Introduction
This How-to guide describes the procedure for appointing a compliance officer to ensure a financial institution’s compliance with the Bank Secrecy Act of 1970 (BSA), as amended by the USA PATRIOT Act of 2001 (PATRIOT Act). It explains the necessity of appointing an officer, the process of appointment, and the responsibilities of the officer. These requirements broadly relate to ‘financial institutions’, defined in BSA 31 USC section 5312(a)(2), to include insured banks, commercial banks, credit unions, currency exchanges, and pawnbrokers.
This guide incorporates practical tips, examples, and government guidance to aid your compliance with the applicable legislation. It is aimed at in-house lawyers and compliance professionals in financial institutions in the United States.
The guide covers the following:
- Overview
- Responsibilities, duties, and authority of a BSA compliance officer
- Factors to consider in appointing a BSA compliance officer
This guide may be read in conjunction with the following How-to guides: How to assess your organization for money laundering and terrorist financing risk, How to identify suspicious activity and make a Suspicious Activity Report (SAR) and How to monitor Bank Secrecy Act (BSA) compliance and Checklists: Initial response to a report of suspicious activity, Screening employees for roles in AML compliance, Staff awareness and training to prevent money laundering and terrorist financing and Being prepared for a visit by a financial regulator.
Section 1 – Overview
The BSA (31 USC section 5311 et seq.) is the primary US anti-money laundering (AML) law (PL 91-508). Under the law, the board of directors of a financial institution (as defined in 31 USC section 5312(a)(2)) must appoint a qualified person or persons to serve as the BSA compliance officer and be responsible for coordinating day-to-day compliance (as required by 12 CFR section 326.8(c)(3)).
The BSA has been amended to include certain provisions of Title III of the PATRIOT Act to detect, deter, and disrupt terrorist financing networks. The law establishes program, recordkeeping, and reporting requirements for federally regulated financial institutions and agencies of foreign banks to help deter and detect money laundering, terrorist financing, and other criminal acts.
1.1 Essentials of BSA compliance – the ‘five pillars’
In a joint statement on the enforcement of BSA and AML requirements, several federal agencies (including the Federal Deposit Insurance Corporation, Board of Governors of the Federal Reserve System, the Office of the Comptroller of Currency, and the National Credit Union Administration) referenced the following five pillars as the minimum security measures that institutions should have in place for an effective BSA compliance program:
- a system of internal controls to ensure there is ongoing compliance with the BSA;
- independent testing for BSA and AML compliance;
- a designated individual responsible for coordinating and monitoring BSA and AML compliance;
- training for appropriate personnel; and
- a Customer Identification Program (CIP) that includes risk-based procedures that ensure the financial institution can maintain a reasonable expectation that it knows the identity of its customers.
The designation of a BSA and AML compliance officer is one of the key pillars and, therefore, the position is essential to the success of the program as is illustrated below.
Example
In 2018, the Ninth Circuit, US Court of Appeals upheld a cease-and-desist order issued to the California Pacific Bank. California Pacific Bank was an insured state non-member bank with two business offices in California, fewer than 15 employees, and a small customer base of around 200 customers. The Federal Deposit Insurance Corporation (FDIC) issued an order finding that the bank had failed to establish and maintain a BSA compliance program in line with four of the above pillars. With regard to the designation of the BSA compliance order, the FDIC board determined that the BSA compliance officer lacked ‘the experience, training, and time to adequately perform’ that role. See, California Pacific Bank v. FDIC, 885 F. 3d 560 (9th Cir. 2018).
1.2 Responsibility for compliance – the board of directors
The board of directors of an organization is ultimately responsible for BSA compliance, although the board may delegate the implementation and operation of a compliance program to others. The board of directors of a financial institution is thus responsible for appointing a BSA compliance officer who is ‘fully knowledgeable of the BSA and all related regulations.’ See, Federal Financial Institutions Examination Council (FFIEC) BSA/AML Examination Manual (Mar. 2020).
The appointment of a BSA compliance officer by the board of directors is not by itself sufficient to meet the regulatory obligation to build and maintain a program adequately tailored to assure and monitor BSA compliance.
The board must ensure that the BSA compliance officer has sufficient power, independence, and resources to administer a sufficient BSA and AML compliance program based on the institution’s money laundering (ML), terrorist financing (TF), and other unlawful financial activity risk profile. This should include having the necessary controls in place and providing the requisite notices to law enforcement to deter and detect money laundering, terrorist financing, and other criminal acts that may be committed by customers.
The BSA compliance officer should update the board and senior management on the status of ongoing BSA compliance to ensure they are making informed choices about current risk exposure and the overall BSA and AML compliance program. Reporting on the status of ongoing compliance to the board of directors or a designated board committee should include pertinent BSA-related information, such as the mandated notification of suspicious activity report (SAR) filings.
For further information on the appointment of compliance personnel, see How-to guide: How to monitor Bank Secrecy Act (BSA) compliance and Checklist: Screening employees for roles in AML compliance.
Section 2 – Responsibilities, duties, and authority of a BSA compliance officer
Collective guidance from the Federal Financial Institutions Examination Council (FFIEC) provides insight into the parameters used to scrutinize the selection and appointment of a BSA compliance officer. The FFIEC Manual sets out the requirements when appointing a BSA compliance officer. The mere appointment of a BSA compliance officer will not suffice in meeting the regulatory requirement under 31 USC section 5318(h)(1) if the person appointed does not possess the expertise, authority, or time to satisfactorily complete the job.
The BSA compliance officer should, at a minimum:
- be extremely knowledgeable about the BSA and all the associated regulations (note that there is no requirement that the BSA compliance officer be an attorney provided that they are knowledgeable about the law in this area); and
- have a thorough understanding of the financial institution’s products, services, customers, entities, and locations, as well as the potentially relevant AML and TF risks.
In a rule proposed by the Financial Crimes Enforcement Network (FinCEN) on July 3, 2024 (Anti-Money Laundering and Countering the Financing of Terrorism Programs) the title of the ‘BSA Compliance Officer’ would be changed to the ‘AML/CFT Officer’. Although the title would be changed, the proposed rule does not impose new obligations on financial institutions. However, when the rule is made final, organizations should review it and all appropriate guidance, to ensure continued compliance.
The finalization of this rule may, however, be delayed due to a Presidential Action issued on January 20, 2025. The Action directed federal agencies to:
- pause all new rulemaking until a Trump-appointed official has reviewed and approved it;
- withdraw unpublished rules from the Federal Register for further review; and
- delay the effective date of recent regulations for at least 60 days, including AML/CFT-related rules.
For further information on screening employees for roles in AML compliance, see, Checklist: Screening employees for roles in AML compliance.
2.1 Overview of the position of a BSA compliance officer within a financial institution
The BSA compliance officer is in charge of coordinating and monitoring BSA and AML compliance on a daily basis. The BSA compliance officer is also tasked with overseeing all parts of the institution’s BSA and AML compliance program and its adherence to BSA regulatory standards. It is the responsibility of the board of directors to supervise senior management and the BSA compliance officer in their implementation of the board-approved BSA and AML compliance program for the institution. See, 12 CFR section 208.63.
2.2 BSA compliance officer’s duties and responsibilities
The BSA compliance officer is responsible for carrying out the directives of the financial institution’s board pertaining to all BSA and AML matters, including actioning the BSA and AML policies, procedures, and processes. The officer may delegate BSA and AML responsibilities to staff, but the officer is accountable to the board for monitoring the BSA and AML compliance program on a day-to-day basis. See, BSA/AML Manual, Assessing the BSA/AML Compliance Program – BSA Compliance Officer.
2.2.1 Responsibilities
The appointed BSA compliance officer has an extensive list of duties and responsibilities. When appointing the institution’s BSA compliance officer, the officer’s qualifications should be sufficient to accomplish the following tasks:
- ensuring compliance with laws and regulations about the BSA;
- remaining current regarding BSA and AML, the PATRIOT Act, Office of Foreign Assets Control, and Customer Identification Program, including any changes thereto;
- determining the effect of such laws, regulations, and/or changes on organization policies, procedures, and practices and recommending and implementing any changes necessary to remain in compliance with same;
- development, implementation, and coordination of AML systems and controls; and
- reporting to state and federal authorities in the event of suspicious activity that may include a wider range of financial crimes, such as tax evasion and fraud.
2.2.2 Duties
A list of the typical duties of a BSA Compliance Officer would include the following.
- Developing and maintaining written policies and procedures required to ensure the institution’s compliance with BSA and AML regulations and periodically assessing the institution’s BSA and AML policy to ensure the content is current.
- Administering a system of internal controls for compliance with BSA and AML, including the reporting of suspicious activity, throughout the institution’s functional areas and across product and service offerings. The FFIEC has provided guidance on how to test if an institution's internal controls properly assure BSA compliance.
- Supporting internal business teams with risk assessments of various activities that are typically associated with money laundering. For further information on assessing the risk of money laundering, see How-to guide: How to assess your organization for money laundering and terrorist financing risk.
- Providing or overseeing training on BSA and AML for the financial institution’s staff to ensure continued compliance with all regulatory and legal requirements. For more information on BSA and AML training, see Checklist: Staff awareness and training to prevent money laundering and terrorist financing.
- Establishing, developing, and maintaining a list of products, services, customers, and geographies for high-risk money laundering activities and periodically analyzing and updating the list accordingly.
- Conducting reviews of new customer portfolios and accounts to ensure that all required Customer Identification Program (CIP) information and documentation is obtained; continually communicating with branch and lending personnel to assure that missing items are received.
- Tracking and observing high-risk customers and accounts, and performing relevant record-keeping activities.
- Executing daily monitoring to identify suspicious activities or BSA violations.
- Regularly updating the board of directors and senior management about the status of ongoing compliance with the BSA and pertinent BSA-related information, including the required notification of SAR filings.
- Scrutinizing reports of suspicious activity – including cash purchases of negotiable instruments and transactions for over $10,000. For further information on responding to reports of suspicious activity, see Checklist: Initial response to a report of suspicious activity.
- Finalizing and filing Suspicious Activity Reports (SARs) with FinCEN and reports to the board of directors. For more information on SARs, see How-to guide: How to identify suspicious activity and make a Suspicious Activity Report (SAR).
- Working as the liaison for all outside audits and examinations for BSA and AML compliance.
- Managing and directing visits from independent auditors from state and federal governing bodies. For more information on preparing for an auditor visit, see Checklist: Being prepared for a visit by a financial regulator.
- Coordinating and performing responses to audits.
- Administering and inspecting procedures about reporting large currency transactions, including monitoring currency transaction reports (CTRs), addressing instances involving missing information, and filing the CTR. For more information, see Checklist: Currency transaction reporting requirements.
2.3 Authority and independence
It is essential that the BSA compliance officer has the ability to undertake the role without undue pressure from the financial institution. For instance, a BSA compliance officer is more likely to have an appropriate level of independence where clear lines of communication and reporting up to the board of directors (or a designated board committee) exist. Under these circumstances the BSA compliance officer has authority to identify and report concerns directly to senior management. Conversely, where the established lines of communication between the compliance officer and the board are not direct or are blurred, this may result in undue influence being placed on the compliance officer, and may be an indication that the officer has diminished independence in their role. This also blurs the chain of command with regard to the resolution of any issues that may arise.
2.4 Resources for BSA compliance officer
Make sure the BSA compliance officer has access to appropriate resources. For instance, ensure that there are staff with the skills and expertise required for the institution’s overall risk profile (based upon its products, services, customers, and locations), size and complexity, and its organizational structure.
There should also be surveillance and monitoring systems in place to support the timely identification, measurement, monitoring, reporting, and management of the institution’s AML, TF, and other unlawful financial activity risks.
Section 3 – Factors to consider in appointing a BSA compliance officer
To confirm that the institution’s board of directors has chosen a qualified individual or individuals to coordinate and monitor day-to-day BSA regulatory compliance, the board must determine whether the BSA compliance officer has the necessary power, independence, resources, and competency to carry out all his or her responsibilities.
3.1 Qualifications
When appointing the institution’s BSA compliance officer, there are a host of factors to consider prior to making the appointment, including the following:
- Smaller firms may consider hiring a part-time BSA compliance officer, but larger or more complex organizations should designate a full-time BSA compliance officer. If hiring is not feasible for smaller firms, consider designating another director as the primary point of contact in the event of an incident. This director will also be the primary lead should the institution need outside counsel or assistance.
- Although there is no regulatory requirement that the BSA compliance officer hold a specific job title, the appointment should be, at minimum, a director-level employee to ensure they can act with authority and independence in their professional environment and can have confidence to make the decisions required of them.
- Consider potential conflicts of interest, such as where the compliance officer also manages one of the business lines they are responsible for monitoring.
- The compliance officer must have the capacity to effectively interact with all levels of management, regulators, and examiners while maintaining strict confidentiality.
- The position should be held by an individual with the knowledge, experience, and authority to perform their duties effectively. A bachelor’s degree in a related field is normally required for this appointment, and specialized BSA compliance education or training is also desirable.
- The BSA compliance officer should have sufficient knowledge and understanding of the BSA and also the organization’s own AML regulations.
- The BSA compliance officer must have a thorough understanding of their organization’s products, services, and customers, as well as an understanding of relevant territorial legislation and the methodologies of the financial crimes they may have to investigate.
- The BSA compliance officer should have periodic BSA and AML compliance training that is updated regularly.
- The BSA compliance officer should possess strong decision making, analytical, investigative, and communication abilities combined with attention to detail and accuracy.
3.2 Continuity plan
Although successful placement of the institution’s BSA compliance officer is an important step in the AML risk management process, having a succession plan in place in the event of the absence or resignation of the officer is equally as important. The FFIEC manual provides specifically that an institution’s internal controls ‘[p]rovide for program continuity despite changes in operations, management, or employee composition or structure.’ To meet this obligation, the institution must have a BSA compliance officer succession plan. One way to implement such a succession plan would be to cross-train employees in both BSA and AML rules and regulations. Cross-training also has the benefit of giving employees a holistic view of the organization’s regulatory posture.
3.3 Success of a compliance officer
Appointing a well-qualified and attentive BSA compliance officer is the key to an institution’s success in limiting AML and TF risks. The BSA officer is responsible for rigorous regulatory compliance. As such, professional credentials are not enough, the ability to effectively communicate with senior management and the board of directors, implement an effective AML and TF program, and manage personnel is crucial to the appointee’s success.
Additional resources
Federal Financial Institutions Examination Council, BSA/AML Manual, Assessing the BSA/AML Compliance Program – BSA/AML Internal Controls
Federal Financial Institutions Examination Council, BSA/AML Manual, Assessing the BSA/AML Compliance Program – BSA Compliance Officer
Federal Financial Institutions Examination Council – BSA/AML Examination Manual
Federal Financial Institutions Examination Council – BSA/AML Internal Controls Examination Procedures
Related Lexology Pro content
How-to guides:
How to assess your organization for money laundering and terrorist financing risk
How to monitor Bank Secrecy Act (BSA) compliance
How to comply with due diligence requirements for financial institutions determined to be of primary money laundering concern
How to identify suspicious activity and make a Suspicious Activity Report (SAR)
How to identify relevant sanctions regimes and deal with conflicting obligations
How to ensure sanctions screening and sanctions due diligence is effective
Checklists:
Being prepared for a visit by a financial regulator
Currency transaction reporting requirements
Initial response to a report of suspicious activity
Screening employees for roles in AML compliance
Staff awareness and training to prevent money laundering and terrorist financing
Reliance on information posted:
While we use reasonable endeavours to provide up to date and relevant materials, the materials posted on our site are not intended to amount to advice on which reliance should be placed. They may not reflect recent changes in the law and are not intended to constitute a definitive or complete statement of the law. You may use them to stay up to date with legal developments but you should not use them for transactions or legal advice and you should carry out your own research. We therefore disclaim all liability and responsibility arising from any reliance placed on such materials by any visitor to our site, or by anyone who may be informed of any of its contents.