The Bank Secrecy Act (BSA) requires financial institutions (banks) to maintain records and report information to federal authorities. The name refers to the purpose of the law, which is to avoid bank secrecy. Congress outlined recordkeeping and reporting requirements for banks, allowing federal authorities to use the information for investigations into illegal activities. The actual, full title of the BSA is:

“An Act To amend the Federal Deposit Insurance Act to require insured banks to maintain certain records, to require that certain transactions in United States currency be reported to the Department of the Treasury, and for other purposes.”

Congress passed the BSA in 1970. Originally, the law was a response to concerns that people were using secret foreign banking accounts for illegal activities. Prior to the BSA, large amounts of funds from tax evasion, illegal drug sales and insider trading were hidden in foreign bank accounts. The laws of other countries restricted access to bank information and prevented enforcement agencies from tracking these funds.

Further, the extant practices for U.S. banks, namely recordkeeping, were insufficient to assist law enforcement agencies in their investigations. There was a recent growth in the number of financial institutions in the U.S., and the growth was paralleled by an increase in criminal activity which used the financial institutions. Further, in the years leading up to the BSA many banks were reducing their recordkeeping practices.

The BSA sought to remove the barrier to financial information. The recordkeeping and reporting BSA requirements helped enforcement agencies track funds within the United States and avoid bank laws in foreign countries. Indeed, Congress’ Office of Technology Assessment stated, "banks would be vigilant in identifying suspect customers and transactions[.]” The law also gave the Secretary of Treasury broad power to create regulations for retaining records and creating reports for investigations.

In 1990, the Secretary of Treasury created the Financial Crimes Enforcement Network to improve efforts preventing financial crimes. As the name would suggest, FinCEN regulates compliance with the BSA. The bureau issues guidance on regulations, maintains a filing system for bank reports, reviews information from these reports and enforces civil actions for violations.

BSA Content

The Act has six sections, or “titles,” but only two are generally pertinent:

  • Title I - Financial Recordkeeping.
  • Title II - Reports of Currency and Foreign Transactions.

Title I of the Act expanded recordkeeping of financial institutions, declaring banks have a duty to maintain records of their customers' identities, to make microfilm copies of checks and similar instruments and to keep records of certain other items.

Title II requires banks to report certain foreign and domestic financial transactions, such as those over $10,000, to the federal government. Here, “financial institutions” were defined broadly, even including travel agencies. The title requires reports for the import or export of finances, along with anything the Secretary of Treasury may specify.

The Modern BSA

The BSA has been amended several times. The most substantial changes to the BSA were required by the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (USA PATRIOT Act). This Act was a result of the bombing of the World Trade Center in New York City in 2001. It extended the reporting, recordkeeping, and program requirements for banks and is the most comprehensive set of laws added to the BSA since it was passed in 1970.

The terrorist threats and activities at that time guided the amendments to the BSA, which sought to detect and prevent money laundering and terrorist financing. The amendments gave FinCEN the authority to require enhanced procedures from banks with “suspicious” customers. For instance, when a bank provides financial services to a cannabis dispensary, it must file significantly more reports than usual.

Due to the USA PATRIOT Act, all banks must now create programs with compliance procedures, compliance officers, employee training and independent review of those programs. Banks must also have customer due diligence procedures and enhanced due diligence procedures for foreign banking accounts. Finally, banks must have a Customer Identification Program to verify each customer, provide customers notice of program, determine if the customer is on a terrorist watchlist and report all this information to FinCEN.


Banks can be liable, both criminally and civilly, for violations of the BSA. The penalties for violations are typically fines, which are increasing over time.

FinCEN is authorized to bring enforcement actions for BSA violations. The most common violations are: failure to maintain an adequate Anti-Money Laundering program, failure to maintain an adequate Customer Identification Program and failure to comply with reporting and recordkeeping requirements.

FinCEN penalties range from $500 to almost $1.5 million. A negligent violation, which is generally a violation due to the bank’s carelessness, starts at $500 and can be as high as $1,146 for each violation. A pattern of carelessness can cost up to $89,000, willful violations can be up to $21,000, and general civil penalties can be $57,000 for each violation.

The harshest penalty from FinCEN is for a violation of “certain due diligence requirements, prohibitions on correspondent accounts for shell banks and special measures.” For such a violation, the penalty starts at $1 million, and can reach $1,423,088.

Along with FinCEN, several other government agencies may bring actions against banks for BSA violations, including the Internal Revenue Service (IRS), the Federal Deposit Insurance Corporation (FDIC), and the Office of Foreign Asset Control (OFAC).

Current Issues

FinCEN continues to issue guidance on BSA enforcement and how banks can avoid violations. In late 2020, the agency issued guidance on how it enforces the BSA, hoping to provide transparency to banks and other governed entities. It explained the actions it may take in responding to an actual or possible BSA violation:

  1. No Action
  2. Warning letter
  3. Equitable remedy (court ordered compliance)
  4. Settlement
  5. Civil Money Penalty
  6. Criminal Referral

Recently, certain BSA enforcement policies have been widely criticized. The American Bankers Association (ABA) has asked all federal banking enforcement agencies to simplify rules for Suspicious Activity Reports. It stated agencies have different requirements for compliance, which creates unnecessary burdens for banks trying to comply.

The ABA also calls for a new approach to the cannabis industry. FinCEN issued guidance on how banks may have cannabis dispensaries as customers, and the requirements for recordkeeping and reporting are very onerous. The heavy burden, and increased risk of violating regulations, causes banks to avoid serving cannabis dispensaries.

While FinCEN has broad authority to enforce the BSA, it is still beholden to laws passed by Congress. Soon, we may see a change in banking for the cannabis industry.