Bank Secrecy Act

Updated on April 17, 2024
Article byRutan Bhattacharyya
Edited byRutan Bhattacharyya
Reviewed byDheeraj Vaidya, CFA, FRM

What Is Bank Secrecy Act (BSA)?

Bank Secrecy Act of 1970 (BSA) refers to an essential anti-money laundering (AML) regulation in the United States. The main objective of this act is to stop people or organizations from utilizing financial institutions as a tool for financial crimes, for example, money laundering.

Bank Secrecy Act

You are free to use this image on your website, templates, etc, Please provide us with an attribution linkHow to Provide Attribution?Article Link to be Hyperlinked
For eg:
Source: Bank Secrecy Act (wallstreetmojo.com)

Per the rules of the act, banks and other financial institutions must spot and track illicit financial activities, reporting the same to specific authorities for probe and prosecution. The United States government passed this law in 1970. This act has different pillars, for example, performing risk assessments and carrying out customer due diligence.

Key Takeaways

  • The Bank Secrecy Act refers to a law introduced by the US government in 1970 in an attempt to reduce money laundering activities and other financial crimes. It aims to maintain the integrity of the US financial system.
  • There are various Bank Secrecy Act requirements that financial institutions need to meet. For example, they must carry out a risk assessment, monitor transactions, maintain records, and file CTRs.
  • This act has five pillars. Two of them are the appointment of a compliance officer and the monitoring and auditing of the AML program.

Bank Secrecy Act Explained

The Bank Secrecy Act refers to a United States legislation introduced in 1970 to prevent financial crimes, including money laundering, from affecting the integrity of the country’s financial system. According to provisions of this act, all financial institutions must cooperate with the government by fulfilling a set of requirements.

The Financial Crimes Enforcement Network (FinCen) is responsible for administering this act. This law came into existence to better identify criminals using money laundering techniques to grow their criminal organization, hide tax evasion, support terrorism, or cover up other illegal activities. It does not make it mandatory for a business to record all transactions involving an amount of more than $10,000.

Per the general rule imposed by the Internal Revenue Service (IRS), businesses or persons in trade must file Form 8300 if the organization gets over $10,000 cash from any buyer in a single day. This may result from a single payment or multiple transactions.

Filing the form within the 15th day from the date of the transaction is mandatory to avoid penalties. Also, note that this requirement only applies when any part of the transaction takes place in the US.

Five Pillars

Let us look at the pillars of this United States law in detail.

#1 – Appointing A Compliance Officer

A compliance officer needs to know and comprehend the procedures and policies stated in the BSA, AML, or Office of Foreign Assets Control (OFAC) compliance program. Businesses must appoint a person who can understand such policies and procedures. Moreover, the individual must be able to ensure that all rules and processes are followed in the organization.

#2 – Building AML Policies And Internal Controls 

Organizations must have a clearly defined compliance department to manage risks effectively. This means staying informed regarding new compliance regulations and emerging market trends. All team members must know how compliance affects their jobs. They must also get training on applications and tools.

#3 – Conducting Risk Evaluations

Organizations need to establish clearly defined controls, procedures, and protocols to identify financial crimes. The compliance measures must follow an approach that takes into account the risk. Hence, it is important to customize the mitigation measures based on the level of risk. Note that risk evaluations are not static. Organizations must review them at fixed intervals and make adjustments to factor in the changes concerning the regulatory environment, evolving risks, and more.

#4 – Carrying Out Customer Due Diligence (CDD)

The CDD rule makes it mandatory for organizations to detect and verify their customers’ identities. Moreover, the entities must continuously track customers’ activities to spot and report suspicious transactions.

#5 – Tracking And Auditing The AML Program

Independent third-party entities must audit the compliance program. This is because proper assessment of an organization’s compliance cannot depend only on internal testing. The third-party audits carried out regularly help spot potential vulnerabilities in the compliance program. One must note that they are crucial for upholding operational integrity.

Requirements For Financial Institutions

Financial institutions need to fulfill the following Bank Secrecy Act requirements:

  • All financial institutions must introduce a detailed BSA compliance program to prevent financial crime.
  • Financial institutions need to establish certain procedures to verify customers’ identity.
  • A financial institution must monitor transactions to identify any suspicious activity.
  • Banks and other financial institutions need to file Suspicious Activity Reports (SARs) if they suspect that specific transactions may involve illicit activities.
  • They must carry out independent testing of the BSA compliance program. It will help them know whether the program is effective.
  • Financial institutions keep records related to transactions and compliance for a certain period.
  • They must file currency transaction reports (CTRs) for any transaction that involves an amount exceeding $10,000.


Let us look at a few Bank Secrecy Act examples to understand the concept better.

Example #1

On February 13, 2024, FinCen proposed one new rule that would place d specific investment advisers in the category of financial institutions under the Bank Secrecy Act. According to the US Treasury Department bureau, if the adoption of the new rule takes place, it would make the investment adviser industry more aligned with its counterparts in the country’s financial sector. Moreover, the bureau believes that it would enhance the federal government’s comprehension of crucial national security threats.

Example #2

In 2021, the US witnessed roughly 1.6 million or 42% of Bank Secrecy Act reports associated with identity exploitation processes at the time of transaction processing, creation of accounts, and account access. While the majority of the institutions in the BSA data set related to identity reported the top identity exploitation to be impersonation, money services organizations mostly reported avoidance of verification. Moreover, per the report, compromised credentials had a disproportionate effect when compared to other forms of identity exploitation.

According to Andrea Gecki, director of FinCEN, financial institutions must maintain robust processes with regard to customer identification to ensure that the US financial system remains secure. After all, such processes are vital to combat terrorism financing, money laundering, and other financial crimes.


One can understand the importance of this law by going through the two points below.

  • It protects a financial system’s integrity by preventing different financial crimes, like terrorist financing and money laundering.
  • The law safeguards financial institutions from different organizations or people that may look to utilize them for carrying out unlawful activities.


The pressure of accumulating, producing, as well as maintaining substantial volumes of data is overburdening financial institutions in the United States. A lot of AML experts question the ability of the government to spot money laundering activities effectively when carrying out investigations concerning illegal financial transactions. According to them, the government must update the BSA as it was introduced before the introduction of laptop computers. 

In other words, now, financial institutions are continuously battling against ever-changing transaction and payment technologies. Hence, updating the tools used to fight against financial crime is necessary to address the 21st-century technological evolutions in banking.

This act has also received criticism because many believe that it provides very few guidelines defining what is suspicious.

Frequently Asked Questions (FAQs)

1. What is Bank Secrecy Act penalty?

Bank Secrecy Act penalty can go up to $250,000, in addition to 5 years’ imprisonment. That said, if the violation falls into a pattern of conduct that involves a sum exceeding $100,000 over 1 year and includes the violation of some other US law, the penalty can rise to $500,000 and a maximum of imprisonment of 10 years.

2. Does the Bank Secrecy Act apply to insurance companies?

Yes, the law applies to insurance companies. This is because, in the United States, insurers fall into the category of financial institutions.

3. Are Bank Secrecy Act audits required annually?

Financial institutions must carry out an independent audit about their anti-money laundering compliance programs once every year or 18 months.

4. What is the effect of the Bank Secrecy Act?

Since the introduction of this act in 1970, its requirements have played a key role in safeguarding the public from fraud, cybercrime, and other illicit financial activities.

This article has been a guide to what is Bank Secrecy Act. We explain its requirements for financial institutions, 5 pillars, examples, importance, and criticism. You may also find some useful articles here –

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *