Bank Secrecy Act Best Practices For Bank Customers To Follow

Wednesday, October 1, 2008 - 01:00
Walter Pagano

The Bank Secrecy Act of 1970 ("BSA")1 mandates financial institutions2 such as banks, savings and loans, credit unions, brokers or dealers in securities, money services businesses, and casinos to file reports, keep records, and report suspicious activity of financial currency and foreign transactions. Since 1970, Congress has amended the BSA a number of times. The primary purpose of the BSA is to assist law enforcement to detect, prevent, and combat money laundering and other financial crimes.

Generally, the BSA requires each financial institution other than a casino, which has its own reporting requirements, to file a report of each deposit, withdrawal, exchange of currency or other payment or transfer, by, through, or to such financial institution that involves a transaction in currency of more than $10,000.3 The BSA defines currency as the coin and paper money of the United States, or of any other country, that is designated as legal tender and that circulates and is customarily used and accepted as a medium of exchange in the country of issuance.4 These reports are generally referred to as Currency Transaction Reports ("CTRs") and identified as FinCEN Form 104. Casinos must report currency transactions on FinCEN Form 103.

BSA Requirements

With respect to financial institutions reporting currency transactions, the BSA makes it unlawful for any person5 to structure6 for the purpose of evading the reporting requirements of 31 CFR 103.22 with respect to such transaction.7 The BSA defines "structuring" as follows: when a person, acting alone, or in conjunction with, or on behalf of, other persons, conducts or attempts to conduct one or more transactions in currency, in any amount, at one or more financial institutions, on one or more days, in any manner, for the purpose of evading the BSA's reporting requirements. "In any manner" includes, but is not limited to, the breaking down of a single sum of currency exceeding $10,000 into smaller sums, including sums at or below $10,000, or the conduct of a transaction, or series of currency transactions, including transactions at or below $10,000. The transaction or transactions need not exceed the $10,000 reporting threshold at any single financial institution on any single day in order to constitute structuring within the meaning of this definition.8

The general instructions for CTRs provide that CTRs should not be filed for suspicious transactions involving $10,000 or less in currency or to note that a transaction of more than $10,000 is suspicious. Rather, the financial institution must report any suspicious or unusual activity in the manner prescribed by its appropriate federal regulator or BSA examiner. If a transaction is suspicious and greater than $10,000 in currency, then both a CTR and the appropriate Suspicious Activity Report ("SAR") forms must be filed. In addition to the reporting requirements, the BSA requires financial institutions to maintain records of financial transactions.9 Generally, each financial institution shall retain for a period of five years a copy of both front and back of a check, draft, monetary instrument, investment security, or other similar instrument made in the ordinary course of business by a financial institution.10

Moreover, and significantly important to counter-terrorism financing and anti-money laundering programs, financial institutions are required to report suspicious transactions to the US Department of Treasury.11

Suspicious Transactions

For example, every bank must file an SAR to report any suspicious transaction relevant to a possible violation of law or regulation if it is conducted or attempted by, at or through the bank, involving or aggregating at least $5,000 in funds or other assets, and the bank knows, suspects, or has reason to suspect that (1) the transaction involves funds derived from illegal activities or is intended or conducted in order to hide or disguise funds or assets derived from illegal activities as part of a plan to violate or evade any federal law or regulation or to avoid any transaction reporting requirement under federal law or regulation; (2) the transaction is designed to evade any requirements of the Bank Secrecy Act; or (3) the transaction has no business or apparent lawful purpose or is not the sort in which the particular customer would normally be expected to engage, and the bank knows of no reasonable explanation for the transaction after examining the available facts, including the background and possible purpose of the transaction.12

Generally, financial institutions report suspicious transactions to the Financial Crimes Enforcement Network ("FinCEN") by completing the appropriate Suspicious Activity Report. On April 25, 1990, the Secretary of the Treasury established FinCEN.13

The mission of FinCEN is to safeguard the financial system from the abuses of financial crime, including terrorist financing, money laundering, and other illicit activity.14

FinCEN achieves this mission by administering the BSA; supporting law enforcement, intelligence, and regulatory agencies through sharing and analysis of financial intelligence; building global cooperation with counterpart financial intelligence units; and networking people, ideas, and information.15

The "Know Your Customer" Requirement

In addition to complying with the reporting and recordkeeping mandates of the BSA, as a direct response to the terrorist attacks on 9/11, financial institutions are required to "Know Your Customer" ("KYC").16

Now as part of the BSA, the KYC requirement applies not only when a new account is opened at a financial institution where a customer does not have an existing account but also as an ongoing customer identification program ("CIP") that financial institutions must have in place in order to prevent terrorists from financing their operations and money laundering. The rule became effective after October 1, 2003. Essentially, CIP or KYC is an anti-money laundering ("AML") law enforcement tool requiring financial institutions to adopt written policies and procedures in order to ensure that each new customer is identified and compared to the names of known terrorists. At a minimum, financial institutions must obtain from new customers their:

1. Name;

2. Date of birth;

3. Physical address; and

4. Federal identification number.

Financial institutions are required to obtain documentation such as a driver's license or passport as proof of a customer's identity.

Generally, and almost in all cases, financial institution customers have an account relationship manager. The process of establishing a relationship with a financial institution begins when the customer, upon opening an account at a financial institution, provides background information and personal data. Almost all of us have experienced this process at one time or another.

During the course of a customer's relationship with a financial institution, the customer establishes a historical "pattern of behavior" within certain parameters with respect to the customer's financial transactions. As previously discussed, financial institutions are required by government regulators to review their parameters for customer account and transaction activity, to report suspicious transactions made by their customers, and to implement appropriate anti-money laundering measures to detect and report suspicious activity.

There may come a time when one or more of a customer's financial transactions fall outside of the customer's historical pattern of behavior or require a financial institution to file CTRs or SARs with the government. Although the customer may believe that there are obvious and reasonable facts and circumstances to explain a deviation in its historical financial transactions, the customer should not assume that its financial institution knows those facts or its anti-money laundering compliance department will consider a deviation as not suspicious. Indeed, a bank, for example, may not have any idea about changes in a customer's personal financial circumstances or its reason for withdrawing $20,000 in cash. As a result, it may conclude that these financial transactions, albeit within the law, deviate from the customer's normal behavior, meet certain minimum reporting requirements and, therefore, cause the customer's financial institution to file an SAR.

Recognizing that the primary objective of the BSA is to prevent individuals who are engaged in illicit activities from having access to the global financial markets and banking system, the reporting and recordkeeping requirements of the BSA know no boundaries. Because of the broad reach of the BSA, many financial institution customers are concerned that one or more of their financial transactions may be reported to the government. Indeed, their concern is real because a customer's financial transactions are subject to these same requirements and scrutiny notwithstanding that the customer may be entirely innocent of any illicit activity.

Furthermore, a customer's concern is justified because little, if any, guidance has been provided to the public about BSA "Best Practices." Notwithstanding that the BSA is essentially a tool for law enforcement to use, it is important for customers neither to fear the BSA nor to structure their financial affairs with the intent to evade its requirements.

Steps To Take

Here are a few recommendations for customers to follow in conducting financial transactions:

Communicate often with the account relationship manager, bank tellers, broker or sales associate, and customer service representatives about any anticipated unusual financial transactions;

Answer all questions when opening an account or explaining a financial transaction;

Provide the financial institution with accurate and truthful personal and business information;

Verify their information with a driver's license, passport or other documentation;

Establish and explain reasonable or lawful purposes when opening multiple accounts;

Deposit, withdraw, transfer, or exchange currency in the amount the customer desires;

Ask the financial institution questions about the BSA;

Review the BSA and its implementing regulation;

Understand the customer's recordkeeping obligations under the BSA;

Refrain from acting suspiciously by asking questions in an attempt to circumvent the recordkeeping or reporting requirements of the BSA; and

Ask whether a transaction or activity might be considered to be suspicious or unusual.


Financial institutions have a statutory obligation to identify and report suspicious transactions and activity. Indeed, arguably, a financial institution's primary focus is to report suspicious transactions and activities. This obligation is part of a financial institution's much broader requirement to establish and implement an adequate anti-money laundering and counter-terrorist financing program pursuant to the Bank Secrecy and USA PATRIOT Acts.

Although financial institutions generally focus on high risk customers and geographic areas with respect to reporting suspicious or unusual activities and implementing their anti-money laundering program, none of us is excluded from their continuous vigilance. Therefore, it is incumbent upon us to be familiar with the BSA laws and regulations and to be proactive in maintaining clear channels of communication with financial institutions.

By understanding the recordkeeping and reporting requirements that the BSA imposes on financial institutions and communicating regularly with account relationship managers and others familiar with their historical patterns of behavior, customers will enable them to be well informed about their financial transactions and activities and participate in the process by understanding the BSA requirements that relate to them as customers. By participating in the process, customers become part of it.1 The Currency and Foreign Transactions Reporting Act of 1970, otherwise known as the Bank Secrecy Act ("BSA"), and its implementing regulation 31 CFR 103.

2 31 CFR 103.11(n).

3 31 CFR 103.22.

4 31 CFR 103.11(h).

5 31 CFR 103.11(z) defines "person" as an individual, a corporation, a partnership, a trust or estate, a joint stock company, an association, a syndicate, joint venture, or other unincorporated organization or group, an Indian Tribe (as that term is defined in the Indian Regulatory Act), and all entities cognizable as legal personalities.

6 31 CFR 103.11(gg).

7 31 CFR 103.63.

8 31 CFR 103.11(gg).

9 31 CFR Sections 103.31 - 103.39.

10 31 CFR 103.38.

11 31 CFR Sections 103.15 - 103.21.

12 31 CFR 103.18.

13 Treasury Order Number 105-08, April 25, 1990.

14 FinCEN's Mission Statement.

15 FinCEN's Mission Statement.

16 USA Patriot Act of 2001, Public Law 107-56, Section 326.

Walter Pagano, CPA, CFE, MPA, a former IRS revenue agent, is the partner-in-charge of Eisner LLP's Litigation Consulting & Forensic Accounting Services Group & Tax Controversy Practice. Republished with permission of the June 2008 Privacy & Data Security Law Journal. Copyright ALEXeSOLUTIONS, INC.

Please email the author at with questions about this article.