FFIEC BSA/AML Examination Manual

Updated 2026-05-17

The Federal Financial Institutions Examination Council (FFIEC) BSA/AML Examination Manual is a comprehensive guidance document for examiners, providing uniform principles, standards, and procedures for conducting examinations related to the Bank Secrecy Act (BSA), Anti-Money Laundering (AML), and Office of Foreign Assets Control (OFAC) sanctions.

Purpose and Scope

The manual serves several key purposes:

• Guidance for Examiners: It offers detailed instructions for examiners from federal and state banking agencies to assess financial institutions' compliance programs.
• Risk Management Focus: It emphasizes the importance of sound risk management practices to identify and control risks associated with money laundering and Terrorist Financing.
• Consistency: It is a collaborative effort to ensure consistency in the application of BSA/AML requirements across various regulatory bodies.
• Integration of OFAC: While OFAC regulations are distinct from the BSA, the manual integrates guidance for examining a bank's OFAC compliance program due to their shared national security goals. Examiners review a bank's OFAC risk assessment and independent testing to determine the extent of the OFAC compliance review during an examination.

Structure of Examinations

The manual is structured to allow examiners to tailor the examination scope and procedures to the specific risk profile of each banking organization. Examinations typically involve:

• Core Examination Procedures: These address fundamental legal and regulatory requirements of the BSA/AML compliance program.
• Expanded Examination Procedures: These cover specific lines of business, products, customers, or entities that may present unique challenges and elevated BSA/AML risks (e.g., funds transfers, foreign correspondent banking).

Bank Secrecy Act (BSA)

The Bank Secrecy Act (BSA), formally known as the Currency and Foreign Transactions Reporting Act of 1970, is the foundational federal statute for anti-money laundering (AML) efforts in the United States. It establishes requirements for record-keeping and reporting by private individuals, banks, and other financial institutions.

Purpose of the BSA

The BSA was designed to help identify the source, volume, and movement of currency and other monetary instruments transported or transmitted into or out of the United States or deposited in financial institutions. It achieves this by requiring:

• Individuals, banks, and other financial institutions to file currency reports with the U.S. Department of the Treasury.
• Proper identification of persons conducting transactions.
• Maintenance of a paper trail through appropriate records of financial transactions.

These records are crucial for law enforcement and regulatory agencies to investigate criminal, tax, and regulatory violations, and to prosecute money laundering and other financial crimes.

Evolution and Key Amendments to the BSA

• Money Laundering Control Act of 1986: Criminalized money laundering and structuring transactions to evade reporting requirements. It also directed banks to establish BSA compliance programs.
• Annunzio-Wylie Anti-Money Laundering Act (1992): Strengthened sanctions for BSA violations and enhanced the role of the U.S. Treasury.
• Money Laundering Suppression Act of 1994 (MLSA): Further addressed the U.S. Treasury’s role in combating money laundering.
• USA PATRIOT Act (2001): Significantly expanded AML requirements, criminalized Terrorist Financing, strengthened customer identification procedures, and improved information sharing.

Administration and Enforcement of the BSA

FinCEN, a bureau of the U.S. Treasury, is the delegated administrator of the BSA. Federal banking agencies, such as the Federal Reserve, FDIC, NCUA, and OCC, are responsible for examining banks within their jurisdictions for BSA compliance and enforcing its provisions.

Violations of the BSA carry severe criminal and civil penalties.

Anti-Money Laundering (AML) Programs

The manual outlines the core components of an effective BSA/AML compliance program, which financial institutions are required to establish and maintain to prevent and detect money laundering and terrorist financing. These programs are a cornerstone of compliance with the Bank Secrecy Act (BSA) and its implementing regulations.

Core Components of an Effective BSA/AML Compliance Program

As outlined in the FFIEC BSA/AML Examination Manual, an effective program typically includes:

1. Internal Controls: Policies and procedures designed to ensure ongoing compliance.
2. Designated Compliance Officer: An individual responsible for managing the day-to-day operations of the AML program.
3. Ongoing Employee Training: Education for staff on their responsibilities under BSA/AML.
4. Independent Testing: Periodic reviews by internal or external parties to assess the program's effectiveness.
5. Risk-Based Approach: The program must be commensurate with the institution's risk profile, meaning higher-risk activities, products, customers, or geographic locations require more stringent controls and monitoring.

Regulatory Basis for AML Programs

The requirement for AML programs was significantly expanded by the USA PATRIOT Act of 2001, which mandated AML programs for all financial institutions as defined under 31 U.S.C. § 5312(a)(2). Prior to this, federal banking agencies already required banks under their supervision to have BSA compliance programs.

Purpose of AML Programs

The primary purpose of AML programs is to:

• Guard against money laundering and terrorist financing.
• Ensure compliance with the BSA and its implementing regulations.
• Identify and report suspicious transactions to law enforcement through Suspicious Activity Reports (SARs).

Financial institutions that fail to implement adequate controls and maintain effective AML programs face significant criminal and civil penalties.

Financial Crimes Enforcement Network (FinCEN)

The Financial Crimes Enforcement Network (FinCEN) is a bureau of the U.S. Department of the Treasury. Its mission is to safeguard the financial system from illicit use, combat money laundering, and promote national security through the collection, analysis, and dissemination of financial intelligence and strategic use of financial authorities.

FinCEN is responsible for administering the Bank Secrecy Act (BSA), which requires financial institutions to assist U.S. government agencies in detecting and preventing money laundering. For certain non-depository financial services companies, particularly those classified as Money Service Businesses (MSBs), registration with FinCEN is mandatory.

The nmls-company-form-mu1 includes a section (Section 9F) where applicants must disclose their FinCEN Registration if they are an MSB. This includes providing the FinCEN Confirmation Number and the filing date. This registration is a critical component of anti-money laundering (AML) compliance for companies engaged in activities such as money transmitting, check cashing, and currency exchange.

Impact of the USA PATRIOT Act on FinCEN's Role

FinCEN's role and the broader anti-money laundering (AML) framework were significantly expanded and strengthened by Title III of the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (USA PATRIOT Act). Formally known as the International Money Laundering Abatement and Anti-Terrorist Financing Act of 2001, this legislation was enacted in response to the September 11, 2001, terrorist attacks. It is considered one of the most significant AML laws since the original BSA.

The USA PATRIOT Act fundamentally reshaped the regulatory landscape for financial institutions, placing a greater emphasis on preventing Terrorist Financing and enhancing the tools available to law enforcement and regulators. Key provisions and impacts include:

• Criminalizing the financing of terrorism: Explicitly made it a crime to provide financial support to terrorist activities.
• Expanding AML program requirements: Mandated that all financial institutions establish AML programs. While the Act expanded the requirement, some financial institutions were temporarily exempted from final rules at the time of the FFIEC manual's publication (31 CFR 1010.205).
• Strengthening customer identification procedures: Required financial institutions to implement robust Customer Identification Programs (CIP).
• Prohibiting business with foreign shell banks: Aimed at preventing illicit funds from entering the U.S. financial system through opaque entities.
• Requiring due diligence and Enhanced Due Diligence (EDD): Mandated due diligence procedures for foreign correspondent and private banking accounts, with EDD required in certain high-risk cases.
• Improving information sharing: Facilitated greater information exchange between financial institutions and the U.S. government to combat financial crime.
• Increasing civil and criminal penalties: Augmented the existing penalties for money laundering and other financial crimes.
• Granting "special measures" authority: Provided the Secretary of the Treasury with authority to impose special measures on jurisdictions, institutions, or transactions deemed of "primary money-laundering concern."
• Facilitating records access: Required banks to respond to regulatory requests for information within 120 hours.
• Considering AML record in mergers: Required federal banking agencies to consider a bank’s AML compliance record when reviewing mergers, acquisitions, and other applications for business combinations.

Relationship with OFAC Sanctions Compliance

While the requirements for compliance with the Office of Foreign Assets Control (OFAC) sanctions are legally separate and distinct from the Bank Secrecy Act (BSA) administered by FinCEN, both share a common national security goal. OFAC, also a bureau of the U.S. Department of the Treasury, administers and enforces sanctions programs based on U.S. foreign policy and national security goals, targeting foreign countries, terrorists, international narcotics traffickers, and those involved in weapons of mass destruction proliferation.

For this reason, financial institutions often integrate OFAC compliance into their broader AML compliance obligations. Supervisory examinations for BSA compliance are logically connected to the examination of a financial institution’s compliance with OFAC sanctions, as detailed in the FFIEC BSA/AML Examination Manual. Non-compliance with OFAC sanctions can result in severe criminal and civil penalties.

Terrorist Financing

Terrorist financing involves providing financial support to terrorist activities or organizations. While it shares similarities with money-laundering in the methods used to move funds, its primary motivation is ideological rather than profit-seeking.

Key Characteristics:

• Motivation: Ideological, aimed at intimidating populations or compelling governments/international organizations through violence.
• Funding Sources: Terrorist groups often use a combination of unlawful and legitimate sources.
  • Unlawful Sources: Extortion, kidnapping, narcotics trafficking, smuggling, fraud, theft, robbery, identity theft, and improper use of charitable or relief funds (where donors may be unaware of diversion).
  • Legitimate Sources: Foreign government sponsors, business ownership, and personal employment. The use of legitimate sources is a key differentiator from traditional criminal organizations.
• Methods of Fund Movement: Similar to money laundering, these can include currency smuggling, structured deposits or withdrawals from bank accounts, purchases of monetary instruments, credit/debit/prepaid cards, and funds transfers. Informal banking systems like hawala have also been exploited.
• Transaction Size: Funding for terrorist attacks does not always require large sums of money, and associated transactions may not be complex, making detection challenging.

Distinction from Money Laundering: While both exploit weaknesses in the financial system, money laundering aims to legitimize illicit profits, whereas terrorist financing aims to fund ideological activities, often using funds that may originate from legitimate sources. Despite this difference, the methods used to move funds can be very similar, and both pose significant threats to national security and the integrity of the financial system.

The USA PATRIOT Act of 2001 criminalized the financing of terrorism and significantly augmented the existing BSA framework to combat it. Violations carry severe criminal and civil penalties.