PRIMER: The Bank Secrecy Act
This edition of IFLR’s free-to-read primer series looks at the Act, the history of the anti-money laundering framework, updates to expand it, enforcement trends, and possible changes
The Bank Secrecy Act is a multifaceted legislative framework, enacted by Congress in 1970, with civil and criminal investigative and enforcement powers for banks and financial institutions to prevent money laundering and financial crimes. The original framework required record keeping and reporting for national registered banks and some limited financial institutions.
This IFLR explainer looks at the history of the Act, several updates to its provisions over the years, and potential use cases.
What does the Bank Secrecy Act do?
The Act has been updated by Congress several times to include many new types of financial crime. Among the most significant updates to the BSA was the provision to combat terrorism financing, known as the Patriot Act.
“It was originally designed to be a record keeping and reporting statute aimed principally at tax evasion and criminal organisations,” said Dan Stipano, partner with Davis Polk. “Over time, it evolved into other areas: in the 80s and 90s it was focused primarily on narcotics trafficking and money laundering.”
The original framework imposed requirements on national regulated banks and some limited financial institutions, including currency exchanges. One expansion saw the creation of the Financial Crimes Enforcement Network (FinCEN), a bureau within the Treasury, which is responsible for administering the framework.
The BSA first targeted banks and some limited financial institutions, including casinos and money services businesses. Principally, the Act authorised the Treasury Department secretary to direct regulations that required entities to file reports on financial transactions that could be useful in money laundering investigations and financial crimes.
“The BSA is primarily a civil enforcement scheme, but it also has a criminal component to it, and it is one of the principal weapons, if not the principal weapon, combating money laundering and terrorist financing in the US,” said Stipano, former deputy chief counsel with the Office of the Comptroller of the Currency (OCC).
One early framework requirement was for institutions to submit suspicious activity reports (SARs) within 30 days of the initial detection of facts that may constitute a basis for filing a suspicious activity report.
Covered institutions are required to assist US regulators with records of cash purchases of negotiable instruments; reports of cash transactions over $10,000; and reports of suspicious activity.
See also: Banks still scared of cannabis business
Checks, money orders and certificates of deposit, are examples of negotiable instruments whereby a signed document pledges a sum of payment to a specified person.
The framework’s original aims were narrow, said Jim Bracken, managing director with FTI Consulting.
“It basically had two parts: a record keeping part and a reporting part, and the law has since evolved significantly, expanded and been enhanced over the years through the passage of a number of other different bills,” he explained.
Over the years, the framework has expanded to include the scopes of additional industries and regulators ̶ the Securities and Exchange Commission (SEC) and Commodity Futures Trade Commission (CFTC), for example ̶ whereas the original act was aimed solely at banks and enforced by US prudential regulators.
“The world is a different place than it was 20 years ago,” he said. “From a big picture perspective, the BSA is a set of laws and regulations written to tackle the problems of another era, that are being applied to the current era and struggling to keep up.”
“Over time, what we've seen is a vast expansion of the scope of the BSA, as well as the number of industries that it is applicable to,” Stipano explained. “Its original focus was on banks and then broker dealers and mutual funds, but now, especially after the Patriot Act, it applies to a whole host of industries.”
How has the Act been updated in the past decades?
The 1982 revamp cemented the SAR filings requirement and established four pillars of anti-money laundering (AML) compliance programmes; policies and procedures; designating a compliance officer; ongoing training and independent testing programmes; and independent auditing.
The 1986 Act deemed money laundering a federal crime for the first time and increased criminal penalties. The update required bank regulators to issue rules that would mandate banks to have anti-money laundering compliance procedures, in part an effort to “address what authorities saw as lax BSA enforcement,” said Bracken.
“That ramped up the requirement for enforcement and included the requirement that regulator's must factor in a bank's adherence to BSA requirements when they perform their periodic exams,” he explained.
Further changes were made in 2001, when the framework was updated after the 9/11 terrorist attacks on the World Trade Center in New York, and the Pentagon in Washington, DC.
“After 9/11, a primary focus was terrorist financing,” Stipano said.
The 2001 Patriot Act was also updated with know your customer rules (KYC). This required financial institutions to have programmes that verified the identity of customers, Bracken added.
Congress last updated the framework in 2020, updating the Anti Money Laundering Act (AMLA) of 2020 to include antiquities dealers, advisors, and consultants.
The BSA “is sprawling in terms of its scope,” as the framework is “now applied to all kinds of criminal activity, including human trafficking, elder abuse, fraud, even Covid-19 pandemic related fraud,” said Stipano.
A whistle-blower programme was also attached in the 2020 update.
Has the BSA been imitated elsewhere?
While the BSA is limited to the US, it has influenced other jurisdictions because of its strength as a mechanism to tackle financial crimes, Stipano said.
“Regulators cooperate with each other, they have memoranda of understanding in place that allow the sharing of information,” he said. “One of the challenges with cross-border supervision is restrictive privacy rules, regulators often have difficulty finding out information about customers’ account activities in foreign jurisdictions because of foreign privacy rules.”
The BSA is not necessarily a model for regulators in Europe or foreign jurisdictions. But US AML laws are among the most robust set of laws and regulations in the world, Bracken explained, meaning others have turned to it as an example.
The BSA remains useful as a meeting point or mechanism for cooperative international efforts aimed at harmonising money laundering regulation, he added. EU and US regulators have constituted long-standing efforts, over decades, to prevent regulatory arbitrage by covered entities and to remove confusion for global institutions.
Are there plans to update the BSA in the future?
An area in which BSA may again be updated is for cryptocurrency growth. An existing New York State Department of Financial Services (DFS) law upon which an updated BSA may be modelled is inclusive of crypto and digital currencies. The New York regulatory regime requires those involved in cryptocurrency to have AML programmes.
The law includes provisions for “obtaining a reasonable degree of information about counterparties transacting with their customers and identifying who they are as a company, who their principals are, to ensure it's not just fly-by-night companies that are operating exchanges,” he said.
The very nature of cryptocurrency means that it could be used to help finance crime. FinCEN has proposed rules to address cryptocurrency that are not yet in effect.
The FinCEN proposal addresses cryptocurrency wallets and has provisions for record keeping and reporting, but cryptocurrency rulemaking is complicated by anonymity. There are certain cryptocurrencies that are designed to be more anonymous, which is one of the very things that the Bank Secrecy Act has been trying to root out.