What is FinCEN?

The Financial Crimes Enforcement Network (FinCEN) is the United States’ primary financial regulator. It is responsible for supervising financial institutions (FIs) and ensuring banks and other service providers comply with anti-money laundering and counter-financing of terrorism (AML/CFT) laws. 

Established in 1990, FinCEN is a bureau within the US Department of the Treasury. Its mission is to “safeguard the financial system from illicit use and combat money laundering and promote national security through the collection, analysis, and dissemination of financial intelligence and strategic use of financial authorities”. 

What does FinCEN do? 

To this end, FinCEN enforces compliance with AML legislation – such as the Bank Secrecy Act (BSA), the USA Patriot Act, and the Anti-Money Laundering Act (AMLA) – through fines or enhanced supervisory measures for entities guilty of compliance breaches. FinCEN regulates banks, credit unions, money services businesses (MSBs), insurance companies, securities brokers, casinos, mutual funds, precious metal dealers, cryptocurrency and virtual asset service providers, and other FIs. 

As the US’ Financial Intelligence Unit (FIU), FinCEN receives and maintains transaction data from FIs. Although it is not a law enforcement body, it analyzes and disseminates this data to agencies that assist with financial crime investigations and prosecutions. 

FinCEN provides US banks and FIs with practical compliance guidance in the form of advisories on an ongoing basis and sets the US’ national AML/CFT priorities every four years. It also partners with other financial intelligence agencies, both domestically – such as the Office of Foreign Assets Control (OFAC), the US Treasury body responsible for enforcing economic and trade sanctions – and internationally. Additionally, FinCEN is a member of the Egmont Group, a body of global FIUs focused on cooperation and information-sharing. 

What penalties can FinCEN enforce? 

FinCEN can enforce civil or criminal penalties for non-compliance with the US AML/CFT regime. In January 2024, FinCEN increased its upper limits for civil monetary penalties. These vary depending on the nature of the specific compliance breach – and firms should consult the full list – but the maximum fine for an individual offense is over $1.7m, which relates to violations of due diligence requirements or prohibitions on correspondent accounts for shell companies. 

Willful violations of the BSA or its implementing regulations can also result in criminal penalties. A person, including a bank employee, can be fined up to $250,000, given a prison sentence of up to five years, or both, while banks can be fined up to $1m or twice the value of the illicit transactions being investigated. Banks guilty of compliance breaches also risk losing their charters. 

Given the penalties for AML/CFT noncompliance in the US, FIs and other obligated entities need to understand FinCEN’s role in the US’ regulatory landscape, what it looks for from firms, and how to comply with the regulations it enforces. 

FinCEN compliance requirements

The US’ AML/CFT regime is built around three key pieces of legislation, all of which firms should be familiar with to avoid regulatory action from FinCEN. This section gives an overview of the essential requirements of these regulations. 

Bank Secrecy Act requirements 

• Internal controls and systems: Firms must have compliance programs in place, consisting of written policies and procedures to help their employees detect and prevent financial crime. They should appoint compliance officers (often known as BSA Officers) to oversee these programs and provide at least basic AML compliance training to all staff, with more advanced training for those in more sensitive roles. The BSA also requires compliance programs to be regularly and independently audited to test their effectiveness. 
• Reporting and record-keeping: Firms must report all transactions over $10,000 to FinCEN, including transactions that add up to this value in a 24 hour period. Any transaction that appears linked to a money laundering or terrorist financing event should be reported to FinCEN via a suspicious activity report (SAR). Firms must also keep records of purchases of monetary instruments over $3000. 
• Customer due diligence (CDD): Under the ‘CDD Final Rule,’ an amendment to the BSA, firms must establish and verify the identities of their customers, including the ultimate beneficial owners (UBOs) of companies, and conduct risk assessments of customer relationships. They must also conduct ongoing monitoring to recognize any suspicious transactions and update customer information when required. 

Patriot Act requirements 

• Compliance programs and reporting obligations: Adopted after the September 11 attacks, the Patriot Act extended the BSA’s reporting, record-keeping, and compliance program requirements to cover suspected terrorist financing offenses alongside money laundering. 
• Customer identification: Although the CDD Final Rule has since reiterated and clarified this, the Patriot Act initially introduced mandatory customer identification for FIs. 
• Enhanced due diligence (EDD): Firms must apply EDD to institutions maintaining correspondent banking accounts for foreign financial institutions or private accounts for non-US citizens. 

Anti-Money Laundering Act requirements

• Beneficial ownership: Under the Corporate Transparency Act (CTA), which is part of the broader Anti-Money Laundering Act (AMLA), all corporations and limited liability companies (LLCs) registered to do business in the US are considered “reporting companies.” These companies are required to submit detailed information about their beneficial owners – defined as individuals who own or control 25 percent or more of the company or who exercise significant control over it. This beneficial ownership information (BOI) is collected and stored in a confidential database managed by FinCEN.
• Whistleblower protection: Firms cannot retaliate against employees who disclose information about possible AML regulatory violations. 

A Guide to the Essentials of Anti-Money Laundering

Our expert guide explains how firms of all sizes can create effective AML programs, build trust with regulators, and turn compliance into a business advantage.

Download your copy

Best practices for FinCEN compliance

Achieving regulatory compliance and building trust with FinCEN is important for US firms, particularly when non-compliance can incur major, sometimes multi-million dollar, fines and a drop in business growth from reputational damage. Therefore, firms should develop a clear understanding of AML/CFT best practices to best interpret the complex, and at times overlapping, framework of US legislation. Some essential steps for firms to take towards FinCEN compliance include: 

• Taking a risk-based approach to AML: FIs need to strike a difficult balance between growing their customer base and meeting compliance requirements. To do this, they should devise AML policies based on risk assessments, considering which customers, products, and locations carry the highest level of financial crime risk. This allows them to devote compliance resources to areas that need it without causing customer friction and wasting their budget on low-risk areas. 
• Implementing robust customer screening: When onboarding customers, firms should screen them against data on sanctions, politically exposed persons (PEPs), and adverse media, making sure they are using the highest-quality information possible. This means accessing data that is comprehensive, accurate, and up-to-date. Firms should also identify the UBO of any account opened. 
• Monitoring customer profiles continuously: FIs should ensure they have the necessary information on their customers even after onboarding, monitoring for any changes in sanctions listings, PEP status, or mentions in negative news stories. This means they are well-placed to respond to constantly evolving sanctions designations and regulatory changes. 
• Developing transaction monitoring capabilities: While some AML risks can be identified at onboarding, such as PEP status, others require ongoing monitoring and analysis of customer transactions. To detect patterns of suspicious payments, firms should implement effective transaction monitoring software. 
• Making the most of new technologies: Developments in artificial intelligence (AI) and machine learning (ML) have significantly changed the AML landscape, with a range of specialist software leveraging these technologies to detect risks more accurately and efficiently. Firms should identify their AML requirements and research the market for solutions that meet their needs. 

AML solutions for US firms 

ComplyAdvantage uses AI and ML to empower firms with proprietary risk data and market-leading AML screening and monitoring solutions. With ComplyAdvantage, FIs and other regulated businesses in the US can enhance their compliance capabilities with features such as: 

• Advanced matching algorithms to minimize false positives: ComplyAdvantage’s leading-edge ML models can assess the global distribution of names and other identifiers to optimize true positive matches while reducing false ones. 
• Real-time updates to critical data: AI-powered systems eliminate the need for time-consuming manual checks on sanctions lists by scanning lists continuously, meaning firms get updates in real-time. 
• ML-enhanced transaction monitoring: Our transaction monitoring solution uses an extensive rules library of industry typologies, with ML capabilities and a no-code rules builder able to fill in any gaps in existing rulesets. Firms can easily segment their customers and apply different thresholds to different parts of their client base. 
• Automated risk scoring: Businesses can streamline and enhance compliance workflows. Customer and even risk scoring allows them to tackle the highest-priority cases first automated, while configurable screening settings mean firms can tailor ComplyAdvantage’s solutions to their risk appetite.