US AML Compliance Guide: What BSA and AMLA 2020 Mean
The Anti-Money Laundering Act of 2020 modernizes BSA obligations with FinCEN oversight, higher penalties, and the Corporate Transparency Act.
Summarize this article with
ChatGPT
Claude
Perplexity
Gemini
GrokThe Anti-Money Laundering Act of 2020 (AMLA) is not a minor update. Enacted as Division F of the National Defense Authorization Act for Fiscal Year 2021, AMLA represents the most significant overhaul of US anti-money laundering law since the USA PATRIOT Act of 2001. It modernizes the Bank Secrecy Act (BSA), creates the Corporate Transparency Act (CTA) for beneficial ownership reporting, establishes a government-wide AML/CFT strategy, expands whistleblower protections, and mandates that FinCEN modernize its technological infrastructure. Here is what actually changes for your organization -- and what you need to do about it.
AMLA 2020 vs. the pre-2020 BSA framework -- What Changed
The BSA, originally enacted in 1970 and amended multiple times (most significantly by the USA PATRIOT Act in 2001), relied on a framework that had not been comprehensively updated in nearly two decades. AMLA addresses gaps that had become increasingly apparent as financial crime evolved.
| Area | Pre-AMLA BSA framework | AMLA 2020 / modernized BSA |
|---|---|---|
| Beneficial ownership | CDD Rule (2018) -- financial institutions collect at account opening | Corporate Transparency Act -- reporting companies file directly with FinCEN; centralized federal database |
| National priorities | No formal priority-setting mechanism | FinCEN publishes AML/CFT National Priorities every 2 years; institutions must incorporate into programs |
| Whistleblower protections | Limited (SAR filer protections only) | Expanded whistleblower program modeled on SEC and CFTC; awards of 10-30% of sanctions over $1 million |
| Technology mandate | No explicit innovation encouragement | Requires Treasury to encourage use of AI, machine learning, and innovative technologies for BSA compliance |
| Penalties | Varied by violation type | Strengthened and expanded; new penalties for CTA violations; increased maximums for willful BSA violations |
| Subpoena power | Limited extraterritorial reach | FinCEN gains subpoena power for foreign bank records held by US correspondent accounts |
| Information sharing | Section 314(a) and 314(b) voluntary programs | Enhanced 314(b) safe harbor; streamlined information sharing between institutions and law enforcement |
| Regulatory instruments | BSA + implementing regulations (31 CFR Chapter X) | BSA modernization + CTA + national priorities + technology mandate + enhanced enforcement |
The shift from a primarily reactive, report-filing framework to a risk-based, intelligence-driven model is the most consequential change. FinCEN's AML/CFT National Priorities, first published in June 2021 and updated biennially, require every covered institution to demonstrate how their BSA/AML program addresses these priorities. The priorities are not aspirational -- they are supervisory expectations.
Current AML/CFT National Priorities
FinCEN's priorities as of the latest update include:
- Corruption (domestic and foreign).
- Cybercrime and cyber-enabled financial crime.
- Domestic and international terrorist financing.
- Fraud (including healthcare fraud, tax fraud, and securities fraud).
- Transnational criminal organizations.
- Drug trafficking organizations.
- Human trafficking and smuggling.
- Proliferation financing.
Covered institutions must map their products, services, customers, and geographies against these priorities and adjust their risk assessments accordingly.
For further reading, see How to Prepare for Regulatory Audits.
Who Is an Obligated Institution Under the BSA?
The BSA and its implementing regulations define "financial institution" broadly. AMLA does not dramatically expand the list of covered entities (unlike its EU counterpart), but the enhanced obligations and enforcement posture mean that every institution on this list faces materially higher compliance expectations.
Automated field extraction reaches 94.3% accuracy on the CheckFile platform, with 99.94% uptime SLA โ enabling compliance teams to focus on genuinely ambiguous cases.
| Category | Examples | Key obligation triggers |
|---|---|---|
| Depository institutions | Banks, savings associations, credit unions | All customer relationships and transactions |
| Broker-dealers | Securities firms, investment banks | Customer accounts, securities transactions |
| Money services businesses (MSBs) | Money transmitters, check cashers, currency exchangers, prepaid access providers | All transactions; registration with FinCEN required |
| Mutual funds | Open-end investment companies | Shareholder accounts, redemptions |
| Insurance companies | Insurers offering covered products (annuities, permanent life insurance) | Policies exceeding specified value thresholds |
| Futures commission merchants | Commodities brokers, introducing brokers | Customer accounts, transactions |
| Casinos and card clubs | Gaming establishments with gross annual revenue > $1 million | Cash transactions of $10,000+; suspicious activity |
| Dealers in precious metals, stones, or jewels | Jewelry dealers, precious metals traders | Cash transactions of $10,000+; suspicious activity |
| Mortgage lenders and originators | Non-bank mortgage companies | Loan originations |
| Housing GSEs | Fannie Mae, Freddie Mac, Federal Home Loan Banks | Secondary market transactions |
| Virtual asset service providers | Cryptocurrency exchanges, hosted wallet providers | All transactions; registration as MSB required |
The inclusion of virtual asset service providers as money services businesses, confirmed by FinCEN guidance (FIN-2019-G001), means that cryptocurrency exchanges and hosted wallet services must implement the full BSA program: AML program, SAR filing, CTR filing, and CDD procedures (FinCEN Crypto Guidance).
For crypto-related businesses, the obligations are the same as for traditional MSBs. There is no lighter compliance tier for virtual assets. FinCEN has made this explicit through enforcement actions targeting unlicensed exchanges and non-compliant custodial services.
BSA Program Requirements Under AMLA
AMLA does not fundamentally change the four pillars of a BSA/AML program, but it raises the bar on what each pillar must deliver. The four pillars, plus the new requirement to incorporate national priorities, are:
1. Internal policies, procedures, and controls
Every covered institution must maintain a written BSA/AML program tailored to its risk profile. Post-AMLA, this program must explicitly address the AML/CFT National Priorities and demonstrate how the institution's controls mitigate the specific risks identified by FinCEN. A generic, template-based program will not satisfy examiners.
2. Designated BSA compliance officer
The institution must designate a qualified individual responsible for day-to-day BSA compliance. AMLA does not change this requirement, but enforcement trends show that regulators increasingly hold compliance officers personally accountable for program failures. The compliance officer must have adequate authority, resources, and direct access to the board or senior management.
3. Ongoing employee training
Training must be risk-based, role-specific, and updated to reflect current threats. Post-AMLA, training programs should cover the national priorities, emerging typologies identified by FinCEN advisories, and the institution's specific risk exposures. Annual training is the minimum; high-risk functions require more frequent updates.
4. Independent testing (audit)
An independent party must test the BSA/AML program at least annually. The scope must include transaction testing, program effectiveness evaluation, and assessment of the institution's response to regulatory changes -- including AMLA requirements. Testing by internal audit is acceptable only if the function is truly independent of the compliance department.
5. Customer due diligence (including beneficial ownership)
FinCEN's CDD Rule (2016, effective 2018) already requires covered institutions to identify and verify beneficial owners of legal entity customers. AMLA adds the CTA reporting layer, which will eventually allow institutions to access FinCEN's beneficial ownership database for verification purposes. However, institutions cannot outsource their CDD obligations to the FinCEN database -- independent verification remains required.
Where customer-provided information and available records do not match, the discrepancy must be resolved and documented. Simply recording both versions is insufficient -- you must investigate, reach a conclusion, and create an audit trail showing how the discrepancy was resolved.
Explore further
Discover our practical guides and resources to master document compliance.
Explore our guidesCompliance Timeline and Key Milestones
AMLA implementation has been phased over several years, with some provisions already in effect and others pending final rulemaking.
| Date | Milestone | Who is affected |
|---|---|---|
| January 1, 2021 | AMLA enacted as part of NDAA FY2021 | All -- legislative clock starts |
| June 2021 | FinCEN publishes first AML/CFT National Priorities | All covered institutions |
| September 2022 | CTA final rule published (31 CFR Part 1010) | Reporting companies |
| January 1, 2024 | CTA reporting begins for newly formed companies | New reporting companies |
| January 1, 2025 | CTA reporting deadline for pre-existing companies | Existing reporting companies |
| 2024-2026 | FinCEN rulemaking on BOI database access for financial institutions | Financial institutions |
| Ongoing | FinCEN issues updated National Priorities (biennial) | All covered institutions |
| Ongoing | Federal banking agencies incorporate AMLA into examination procedures | All examined institutions |
The critical reality is that AMLA is already in effect. Institutions that have not updated their BSA/AML programs to reflect national priorities, enhanced CDD expectations, and technology-forward compliance approaches are already behind. Federal examiners from the OCC, FDIC, Federal Reserve, and NCUA are assessing AMLA readiness now.
Penalties for Non-Compliance
The penalty framework under AMLA and the BSA is among the harshest in regulatory compliance. Enforcement actions have accelerated significantly since 2020.
| Penalty type | Maximum amount / consequence | Notes |
|---|---|---|
| Civil money penalty (institution) | Up to $1,000,000 per violation per day (willful) | BSA violations; FinCEN, OCC, FDIC, Fed can all assess |
| Civil money penalty (individual) | Up to $1,000,000 per violation | Applies to officers, directors, employees, agents |
| Criminal penalty (willful BSA violation) | Up to $500,000 fine and 10 years imprisonment | Per violation; money laundering charges can stack |
| Criminal penalty (structuring) | Up to $500,000 fine and 10 years imprisonment | 31 USC ยง5324 |
| CTA civil penalty | Up to $500 per day | For failure to file, late filing, or inaccurate BOI |
| CTA criminal penalty | Up to $10,000 fine and 2 years imprisonment | Willful failure to file or filing false information |
| CTA aggravated penalties | Up to $250,000 fine and 5 years imprisonment | Filing false BOI or unauthorized disclosure |
| Cease and desist orders | Immediate compliance required | Failure to comply escalates enforcement |
| Consent orders | Multi-year remediation with independent monitoring | Typical resolution for systemic failures |
Recent enforcement illustrates the scale of penalties. In 2023, TD Bank agreed to pay over $3 billion in penalties for systemic BSA/AML failures, the largest BSA enforcement action in history. FinCEN's $1.3 billion penalty alone represented the largest FinCEN enforcement action ever assessed (FinCEN Enforcement). Other recent actions include a $140 million penalty against a major cryptocurrency exchange and multiple actions against community banks with inadequate transaction monitoring.
BSA vs. international AML frameworks
| Aspect | BSA / AMLA (US) | EU AML framework (AMLD6 / AMLR) |
|---|---|---|
| Primary authority | FinCEN (Treasury) + federal banking regulators | AMLA (EU-wide) + national FIUs |
| Maximum fine (institution) | $1,000,000 per violation per day (civil); criminal penalties uncapped | EUR 10 million or 10% of turnover |
| Beneficial ownership registry | FinCEN BOI database (non-public) | EU-wide interconnected public registers (restricted access) |
| Cash reporting threshold | $10,000 (Currency Transaction Report) | EUR 10,000 (cash payment ceiling) |
| Suspicious activity reporting | SAR filed with FinCEN | STR filed with national FIU |
| Predicate offenses | All-crimes approach (federal) | Fully harmonized list including cybercrime |
| Record retention | 5 years (BSA general rule) | 5 years post-relationship |
How Automation Helps Meet BSA/AMLA Requirements
Meeting BSA compliance requirements through manual processes alone is increasingly untenable. The volume of CTRs, SARs, CDD reviews, and beneficial ownership verifications generated by even a mid-sized institution exceeds what human teams can process consistently and accurately.
Automatic audit trail
Every document validation decision, every database query, and every risk assessment must be logged, timestamped, and linked to the underlying evidence. Automated systems generate this audit trail as a byproduct of the verification process. Manual processes require a separate documentation effort that is error-prone and frequently incomplete during regulatory examinations.
Consistent, repeatable checks
Automated verification applies the same controls to every document, every time. When an examiner asks whether a specific CDD check was performed on a specific customer, the system provides a definitive, timestamped answer. This consistency is critical during OCC, FDIC, or state regulatory examinations.
Cross-document validation
BSA compliance requires verifying consistency across multiple documents and data sources. Automated cross-referencing -- comparing identity documents against corporate registrations, BOI filings, and external databases -- is the only practical way to perform this validation at scale. See our KYC article for a detailed analysis of how AI-powered cross-referencing works.
Real-time suspicious activity detection
Suspicious activity detection requires continuous monitoring. Automated systems flag anomalies in real time, allowing compliance teams to focus on investigating genuine alerts rather than manually reviewing transaction logs. FinCEN expects SARs to be filed "in a timely manner" -- a standard that manual workflows consistently fail to meet at scale.
Explore our pricing to understand how automated document validation fits into your compliance budget.
For a comprehensive overview, see our document compliance complete guide.
Go further
To dive deeper into this topic, explore our complete guide on document verification.
FAQ
What is the Anti-Money Laundering Act of 2020 (AMLA)? AMLA is the most comprehensive reform of US anti-money laundering law since the USA PATRIOT Act. Enacted in January 2021, it modernizes the Bank Secrecy Act, creates the Corporate Transparency Act for beneficial ownership reporting, establishes AML/CFT national priorities, expands whistleblower protections, and mandates technological modernization of FinCEN's systems.
When did AMLA take effect? AMLA was enacted on January 1, 2021. Implementation has been phased: national priorities were published in June 2021, the CTA final rule was published in September 2022, CTA reporting for new companies began January 1, 2024, and the deadline for existing companies was January 1, 2025. FinCEN continues to issue implementing regulations on an ongoing basis.
Who is a covered institution under the BSA? The BSA defines "financial institution" broadly to include banks, credit unions, broker-dealers, money services businesses (including cryptocurrency exchanges), mutual funds, insurance companies, casinos, dealers in precious metals, mortgage lenders, and housing GSEs. If your business handles financial transactions, transmits money, or facilitates the movement of value, you should verify whether you are covered.
What are the AML/CFT National Priorities? FinCEN's national priorities identify the most significant AML/CFT threats facing the US financial system. They include corruption, cybercrime, terrorist financing, fraud, transnational criminal organizations, drug trafficking, human trafficking, and proliferation financing. Every covered institution must incorporate these priorities into its BSA/AML risk assessment and program.
What are the penalties for BSA non-compliance? Civil money penalties can reach $1 million per violation per day for willful violations. Criminal penalties include fines up to $500,000 and imprisonment up to 10 years per violation. CTA penalties include $500/day civil penalties and up to $10,000 fine and 2 years imprisonment for willful failures. Recent enforcement actions have reached into the billions of dollars.
What is the Corporate Transparency Act? The CTA, enacted as part of AMLA, requires most US companies to report their beneficial owners to FinCEN. It creates a centralized, non-public federal database accessible to law enforcement, regulators, and financial institutions (with customer consent). The CTA addresses a longstanding gap where shell companies could be formed in the US without disclosing their true owners.
Next steps: assess your BSA/AML program
AMLA is already law, and regulators are already examining institutions against its requirements. If your BSA/AML program has not been updated to reflect national priorities, enhanced CDD expectations, CTA obligations, and technology-forward compliance approaches, the compliance gap is widening with each examination cycle.
CheckFile provides automated document validation that generates the audit trails, cross-document consistency checks, and verification evidence that BSA/AML compliance demands. Our platform processes identity documents, corporate registrations, and supporting evidence in seconds, with every step logged and traceable. Request a demo to assess where your current processes stand -- and close the gap before the next examination.
Related reading: For beneficial ownership verification requirements under the CTA, see our beneficial ownership verification guide. For a detailed methodology on KYB verification that satisfies enhanced CDD requirements, read our KYB business document verification guide.
This article is for informational purposes only and does not constitute legal, financial, or regulatory advice.
Stay informed
Get our compliance insights and practical guides delivered to your inbox.