Learn how financial institutions can stay AML-compliant in the United States and ensure a smooth onboarding process.
The United States is a leader in the fight against money laundering and the financing of terrorism. Still, up to $300 billion is laundered in the US annually, with AML compliance costing US firms up to $25.3 billion per year.
The US was one of the first countries in the world to make money laundering a federal crime with its Money Laundering Control Act of 1986 (Public Law 99-570). Today, the US is a member of the Financial Action Task Force (FATF) and has a strong AML/CFT framework that imposes heavy penalties for noncompliance. One recent example is the $29m fine imposed on crypto exchange Bittrex for violating the Bank Secrecy Act.
To avoid severe penalties, financial institutions must know the relevant AML requirements in the US and understand how to stay compliant. We’ve come up with the following guidelines to help.
Financial institutions must comply with AML rules in the US and maintain risk-based AML programs. This includes:
Foreign subsidiaries of US financial institutions must also comply with United States anti-money laundering laws.
The Financial Crimes Enforcement Network (FinCEN)
The main US financial regulator and Financial Intelligence Unit (FIU) is the Financial Crimes Enforcement Network (FinCEN) which operates under the authority of the US Department of the Treasury.
FinCEN oversees all financial institutions in the US to prevent money laundering and the financing of terrorism. Its responsibilities involve the collection of transaction data from local companies and distribution of that data for law enforcement purposes. FinCEN can partner with law enforcement agencies at the state and federal levels to assist in criminal investigations. The watchdog also cooperates with its international counterparts in order to fight global financial crimes.
The Office of Financial Assets Control (OFAC)
The Office of Financial Assets Control (OFAC) works to identify already known criminals. The watchdog oversees US sanctions programs to ensure that companies comply with the trade prohibitions on targets inscribed in the relevant sanctions lists.
There are a number of sanctions lists in the US, but the main one is the Specially Designated Nationals and Blocked Persons List (SDN). The SDN list includes the names of persons designated for economic sanctions within a US global sanctions program.
The Bank Secrecy Act
The primary AML legislation in the US is the Bank Secrecy Act (BSA). Implemented in 1970, the BSA imposes reporting and record-keeping obligations on US financial institutions (including banks, brokerage firms, insurance companies, etc.) in order to prevent criminals using their products and services to launder the proceeds of their crime.
Under the Bank Secrecy Act (BSA) and related anti-money laundering laws, financial institutions must:
In most cases, financial institutions are obliged to collect tax identification numbers of US citizens or residents, such as social security numbers (SSNs), together with their full name, date of birth, and address.
An SSN is a unique 9-digit number directly linked to an individual’s identity. If stolen or forged, a criminal can gain illegitimate access to a person’s bank accounts, credit cards, tax and employment history, and other private information.
If you need KYC for US, use Sumsub — a full-cycle verification platform that secures the whole user journey.
The Patriot Act
After 9-11, the US passed the USA Patriot Act as an amendment to the BSA. The Patriot Act empowered US law enforcement agencies with further authorities when investigating suspected terrorism financing.
In particular, the Patriot Act imposes a range of Customer Due Diligence (CDD) and screening responsibilities on US companies, with a focus on international transactions. The Patriot Act imposes criminal and financial penalties for persons found to be in violation of CFT compliance regulations.
In 2021, the US introduced the Anti-Money Laundering Act (AMLA) 2020, the most notable reform to the country’s AML/CFT legislation since the Patriot Act. Its purpose is to manage the threats posed by new technologies and criminal methodologies. The regulatory measures introduced by the AMLA include broadened international information sharing rules, increased penalties for money laundering, new beneficial ownership requirements to prevent the misuse of shell companies, and new whistleblower protections.
As a FATF member state, the US requires financial institutions to take a risk-based approach to AML/CFT. This means that they must conduct a Know Your Customer (KYC) assessment to identify clients at the onboarding process, establish the level of compliance risk they represent, and deploy AML/CFT measures in proportion to that risk. As a result, companies may subject higher risk customers to enhanced monitoring and screening measures.
A proper US AML program
A good US AML compliance program must include the following procedures:
Enhanced due diligence
Under the risk-based approach to AML/CFT, the US requires firms to subject higher risk customers to Enhanced Due Diligence (EDD) measures. The EDD process includes a larger degree of AML/CFT scrutiny, stronger identity verification measures, and checks into the sources of customer funds.
Adverse media checks
Criminal cases may be reported in the news before official sources confirm them. Accordingly, the EDD process may also include adverse media screening, which require financial institutions to search news sources for the customer’s involvement in negative stories (including terrorism, terrorist financing, financial crime, organized crime, kidnapping, corruption, and tax crime).
Suspicious activity reports
Financial institutions must submit a Suspicious Activity Report (SAR) using a special Bank Secrecy Act BSA E-Filing System no later than 30 calendar days after the date when signs of money laundering were initially detected.
Further reporting obligations
The maximum BSA-related criminal penalty is $250,000 and up to five years’ imprisonment. However, if the violation is part of a pattern of conduct involving more than $100,000 over a 12-month period and involves the violation of another US criminal law, the penalty increases to $500,000 and up to 10 years’ imprisonment.
The maximum BSA-related civil penalty may also differ. For example, federal banking regulators have the authority to impose penalties from $5,000 per violation to $1,000,000, or 1% of the assets of a financial institution, whichever is greater, for every day that the violation occurs.
Other federal watchdogs and self-regulatory organizations have independent civil penalty authorities. Penalties are mainly assessed for AML compliance program deficiencies, failures to file suspicious activity reports (SARs), and the presence of other BSA violations.
According to the US Department of the Treasury, money laundering means financial transactions in which criminals, including terrorist organizations, attempt to disguise the proceeds, sources or nature of their illicit activities.
The Financial Crimes Enforcement Network (FinCEN) and the Office of Financial Assets Control (OFAC) are the country’s main AML watchdogs.
The key AML laws are the Bank Secrecy Act and the Patriot Act.
Financial institutions must submit suspicious activity reports via the BSA E-Filing System within 30 calendar days from the moment of detecting ML signs.
KYC verification is the process of verifying a customer’s identity to help comply with the AML regulations in the US.
Yes. The US Financial Crimes Enforcement Network (FinCEN) requires financial institutions to comply with KYC standards to prevent criminal activity.