As the largest economy in the world and an influential political power, the United States plays an important role in the global fight against money laundering and the financing of terrorism. The US is a member of the Financial Action Task Force (FATF) and has developed a robust AML/CFT framework that reflects international regulatory standards and imposes significant penalties for noncompliance. To avoid those penalties, financial institutions must be familiar with the relevant AML regulations in the US and understand how to achieve compliance.
FinCEN: The Financial Crimes Enforcement Network (FinCEN) is the primary AML/CFT regulator in the United States and operates under the authority of the United States Treasury Department. FinCEN is responsible for combating money laundering, the financing of terrorism and other financial crimes by monitoring banks, financial institutions and individuals and analyzing suspicious transactions and payments. FinCEN works with state and federal law enforcement agencies, sharing information to assist in the fight against financial crime in compliance with AML regulations in the US.
OFAC: In a similar CFT/AML regulations capacity to FinCEN in the US, and under the authority of the US Treasury Department, the Office of Foreign Assets Control (OFAC) is responsible for administering and enforcing the United States’ economic and trade sanctions. OFAC works to prevent sanctions-targeted countries, regimes and individuals from perpetrating financial crimes, such as money laundering or terrorism, and peripheral crimes, such as drug trafficking and weapons proliferation.
The Bank Secrecy Act: Introduced in 1970, the Bank Secrecy Act (BSA) is the most important of the AML regulations in the US. The BSA is intended to combat money laundering and ensure that banks and financial institutions do not facilitate or become complicit in it. The BSA imposes a range of compliance obligations on firms operating within US jurisdiction, including a requirement to implement a risk-based AML regulations program with appropriate customer due diligence (CDD) and screening measures and to perform a range of reporting and record-keeping tasks when dealing with suspicious transactions and customers.
USA Patriot Act: The USA Patriot Act was passed in 2001 in the wake of the September 11 terror attacks and is a key part of AML regulations in the US. This legislation targets financial crimes associated with terrorism and expands the scope of the BSA by giving law enforcement agencies additional surveillance and investigatory powers, introducing new screening and customer due diligence measures and imposing increased penalties on firms or individuals found to be involved in terrorism financing. The USA Patriot Act includes specific provisions and controls for cross-border transactions in order to combat international terrorism and financial crime.
In addition to the BSA and the USA Patriot Act, firms should be familiar with other important US AML/CFT regulations . These include:
Learn how your business can identify AML red flags with our fast and flexible AML compliance solutions.
The potential impact of noncompliance with AML laws and regulations in the US depends on a variety of factors, but in the most serious cases, breaches can result in both criminal and civil penalties, fines and prison terms. Under the BSA, penalties may be imposed on each branch or location found to be in violation of AML regulations and for each day that the violation occurs. BSA fines may range from $10,000 per day (for failures to report foreign financial agency transactions) to $100,000 per day (for failures in customer due diligence). Breaches in AML regulations law are also likely to result in the forfeit of assets and funds involved in the criminal activity.
The consequences of noncompliance with AML regulations in the US are not restricted to financial penalties and prison terms. Firms that are found to have broken CFT/AML regulations laws often suffer reputational damage and may have to operate under restrictions imposed by the US Treasury Department.
Under the Bank Secrecy Act and the USA Patriot Act, banks and financial institutions must take a risk-based approach to CFT/AML regulations and implement the following compliance measures:
AML regulation program: Firms must develop and implement an internal AML/CFT program designed to match the risk profile of their customers and business sectors. The program should consist of written policies and procedures detailing the firm’s approach to:
Reporting and Record-Keeping: In compliance with the BSA, firms must maintain detailed records on their customers and submit reports to the BSA when their customers engage in certain transactions or financial activities. Amongst these responsibilities is the submission of suspicious activity reports (SARs) for transactions over $5,000 or for transactions that are suspected to be in violation of the BSA.
Compliance Officer: An individual employee should be appointed as chief AML compliance officer to oversee their firm’s AML regulation program and be responsible for arranging audits. The designated AML officer must have sufficient authority (ideally management level) and professional experience to carry out their duties effectively.
BSA Training: Firms should ensure their employees receive the training they need to fulfill their compliance responsibilities. Firms must also ensure a schedule is in place to deliver ongoing training to employees in line with changes to AML regulation laws.
For firms operating in the US, BSA-AML compliance presents a significant administrative challenge. Performing manual CDD and screening checks requires time and resources and carries the ongoing possibility of costly human error. To overcome that problem, many firms choose to automate their AML regulations program with a range of smart technology tools designed to complement the expertise of their employees. By adding efficiency and accuracy to the process, AML automation not only represents a way to reduce friction for customers but to help US firms continue to deliver the standards of regulatory compliance that FinCEN expects.
See how 1000+ leading companies are screening against the world's only real-time risk database of people and businesses.
Originally published 03 March 2020, updated 07 February 2023