One of the most notorious crimes to this day, money laundering, refers to the method of disguising illegally obtained funds, often referred to as “dirty money,” to make them appear legitimate. However, in the 1920s, there were no specific regulations in the US addressing the crime of money laundering. That’s why authorities had to categorize it as tax evasion when prosecuting individuals like Al Capone, who thrived during the era of organized crime.
Today, the US stands as the world’s largest and most influential economy and takes rigorous measures to combat financial crimes, focusing on enforcing anti-money laundering (AML) laws. Despite such efforts, recent data shows that at least $300 billion is laundered within the United States each year, and American businesses spend approximately $25 billion annually to ensure AML compliance.
To properly stick to regulatory frameworks and avoid hefty fines, financial institutions must be well aware of the key AML laws in the US. Use this guide and learn everything you need to know about it below.
What Does AML Compliance Mean in the US?
AML compliance means that financial institutions in the US must establish, document, and comply with an AML program with the goal of identifying and preventing money laundering. Each business has to choose how they want to develop and execute the measures in their AML program. That said, there are mandatory AML program elements that are clearly defined by the relevant regulatory authorities.
For example, the Financial Crimes Enforcement Network (FinCEN) is one of the US government agencies responsible for combating financial crimes, including money laundering, terrorist financing, and other illicit financial activities. FinCEN also serves as the designated administrator of the Bank Secrecy Act (BSA), which has become one of the main tools in the fight against fraud.
Since then, several other laws have improved and modified the BSA to equip law enforcement and regulatory agencies with more effective measures for combating money laundering. The US is also involved in other initiatives, including its membership in the Financial Action Task Force (FATF). FATF sets international AML standards and also plays a crucial role in combating money laundering and terrorist financing worldwide.
Which US Financial Regulators Enforce AML Laws?
Several financial regulators are responsible for enforcing AML laws in order to combat money laundering and terrorist financing activities within the United States. Some of the main ones involved in AML enforcement include:
The Financial Crimes Enforcement Network (FinCEN)
FinCen is the primary financial regulator operating under the jurisdiction of the US Department of the Treasury. FinCEN also functions as the financial intelligence unit (FIU), taking on the role of receiving and analyzing information concerning money laundering and terrorist financing.
Additionally, FinCEN delegates its authority to several federal regulators to assist in ensuring compliance with AML laws, including the Federal Deposit Insurance Corporation (FDIC), the Securities and Exchange Commission (SEC), and the National Credit Union Administration (NCUA).
The Office of Financial Assets Control (OFAC)
It focuses on supervising sanctions programs, ensuring that US companies adhere to trade restrictions imposed on entities listed in the applicable sanctions lists. Sanctions can take two primary forms: comprehensive or selective. They leverage asset freezes and trade restrictions as tools to achieve foreign policy and national security objectives.
OFAC also strongly emphasizes that organizations should establish and consistently maintain a Sanctions Compliance Program comprising five vital components: management commitment, risk assessment, internal controls, testing, auditing, and training.
What are the Main Federal AML Laws in the US?
Here are the key AML laws in the United States that have evolved and shaped the US regulatory landscape over the years:
Bank Secrecy Act of 1970
The Bank Secrecy Act (BSA) places reporting and record-keeping responsibilities on various financial institutions such as banks, insurance companies, and brokerage firms. Its aim is to deter criminals from utilizing these institutions to launder illicit gains. Within this framework, institutions are required to implement AML controls, which involve monitoring their customers and transactions for any signs of suspicious activity and reporting any such suspicious activity to FinCEN.
The primary goal of the BSA was to facilitate the tracking of the origin, amount, and flow of currency and monetary instruments entering or leaving the United States or being deposited in financial institutions.
To achieve this, financial institutions were required to take several actions, including:
- Reporting cash transactions exceeding $10,000 through the Currency Transaction Report (CTR).
- Accurately identifying individuals conducting transactions.
- Creating and maintaining a clear paper trail by retaining proper records of financial transactions.
USA PATRIOT Act of 2001
Between 1970 and 2000, AML laws mainly targeted money laundering associated with organized crime and the battle against drug-related activities. However, there was a gap in the system. That’s why, after the events of 9/11, the US enacted the USA PATRIOT Act as an amendment to the BSA.
Specifically, the USA PATRIOT Act places a set of Customer Due Diligence (CDD) and screening obligations on US companies, with a particular emphasis on transactions involving international parties. The PATRIOT Act also establishes both criminal and financial penalties for individuals found to be in breach of regulations related to CFT compliance.
USA PATRIOT Act and its provisions were designed to strengthen the US government’s ability to combat money laundering and terrorist financing with the following measures:
- It made the financing of terrorism a criminal offense and bolstered the existing BSA by enhancing customer identification processes.
- Financial institutions were prohibited from conducting business with foreign shell banks.
- Financial institutions were required to establish due diligence procedures, with enhanced due diligence (EDD) required for foreign correspondent and private banking accounts.
- It facilitated better information sharing between financial institutions and the government while encouraging voluntary information exchange among financial institutions.
- The AML program requirements were expanded to cover all types of financial institutions.
- The Secretary of the Treasury gained the authority to impose “special measures” on jurisdictions, institutions, or transactions deemed of “primary money laundering concern.”
- It facilitated access to records and required banks to respond to regulatory requests for information within 120 hours.
- Federal banking agencies were mandated to consider a bank’s AML record when evaluating bank mergers, acquisitions, and other applications for business combinations.
Anti-Money Laundering Act of 2020 (AMLA)
Currently, AMLA 2020 is one of the most significant updates to the country’s AML compliance background since the Patriot Act. It was introduced in 2021 and brought a modernized approach by introducing amendments to the BSA and incorporating the Corporate Transparency Act (CTA).
The primary goal of AMLA 2020 is to address emerging threats associated with new technologies and evolving criminal tactics. The regulatory provisions introduced by the AMLA consist of:
- Widening the scope of rules governing international information sharing.
- Increasing penalties for money laundering offenses.
- Introducing new requirements related to beneficial ownership to prevent the misuse of shell companies.
- Broadening institutions to encompass businesses that provide services linked to cryptocurrencies.
- Establishing new protections for whistleblowers, aiming to encourage individuals to report suspicious activities.
What Companies are Affected by AML Laws in the US?
The BSA categorizes more than 25 different entities as financial institutions. It even recognized the United States Postal Service as a financial institution. For example, Money Service Businesses (MSBs) are also obliged entities. This includes individuals and companies engaged in money transfers or transactions exceeding $1,000 in a single day.
Other AML-obliged entities consist of currency dealers or exchangers, cash checking service providers, casinos, prepaid card providers, credit unions, fintechs, crypto companies, issuers of traveler’s checks or money orders, as well as sellers or redeemers of traveler’s checks or money orders, and money transmitters.
How to Achieve AML Compliance?
AML laws in the US are very important for financial institutions, and failure to comply can result in both civil and criminal violations, potentially leading to fines or even imprisonment. In the US, companies must follow a risk-based approach (RBA) to AML and CTF compliance.
RBA requires financial institutions to perform a Know Your Customer (KYC) assessment during the customer onboarding process. That’s why staying compliant with AML Laws can be challenging, especially due to the frequent alterations in regulations, not to mention large volumes of new customers and transactions.
Create an AML Program
The BSA outlines five essential pillars that financial institutions can rely on to establish AML programs in accordance with regulations, which include: appointing a designated compliance officer (1), establishing an internal AML policy (2), conducting employee training (3), conducting testing and auditing (4), and implementing a risk-based approach and ongoing CDD measures (5).
Other than that, a proper AML program should include the following procedures:
1. Identity Verification
In the United States, companies are required to establish and confirm the identities of their customers to carry out thorough risk assessments, including the CDD process. Customer Due Diligence (CDD) is a series of continuous measures dedicated to determining customer risk and representing a crucial element of Know Your Customer (KYC) practices.
In the US, FinCEN enforces CDD regulations, which mandate that financial institutions fulfill four essential requirements:
- Verify the identities of all customers.
- Identify and verify all beneficial owners of companies you want to engage with. Typically, this involves investigating individuals who control and/or own 20% or more of the company.
- Gain an understanding of the nature and purpose of customer relationships, enabling the development of customer risk profiles.
- Continuously monitor customer activity and transactions to detect and report suspicious activity.
Financial institutions in the US must also establish Customer Identification Programs (CIP) that enable them to ascertain the true identities of their customers reasonably. This typically involves verifying crucial details such as the customer’s name, date of birth, legal address, identification number, and SSN, at a minimum.
2. Ongoing Monitoring
Continuous monitoring consists of, at the very least, the ongoing scrutiny of transactions to detect any signs of suspicious activity that could indicate potential financial crimes. Additionally, it may encompass supplementary actions like periodically reevaluating customers based on their level of risk.
That means US-obliged entities are required to periodically update and validate the customer information they have on file as part of their KYC processes. Consequently, that’s how AML screening and ongoing monitoring ensures that the information is up-to-date, accurately reflecting the customer’s current situation.
3. Transaction Screening
US banks and other financial institutions are mandated to screen and monitor the transactions conducted by their customers to spot any suspicious activity that might be connected to money laundering or other suspicious activities. This includes looking for out-of-the-ordinary transactions, transactions with high-risk customers or from high-risk jurisdictions, and transactions involving individuals or entities subject to sanctions.
For instance, when a customer deposits a total of over $10,000 in cash within a single day, it requires the business to submit a Currency Transaction Report (CTR). Conversely, fund transfers of at least $3,000 do not mandate report filing, but they do require recordkeeping in accordance with the $3,000 placement rule.
We’ll review other measures that help US financial institutions stay AML-compliant next to the following section about EDD.
Conduct Enhanced Due Diligence
Enhanced Due Diligence (EDD) consists of specific procedures applied when either an individual or a transaction is considered to have a higher risk of involvement in money laundering or other financial crimes. In such instances, US businesses must go beyond standard verification and conduct an additional, more thorough level of scrutiny, which is EDD.
These are the scenarios regarding a high-risk individual that requires EDD:
- If they are categorized as a politically exposed person (PEP).
- If they have prior associations with financial crime.
- If they are a subject of adverse media coverage.
- If they possess a significant net worth or hold a position as a public figure or celebrity.
- If they work within an industry known for a high risk of money laundering.
- If they appear on a sanctions list or are connected to a company facing sanctions.
- If they reside in a high-risk country, like those linked to terrorist organizations.
Stick to Reporting Requirements
The BSA mandates that financial institutions actively monitor transactions, maintain records, and also report activities that could potentially be showing signs of money laundering.
Some of the key BSA reporting requirements for US financial institutions include:
1. Suspicious Activity Report (SAR)
A SAR is filed when a financial institution detects suspicious or concerning activities or transactions, such as suspected insider trading, an unusually high volume of transactions, or specific international wire transfers. SARs can be submitted using the Bank Secrecy Act BSA E-Filing System no later than 30 calendar days after the date when signs of money laundering were initially detected.
2. Foreign Bank Account Report (FBAR)
The FBAR serves as a mechanism employed by the US government to identify individuals who might be employing foreign financial accounts as a way to evade US laws. Data within FBARs can help pinpoint and track funds potentially involved in illicit activities, as well as detect unreported income held or generated overseas.
That’s why customers are required to file an FBAR report annually if they have over $10,000 in foreign bank accounts. At the same time, financial professionals may also file the report on behalf of their clients.
3. Currency Transaction Report (CTR)
A CTR is a bank document employed in the US to, once again, deter money laundering and comply with AML laws. Banks are required to complete this form whenever a customer engages in a currency transaction exceeding $10,000. In simple terms, financial institutions file CTRs to report instances where a customer deposits or withdraws more than $10,000 in cash in a single day, whether through one or multiple transactions.
What is the Future of AML Laws in the US?
There’s no doubt that AML laws will continue to play a crucial role in aiding government agencies and law enforcement in identifying individuals and groups attempting to launder ill-gotten gains. And there’s absolutely no reason for businesses to try and avoid AML compliance obligations. Especially when the penalty associated with the BSA is a fine of $250,000 and a maximum prison sentence of five years. Thankfully, this can all be avoided.
Recent trends and developments in AI have also paved the way into the AML compliance field. US companies now have the potential to use AI-powered AML software to streamline processes and develop more effective AML screening and monitoring systems. At iDenfy, we offer KYC/AML solutions, enabling you to automate your compliance workflow without disrupting the end-user experience.