BSA/AML (Bank Secrecy Act / Anti-Money Laundering)
BSA/AML refers to the Bank Secrecy Act and anti-money laundering compliance framework that financial programs must maintain to detect, prevent, and report suspicious financial activity.
The Bank Secrecy Act (1970) requires financial institutions — including non-bank money service businesses — to maintain programs designed to detect and deter money laundering, terrorist financing, and other financial crimes. The core components of a BSA/AML program are: Customer Due Diligence (CDD), transaction monitoring, Suspicious Activity Reports (SARs), Currency Transaction Reports (CTRs), and OFAC screening.
For embedded finance programs, BSA/AML responsibility depends on the program model. Under a sponsor bank model, the bank is the primary BSA officer — but the fintech/platform has significant delegated responsibilities including customer onboarding, transaction monitoring, and escalation to the bank. Under an MTL model, the platform is the Money Service Business (MSB) and bears full BSA/AML responsibility.
BSA/AML program requirements include: a designated BSA Officer, written policies and procedures, employee training, independent audit, and ongoing transaction monitoring. The sophistication required scales with program volume and risk profile — a $10M monthly program needs meaningfully more robust monitoring than a $500K program.
Sponsor bank failure consequence: inadequate BSA/AML programs are the most common reason sponsor banks terminate fintech relationships. The 2024 BaaS regulatory environment has made banks significantly more rigorous about fintech BSA/AML program quality.