BSA / AML
The Bank Secrecy Act and Anti-Money Laundering framework require US financial institutions to detect, report, and prevent money laundering — with significant technology obligations around transaction monitoring and suspicious activity reporting.
The Bank Secrecy Act (BSA) of 1970 — the foundation of the US anti-money laundering (AML) regime — requires financial institutions to maintain records and file reports that help government agencies identify and investigate money laundering and other financial crimes. Key obligations include Currency Transaction Reports (CTRs) for cash transactions over $10,000, Suspicious Activity Reports (SARs) for suspicious transactions over $5,000, Customer Identification Programs (CIP), and ongoing customer due diligence (CDD). FinCEN, the Financial Crimes Enforcement Network within the Treasury Department, administers the BSA.
The technology obligations of BSA/AML compliance are substantial. Transaction monitoring systems must analyze payment flows in real or near-real time to detect patterns consistent with money laundering — structuring, layering, and integration patterns that human review cannot catch at scale. Rule-based monitoring systems (alert on transactions over thresholds, alert on rapid movement of funds) are the baseline; machine learning-based systems that detect novel laundering patterns are increasingly expected by regulators. False positive rates matter operationally: a system that generates thousands of alerts per day for analyst review is not compliant in practice, even if it detects real suspicious activity.
The Corporate Transparency Act (CTA), effective January 2024, added beneficial ownership reporting requirements that create new data infrastructure obligations. Financial institutions must collect, verify, and maintain beneficial ownership information for legal entity customers — and must access the FinCEN Beneficial Ownership database to verify client representations. This creates new data collection flows, verification APIs, and ongoing monitoring requirements for banking technology systems.
We architect BSA/AML compliance into financial services technology — designing transaction monitoring systems that balance detection effectiveness with analyst workload, implementing CIP and CDD data collection and verification workflows, integrating with FinCEN systems for CTR and SAR filing, and building the audit trail infrastructure that FinCEN and OCC examiners evaluate. Our teams understand the examination process and build systems that survive it.
Compliance-Native Architecture Guide
Design principles and a structured checklist for building software that is compliant by default — not compliant by retrofit. Covers data architecture, access controls, audit trails, and vendor due diligence.