Introducing Professional Services. Learn how we can help accelerate your payments transformation.Learn more →
The Bank Secrecy Act (BSA)—also known as the Currency and Foreign Transactions Reporting Act—is a piece of legislation designed to help prevent fraud. More specifically, the BSA is designed to help financial institutions avoid being used by criminals to hide or launder money, support criminal enterprises or terrorist groups, evade taxes, or otherwise participate in unlawful acts.
The Bank Secrecy Act requires banks and other financial institutions to document to regulators whenever their clients deal with suspicious cash transactions, and helps to identify the source, volume, and movement of currency that is transported or transmitted into or out of the United States. While there is no clear definition of “suspicious cash transactions” included in the BSA, documentation is required for any transactions over $10,000.
While generally considered a positive piece of legislation, there is some criticism of the Bank Secrecy Act. For example, the BSA does not provide clear guidelines on what deems a cash transaction suspicious or not. In addition, the BSA requires a huge amount of collecting and maintaining data on the part of financial institutions. There is also a large time burden placed on law enforcement agencies and officers who are responsible for sorting through that data to identify true instances of fraud.
History of the Bank Secrecy Act
The Bank Secrecy Act was originally passed in 1970 and signed into law by President Richard Nixon. Since then, it has been updated and amended several times to strengthen anti-money-laundering programs at financial institutions across the country.
How does the Bank Secrecy Act work?
Businesses and financial institutions adhere to the BSA by filing different types of reports.
As a general rule, the Internal Revenue Service (IRS) requires that Form 8300 be filed if a business receives more than $10,000 in cash from an individual buyer through a single transaction or two or more related transactions. Form 8300 is required if any part of the transaction occurred within the United States or its territories. This IRS rule applies to everyone: individuals, companies, corporations, partnerships, associations, trusts, and estates all must file Form 8300 by the 15th day after the transaction takes place.
On the bank’s side, banks and financial institutions are required to complete a Currency Transaction Report (CTR) for cash transactions that exceed $10,000 in a single day. CTRs are required for that $10,000 amount even if the amount is exceeded by multiple transactions. A CTR will include the name of the individual completing the transaction, as well as their bank account number, address, and social security number. There are also penalties for financial institutions that fail to file a Currency Transaction Report when required.
Additionally, when a transaction seems suspicious—meaning it could point to money laundering or the client appears to be trying to avoid BSA reporting—the financial institution is required to file a suspicious activity report (SAR). An SAR reports the suspicious activity to the Financial Crimes Enforcement Network (FinCEN). Suspicious Activity Reports are filed by banks confidentially, and there are penalties for banks who disclose to a client that they have filed an SAR.
The Office of the Comptroller of the Currency (OCC) conducts regular examinations of banks, federal savings associations, federal branches, agencies of foreign banks in the US, and other financial institutions to ensure compliance with the BSA.
Try Modern Treasury
See how smooth payment operations can be.
Learn
Compliance is a crucial function for any company that moves money on behalf of their customers. Dive into the fundamentals behind key compliance processes like KYC, KYB, transaction monitoring, and more.
Compliance risk management (CRM) is the ongoing process of identifying, assessing, and mitigating potential risks that threaten an organization’s business.
Customer due diligence (CDD) is a process used at financial institutions (FIs) when working with potential new customers.
The Customer Identification Program (CIP), part of the Know Your Customer program guidelines, requires that financial institutions in the U.S. verify that customers (both individuals and businesses) are who they say they are when they open new accounts for themselves or other people.
FinCEN, short for Financial Crimes Enforcement Network, is a government bureau that aims to prevent money laundering and other financial crimes—and punish bad actors that commit them.
Know Your Business (KYB) is a set of verification procedures that helps companies avoid getting into business with criminals.
The Office of the Comptroller of the Currency (OCC) is a federal agency that "charters, regulates, and supervises" all national banks.
According to the Department of Labor (DOL), Personal Identifiable Information (PII) is any information from which a person’s identity can be either directly or indirectly inferred.
A Politically Exposed Person (PEP) is someone that might be more likely to break the law or be corrupt because of the power their position affords them.
Specially Designated Nationals (SDN) are individuals and entities tied to countries that the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has hit with sanctions.
A Suspicious Activity Report (SAR) is a report that a bank or other financial institution must file if it suspects that a customer might be breaking the law and committing fraud, financing terrorism, or laundering money.
Anti-money laundering (or AML) compliance entails a careful adherence to rules and regulations aimed at combating illicit financial activities.
Know Your Customer or Know Your Client (KYC) is a set of guidelines for verifying the identity of a customer and gauging the associated risk of working with them.
The Office of Foreign Assets Control (OFAC) is a financial intelligence and enforcement agency under the jurisdiction of the US Treasury Department.
PCI DSS certification means your business has met the requirements laid out in the Payment Card Industry Data Security Standard (PCI DSS) to secure payment card data.
Service Organization Control 2 (SOC 2) is a voluntary auditing procedure that service providers complete to keep their clients’ data secure from cyber attacks.
Section 314(a) is part of the USA Patriot Act that enables financial institutions (FIs) and law enforcement to work together to fight money laundering and terrorist activity.
Section 314(b) and Section 314(a) of the USA Patriot Act both relate to information requests under the Banking Secrecy Act (BSA).
A currency transaction report (CTR) is a report made by U.S. financial institutions aiming to prevent money laundering.
An Agent of the Payee is a person, entity, or other intermediary specifically appointed by a payee to process and collect payments on their behalf.
Identity Verification APIs allow businesses to streamline the process of checking the identities of new users by automatically, and in some cases instantly, verifying their provided identifying information.
The Bank Secrecy Act (BSA)—also known as the Currency and Foreign Transactions Reporting Act—is a piece of legislation designed to help prevent fraud.
The Electronic Fund Transfer Act (EFTA) is a federal law in the U.S. that regulates electronic transactions to protect consumers.
Subscribe to Journal updates
Discover product features and get primers on the payments industry.