Bank Secrecy Act (BSA)

What is an Bank Secrecy Act (BSA) ?

The Bank Secrecy Act (BSA), enacted in 1970, is a cornerstone of U.S. anti-money laundering (AML) legislation. It requires financial institutions to keep records and file reports that could be helpful to detect and prevent money laundering, tax evasion, terrorist financing, and other financial crimes. These include Currency Transaction Reports (CTRs), Suspicious Activity Reports (SARs), and customer due diligence measures.

Within third-party risk management, the BSA is particularly relevant for organizations working with vendors or partners that handle financial transactions or sensitive customer data. TPRM programs may include screening for BSA compliance as part of onboarding or monitoring, especially in regulated sectors such as banking, payments, and financial technology. Failure to meet BSA obligations can lead to significant penalties and reputational damage.

FAQs

Who Must Comply With the Bank Secrecy Act?

Banks, credit unions, broker-dealers, money services businesses, insurance companies, and other financial institutions are required to comply. Vendors supporting these entities may also be subject to related due diligence.

What Types of Reports Are Required Under the BSA?

Key reports include Currency Transaction Reports (CTRs) for cash transactions over $10,000 and Suspicious Activity Reports (SARs) for potentially illicit activities. Institutions must also maintain detailed records of certain financial activities.

How Does the BSA Relate to Third-Party Risk Management?

Organizations must ensure that third-party vendors handling financial data or processing transactions maintain strong AML controls and BSA compliance. Risk assessments and monitoring processes often include questions or checks aligned with BSA obligations.