AML Compliance Guidelines: United States

The United States stands as the world’s largest and most interconnected economy, with New York City at its heart, serving as a global hub for banking, insurance, commerce, fintech, technological innovation, and cultural diversity. However, the sophistication of this dynamic economic landscape, brings significant challenges, especially in the domain of money laundering and terrorism financing. These crimes pose serious threats to economic development, national security, and the integrity of a country’s financial system. This anti-money laundering and sanctions compliance guideline aims to provide an overview of the regulatory framework of the United States and practices to combat these serious crimes, ensuring compliance and creating a secure financial environment in every respect.

AML Regulated Entities in the United States

Financial institutions (FIs) in the United States are required to develop and implement an anti-money laundering compliance program mandated by the Bank Secrecy Act (BSA) and its implementing regulations codified in 31 CFR Chapter X.

• Banks
• Insurance Companies
• Dealers in Precious Metals, Precious Stones, or Jewels
• Mutual Funds
• Securities Brokers or Dealers
• Introducing Brokers in Commodities
• Futures Commission Merchants
• Casinos
• Card Clubs (Gaming Clubs, Gaming Rooms)
• Non-Bank Residential Mortgage and Lenders and Originators (RMLO)
• Housing Govt. Sponsored Enterprise (GSE)
• Operators of Credit Card Systems
• Loan or Finance Companies
• Money Service Business (MSB)
• • Dealer in Foreign Exchange
  • Check Casher
  • Money Transmitter (Including Convertible Virtual Currency)
  • U.S. Postal Services
  • Seller or Issuer of Traveler’s Check or Money Orders
  • Seller or Provider of Prepaid Access

FIs Temporarily Exempted From AML Regulations

Following institutions included in the definition FIs are temporarily exempt from the BSA and its implementing regulations. However, after passing the anti-money laundering Act significant changes in the AML regime are being proposed including expansion in the scope of the anti-money laundering regulations to other sectors. Additionally, final rules have already been published for Investment Advisers and Persons involved in real estate closings and settlements. Enforcement of final rules will start taking place after the specified grace period for each sector has passed.

• Pawnbroker;
• Travel agency;
• Telegraph company;
• Seller of vehicles, including automobiles, airplanes, and boats;
• Person involved in real estate closings and settlements;
• Commodity pool operator;
• Commodity trading advisor;
• Investment company

Key AML Legislations in the USA

Bank Secrecy Act (BSA)

Originally enacted as the “Currency and Foreign Transactions Reporting Act” in 1970, the BSA Act required banks to maintain certain records and report large transactions. Since then the BSA has been amended several times to include new requirements like reporting of suspicious activities to detect and deter financial criminals to misuse the U.S. financial system.

USA PATRIOT Act

In response to the 9/11 attacks, USA legislators introduced significant changes to AML laws through, “Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism USA Patriot Act of 2001. By expanding the scope of AML obligations to several other industries (like credit unions and future commission merchants) adding requirements of customer identification program (CIP) and maintaining AML programs that meet minimum required standards.

Anti Money Laundering AML Act of 2020 (AML Act 2020)

The AML Act brought significant changes in the USA AML regime. It was the first time in decades that the BSA was comprehensively updated. The AML Act aims to modernize, streamline, and enhance the existing AML regime by encouraging innovation, regulatory reforms and increased cooperation between industry, regulators and law enforcement. One of the provisions of this act required a country-wide risk assessment related to threats to the financial system and national security to help formulate “AML/CFT Priorities”, and align AML/CFT priorities in the national AML framework and incorporate them at a firm level. Additionally, a provision ofthe  Corporate Transparency Act (CTA) which in turn is part of the AML Act, seeks Identification and disclosure of beneficial ownership information (BOI) to FinCEN and protocols related to access of BOI.

Key AML Regulatory Bodies in the United States

Financial Crimes Enforcement Network (FinCEN)

FinCEN, a part of the U.S. Department of Treasury, is the primary regulatory body entrusted with the implementation and enforcement of the Bank Secrecy Act. FinCEN is also the Financial Intelligence Unit of the United States, which receives, assesses and disseminates this information to law enforcement and other government bodies to prevent, prosecute and curb financial crimes. Under powers delegated to FinCEN, it issues regulations and interpretive guidance, takes feedback from the regulated industry, helps in the examination functions of the federal banking agencies and initiates civil enforcement actions where needed.

U.S. Securities and Exchange Commission (SEC)

The SEC plays an important role in overseeing the capital markets, promulgating rules to protect investors and ensure market integrity, and facilitating economic growth through capital formation. It supervises self-regulatory organizations, such as FINRA, national securities exchanges, and the Municipal Securities Rulemaking Board. Additionally, the SEC conducts examinations of registered investment companies (RICs) and securities broker-dealers to ensure compliance with anti-money laundering (AML) programs, in accordance with the Bank Secrecy Act (BSA ACT).

Financial Industry Regulatory Authority (FINRA)

FINRA is a self-regulatory organization that oversees 3400 brokerage firms and 612,000 registered representatives through examinations and enforcement. FINRA promulgates rules including for AML compliance that govern its members, provides guidance and conducts examinations of AML compliance programs, and provides a forum for arbitration and mediation to the securities broker-dealer industry.

Federal Banking Agencies

Apart from FinCEN, four federal banking agencies have the authority to impose civil money penalties for violations of the BSA on the institutions they supervise. Federal banking agencies are also part of the Federal Financial Institutions Examination Council (FFIEC) which provides guidance to examiners to conduct examinations of AML compliance program, client identification program, compliance with beneficial ownership identification and reporting, etc in accordance with BSA. These federal banking agencies supervise and regulate the following FIs:

Federal Reserve System (Fed)

• Bank holding Companies
• Savings and Loan holding Companies
• State Member Banks
• Foreign Bank offices in US

National Credit Union Administration (NCUA)

• Federal credit unions

Office of Comptroller of the Currency (OCC)

• National banking associations
• Federal saving associations
• Federal branch or agency of a foreign bank

Federal Deposit Insurance Corporation (FDIC)

• Any State nonmember insured bank
• Any foreign bank having an insured branch
• Any State savings association

Sanctions Compliance in the United States

Office of Foreign Assets Control (OFAC)

The Office of Foreign Assets Control (OFAC), a part of the U.S. Department of Treasury, administers and enforces US economic and trade sanctions programs. These sanctions can be comprehensive, like targeting the entire country or jurisdiction, or it can be specific like targeting individuals, vessels, aircraft or organizations engaged in certain harmful activities such as terrorism, drug trafficking, or weapons of mass destruction proliferation or other activities deemed to be against the foreign policy or national security of the U.S.

Scope of US Sanctions

All US persons must comply with OFAC sanctions including citizens and permanent residents irrespective of their location, all entities and individuals located in the United States, companies incorporated in the United States, and their foreign branches. Although not mandated by OFAC regulations, OFAC encourages organizations to implement a sanctions compliance program (SCP) to effectively reduce risk of non-compliance with applicable sanctions regulations. Some elements of a sanctions compliance program include implementing policies, procedures and controls to prohibit dealing with sanctioned persons and to identify and report transactions and properties linked to sanctioned and blocked persons.

Secondary Sanctions

The global reach of the US financial system extends the impact of the US sanctions worldwide. Foreign FIs that contravene US laws may face sanctions, including restricting access to the US financial system and having their assets in the US blocked, froze or confiscated. These penalties, known as secondary sanctions, highlight the risks for non-compliant entities. For instance, Executive Order 14114, empowers the Secretary of the Treasury to implement sanctions on foreign FIs who facilitate significant transactions for a person or entity operating in certain sectors of the Russian economy or military, as designated under Russian Sanctions.

Penalties for Non-Compliance with Sanctions Regulations

OFAC can impose substantial civil monetary penalties for violations of any sanction regulations and may also refer certain violations to appropriate law enforcement for criminal prosecution or investigations which upon conviction can result in a maximum of $1,000,000 in fine, or if a person 20 years imprisonment, or both. As of October 2024, OFAC has imposed $32,590,943 in civil penalties in 2024 against 5 organizations for violations related to sanctions regulations.

OFAC’s Guidance for Crypto Industry

OFAC also provides guidance specific to different sectors in the financial system like virtual currency industry, instant payment systems and dealers in high value artworks. OFAC’s guidance for sanctions compliance for the virtual currency industry suggests that in-house or third-party screening tools can be helpful for an effective sanctions compliance program. Guidance suggests following screening related best practices for virtual currency companies:

• Screening customer information against sanctions lists at the time of onboarding
• Screening transactions to identify addresses, including physical, digital wallet, IP addresses linked to sanctioned persons or jurisdictions
• Using screening tool’s fuzzy logic capabilities to address complexities related to misspellings and common name variations
• Ongoing sanctions screening and risk-based re-screening (screening existing customers when there’s an update or change in sanctions lists)

For more detailed information on industry best practices and regulatory guidance, please visit Sanctions Compliance Guidance for Instant Payment Systems, Guidance on Dealings in High-Value Artwork, and Sanctions Compliance Guidance for the Virtual Currency Industry.

AML Compliance in the United States

Anti-Money Laundering Program

An AML program should consist of following elements, be developed to ensure and monitor compliance with the AML Regulations following a risk based approach to detect and deter money laundering and terrorist financing;

• the development of internal policies, procedures, and controls;
• appointing a compliance officer
• an ongoing employee training program;
• designation of an independent audit function
• implement appropriate risk-based procedures for conducting ongoing customer due diligence, should include among other:
  • (i) Understanding the intended nature and expected use of account to develop a customer risk profile; and
  • (ii) Conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information or beneficial owner information

Watchlist Screening Requirements As Part of Client Identification Program (CIP)

A CIP program must be part of an AML program and should include risk-based policies, procedures and controls to

• obtain and verify the Identification information of customer and beneficial owners
• retain record for 5 years after the termination of business relationship
• determine if name of any customer or beneficial owner(s) appears on any govt lists related to known or suspected terrorists or terrorist organizations issued by any Federal government agency and designated as such by Treasury

Special Due Diligence and Prohibitions

Obligations in Relation to Correspondent Banking

FIs are obligated to have enhanced due diligence programs for correspondent accounts of a foreign financial institution which is incorporated in a country deemed to have weak AML/CTF regime or is operating under an offshore banking license.

Prohibition in Relation to Foreign Shell Banks in the United States

Certain FIs in the United States are prohibited from entering into correspondent banking relationships with the foreign shell banks and can’t maintain, manage or administer correspondent accounts on behalf of or for the foreign shell banks directly or indirectly through the use of an intermediary.

Obligations of the regulated entities in relation to Senior Foreign Political Figures

Under 31 U.S.C. 5318 and its implementing rules 31 CFR 1010.620, If you’re a covered financial institution dealing in private banking accounts you’re required to identify if a customer or a beneficial owner is a senior foreign political figures (SFPF) or any immediate family member or close associate of a senior foreign political figure.

Who is a covered financial institution?

You’re a covered financial institution if you’re a bank required to implement an AML compliance program, a mutual fund, a futures commission merchant or an introducing broker in commodities.

What are private banking accounts?

Private banking accounts are those accounts which have minimum aggregate deposit requirement of $1,000,000, are maintained by, or for the benefit of a non-US person and an employee, officer or agent of the bank is assigned to guide or manage such an account on behalf of the account holder.

Definition of Senior Foreign Political Figures

As defined in the rules, a senior foreign political figure (SFPF) is a current or a former, senior official in the executive, legislative, administrative, military, or judicial branches of a foreign government whether elected or not. It also includes a senior official of a major foreign political party and senior executive of a foreign government-owned commercial enterprise. The definition also covers any companies established by or for the benefit of a SFPF, a known close associate or an immediate family member of the SFPF.

Identification of Senior Foreign Political Figures in the United States

Covered financial institutions may use publicly available information like reliable media sources, government or parliamentary websites or alternatively, they may subscribe to commercially available databases who provide screening services.

Requirements Related to Private Banking Account

A covered financial institution providing private banking accounts is required to maintain a due diligence program with policies, procedures and controls that can reasonably detect and report any money laundering or suspicious activity through such accounts in the United States. Such program shall at minimum include:

• Policies, procedures and controls to detect and report money laundering
• Identify all nominal and beneficial account holders
• Determine if any client or beneficial owner falls in the category of SFPF
• Obtain information on expected use and purpose of account and source of funds
• Ongoing monitoring to ensure account activity aligns with information obtained and report to FinCEN in case of any unusual or suspicious behavior is identified

If a private banking account is connected to an SFPF, in addition to minimum due diligence standards the covered financial institution should perform increased scrutiny of such accounts to identify and report any proceeds of foreign corruption.

AML Reporting Requirements

All supervised institutions are obligated to file required reports to FinCEN via BSA e-filing within 30 days of such an event which triggers this requirement. Following reports are required to be submitted by different supervised institutions based on their activities:

Suspicious Activity Report (SAR)

AML supervised entities should submit suspicious activity reports to FinCEN for any transaction, totaling at least $5,000 ($2,000 in case of MSB) in funds or assets, if they know or has reason to believe that:

• Transaction involves funds from any illegal source, or is an attempt to hide their illegal source as a part of a plan to evade reporting requirements or violate any regulation or federal law.
• Transaction is designed to evade any requirement under implementing regulations of the BSA.
• Transaction lacks any apparent business or lawful purpose (after examining all available facts, background and possible purpose)

Currency Transaction Report (CTR)

All AML obligated financial institutions should report to FinCEN any cash transactions involving an aggregate amount exceeding $10,000.

Currency and Monetary Instrument Transportation Report (CMIR)

A person is required to file a CMIR report who attempts or causes to physically transport, ship or mail an amount exceeding $10,000 in currency or other monetary instrument to any place outside the United States, or to any place in the United States from outside the United States.

Foreign Bank and Financial Accounts Report (FBAR)

A United States person who has financial interest or signature authority over a foreign financial account that exceeds $10,000 at any time during a calendar year, must file an FBAR report.

Record Keeping

All supervised institutions are obligated to maintain a written record of policies procedures and controls related to AML compliance and customer identification programs. Records and documents used for customer identification and verification should also be maintained for up to 5 years after termination of such relationship. Records related to transactions shall also be maintained for 5 years after such a transaction was conducted.

Training and Awareness

Regulated entities should provide required training and awareness to their staff or employees to make them aware of regulatory expectations and to enable them to implement measures required by regulations to detect and report suspicious activities or transactions.

Penalties

A person convicted of money laundering offense under 18 U.S.C. 1956 can face a monetary fine up to $500,000 or up to 20 years in prison, or both.

FinCEN is authorized to implement substantial civil penalties, ranging between several hundreds to above $1 million, for different violations of Bank Secrecy Act and its implementing regulations, either done wilfully or arising out of negligence. Moreover, a wilful violation of different recordkeeping and reporting obligations or any requirements of implementing regulations, on conviction may attract substantial monetary penalties, or up to 10 years imprisonment, or both.

In 2023, FinCEN imposed a civil money penalty of $3.4 billion on Binance.com for not maintaining an effective AML program and facilitating transactions with the sanctioned entities.

Regulatory Guidances and Industry Best Practices for AML Compliance

Following are some of the best practices for AML compliance in the USA:

• Conducting through risk assessment to identify potential vulnerabilities in operations and customer base
• Implementing robust CDD procedures for identity verification and risk profiling of customers
• Ongoing monitoring of transactions to identify suspicious behavior
• Prompt reporting of suspicious transactions to the FinCEN
• Maintaining records of customers, transactions and compliance activities
• Conducting regular employee training and awareness programs
• Leveraging technology to identify high-risk customers by screening against PEP lists, watchlists, adverse media checks etc.
• Adapting to changing regulatory requirements and evolving risks

By utilizing these best practices an organization can effectively meet regulatory expectations and better mitigate risks.

FinCEN’s Guidance for Politically Exposed Persons (PEPs) Risk Assessment

In August, 2020, FinCEN and federal banking agencies, issued a joint statement regarding the due diligence requirements for the politically exposed persons (PEPs). Agencies do not interpret the term “PEP” to include U.S. public officials nor BSA/AML regulations define PEP. But the term is widely used in the financial industry to refer to foreign officials entrusted with prominent public functions including their close associates and immediate family members.

Although not all the PEPs are high risk merely because of their status, some PEPs may pose a high risk of money laundering due to their access to public funds, influential powers and jurisdictional connections. Given that PEPs may present a heightened risk for money laundering, it is obligatory for regulated entities to adopt risk management measures appropriate to each customer. Even though there isn’t a specific mandate for identifying PEPs, effective PEP screening is vital for assessing potential risks. Ignoring the risks of money laundering associated with PEPs may result in misuse of their business relations with a regulated entity. This could facilitate the laundering of proceeds from crimes or corruption ultimately resulting in hefty fines imposed by the regulators.

Regulated institutions must apply a risk based approach to CDD in developing risk profiles of all customers, including PEPs, and are required to maintain risk management systems reasonably designed to detect money laundering and report suspicious activity.

FinCEN suggests that when developing risk profile of a customer, financial institutions may consider factors like public function held by a client, access or influence over significant public funds, status of such position whether current or former, intended purpose and expected use of account, source of funds and geographies connected to activities and domicile.

Using a reliable screening solution could help regulated institutions develop an appropriate risk profile of a PEP by taking in account the category and seniority level of their position, jurisdictional connections, and relevant adverse information about their involvement in financial crimes (if any).

SIFMA’s Guidance for Sanctions and AML Screening

Securities Industry and Financial Markets Association (SIFMA) AML committee prepares AML related guidance material for its member firms from securities industry and financial markets. Suggested Due Diligence Practices for Hedge Funds provides comprehensive guidance to determine the level of due diligence (simplified or enhanced) suggested for different hedge funds based on factors like:

• registered jurisdiction of the hedge fund
• fund manager regulated by other jurisdictions or not,
• reputation of the hedge fund’s Administrator, its legal counsel or its auditor.
• involvement of any intermediaries

In any case, the minimum measures suggested to conduct due diligence includes performing screening and processes to review the results of such screening results. Guidance suggests that when screening name of hedge fund/manager or principal of hedge fund/manager following sources can be considered as an example:

• OFAC’s sanctions programs, including its list of Specially Designated Nationals (SDNs);
• Internal watchlists prepared by firms
• Other relevant global watch or sanctions lists;
• Lists of PEPs;
• Negative news databases for potential risk relevant information

Future of AML Regulations in United States

To achieve the objectives of AML Act through its years-long implementation and incorporate national priorities set by FinCEN every four years to counter evolving threats. The US regulatory landscape is poised to become more dynamic, adaptive and data-driven. Following are some of the future regulations which are set to become part of the AML framework in the US.

FinCEN Final Rule: Anti-Money Laundering Regulations for Residential Real Estate Transfers

Starting December 1, 2025, as per this Final Rule, certain professionals performing real estate closings or settlements will be required to report and retain specific information to FinCEN related to transfer of non-financed residential properties to specific legal entities or trusts. This real estate report shall be filed via the SAR portal of FinCEN within 30 days of conducting such transfer. This rule is a nationwide extension of FinCEN’s geographic targeting orders (GTOs) which previously served this similar purpose for specific jurisdictions in the United States.

FinCEN Final Rule: AML/CFT Program and SAR filing requirement for Registered Investment Advisers and Exempt Reporting Advisers

Currently, the Investment Advisors are not included in the definition of a financial institution and consequently are not required to develop and implement AML program or Customer Due Diligence measures. However, after conducting extensive research and assessments, FinCEN proposed reforms to current regulations, realizing the extent to which this sector can be exploited by criminals to hide or mix illicit finances in the financial system. As of July 31, 2023, there were 15,391 RIAs, reporting approximately $125 trillion in AUM for their clients whereas 5,846 ERAs with total gross assets of $5.2 trillion.

As per this Final Rule published on Sep 04, 2024, in the Federal Register, the Registered Investment Advisers (RIA) and Exempt Reporting Advisers (ERA) will be required to implement AML/CFT programs and file reports of suspicious activities in line with statutory obligations under BSA and its implementing regulations. This final rule will take effect from Jan 1, 2026.

Proposed Rule Making To Strengthen and Modernize FIs AML/CFT Programs

In June, 2024 FinCEN issued a notice of proposed rule making (NPRM) to strengthen and modernize the AML/CFT programs maintained by the financial institutions. This new rule expressly requires FIs to develop effective, risk-based and reasonably designed AML/CFT programs to dedicate resources in a manner that aligns with the risk profile of each customer. This proposed rule also emphasizes avoiding a one-size-fits-all approach. PEP screening, adverse media checks and sanctions screening is essential to assess the potential risks associated with each customer in the risk profiling process.

AML Guidance for Legal Sector

The US Senate blocked Enablers Act in 2022 which would have, for the first time, brought the legal sector under the umbrella of AML regulations. However, lawmakers are hopeful that this legislation — a crucial instrument to curb the money laundering in the US financial system, will be passed in future through alternative arrangements. American Bar Association (ABA) opposed this legislation arguing it would breach client-attorney confidentiality by requiring lawyers to report privileged information to government agencies.

Although the legal sector is not obliged to comply with every element of AML laws, rules or regulations and reporting requirements it entails. Lawyers are still subject to the federal laws prohibiting conduct that aid or facilitate money laundering. Similarly lawyers are also subject to restrictions applicable to all U.S. persons to not deal with individuals or entities publicly sanctioned or included in SDN list.

ABA’s Good Practices Guidance for lawyers recommends using a risk-based approach in line with FATF recommendations where appropriate to conduct client due diligence to avoid facilitating illegal activity or recklessly being part of a criminal activity. Guidance suggests lawyers should apply enhanced due diligence where reasonable, for example where a client is a politically exposed person (PEP), belongs to a jurisdiction subject to sanctions or embargoes by the UN, or identified by reliable sources to have a significant level of corruption or other criminal activity.

The dynamic regulatory landscape in the United States necessitates a risk based approach (RBA) for AML compliance programs. Effective implementation of RBA requires access to extensive and up to date data that can accurately measure risk levels associated with each customer.

References

•  31 CFR Chapter X
•  31 U.S.C. 5312
•  USA Patriot Act of 2001
•  AML Act
•  Executive Order 14114
•  Final Rule: AML/CFT Program and SAR filing requirement for Investment Advisers
•  Enablers Act in 2022