This checklist is intended to assist managers, in-house counsel, and compliance teams at financial institutions who are responsible for appointing compliance personnel as required by the Currency and Foreign Transactions Reporting Act of 1970 (commonly referred to as the Bank Secrecy Act (BSA)), as amended by the USA PATRIOT Act of 2001. These Acts contain provisions to prevent money laundering (ML), terrorist financing (TF), and other illicit financial activity.
This checklist provides an overview of the key steps for ensuring effective screening of employees for roles in anti-money laundering (AML) compliance, including:
- Verify candidate’s background
- Verify candidate’s skills and knowledge
- Conduct ongoing screening as appropriate
This checklist is presented as a list of tasks that you can tick off as they are addressed. At the end of the document, there are explanatory notes corresponding to the requirements in the checklist.
This checklist can be used in conjunction with How-to guides: How to monitor Bank Secrecy Act (BSA) compliance, How to assess your organization for money laundering and terrorist financing risk. and Checklist: Staff awareness and training to prevent money laundering and terrorist financing.
The checklist provides generally applicable guidance. Each organization should confirm whether the BSA or related regulations contain additional sector-specific requirements for staff screening.
Step 1 – Verify candidate’s background
| No. | Task |
| 1.1 | Check references |
| 1.2 | Check employment history |
| 1.3 | Check education and license/certification history |
| 1.4 | Check history of regulatory or criminal action |
| 1.5 | Perform other relevant checks as appropriate |
Step 2 – Verify candidate’s skills and knowledge
| No. | Task |
| 2.1 | Check training and competence |
| 2.2 | Administer testing as appropriate |
Step 3 – Conduct ongoing screening as appropriate
| No. | Task |
| 3.1 | Identify relevant employees |
| 3.2 | Schedule periodic re-screening |
| 3.3 | Conduct internal audits and appraisals |
| 3.4 | Obtain periodic verifications from employees |
General notes
Legal framework
Although individual requirements may vary depending on the type and size of the institution, there are five key pillars to the BSA compliance requirements that financial institutions must have in place:
- internal compliance policies and controls;
- independent compliance testing to be performed by the financial institution or an outside party;
- personnel responsible for coordinating and monitoring day-to-day compliance;
- an employee training program; and
- a Customer Identification Program (CIP) that includes risk-based procedures for ensuring that the financial institution can maintain a reasonable expectation that it knows the identity of its customers.
See, 31 CFR sections 1010.210, 1023.210, 1024.210, 1026.210; 12 CFR sections 208.63(c), 326.8(c), 748.2(c), and 21.21(d).
The third pillar – that the institution appoints personnel to coordinate and monitor day-to-day compliance – is critical to the success of the other four pillars. The Federal Financial Institutions Examination Council (FFIEC), which is composed of federal and state financial regulators, provides some guidance about the necessary qualifications for compliance staff.
Compliance personnel must be competent, as demonstrated by their knowledge of the BSA and related regulations, the implementation of the bank’s BSA and AML compliance program, and an understanding of the bank’s ML, TF, and other illicit financial activity risk profile associated with its banking activities.
There are no bright lines for assuring appropriate competence. There is likewise no requirement that individuals responsible for overall BSA compliance carry a particular title within their organizations. Rather, what is important is that the individual responsible for compliance has the appropriate authority, independence, and access to resources within the bank. Indicators of appropriate independence of a BSA compliance officer may include:
- clear lines of reporting and communication up to the board of directors or a designated board committee that do not compromise the BSA compliance personnel’s independence;
- the ability to undertake the BSA compliance role without undue influence from the bank’s business lines; and
- identification and reporting of issues to senior management and the board of directors.
The guidance also notes that examiners should confirm that the bank’s board of directors has designated an appropriately qualified individual or individuals to be responsible for the overall BSA and AML compliance program. Examiners should review reports to the board of directors and senior management regarding the status of ongoing compliance and pertinent BSA-related information, including the required notification of SAR filings. Examiners should confirm that BSA compliance personnel have the appropriate authority, independence, and access to resources. See, FFIEC Bank Secrecy Act/Anti-Money Laundering Examination Manual, BSA Compliance Officer.
Explanatory notes
Overview
The BSA and related AML laws and rules are among the most complex regulatory regimes in the United States. The BSA’s legal framework emphasizes the ongoing nature of compliance requirements for financial institutions. It is vital that compliance staff stay abreast of regulatory changes, as well as changes in their organization’s risk profile. In this context, screening compliance staff candidates and conducting regular staff training and appraisals are particularly important for financial institutions.
Please also refer to How-to guides: How to monitor Bank Secrecy Act (BSA) compliance and How to appoint a Bank Secrecy Act (BSA) compliance officer.
Qualities such as personal integrity, honesty, and trustworthiness are essential for any profession, but are particularly important for financial institutions. Financial institutions are legally required to maintain effective compliance processes for combating illicit financial activity. These institutions must be able to depend on the integrity, honesty, and trustworthiness of their personnel. A thorough vetting process for compliance candidates is vital.
Step 1 – Verify the candidate’s background
Given the importance of both competence and integrity in BSA compliance roles, conduct verification procedures for each candidate that the organization is seriously considering for a position in compliance. It is important to verify that a candidate’s background and level of competence are appropriate to the duties of a role in compliance.
1.1. Check references
The candidate should provide a list of professional references and the organization should contact each of them to confirm that the written and verbal information given by the candidate is accurate. It is useful to create a list of questions or points of information to gather from the referee to address the core competencies required for the role. Questions may relate to the following:
- the referee’s relationship with the candidate;
- whether the referee has ever worked professionally with the candidate;
- evidence of the candidate’s personal character traits;
- the candidate’s strengths and weaknesses;
- whether the referee believes that the candidate is qualified for the role of BSA compliance officer and the reasons why; and
- whether there is any information the referee is unwilling to give and, if so, whether the referee can connect the organization with an individual who has that information and may be willing to provide it.
Asking prior employers for references can be problematic. Many employers are hesitant to provide employee references due to a fear of defamation lawsuits or retaliation claims. Employers often direct their human resources departments to provide only minimal information when asked for a reference. This minimal information is usually limited to confirmation of employment dates and job titles. Employers are reluctant to provide even positive information, because of the negative inferences that may be drawn from a failure to say anything. Such reticence makes it difficult to gather meaningful insights about a candidate’s performance or character.
1.2. Check employment history
The candidate should provide their full employment history and description of past duties. The organization should confirm that the employment information given by the candidate is accurate. This stage of the screening procedure is important from both trust and competency perspectives. It helps to ensure that the candidate has:
- been truthful about his or her background;
- performed satisfactorily in previous posts; and
- acquired experience or other qualifications required for the new role with the organization.
The following are some questions to ask past or current employers:
- What was the candidate’s professional title when working for the employer?
- What were the candidate’s responsibilities while working for the employer?
- Which of the candidate’s skills and attributes make them suitable for the role of BSA compliance officer?
- Would the employer rehire the candidate?
1.3. Check education and license/certification history
The candidate should provide their full education and professional training history which the organization should confirm with the education and training providers. It is also important to verify whether licenses or certifications are current. As with reference and employment history checks, this step helps to verify both trustworthiness and competence.
There is no specific academic qualification required to become a BSA compliance officer. Thus, it is critical that the organization carefully reviews and verifies the education history of any candidate to ensure that the candidate is proficient in the application of the rules, regulations, and additional requirements related to the BSA.
1.4. Check history of regulatory or criminal action
Ask the candidate whether they have ever been the subject of any regulatory or criminal action and if so, the outcome. No matter what the candidate’s answer is, it is important to ensure that an independent and thorough inquiry is made into the matter. Any past disciplinary or criminal action against the candidate may completely disqualify them from the recruitment process.
The State of North Carolina presents a good illustration of how to conduct a background check. The N.C. Administrative Office of the Courts (NCAOC) offers ongoing remote access to criminal and civil court data across all N.C. counties through the Remote Public Access (RPA) program. RPA licensees can access real-time data or obtain bulk data extracts. Benefits include conducting statewide criminal background checks and civil searches conveniently from your office, business, or agency. Available information includes criminal records (such as pending cases and prior convictions), infractions, tax liens, evictions, and judgments. Real-time access provides the same information as public access computers at any courthouse, ensuring data accuracy and reducing the risk of violations under the Fair Credit Reporting Act.
For those with statutory authority, the N.C. State Bureau of Investigation (SBI) offers a Statewide Background Check for Employees.
Many states have begun enacting what are commonly referred to as ’clean slate’ laws. These laws expunge misdemeanors and other minor offenses from a person’s record. For example, in 2025 Washington, D.C. passed the Second Chance Amendment Act, which will begin automatically expunging marijuana possession and other decriminalized offenses in January 2026. Virginia’s clean slate law is currently scheduled to take effect July 1, 2026, and it covers many misdemeanor convictions and expands eligibility to include some previously overlooked offenses.
1.5. Perform other relevant checks as appropriate
Given the great importance of integrity and trust in compliance roles, additional inquiries may provide insights into a candidate’s character. These additional checks might include:
- the candidate’s credit history and credit score; and
- conducting internet and social media searches. Employers in many states are, however, barred from demanding an employee’s or potential employee’s log-in credentials for social media, so any such search will be limited to what is available to the public at large.
Step 2 – Verify candidate’s skills and knowledge
2.1. Check training and competence
The organization should ensure that the candidate is qualified for the role. This includes making sure that the candidate has an education and employment history that shows an ability to complete the specific tasks of the role. The organization should note and assess the information provided by a candidate’s references that relates to the candidate’s skills and experience and that may enable him or her to successfully fulfill the position of BSA compliance officer.
As technology evolves, the organization should also consistently check employees for competence in the intersection between technology and BSA compliance. As seen in an investigation of financial technology company Block, there are AML concerns surrounding all transactions, including those involving cryptocurrency. Necessary due diligence is required for all applicable financial transactions, and organizations need to have prepared employees that can handle that type of compliance work.
2.2. Administer testing as appropriate
Depending on the role, you may invite the candidate to undergo testing to verify that they possess the knowledge and practical skills required. It may be appropriate to test certain candidates in subjects such as:
- knowledge of the BSA and related regulations;
- their ability to implement BSA and AML compliance programs; and
- their ability to assess ML, TF, and other illicit financial activity risks associated with the organization.
Step 3 – Conduct ongoing screening as appropriate
Financial regulators periodically review the overall adequacy of an organization’s BSA and AML compliance program. Having qualified compliance staff is a key component of any compliance program. The organization should ensure that compliance staff are up to date on regulatory revisions and changes in the organization’s risk profile, including the organization’s higher-risk products, services, customers, and locations.
3.1. Identify relevant employees
Certain key employees may be more critical or have higher-risk roles in relation to AML compliance. Those employees who are key or higher risk must be identified by the financial institution based upon the structure of their organization. The organization should, where appropriate, conduct targeted re-screening to ensure that employees maintain the necessary knowledge and training for their roles as they change or evolve.
3.2. Schedule periodic re-screening
The organization should schedule periodic re-screening or testing for those roles identified as critical or higher risk (which, as above, will need to be determined within each financial institution). This step complements staff awareness and BSA and AML training requirements. It also helps to ensure that the organization is fulfilling its ongoing duty under the BSA to align its compliance program with regulatory changes and changes in its own risk profile.
3.3. Conduct internal audits and appraisals
The organization’s ongoing compliance obligations include both employee training and independent testing and audits of its compliance program. Within this framework, regular staff performance reviews and competence appraisals should be conducted to ensure that compliance staff continue to have the appropriate knowledge and skills for their positions. Review and appraisal may include periodic testing and assessment by independent auditors.
3.4. Obtain periodic verifications from employees
Self-reporting is an essential part of screening. The organization should impose a duty on relevant employees to report any violations that could affect their ability to perform their jobs. Employees also have a duty to keep their certifications and training up to date.
Additional resources
Related Lexology Pro content
How-to guides:
How to assess your organization for money laundering and terrorist financing risk
How to monitor Bank Secrecy Act (BSA) compliance
How to appoint a Bank Secrecy Act (BSA) compliance officer
How to comply with due diligence requirements for financial institutions determined to be of primary money laundering concern
How to identify suspicious activity and make a Suspicious Activity Report (SAR)
How to identify relevant sanctions regimes and deal with conflicting obligations
How to ensure sanctions screening and sanctions due diligence is effective
Checklists:
Being prepared for a visit by a financial regulator
Currency transaction reporting requirements
Initial response to a report of suspicious activity
Staff awareness and training to prevent money laundering and terrorist financing
Reliance on information posted:
While we use reasonable endeavors to provide up to date and relevant materials, the materials posted on our site are not intended to amount to advice on which reliance should be placed. They may not reflect recent changes in the law and are not intended to constitute a definitive or complete statement of the law. You may use them to stay up to date with legal developments but you should not use them for transactions or legal advice and you should carry out your own research. We therefore disclaim all liability and responsibility arising from any reliance placed on such materials by any visitor to our site, or by anyone who may be informed of any of its contents.