the risk management blog

Building a Culture of Compliance around BSA/AML – Guidance from FinCEN

byLowers & Associates | July 05, 2016
culture of compliance

In simpler times, the Bank Secrecy Act (BSA) regulated the Anti-Money Laundering (AML) activities of banks, as the name implies. In our globalized and networked world, it has expanded to cover financial institutions ranging from the biggest banks to mom and pop check cashing, or money transfer operations running out of storefronts in a mall. The Financial Crimes Enforcement Network (FinCEN) has launched actions against businesses across this spectrum for violations of BSA/AML requirements.

One thing all these businesses have in common is a culture of compliance with BSA/AML regulations—or not. Enforcement actions have identified a weak culture of compliance as one of the causes of violations, which can result from the actions of employees at virtually any level of an organization.

Treating compliance as an item to check off of the to-do list is not likely to build an effective culture of compliance. Why should a financial institution spend the time and money to do better? The answer is that the reports mandated by the BSA—such as Currency Transaction Reports (CTRs) and Suspicious Activity Reports (SARs)—are a crucial part of the information flow that law enforcement agencies use to find and establish relationships among actors. In some cases, these actors are committing serious crimes or even funding terrorism. As Jennifer Calvery, Director of FinCEN, put it in a 2014 speech:

These laws are meant to protect the integrity of the financial system by leveraging the assistance of financial institutions to make it more transparent and resilient to crime and security threats, and to provide information useful to law enforcement and others to combat such threats.

FinCEN has issued guidance on how financial institutions can build an effective culture of compliance. BSA regulations are built on the recognition that different types and sizes of institutions have different risk profiles, and allow for appropriate variance in compliance because of it. But even though the scale and investment in compliance varies, the issues addressed are the same in every financial institution.

Here’s a summary of some of the factors a compliance program should address:

  • The tone at the top matters. Leadership has to be trained in BSA/AML enough to understand its importance and commit sufficient resources to it to create an effective program. They need to understand how the reports are used and why they are necessary in order to support the compliance program and communicate its importance internally. Leading by example sets an important expectation.
  • There has to be a person or role that is responsible for the BSA/AML compliance program and is answerable for its performance. This person should become the institutional expert in these regulations and help to train appropriately throughout the institution. Leadership has to devote adequate resources to support this function.
  • The design and implementation of the program should ensure that necessary information gets to the person or role who can act on it. In many institutions, information is compartmentalized or contained in one branch office. Appropriate sharing about transactions, accounts and customers can contribute strongly to effective compliance.
  • Institutions have to be prepared to act in compliance with the information it discovers, even when that may have a temporary financial impact. Submitting appropriate reports, even when they go against the grain, will create a better business climate in the long term.
  • The whole compliance program should be reviewed by a third party expert on a regular basis.


Financial institutions with effective cultures of compliance will provide essential data to law enforcement, avoid enforcement actions, and contribute to our security.

Taking it seriously is worthwhile.

Looking for a third party review of your compliance program? Contact our BSA/AML compliance experts for an introductory conversation.


Lowers & Associates provides comprehensive enterprise risk management solutions to organizations operating in high-risk, highly-regulated environments and organizations that value risk mitigation.
View all posts by Lowers & Associates >