The Bank Secrecy Act (BSA), enacted in 1970, is the foundational U.S. legislation designed to prevent and detect money laundering and other financial crimes. Also known as the Currency and Foreign Transactions Reporting Act, the BSA imposes a broad set of compliance obligations on financial institutions, including banks, credit unions, securities firms, casinos, MSBs (money services businesses), and other regulated entities.
At its core, the BSA requires institutions to develop, implement, and maintain an effective anti-money laundering (AML) program. This includes Customer Identification Programs (CIP), Customer Due Diligence (CDD), and Enhanced Due Diligence (EDD) for high-risk customers. Additionally, institutions must monitor transactions and report suspicious or large-value activity to the Financial Crimes Enforcement Network (FinCEN).
Key reporting obligations under the BSA include:
-
Currency Transaction Reports (CTRs) for cash transactions over $10,000
-
Suspicious Activity Reports (SARs) for suspected criminal or unusual financial activity
-
Foreign Bank and Financial Accounts (FBARs) for U.S. persons with offshore holdings
To meet these requirements, institutions often rely on AML compliance software to automate monitoring, flag unusual patterns, screen customers against watchlists, and file mandatory reports. These systems also help ensure that data is retained securely and available for audit purposes.
The BSA has been significantly expanded over time, notably by the USA PATRIOT Act, which introduced new tools for combating terrorist financing and strengthened CIP requirements. It also laid the groundwork for the Risk-Based Approach (RBA) that underpins many modern AML regimes.
Non-compliance with the BSA can result in severe regulatory penalties, reputational damage, and criminal liability. Institutions must maintain vigilant, technology-enabled compliance programs to meet ongoing expectations from FinCEN and other regulators.
