Insurance KYC Compliance in the US 2026: FinCEN, BSA, and AML Obligations

US insurance companies have operated under a distinct anti-money laundering (AML) framework since the USA PATRIOT Act (Title III, 2001) directed FinCEN to extend Bank Secrecy Act (BSA) obligations to certain insurance products. In 2026, the regulatory landscape for insurance AML in the United States combines federal FinCEN requirements, state insurance department oversight, NAIC model regulations, and the expanded Corporate Transparency Act (CTA) beneficial ownership rules that took effect in 2024. Unlike the EU's AMLD6 framework, US insurance AML rules apply selectively based on product type and company structure.

This article is for informational purposes only and does not constitute legal, financial, or regulatory advice. Regulatory references are accurate as of the publication date. Consult a qualified professional for advice tailored to your situation.

The US Insurance AML Framework: FinCEN and the BSA

The primary federal AML authority for insurance companies is the Financial Crimes Enforcement Network (FinCEN), a bureau of the US Treasury Department. FinCEN's 31 CFR Part 103 / Part 1025 specifically addresses insurance companies covered by the BSA.

FinCEN's 2016 Insurance AML guidance clarified that "covered" insurance products — primarily life insurance with a cash value — require a formal AML program, while "non-covered" property-casualty products do not. This distinction remains the bedrock of US insurance AML compliance. For a broader view of document compliance frameworks, see our document compliance guide.

Which Insurance Products Are "Covered" Under FinCEN Rules?

The dividing line is whether the product accumulates cash value that can be surrendered or borrowed against. Products with such features are "covered" and require a full AML program.

Core AML Program Requirements for US Insurers

Under 31 CFR § 1025.210, a covered insurance company must implement a written AML program that contains four required elements:

1. Customer Identification Program (CIP)

US insurers must establish a Customer Identification Program that verifies the identity of each person applying for a covered insurance product. CIP requirements include:

• Collection of identifying information: legal name, date of birth, address, and Social Security Number (SSN) for US persons, or passport number and country of issuance for non-US persons
• Identity verification: within a reasonable time before or after the business relationship begins, using documentary methods (government-issued photo ID such as a US driver's license or passport) or non-documentary methods (credit bureau checks, public record queries)
• Beneficial ownership: since FinCEN's Customer Due Diligence (CDD) Rule (31 CFR 1010.230) was extended, insurers must identify beneficial owners of legal entity customers — individuals owning 25% or more, and one control person

2. Ongoing Monitoring

US insurers must continuously monitor covered insurance transactions and policies for indicators of money laundering or terrorist financing. Red flags specific to the US insurance context include:

• Purchase of large-value single-premium policies with cash, money orders, or wire transfers
• Early surrender of policies shortly after inception with apparent disregard for penalties
• Frequent policy loans or withdrawals inconsistent with financial profile
• Changes of beneficiary to unrelated third parties in high-risk jurisdictions
• Policies funded by multiple third parties without clear explanation

3. Suspicious Activity Reporting (SARs)

31 CFR § 1025.320 requires covered insurance companies to file a SAR with FinCEN within 30 calendar days of detecting a suspicious transaction of $5,000 or more. The 30-day clock begins when the insurer initially detects facts that may constitute a suspicious transaction.

SARs are filed electronically through FinCEN's BSA E-Filing System. All SARs are confidential — "tipping off" the subject of a SAR is a federal crime.

4. Employee Training

The AML program must include ongoing training for all relevant employees, including agents and brokers involved in covered product sales. Training must cover: recognition of suspicious activity, SAR filing obligations, CIP requirements, and the consequences of non-compliance.

Corporate Transparency Act (CTA) Impact on Insurance Companies

The Corporate Transparency Act (CTA) took effect January 1, 2024, requiring most US business entities to report beneficial ownership information (BOI) to FinCEN. The CTA affects insurance company clients in two ways:

• Business-owned policies: when a corporate entity takes out a life insurance or annuity product, the insurer should cross-reference FinCEN's BOI database (once fully operational) to verify beneficial ownership
• Insurance holding companies: depending on their structure, insurance groups may themselves be subject to CTA BOI reporting requirements

The CTA's 25% ownership threshold for BOI reporting aligns with FinCEN's CDD Rule — but the CTA uses the SSN or Tax ID Number (EIN) as the identifier, not a passport number.

State-Level Insurance AML Requirements

Unlike the EU's harmonised AMLD6 framework, US insurance regulation is primarily state-based. The National Association of Insurance Commissioners (NAIC) has developed model regulations that most states have adopted to varying degrees:

• NAIC Model Anti-Money Laundering Program for Life Insurers: the most widely adopted model, requiring a formal AML program, CIP, and SAR filing
• State department of insurance oversight: each state insurance department (e.g., the New York Department of Financial Services, California Department of Insurance) may impose additional requirements beyond NAIC models
• OFAC screening: insurers must screen policyholders and beneficiaries against OFAC's Specially Designated Nationals (SDN) list, with asset-blocking and reporting obligations for matches

New York's Department of Financial Services (DFS) has been particularly active in AML enforcement for insurers, having issued guidance and examination procedures that exceed federal minimums in areas such as beneficial ownership verification and transaction monitoring. For US-domiciled insurers writing New York business, compliance with DFS requirements is effectively a higher standard.

Enhanced Due Diligence: High-Risk Situations for US Insurers

US insurers should apply enhanced scrutiny in the following situations:

• Politically Exposed Persons (PEPs): foreign government officials and their immediate family — defined by the FFIEC BSA/AML Examination Manual
• OFAC-listed individuals or entities: FinCEN and OFAC enforcement actions against insurers for sanctions violations have resulted in significant civil penalties
• High-risk jurisdictions: FATF grey-list countries, OFAC-sanctioned jurisdictions, and FinCEN-identified primary money laundering concerns under Section 311 of the USA PATRIOT Act
• Non-US persons applying for large cash-value policies: source of wealth and source of funds documentation is essential

Unlike the EU's mandatory EDD requirement for all PEPs, the US framework applies a risk-based approach — but practically, any PEP applying for a large-value covered insurance product will warrant enhanced scrutiny. Review our enhanced due diligence compliance guide for structured protocols.

Automation of Insurance KYC in the US

US insurers can leverage automated document verification to meet FinCEN's CIP documentation requirements at scale while maintaining the audit trail needed for regulatory examination. CheckFile's platform supports US identity document verification including:

• US passports and driver's licenses (all 50 states and territories)
• SSN verification for CIP purposes through integrated data sources
• Automated OFAC and sanctions list screening
• Beneficial ownership document processing

The operational benefits for US insurance compliance teams include consistency across distribution channels, reduced manual processing time for CIP documentation, and automated generation of audit logs for annual independent testing requirements. See our pricing page for US-specific plans.

FinCEN Enforcement and Penalties

FinCEN enforces BSA requirements against insurance companies through civil monetary penalties. Under 31 USC § 5321, civil penalties can reach:

• Up to $25,000 per day per violation for negligent failures to implement required AML procedures
• Up to $100,000 per day for wilful or reckless violations
• Criminal penalties of up to 10 years imprisonment for wilful violations under 31 USC § 5322

FinCEN also coordinates with the DOJ, FBI Financial Crimes Unit, and state insurance departments for enforcement actions. The FinCEN enforcement actions page is a valuable resource for understanding enforcement priorities in the insurance sector.

Frequently Asked Questions

Are independent insurance agents required to have their own AML programs?

It depends on their relationship with the carrier. Under FinCEN's rule, the primary AML compliance obligation falls on the insurance company, not independent agents. However, carriers typically contractually require agents to follow the carrier's AML procedures, and agents selling covered products through multiple carriers may need their own program if they constitute a "covered" financial institution.

How does US insurance AML differ from AMLD6 for global insurers?

The key differences are: (1) US rules apply selectively by product type (cash-value products only), while AMLD6 applies broadly to life insurance in all EU member states; (2) the US uses a two-tier federal/state system vs. the EU's harmonised framework; (3) the US threshold for SAR filing is $5,000 vs. €10,000 under AMLD6; and (4) EU beneficial ownership thresholds are tightening to 15% vs. the US's 25% CDD threshold.

What happens if an insurer fails to file a required SAR?

Failure to file a required SAR can result in civil monetary penalties from FinCEN, referral for criminal investigation if wilful, and state insurance department action including license suspension. In significant cases, FinCEN has coordinated with state insurance departments to take joint action.

Does the CTA replace the CDD Rule's beneficial ownership requirement for insurers?

No — they are separate and complementary requirements. The CDD Rule requires insurers to collect beneficial ownership information from customers at the time of the transaction. The CTA requires business entities themselves to register their beneficial owners with FinCEN. Insurers should use both sources of information to build a comprehensive picture of their corporate policyholders.

How often must an AML program be tested for US insurance companies?

FinCEN requires that covered insurance companies conduct independent testing of the AML program at least annually. Testing can be performed by an internal audit function (if sufficiently independent) or an external third-party reviewer. The testing must evaluate all four elements of the AML program.