The Bank Secrecy Act: Treasury's Anti-Financial Crime Framework

The Bank Secrecy Act (BSA) is the foundational federal statute requiring U.S. financial institutions to assist government agencies in detecting and preventing money laundering, terrorist financing, and other financial crimes. Enacted in 1970 and codified at 31 U.S.C. §§ 5311–5336, it establishes a recordkeeping and reporting infrastructure that spans banks, broker-dealers, money services businesses, and dozens of other covered entities. The Financial Crimes Enforcement Network (FinCEN), a bureau of the U.S. Department of the Treasury, administers and enforces the BSA. Understanding the statute's structure, obligations, and limits is essential for any institution operating in the U.S. financial system — compliance failures carry civil penalties that can reach $1 million per day per violation (FinCEN Civil Penalty Authority, 31 U.S.C. § 5321).

Definition and scope

The Bank Secrecy Act establishes what regulators call an anti-money laundering (AML) program requirement: a set of mandatory internal controls, recordkeeping obligations, and government reporting duties imposed on "financial institutions" as defined by the statute. That definition is broad. It covers federally insured depository institutions, credit unions, broker-dealers registered with the SEC, futures commission merchants, mutual funds, insurance companies, money transmitters, check cashers, and dealers in precious metals — among others — as enumerated in 31 C.F.R. § 1010.100(t).

The BSA operates on two parallel tracks:

1. Recordkeeping requirements — Covered institutions must retain records of cash purchases of negotiable instruments, funds transfers of $3,000 or more, and customer identification information.
2. Reporting requirements — Specific transaction types and suspicious activity trigger mandatory government filings.

The geographic scope is national. Any financial institution with operations in the United States — including U.S. branches of foreign banks — falls within BSA jurisdiction. The statute is further reinforced by the USA PATRIOT Act of 2001, which expanded BSA obligations to include enhanced due diligence for foreign correspondent accounts and private banking relationships (31 U.S.C. § 5318(i)).

The broader anti-money laundering framework at Treasury situates the BSA within Treasury's wider financial integrity mission, which includes sanctions administered by the Office of Foreign Assets Control and terrorist financing prevention programs.

How it works

BSA compliance centers on five operational pillars, as articulated in FinCEN guidance and the Federal Financial Institutions Examination Council (FFIEC) BSA/AML Examination Manual:

1. Internal policies, procedures, and controls — Written AML policies tailored to the institution's risk profile.
2. A designated BSA/AML Compliance Officer — A named individual responsible for day-to-day program oversight.
3. Ongoing employee training — Staff at all levels must receive role-appropriate AML instruction.
4. Independent testing (audit) — Regular independent review of the program's effectiveness.
5. Customer Due Diligence (CDD) — Identifying and verifying customers, including beneficial owners of legal entity customers at a 25% ownership threshold (31 C.F.R. § 1010.230).

The primary reporting instruments under the BSA are:

• Currency Transaction Reports (CTRs) — Filed for cash transactions exceeding $10,000 in a single business day, whether a single transaction or aggregated transactions by the same customer (31 C.F.R. § 1010.311).
• Suspicious Activity Reports (SARs) — Filed when a transaction involves $5,000 or more and the institution knows, suspects, or has reason to suspect the funds derive from illegal activity or are designed to evade BSA requirements (31 C.F.R. § 1020.320).

CTRs are objective and threshold-driven; SARs are judgment-based. Both flow to FinCEN's database, where law enforcement agencies access them under a secure portal. The Treasury's role in the broader federal budget and financial architecture informs why FinCEN's BSA data infrastructure is treated as a national security asset, not merely a compliance artifact.

The Anti-Money Laundering Act of 2020 (AMLA 2020), embedded in the National Defense Authorization Act for Fiscal Year 2021, added a beneficial ownership registry requirement. Under the Corporate Transparency Act component, most small corporations and LLCs must report beneficial owners to FinCEN by January 1, 2025 (FinCEN Beneficial Ownership Rule, 87 Fed. Reg. 59498 (2022)).

Common scenarios

Structuring (Smurfing): A customer deposits $9,500 in cash on three consecutive days to avoid the $10,000 CTR threshold. This conduct — known as structuring — is itself a federal crime under 31 U.S.C. § 5324, regardless of whether the underlying funds are legitimate. The bank must file a SAR.

Shell Company Layering: A limited liability company with no apparent business activity receives $200,000 wire transfers from three foreign jurisdictions within 30 days, then immediately wires the funds to a real estate purchase. The institution must assess whether the activity is consistent with the customer's stated business purpose and risk profile. Under the CDD rule, the 25% beneficial ownership threshold requires the bank to identify who controls the LLC.

Money Services Business (MSB) Risk: A licensed check casher processes $800,000 in third-party checks in a single month for customers who cannot explain the source. MSBs are independently required to register with FinCEN (31 C.F.R. § 1022.380) and maintain their own AML programs, but correspondent banks servicing MSBs must also apply enhanced due diligence.

Cryptocurrency Exchanges: Virtual asset service providers operating as money transmitters in the U.S. fall under BSA obligations. FinCEN's 2019 guidance confirmed that convertible virtual currency exchangers and administrators are money transmitters subject to the full CTR and SAR regime (FIN-2019-G001).

Decision boundaries

The BSA intersects with adjacent regulatory regimes in ways that create compliance complexity. Distinguishing the BSA's scope from those overlapping frameworks matters for determining which obligations apply and to whom.

BSA vs. OFAC Sanctions: The BSA governs transaction monitoring and reporting to detect illicit proceeds. The Office of Foreign Assets Control administers sanctions that prohibit transactions with designated persons and countries entirely. A bank can be BSA-compliant while still committing an OFAC violation, and vice versa. The two programs require separate compliance controls — they are not interchangeable. The U.S. sanctions program overview details how OFAC obligations layer onto BSA duties.

BSA vs. State Money Transmission Laws: FinCEN's BSA registration for money transmitters is a federal floor, not a ceiling. All 50 states plus the District of Columbia and Puerto Rico maintain separate money transmitter licensing regimes. Federal BSA compliance does not satisfy state licensing requirements.

Mandatory vs. Discretionary SARs: CTR filing is mandatory when the $10,000 cash threshold is met; no judgment is involved. SAR filing introduces an analytical layer — the institution must determine whether activity meets the "knows, suspects, or has reason to suspect" standard. Institutions that file a SAR in good faith receive a statutory safe harbor from civil liability under 31 U.S.C. § 5318(g)(3). Institutions that fail to file when a reasonable AML officer would have done so face examination criticism and potential enforcement action.

Covered vs. Non-Covered Entities: A non-financial business — such as a law firm, real estate attorney, or accountant — is not presently subject to the full BSA AML program requirements in the same manner as a bank. However, FinCEN has issued proposed rules and geographic targeting orders (GTOs) for real estate transactions that impose SAR-like reporting on title insurance companies in designated metropolitan areas, signaling a potential expansion of BSA coverage to non-bank gate