Compliance11 min read

Anti-Money Laundering: Complete US AML Compliance Guide

Complete US anti-money laundering guide: BSA requirements, FinCEN rules, OFAC obligations, SAR filing, CIP program, and AML compliance tools for US businesses.

Michael Torres, Compliance Director·February 5, 2026

Illustration for Anti-Money Laundering: Complete US AML Compliance Guide — Compliance

Summarize this article with

Anti-money laundering (AML) compliance in the United States is governed by a layered regulatory framework anchored by the Bank Secrecy Act (BSA), enforced by the Financial Crimes Enforcement Network (FinCEN), and supplemented by OFAC sanctions programs. The Anti-Money Laundering Act of 2020 (AMLA 2020) — the most significant reform of US AML law since the USA PATRIOT Act of 2001 — expanded the BSA's reach and introduced new beneficial ownership requirements that took effect in January 2024.

Non-compliance carries severe consequences: FinCEN civil money penalties can reach $1 million per day per violation, and criminal BSA violations carry up to 10 years' imprisonment for individuals.

This guide outlines the US AML requirements in effect as of February 2026, who is covered, and what a compliant program must include.

This article is for informational purposes only and does not constitute legal, financial, or regulatory advice.

What Is Anti-Money Laundering Under US Law?

Anti-money laundering under US law refers to the system of federal obligations that require "financial institutions" — a term broadly defined by the BSA — to detect, prevent, and report money laundering and related financial crimes. Money laundering consists of three stages:

Placement: criminal proceeds enter the financial system (cash deposits, purchase of monetary instruments)
Layering: complex transactions obscure the money trail (wire transfers, shell companies, trade-based laundering)
Integration: laundered funds re-enter the economy as apparently legitimate income

The United Nations Office on Drugs and Crime estimates that $800 billion to $2 trillion is laundered globally each year — approximately 2-5 % of global GDP — with the United States being a primary target given the size of its financial system (UNODC — Money Laundering Overview).

US Legal Framework: BSA, AMLA 2020, and FinCEN

The Bank Secrecy Act (BSA)

The Bank Secrecy Act of 1970 (31 U.S.C. §§ 5311-5336) established the foundational US AML framework. The BSA requires financial institutions to maintain records and file reports that have a high degree of usefulness in criminal, tax, and regulatory investigations.

Key BSA instruments include:

Currency Transaction Reports (CTRs): mandatory for cash transactions ≥ $10,000
Suspicious Activity Reports (SARs): required when a transaction is suspected to involve money laundering or other financial crimes
Currency and Monetary Instrument Reports (CMIRs): for cross-border movement of currency ≥ $10,000

The Anti-Money Laundering Act of 2020

The Anti-Money Laundering Act of 2020 (AMLA 2020), enacted as part of the National Defense Authorization Act for FY2021, represents the most significant overhaul of US AML law in two decades. Key provisions include:

Establishing an AML/CFT national priorities list — FinCEN published the first national AML/CFT priorities in June 2021, covering corruption, cybercrime, human trafficking, drug trafficking, fraud, and terrorist financing
Expanding BSA coverage to include certain non-bank entities
Introducing whistleblower protections and rewards (up to 30% of sanctions exceeding $1 million)
Mandating beneficial ownership reporting to FinCEN's new registry

The Corporate Transparency Act and Beneficial Ownership

Effective January 1, 2024, the Corporate Transparency Act (CTA) — enacted as part of AMLA 2020 — requires most US corporations, LLCs, and similar entities to report beneficial ownership information (BOI) directly to FinCEN (FinCEN BOI Reporting Requirements). Beneficial owners are individuals who own or control at least 25% of the entity, or who exercise substantial control over it.

Existing companies had until January 1, 2025 to file initial BOI reports. New companies formed in 2024 had 90 days from formation; companies formed after January 1, 2025 have 30 days.

US Supervisory Framework

Regulator	Supervised Entities
FinCEN (Treasury)	AML program and SAR requirements for all BSA-covered entities
OCC (Office of the Comptroller of the Currency)	National banks, federal savings associations
Federal Reserve	State member banks, bank holding companies
FDIC	State non-member banks
NCUA	Federal credit unions
SEC	Broker-dealers, investment advisers, investment companies
CFTC	Futures commission merchants, swap dealers
IRS/FBAR	Money services businesses (MSBs), non-bank entities
State regulators	Money transmitters, mortgage brokers (state-licensed)

FinCEN assessed $3.5 billion in civil money penalties for BSA/AML violations between 2018 and 2023 (FinCEN Enforcement Actions), with major actions targeting banks, crypto exchanges, and money services businesses.

Who Must Comply with US AML Requirements?

The BSA defines "financial institutions" to include:

Banks, savings associations, credit unions
Broker-dealers in securities (registered with SEC/FINRA)
Mutual funds
Money services businesses (MSBs): money transmitters, currency exchangers, check cashers, prepaid card issuers
Casinos and card clubs (gross annual revenues ≥ $1 million)
Insurance companies (certain life insurance products)
Futures commission merchants and introducing brokers
Virtual Asset Service Providers (VASPs): FinCEN's 2019 and 2021 guidance clarified that crypto exchanges operating in the US must register as MSBs

Professionals frequently ask: does a crypto startup need to register with FinCEN? If the startup is engaged in the exchange or transmission of virtual currency as a business — including operating a DeFi protocol that qualifies as a money transmitter — it must register with FinCEN as an MSB and implement a full BSA/AML compliance program.

The Five Pillars of a US AML Compliance Program

FinCEN regulations require covered financial institutions to implement an AML program built on five core components, commonly known as the "Five Pillars" (31 C.F.R. § 1020.210):

1. Customer Identification Program (CIP)

The Customer Identification Program (CIP) rule (31 C.F.R. § 1020.220) requires banks and other covered institutions to collect and verify identifying information for each customer who opens an account.

Minimum CIP requirements:

Name, date of birth, address, and identification number (SSN for US persons; passport number for non-US persons)
Verification using documentary or non-documentary methods (government-issued photo ID, credit reports, public databases)
Beneficial ownership certification for legal entity customers (25% threshold)

Enhanced Due Diligence (EDD) is required for customers classified as high-risk, including foreign private banking customers, senior foreign political figures (PEPs), and accounts from jurisdictions on FATF's grey or black lists.

Automated document verification accelerates CIP compliance by verifying the authenticity of government-issued IDs, extracting data via OCR, and flagging suspicious documents in real time.

2. Customer Due Diligence (CDD) Rule

FinCEN's CDD Rule (effective May 11, 2018, 31 C.F.R. § 1010.230) requires covered financial institutions to:

Identify and verify the identity of the beneficial owners of legal entity customers (ownership ≥25% and one individual with significant control)
Understand the nature and purpose of customer relationships
Conduct ongoing monitoring to detect and report suspicious transactions

As of February 2026, FinCEN is finalizing an updated CDD rule to align with the Corporate Transparency Act's beneficial ownership database, which will allow covered institutions to rely on FinCEN's BOI registry for certain verification purposes.

3. Suspicious Activity Reports (SARs)

The SAR filing obligation is one of the most operationally demanding AML requirements. Under 31 C.F.R. § 1020.320, banks must file a SAR when they know, suspect, or have reason to suspect a transaction involves:

Funds from illegal activity
Designed to evade BSA requirements (structuring)
No lawful purpose or is not the kind of transaction the customer would normally conduct

SARs must be filed within 30 calendar days of detecting the suspicious activity (60 days if no suspect can be identified at the time of filing). The SAR is filed electronically via FinCEN's BSA E-Filing System.

FinCEN received 3.64 million SAR filings in FY2022, up 59% from 2019 (FinCEN Annual Report FY2022). Banks accounted for 49% of all filings, with MSBs and casinos comprising the next largest groups.

4. Currency Transaction Reports (CTRs) and OFAC Screening

CTRs must be filed for each cash transaction exceeding $10,000 conducted by, through, or to a financial institution in a single business day. Multiple transactions by the same person in a single day that total over $10,000 must be aggregated (31 C.F.R. § 1010.311).

OFAC (Office of Foreign Assets Control) administers US economic sanctions programs. Financial institutions must screen all transactions and customers against OFAC's SDN (Specially Designated Nationals) list and other sanctions lists. OFAC violations are strict liability — intent is not required. OFAC assessed $1.5 billion in civil penalties in FY2023 (OFAC Civil Penalties Statistics).

5. Independent Testing and Training

31 C.F.R. § 1020.210 requires AML programs to include:

Independent testing (audit) of the AML program — typically by internal audit or an external firm
Designated AML compliance officer at the management level
Ongoing employee training on BSA/AML requirements and red flags
Policies, procedures, and controls reasonably designed to prevent money laundering

US AML Key Thresholds and Deadlines

Requirement	Threshold/Deadline	Legal Basis
Currency Transaction Report (CTR)	Cash ≥ $10,000	31 C.F.R. § 1010.311
SAR filing deadline	30 days (60 if no suspect)	31 C.F.R. § 1020.320
SAR retention	5 years from filing	31 C.F.R. § 1010.430
CIP verification	At account opening	31 C.F.R. § 1020.220
Beneficial ownership CDD	At account opening	31 C.F.R. § 1010.230
BOI reporting (CTA)	30 days (new entities 2025+)	31 C.F.R. Part 1010
FBAR filing deadline	April 15 (extension: Oct 15)	31 C.F.R. § 1010.350

State-Level AML Requirements

Federal BSA requirements do not preempt state law. Money transmitters operating in the US must also comply with state-level AML requirements, which vary significantly:

New York: New York State Department of Financial Services (NYDFS) Regulation 504 (2017) imposes enhanced transaction monitoring and filtering program requirements on DFS-licensed institutions
California: the California Money Transmission Act requires state-licensed money transmitters to maintain AML programs consistent with BSA standards
Texas: money transmitters licensed by the Texas Department of Banking must maintain written AML compliance programs

Technology and AML Automation in the US Market

US compliance professionals consistently raise the challenge of false positive management: financial institutions spend an estimated $180 billion annually on AML compliance globally, with false positive rates in transaction monitoring systems exceeding 95% (LexisNexis Risk Solutions — True Cost of Financial Crime Compliance 2023).

Automated document verification at the onboarding stage improves downstream data quality — reducing the number of suspicious alerts generated from misidentified customers. The CheckFile platform supports US identity documents (driver's licenses, state IDs, US passports) and integrates with existing CIP workflows via API.

For a broader view of AML compliance obligations and document validation strategies, see our comprehensive compliance guide and KYC 2026 requirements overview. View pricing and plan options.

Frequently Asked Questions

What is anti-money laundering under US law?

US anti-money laundering law requires financial institutions covered by the Bank Secrecy Act (BSA) to implement compliance programs that detect and report money laundering. The core obligations include customer identification (CIP), customer due diligence (CDD), suspicious activity reporting (SARs), currency transaction reporting (CTRs), and OFAC sanctions screening.

What did the Anti-Money Laundering Act of 2020 change?

AMLA 2020 was the most significant US AML reform since the PATRIOT Act. Key changes include: mandatory beneficial ownership reporting to FinCEN (effective January 1, 2024 under the Corporate Transparency Act), a national AML/CFT priorities list, expanded BSA coverage, enhanced whistleblower protections, and stronger information-sharing provisions between financial institutions and law enforcement.

What is FinCEN's role in AML enforcement?

FinCEN (Financial Crimes Enforcement Network), a bureau of the US Treasury, administers the BSA. FinCEN issues regulations, receives and analyzes BSA reports (SARs, CTRs), maintains the beneficial ownership registry established by the CTA, and enforces BSA compliance through civil money penalties and referrals for criminal prosecution. FinCEN coordinates with federal banking regulators and law enforcement agencies including the FBI and DEA.

How much can FinCEN fine a company for BSA violations?

FinCEN can impose civil money penalties up to $1 million per day per violation for willful or negligent BSA violations. For structuring violations, penalties can equal the amount structured. Criminal BSA violations carry up to 10 years' imprisonment and $500,000 in fines per violation for individuals. Institutions face penalties up to $1 million per violation, plus potential forfeiture of funds.

Does OFAC compliance apply to non-bank businesses?

Yes. OFAC's sanctions programs apply to all US persons and US-incorporated entities, regardless of whether they are financial institutions. Any US company that transacts with individuals or entities on the SDN list — or that facilitates transactions that violate US sanctions — is subject to OFAC enforcement. Penalties are strict liability: even unknowing violations can result in civil penalties.

Explore further

Discover our practical guides and resources to master document compliance.