?

The USA PATRIOT Act is the US federal counter-terrorism statute enacted in the immediate aftermath of the 11 September 2001 attacks. Although best known for its surveillance and law-enforcement provisions, Title III of the Act — the International Money Laundering Abatement and Anti-Terrorist Financing Act of 2001 — substantially expanded the United States' AML framework, amending the Bank Secrecy Act (BSA) and creating new obligations for banks, broker-dealers, money services businesses, casinos, and other financial institutions.

Title III did not replace the BSA; it amended and strengthened it. The AML obligations that US financial institutions operate under today — the Customer Identification Program rule, EDD for foreign correspondent and private-banking accounts, the prohibition on accounts for foreign shell banks, and the Section 314(a) and 314(b) information-sharing mechanisms — all derive from Title III. The Act reframed AML as a counter-terrorism instrument as much as a counter-criminal one, and that orientation continues to shape FinCEN rulemaking and supervisory expectations.

Why the USA PATRIOT Act AML provisions matter

Before 2001, the BSA framework was focused primarily on detecting domestic money laundering and currency reporting. Title III globalised it. By reaching foreign correspondent banking, foreign private-banking customers, and foreign shell banks accessing the US financial system, the Act extended US AML obligations across cross-border banking flows that had previously sat largely outside US supervision. The information-sharing mechanisms created under Section 314 brought law enforcement, FinCEN, and financial institutions into structured dialogue for the first time. And the CIP rule (Section 326) gave the US the federal customer-identification baseline that is now the operational foundation of every US bank account opening. For any institution operating in the US — or any foreign bank with US correspondent relationships — Title III is the most consequential AML statute after the BSA itself.

Who must comply

Title III applies broadly across the US financial system. Banks and credit unions of every type are covered, including national and state-chartered institutions, federal and state-chartered credit unions, savings associations, and US branches and agencies of foreign banks. Broker-dealers in securities and mutual funds are covered, as are futures commission merchants, introducing brokers in commodities, money services businesses (MSBs), casinos and card clubs, insurance companies offering covered products, and operators of credit-card systems. The PATRIOT Act and subsequent FinCEN rulemaking also reach foreign financial institutions that maintain correspondent or payable-through accounts at US banks, and US persons dealing with foreign jurisdictions, institutions, or transactions designated under Section 311 special measures.

Section 326: customer identification program (CIP)

Section 326 of the PATRIOT Act required FinCEN to issue rules implementing a Customer Identification Program (CIP) at every covered financial institution. The CIP rule — codified at 31 CFR § 1020.220 (banks) and parallel provisions for other sectors — requires every covered institution to verify the identity of each new customer using documentary or non-documentary methods at account opening, capturing at minimum the customer's name, date of birth (for individuals), address, and a government-issued identifier. The institution must form a reasonable belief that it knows the true identity of the customer, screen the customer against government lists of suspected terrorists, and retain the records of the verification. CIP is the federal foundation of Know Your Customer (KYC) practice in the United States and the upstream source of every modern end-to-end KYC process.

Section 312: enhanced due diligence for foreign correspondent and private-banking accounts

Section 312 introduced Enhanced Due Diligence (EDD) for two specific account categories that historically carried elevated AML risk. For foreign correspondent accounts, US institutions must establish and maintain risk-based EDD procedures — assessing the foreign bank's AML controls, ownership, and the jurisdictions and customer types it serves — with heightened scrutiny for correspondent relationships with foreign banks operating under offshore licences or in jurisdictions identified as non-cooperative or subject to FATF or OFAC concern. For private-banking accounts held for non-US persons, US institutions must take reasonable steps to identify the nominal and beneficial owners (see our guide to finding the UBO of a company), the source of the funds, and any politically exposed person status, and conduct enhanced ongoing monitoring. Section 312 effectively brought correspondent banking and private banking — two of the historically highest-risk channels — under explicit federal AML scrutiny.

Section 313: prohibition on foreign shell banks

Section 313 prohibits US financial institutions from establishing, maintaining, administering, or managing correspondent accounts in the United States for a foreign shell bank — a foreign bank that has no physical presence in any country and is not affiliated with a regulated banking group. Institutions must also take reasonable steps to ensure their foreign correspondent banks are not themselves providing services to shell banks. This provision closed a major exposure that had previously allowed shell entities to access the US financial system through nested correspondent relationships.

Sections 314(a) and 314(b): information sharing

Section 314 created two parallel information-sharing mechanisms that materially changed how AML investigations are conducted in the US. Section 314(a) allows federal law enforcement, through FinCEN, to send information requests to financial institutions about specific persons, entities, or accounts believed to be involved in money laundering or terrorist financing. Institutions search their records and report any matches to FinCEN within a defined timeframe — without disclosing the existence of the request to the subject. Section 314(b) allows financial institutions to voluntarily share information with each other for the purpose of identifying and reporting potential money laundering and terrorist financing, under a statutory safe harbour that protects them from liability for sharing in good faith. Both mechanisms have become operational pillars of modern AML investigations.

Section 311: special measures

Section 311 authorises the Treasury Secretary, acting through FinCEN, to impose special measures against foreign jurisdictions, foreign financial institutions, classes of international transactions, or types of accounts identified as being of primary money-laundering concern. The measures range from enhanced recordkeeping and reporting to outright prohibitions on US correspondent or payable-through accounts. Section 311 actions are powerful and consequential — designation effectively cuts the target off from the US financial system — and have been used against foreign banks and jurisdictions including Iran, North Korea, Burma (historically), and several specific institutions. The provision was renamed and re-codified as Section 9714 of the Anti-Money Laundering Act of 2020 with expanded authority. See our sanctions screening AML guide for the operational practice that underpins compliance with Section 311 designations.

Section 352: AML programs

Section 352 required every covered financial institution to establish and maintain a written AML program with, at minimum, internal policies, procedures, and controls; a designated AML compliance officer; an ongoing employee training program; and an independent audit function. These four requirements — the original "four pillars" — were extended in 2018 to include a fifth pillar covering Customer Due Diligence and beneficial-ownership identification. The five-pillar architecture is now the federal standard for every US AML program — see our explainer on the 5 pillars of an AML program. Sanctions and PEP AML screening together with continuous transaction monitoring are the most heavily examined components of the controls pillar.

USA PATRIOT Act vs Bank Secrecy Act

The PATRIOT Act did not replace the Bank Secrecy Act — it expanded it. The BSA, enacted in 1970, is the underlying US AML statute that establishes recordkeeping, reporting, and program requirements. The PATRIOT Act of 2001 amended and extended the BSA to address foreign correspondent banking, private banking, shell banks, CIP, information sharing, and section 311 special measures. Both apply together: the BSA defines the architecture of US AML compliance and the PATRIOT Act layered counter-terrorism-specific obligations on top of it. The Anti-Money Laundering Act of 2020 (AMLA 2020) further amended both, creating the federal beneficial-ownership registry, modernising SAR processes, and expanding individual liability for senior managers.

Penalties for non-compliance

PATRIOT Act and BSA violations are jointly enforced by FinCEN and the federal banking and securities regulators using examination procedures set out in the FFIEC BSA/AML Examination Manual. Civil penalties for willful violations can reach the greater of USD 25,000 or the amount involved in the transaction (up to USD 100,000), with materially higher exposure for patterns of negligence. Criminal penalties can include fines up to USD 250,000 and imprisonment of up to five years — doubled where the violation occurs in connection with another federal crime or a pattern of illegal activity exceeding USD 100,000 in a 12-month period. AMLA 2020 expanded individual liability for senior managers and introduced enhanced whistleblower rewards, materially raising personal exposure for compliance failures.