This article was reviewed by Emily Sachs, CAMS
Money laundering is itself a crime. But it’s also a byproduct and funding source of other crimes, including fraud, cybercrime, drug trafficking, and human trafficking.
Through the creation and enforcement of anti-money laundering (AML) laws and regulations, financial and government institutions are better equipped to detect and deter criminal activity. And law enforcement can more easily seize money connected to criminal activity and charge people connected to the crime: The notorious gangster Al Capone, who invested his criminal proceeds into laundromats and thus inspired the term “money laundering,” was ultimately brought down on tax evasion charges.
If you want a recap on what money laundering is and how it works, we cover that elsewhere. Or, watch this short clip from Breaking Bad. Here, we’re going to take a deeper dive into America’s main AML laws and how they work.
How do anti-money laundering laws work in the US?
Passed in 1970, the Bank Secrecy Act (BSA) was one of the first money laundering laws in the US. Since then, various laws, regulations, rules, and guidance have updated the BSA or clarified its implementation. Collectively, these are sometimes referred to as BSA law, AML law, or BSA/AML law.
At a high level, AML laws require financial institutions to create, document, and abide by an AML program to help detect and prevent money laundering. Some requirements for the programs are clearly laid out. But organizations also have discretion with how they create or implement other aspects of AML programs — with the relevant regulatory authorities’ approval.
What are key components of AML laws in the US?
The key components of AML programs in the US are understanding who you’re doing business with and the risks they pose, and monitoring transactions for suspicious activity. If you can trace the source of funds back to an original transaction — and identify who authorized that transaction — then you can better foil attempts to launder money.
In practice, organizations use know your employee (KYE) processes for verifying employees’ identities and conducting background checks. Continuous monitoring of employees’ activity for suspicious behavior or potential contact with criminals is also important, as is limiting access to systems based on responsibilities.
Turning outward, AML programs take a risk-based approach to identifying and monitoring customers and reporting certain transactions to government agencies. These are broadly broken down into two areas.
Know your customer
Know your customer (KYC) can refer to a range of activities that financial institutions use to verify the identity of customers. It may also be referred to as know your business, or KYB, when the customer is an organization rather than an individual.
Identities generally have to be verified at onboarding, when a customer first opens an account. But financial institutions also continually monitor customer activity and rescreen customers to evaluate risk with consideration to changes in a customer profile, ownership, and regulations.
KYC can be broken down into several components, each of which may further involve several steps:
- Customer due diligence (CDD): Financial institutions make risk-based assessments about customers as part of their due diligence requirements. An initial assessment determines whether to conduct simplified due diligence or enhanced due diligence, and ongoing assessments may result in reverification. Depending on the risk, due diligence may include adverse media screenings and government watchlist checks.
- Customer identification program (CIP): Financial institutions also must have programs that allow them to form a reasonable belief that they know the true identity of their customers. At a minimum, this may include checking and verifying a customer’s name, date of birth, legal address, and identification number, such as a Social Security number.
Transaction monitoring and reporting requirements
The BSA also requires financial institutions to monitor transactions, maintain records, and report activities that could correspond with money laundering. Some of the main BSA reports include:
- Suspicious activity report (SAR): Filed when a financial institution detects concerning activity or transactions, such as suspected insider trading, an unusual volume of transactions, or certain international wire transfers.
- Foreign bank account report (FBAR): Technically, customers have to file this report annually if they have over $10,000 in foreign bank accounts. However, financial professionals may file the report on a client’s behalf.
- Currency transaction reports (CTR): Filed to report when a customer deposits or withdraws over $10,000 in cash in a single day in one or multiple transactions.
- International Transportation of Currency or Monetary Instruments Report (CMIR): Filed to report when over $10,000 worth of monetary instruments, such as cash, gets physically transported, shipped, or mailed.
What organizations are affected by AML rules in the US?
AML laws and rules apply to financial institutions, but the definition of what that includes has expanded over the years.
Today, the BSA defines over 25 types of organizations and individuals as financial institutions, including FDIC-insured banks, credit unions, insurance companies, credit card companies, and casinos. Many fintech companies fall under this definition, as do online gaming facilitators and cryptocurrency platforms.
Financial institutions also include money service businesses (MSBs) — people and organizations that offer money transfers or conduct more than $1,000 in money services with a customer in a single day. These could be currency exchanges, check cashers, prepaid card providers, and money transmitters.
The BSA even considers the United States Postal Service a financial institution. And the law allows the Secretary of the Treasury to define (via regulation) other types of businesses or agencies as financial institutions if they conduct similar or related activity, or if they have cash transactions that could be highly useful in criminal, tax, or regulatory matters.
Which US financial regulators enforce AML laws?
The Financial Crimes Enforcement Network (FinCEN), a bureau of the Department of the Treasury, administers and enforces the BSA. FinCEN is also the financial intelligence unit (FIU) for the US, making it responsible for receiving and analyzing information related to money laundering and terrorist financing.
But FinCEN delegates authority to various federal regulators to help enforce compliance with AML laws. These include the Office of the Comptroller of the Currency (OCC), the Board of Governors of the Federal Reserve (Federal Reserve), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), and the Securities and Exchange Commission (SEC).
States also have AML laws and their own financial regulators.
The history of major federal AML laws
Today’s AML laws, regulations, and rules build on over 50 years of precedent. Here’s an overview of the most important federal AML laws.
Bank Secrecy Act of 1970
The Currency and Foreign Transactions Reporting Act of 1970, more commonly called the Bank Secrecy Act (BSA), helped formalize a federal framework for AML. Many of the laws and regulations that followed either amend or build on this framework.
- Authorizes the Department of the Treasury to create requirements for financial institutions that could help detect or stop money laundering.
- The guiding regulations of the BSA also require banks to identify customers, maintain records of financial transactions, and file CTRs for cash transactions exceeding $10,000 — a threshold unchanged since 1972.
Money Laundering Control Act of 1986
Sixteen years after the BSA came the federal Money Laundering Control Act of 1986.
- Makes money laundering a federal offense.
- In certain circumstances, allows law enforcement to seize funds that are connected to money laundering.
- Prohibits the structuring of transactions — using multiple transactions to attempt to evade CTRs.
- Imposes new compliance monitoring requirements on financial institutions.
Anti-Drug Abuse Act of 1988
The Anti-Drug Abuse Act of 1988 wasn’t entirely focused on AML, but it had some provisions aimed at identifying drug dealers who launder money through luxury vehicles and real estate.
- Expands the BSA’s definition of a financial institution to include businesses that often have cash transactions, including auto dealers and certain real estate professionals.
- Requires financial institutions to verify the identity of individuals who purchase money instruments, such as money orders, over $3,000.
Annunzio-Wylie Anti-Money Laundering Act of 1992
Added new reporting requirements to the BSA and enhanced the potential penalties for financial institutions that violate the BSA.
- Establishes a legal requirement under the BSA for financial institutions to report certain suspicious activities, which leads to SARs replacing criminal referral forms in 1996.
- Allows regulators to revoke federal bank charters and remove bank officers for BSA violations.
- Authorizes the Treasury to create minimum standards for AML programs.
- Adds verification and recordkeeping requirements for wire transfers.
- Creates the Bank Secrecy Act Advisory Group (BSAAG).
Money Laundering Suppression Act of 1994
Expanded the requirements for money service businesses (MSBs) and established new AML training and reporting requirements.
- Streamlines the reporting of suspicious activity.
- Requires MSBs to register with FinCEN and maintain lists of the businesses that can act as the MSBs’ agents.
- Requires federal banking agencies to review and enhance AML training and examination, and to refer AML cases to law enforcement.
USA PATRIOT Act of 2001
AML laws from 1970 to 2000 primarily focused on money laundering related to organized crime and the war on drugs. That changed after 9/11, when the PATRIOT Act criminalized terrorist financing and further amended the BSA.
- Requires financial institutions to create AML programs that meet expanded minimum requirements — four of the (now five) pillars of AML compliance.
- Establishes minimum standards for identity verification when customers open new accounts at financial institutions.
- Creates customer due diligence requirements, with enhanced due diligence for many foreign accounts.
- Forbids financial institutions from working with foreign shell banks.
- Expands information sharing between financial institutions, law enforcement, and regulators.
Anti-Money Laundering Act of 2020 (AML Act)
The most recent AML law, the Anti-Money Laundering Act of 2020 (AMLA), modernizes the AML framework with new amendments to the BSA and the inclusion of the Corporate Transparency Act (CTA).
- Creates a federal requirement (via the CTA) to identify beneficial owners of certain businesses and other legal entities.
- Expands the BSA’s definitions of financial institutions to include businesses that offer services related to “value that substitutes for currency,” which could include cryptocurrency services, and people engaged in the trade of antiquities.
- Prohibits concealing or misrepresenting certain information from financial institutions and expands the penalties for BSA violations.
- Gives the Departments of Justice and Treasury new subpoena powers for foreign bank records.
- Adds to existing whistleblower protections and rewards.
Tips for better AML compliance
AML compliance is mandatory for financial institutions, and noncompliance can lead to civil and criminal offenses, fines, and jail time. However, maintaining compliance can be difficult when the laws and regulations frequently change, and when you’re dealing with a large (and growing) volume of new customers and transactions.
The BSA identifies five key pillars that financial institutions can use to create compliant AML programs:
- Designate a compliance officer
- Develop an internal policy
- Train employees
- Test and audit your program
- Implement risk-based procedures for conducting ongoing customer due diligence
We discuss how to implement the five pillars elsewhere and have an AML compliance checklist with four steps you can take to better align with regulators’ expectations. But getting the proper processes and training in place is only part of the solution. Financial institutions also rely on AML software and tools to assist with customer identification, reverification, watchlist screening, transaction monitoring, and record retention.
At Persona, our Verification and KYC/AML tools offer no-code solutions for creating a customizable system that meets global AML requirements. We also keep your customers’ interests in mind, and our Dynamic Flow approach allows you to create automated processes that decrease or increase friction based on risk.