What is the Bank Secrecy Act?

The Bank Secrecy Act is the foundational piece of anti-money laundering legislation. By providing the first mandate for financial institutions to create and maintain an anti-money laundering program, it sets the stage for transaction monitoring, suspicious activity reporting, and more. The BSA has been amended and expanded several times over the years, but continues to serve as the modern legal basis for compliance work.

Introduction: What is the Bank Secrecy Act?

The Bank Secrecy Act (BSA) is the original piece of anti-money laundering legislation. Passed in 1970, it set up the framework on which all modern compliance is based. In the intervening decades, it has been amended and supplemented by other pieces of legislation (such as the Money Laundering Control Act of 1986, the PATRIOT Act of 2001, and Anti-Money Laundering Act of 2020), but its core tenets continue to provide the foundation for modern anti-financial crime efforts.

Prior to the BSA, there was no established communications pathway between financial institutions and law enforcement. This meant that – once criminal proceeds entered the financial system – tracking where they came from, how they were moved, and what they were used for was next to impossible. The purpose of the Bank Secrecy Act was to connect these two entities in order to help fight financial crime. 

What’s included in the Bank Secrecy Act?

Amendments and additions have expanded the purview of the BSA over the years, but from its inception, the Act called for financial institutions to appoint a chief compliance officer to construct and oversee a compliance program. That program would grow to include a number of requirements across the following categories.

• Customer/Business Identification – The BSA didn’t originally contain the safeguards we now know as Know Your Customer (KYC) and Know Your Business (KYB), but over the years it has been amended to include recordkeeping requirements. This helps ensure that banks accurately identify essential information about the individuals and institutions with whom they do business.
• Transaction Monitoring and Reporting – From the get-go, the BSA required financial institutions to file documentation for any transaction over $10,000. (This involved filing a Currency Transaction Report for single transactions, or an IRS form 8300 for multiple transactions totaling $10,000+ in a single day.) Similar to identity verification, however, these requirements have expanded over the years, and Transaction Monitoring is now one of the core compliance practice areas, with criteria for what constitutes suspicious activity being specified by a company’s internal policies.

• Internal Policies and Controls – The development of a robust internal compliance policy is integral to BSA adherence. By capturing and recording its internal controls and policy requirements, a financial institution crafts a policy that reflects its product offering, customer base, geography, and individual risk profile. 

What are the “Five Pillars of Compliance?” 

The Five Pillars of Compliance refer to the minimum requirements required for the establishment of an effective BSA/AML compliance program. The pillars are:

1. The establishment and implementation of effective internal policies and procedures. 
2. The designation of a qualified and experienced compliance officer responsible for managing the program.
3. Regular training for all employees focused on the program, its controls, and individual roles and responsibilities. 
4. Independent testing of the program. Testing must be handled by a third party, or by financial institution employees with no responsibility over the program. 
5. The establishment of appropriate procedures for ongoing Customer Due Diligence (CDD).

Fun fact: there only used to be four pillars. The fifth compliance pillar was added in 2016 to include a new rule from FinCEN regarding additional requirements for Customer Due Diligence and Beneficial Ownerships requirements.   

Does the Bank Secrecy Act still matter? 

When the BSA was first passed, financial institutions were not happy about it. Many saw BSA requirements and compliance work as a hindrance to the financial sector’s ability to do business. The wave of unrest was so strong that in 1974 a lawsuit actually challenged the constitutionality of the Bank Secrecy Act. (The Supreme Court held the act constitutional.)

Over time, however, compliance and AML work has become a standard part of financial industry operations. No one today would argue that money laundering isn’t a major problem for financial markets around the globe. But while its right to exist is no longer questioned, many continue to criticize its effectiveness as a deterrent to crime. For every major take-down of money launderers or organized crime rings, these groups argue, there are billions of dollars in illicit funds moving smoothly through the financial system. 

Is the criticism valid? The answer depends in part on how you look at the problem. Compliance programs have historically followed a rules-based approach, meaning that success is measured based on how well a financial institution “checks all the boxes” on its policy to-do list. With the advent of modern data analytics and increased information transparency, however, there is a growing call for an outcomes-based approach, where effectiveness in stopping crime is prioritized over precisely following a complex set of rules. 

Compliance is – by design – built on regulation, and regulations cannot exist in a vacuum. Each of the major amendments to the Bank Secrecy Act is based on the original principles it established. It’s clear that compliance, like all industries, is changing rapidly, and that new methods and technologies will need to be employed as part of this development. The Bank Secrecy Act has continued relevance, then, not as a direct rulebook for how compliance work should be done, but as a way to understand the circumstances and motivations that created financial compliance in the first place.