28 Feb 2023

Regulation Focus Series | Article 3: United States and FinCen

Money laundering is a major concern for governments and financial institutions around the world, and the United States is no exception. 

In the US, there are numerous Anti-Money Laundering (AML) regulations enacted at both the federal and state levels designed to combat this type of illegal activity. These regulations are enforced by a number of government agencies, including the Financial Crimes Enforcement Network (FinCEN).

At the federal level, the Bank Secrecy Act (BSA) of 1970 serves as the main AML legislation in the US. This law requires financial institutions to report suspicious transactions over certain thresholds to FinCEN. It has also established records retention requirements for financial institutions and other regulated financial entities — such as Virtual Asset Service Providers (VASPs) — and established the rule of Currency Transaction Reports (CTRs) that need to be filed whenever a customer withdraws or deposits currency totaling more than $10,000 in one day. In addition, it requires banks and VASPs to file Suspicious Activity Reports (SARs) when they detect any activity that appears unusual or unlawful.

The USA PATRIOT Act of 2001 built upon the BSA by increasing reporting requirements for financial institutions and expanding FinCEN’s enforcement powers. It also established additional money laundering-related offenses such as bulk cash smuggling and terrorist financing activities. The USA PATRIOT Act also expanded information sharing among federal agencies and required all financial institutions to have an anti-money laundering program in place that includes customer identification programs.

In addition to federal laws, states may have their own AML regulations that must be adhered to by banks operating within their jurisdiction. These state laws often supplement existing federal regulations with additional reporting requirements or restrictions on certain types of transactions. Additionally, some states require banks to establish specific policies within their AML program that are designed to address threats posed by local criminal activity related to money laundering. 


FinCEN is tasked with overseeing compliance with all of these various regulations as well as enforcing them if necessary. The agency works closely with other government entities such as the Internal Revenue Service (IRS), Department of Homeland Security (DHS), Drug Enforcement Administration (DEA), Federal Bureau of Investigation (FBI), Immigration & Customs Enforcement (ICE), U.S Department Of Treasury Office Of Foreign Assets Control (OFAC), Small Business Administration Office Of Inspector General and many other law enforcement organizations who may become involved if suspicious activities are reported or detected.

To ensure that financial institutions comply with these various AML regulations, FinCEN conducts periodic reviews through its assessment program, which evaluates each bank or VASP’s AML compliance program based on key areas. These include: 

  • Customer due diligence measures
  • Reporting processes
  • Internal controls related to money laundering detection/prevention efforts, 
  • Training/awareness programs for personnel involved in money movement operations
  • And more 

Furthermore, FinCEN has established civil monetary penalties for any institution found not complying with applicable laws or failing to implement adequate controls measures against money laundering activities.

This means regulated businesses run the risk of significant liabilities if they do not adequately address their AML responsibilities through rigorous oversight practices. 


In the US, another important regulator is The Office of Financial Assets Control (OFAC). This authority is in charge with maintaining the country’s sanctions and watch lists — and ensuring that companies and/or individuals do not provide services or do business with sanctioned entities, regimes, countries or individuals. 

KYC Rules

Since 2009, foreign countries have been required under US Know Your Customer (KYC) legislation to provide timely updates regarding beneficial owners of accounts held abroad – this being done in order to protect against tax evasion and money laundering — as well as terrorist finance activities. 

Money Laundering poses a serious threat not only from a security perspective but from a legal standpoint too where violators can face hefty fines coupled with possible jail time if caught. For this reason it is important for all financial institutions and VASPs to establish and maintain rigorous KYC / AML practices in order to properly identify and vet their customers. 

Knowing the laws, understanding the risks, implementing effective controls and having an adequate program in place are all essential parts of staying compliant with these regulations and avoiding potentially costly sanctions.  

How to comply

Regulated businesses need to implement specific and rigorous KYC practices in order to comply with FinCEN regulations — and ensure that all customer information and documentation is accurate, up to date, and securely stored. 

KYC measures involve collecting and verifying data such as: 

  • Identity documents
  • Date of birth
  • Proof of address
  • Phone number
  • Citizenship and place of residence
  • Company registration and UBO data (for corporate customers)

In addition, regulated businesses need to carry out sanctions and watch list screening on their prospective customers, and carry out ongoing monitoring in order to keep track of any changes to their existing customers’ risk profiles. 

Financial service providers should also maintain clear records of the KYC/AML processes used to verify customers' identities and their ongoing monitoring practices; risk-based anti-money laundering controls; due diligence on beneficial owners; and customer due diligence procedures. 

Under FinCEN's rules, regulated companies are required to have programs in place to identify potential money laundering activities and protect themselves from being used by criminals or terrorists for financial gain. To meet these requirements, companies must commit to obtaining customer information necessary to establish a customer’s identity and assess the nature of their business relationship.

When it comes to keeping records related to KYC measures outlined by FinCEN, regulated companies should follow strict protocols for document retention and destruction that comply with applicable laws and regulations as well as corporate policies, in order to avoid any potential liability issues down the line. 

In order to comply with FinCEN rules, regulated businesses need to employ a risk-based approach (RBA) to their compliance and KYC/AML processes. This involves classifying potential customers according to predetermined risk factors — such as net worth, political connections, their source of funds and business operations and jurisdictions of operation — that inform a risk score. 

The risk score will then determine the degree and depth of compliance checks that need to be carried out on them. In simple terms, this means that low risk applicants can be onboarded with simple checks, medium risk customers with more extensive customer due diligence checks, and higher risk customers with enhanced due diligence. Some companies operating in sectors that are more vulnerable to money laundering will choose to not provide services to higher risk customers altogether. 

Regular audits must be conducted on an ongoing basis in order ensure compliance with AML laws as well as validating the accuracy of collected information. Companies should also have appropriate policies in place defining how they intend on responding if suspicious activity is detected or reported during a transaction. This provides further insight into their commitment towards preventing money laundering operations while preserving customer privacy at all times. 

How KYC-Chain can help

The good news is that despite the stringent compliance responsibilities and rules applied to regulated businesses, FinCEN also allows businesses to rely on third parties to conduct their compliance checks and protocols. 

By using KYC-Chain’s automated onboarding technology, regulated businesses can securely and efficiently onboard customers while remaining compliant with diverse and constantly-changing national and international financial regulations, including those outlined by FinCEN. This allows regulated companies to focus on their core business and scale into new markets without the need for large human compliance teams. 

Are you looking for an automated KYC provider? Get in touch and we’ll be happy to arrange a demo of how our solution works. 

Any Questions?

Our team is always ready to help you and your business.
Get in touch

Latest Articles

We should have some subheading here, it’s good for SEO as well
Regulation Focus Series | Article 11: Germany and BaFin
As Europe's largest economy and a major global financial powerhouse, Germany is unsurprisingly a major target for illicit financial activity.…
31 Jan 2024
What does the EU's MiCA Regulation mean for Crypto Companies?
The EU recently introduced a new regulation called the Markets in Crypto-Assets (MiCA) in order to regulate and supervise the…
23 Jan 2024
How to take your KYC onboarding to the next level in 2024
Each new year arrives with fresh perspectives and approaches, and this also applies in the world of KYC and AML.…
12 Jan 2024