Answers to Frequently Asked Bank Secrecy Act (BSA) Questions

The following provides answers to basic questions that are frequently asked regarding the BSA. The answers are not meant to be comprehensive, apply to all factual situations, or to replace or supersede the BSA regulations. Additional questions and answers will be posted on a periodic basis.


Question 1: Is a depository institution required to file a Designation of Exempt Person form (FinCEN 110) in order to exempt transactions with a Federal Reserve Bank?

Answer 1: Depository institutions are not required to file a Designation of Exempt Person form (FinCEN 110) with respect to the transfer of currency to or from any of the 12 Federal Reserve Banks in accordance with an Interim Rule published by FinCEN in the Federal Register (65 FR 46356-46361) on July 28, 2000. This Interim Rule, which amends the CTR exemption regulation at 31 CFR 1020.315, became effective on July 31, 2000. (12/2017).

Question 2(a): Where can a depository institution obtain a copy of the Designation of Exempt Person form (FinCEN 110) which must be used to designate an eligible customer as an exempt person from currency transaction reporting rules of the Department of the Treasury (31 CFR 1020.315(c)).

Answer 2(a): The Designation of Exempt Person form is available from FinCEN’s web site at https://www.fincen.gov/resources/filing-information (12/2017).

Question 2(b): Where does a depository institution file the Designation of Exempt Person form?

Answer 2(b): The Designation of Exempt Person form is filed with FinCEN though the BSA E-Filing system at https://bsaefiling.fincen.treas.gov/main.html. (12/2017)

Question 2(c): Does FinCEN provide depository institutions with a confirmation of receipt of the Designation of Exempt Person form (FinCEN 110)?

Answer 2(c): Designation of Exempt Person form (FinCEN 110) is filed electronically with FinCEN through the BSA E-Filing system. The filing institution is provided an acknowledgement that the report has been received. (12/2017)

Question 3: There are frequently asked questions regarding Repeated SAR Filings on the same Activity. The following discussion is contained in Section 5 of The SAR Activity Review – Trends, Tips & Issues (October 2000).

Answer 3: One of the purposes of filing SARs is to identify violations or potential violations of law to the appropriate law enforcement authorities for criminal investigation. This is accomplished by the filing of a SAR that identifies the activity of concern. Should this activity continue over a period of time, it is useful for such information to be made known to law enforcement (and the bank supervisors). As a general rule of thumb, organizations should report continuing suspicious activity with a report being filed at least every 90 days. This will serve the purposes of notifying law enforcement of the continuing nature of the activity, as well as provide a reminder to the organization that it must continue to review the suspicious activity to determine if other actions may be appropriate, such as terminating its relationship with the customer or employee that is the subject of the filing. (12/2000)

Question 4: There are frequently asked questions regarding Filing SARs on Continuing Activity after Law Enforcement Contact. The following discussion is contained in Section 6 of The SAR Activity Review – Trends, Tips & Issues (June 2001).

Answer 4: In some instances, after the filing of one or more SARs, law enforcement has contacted a financial institution requesting more specific information with regard to the suspect activity or requesting identified supporting documentation. In other instances, a law enforcement agency has contacted a financial institution to report that it does not intend to investigate the matter reported on the SAR.

If conduct continues for which a SAR has been filed, the guidance set forth in the October 2000 SAR Activity Review (Section 5 – Repeated SAR Filings on the Same Activity) should be followed (i.e., organizations should report continuing suspicious activity with a SAR being filed at least every 90 days) even if a law enforcement agency has declined to investigate or there is knowledge that an investigation has begun. The filing of SARs on continuing suspicious activity provides useful information to law enforcement and supervisory authorities. Moreover, the information contained in a SAR that one law enforcement agency has declined to investigate may be of interest to other law enforcement agencies, as well as supervisory agencies. (6/2001)

Question 5: There are frequently asked questions regarding Filing SARs on Activity Outside the United States. The following discussion is contained in Section 6 of The SAR Activity Review – Trends, Tips & Issues (June 2001).

Answer 5: Consistent with the SAR regulations, it is expected that financial institutions will file SARs on activity deemed to be suspicious even when a portion of the activity occurs outside of the United States or the funds involved in the activity originated from outside the United States. Although foreign-located operations of U.S. organizations are not required to file SARs, an organization may wish, for example, to file a SAR with regard to suspicious activity that occurs outside the United States that is so egregious that it has the potential to cause harm to the entire organization. (It is, of course, expected that foreign-located operations of U.S. organizations that identify suspicious activity will report such activity consistent with local reporting requirements in the foreign jurisdiction where the operation is located.) (6/2001)

Question 6: There are frequently asked questions regarding Cessation of Relationship/Closure of Account as a result of the identification of suspicious activity.
The following discussion is contained in Section 5 of The SAR Activity Review – Trends, Tips & Issues (October 2000).

Answer 6: The closure of a customer account as the result of the identification of suspicious activity is a determination for an organization to make in light of the information available to the organization. A filing of a SAR, on its own, should not be the basis for terminating a customer relationship. Rather, a determination should be made with the knowledge of the facts and circumstances giving rise to the SAR filing, as well as other available information that could tend to impact on such a decision. It may be advisable to include the organization's counsel, as well as other senior staff, in such determinations. (12/2000)

Question 7: There are frequently asked questions regarding Timing for SAR Filings. The following discussion is contained in Section 5 of The SAR Activity Review – Trends, Tips & Issues (October 2000).

Answer 7: The SAR rules require that a SAR be filed no later than 30 calendar days from the date of the initial detection of the suspicious activity, unless no suspect can be identified, in which case, the time period for filing a SAR is extended to 60 days.

It may be appropriate for organizations to conduct a review of the activity to determine whether a need exists to file a SAR. The fact that a review of customer activity or transactions is determined to be necessary is not necessarily indicative of the need to file a SAR, even if a reasonable review of the activity or transactions might take an extended period of time. The time to file a SAR starts when the organization, in the course of its review or on account of other factors, reaches the position in which it knows, or has reason to suspect, that the activity or transactions under review meets one or more of the definitions of suspicious activity.

Of course, an expeditious review, wherever possible, is recommended and can be of significant assistance to law enforcement. In situations involving violations of law requiring immediate attention, the organization should immediately notify appropriate law enforcement and supervisory authorities, in addition to filing a SAR. (12/2000)

Question 8: There are frequently asked questions regarding the Disclosure of SARs and Underlying Suspicious Activity. The following discussion is contained in Section 5 of The SAR Activity Review – Trends, Tips & Issues (October 2000).

Answer 8: Federal law (31 U.S.C. 5318(g)(2)) prohibits the notification of any person that is involved in the activity being reported on a SAR that the activity has been reported. This prohibition effectively precludes the disclosure of a SAR or the fact that a SAR has been filed. However, this prohibition does not preclude, under Federal law, a disclosure in an appropriate manner of the facts that are the basis of the SAR, so long as the disclosure is not made in a way that indicates or implies that a SAR has been filed or that the information is included on a filed SAR.

The prohibition against disclosure can raise special issues when SAR records are sought by subpoena or court order. The SAR regulations direct organizations facing those issues to contact their primary supervisor, as well as FinCEN, to obtain guidance and direction on how to proceed. In several matters to date, government agencies have intervened to ensure that the protection for filing organizations and the integrity of the data contained within the SAR database remain intact. (12/2000)

Question 9: There are frequently asked questions regarding the Prohibition on Notification. The following discussion is contained in Section 6 of The SAR Activity Review – Trends, Tips & Issues (June 2001).

Answer 9: As set forth in the October 2000 SAR Activity Review (Section 5 – Disclosure of SARs and Underlying Suspicious Activity), Federal law (31 U.S.C. 5318(g)(2)) prohibits the notification to any person that is involved in the activity being reported on a SAR that the activity has been reported. This prohibition extends to disclosures that could indirectly result in the notification to the subject of a SAR that a SAR has been filed, effectively precluding the disclosure of a SAR or even its existence to any persons other than appropriate law enforcement and supervisory agency or agencies. This prohibition does not preclude, under Federal law, a disclosure in an appropriate manner of the facts that are the basis of the SAR, so long as the disclosure is not made in a way that indicates or implies that a SAR has been filed or that information is included on a filed SAR.

In the rare instance when suspicious activity is related to an individual in the organization, such as the president or one of the members of the board of directors, the established policy that would require notification of a SAR filing to such an individual should not be followed. Deviations to established policies and procedures so as to avoid notification of a SAR filing to a subject of the SAR should be documented and appropriate uninvolved senior organizational personnel should be so advised.

The prohibition on notification of a SAR filing can raise special issues when SAR filings are sought by subpoena or court order. The SAR regulations direct organizations facing these issues to contact their primary supervisor, as well as FinCEN, to obtain guidance and direction on how to proceed. In several matters to date, government agencies have intervened to ensure that the protection for filing organizations and the integrity of the data contained within the SAR database remain intact. (6/2001)

Question 10: There are frequently asked questions regarding Disclosure of SAR Documentation. The following discussion is contained in Section 6 of The SAR Activity Review – Trends, Tips & Issues (June 2001).

Answer 10: Under the SAR regulations, institutions filing SARs should identify within the SAR, and are directed to maintain all "supporting documentation" related to the activity being reported. Disclosure of supporting documentation related to the activity that is being reported on a SAR does not require a subpoena, court order, or other judicial or administrative process. Under the SAR regulations, financial institutions are required to disclose supporting documentation to appropriate law enforcement agencies, or FinCEN, upon request. (6/2001)

Question 11: There are frequently asked questions regarding the Applicability of Safe Harbor. The following discussion is contained in Section 6 of The SAR Activity Review – Trends, Tips & Issues (June 2001).

Answer 11: The safe harbor provisions applicable to SAR filings provide a safe harbor for organizations that provide a SAR to all authorized government personnel, including Federal, state, and local authorities. Similarly, the safe harbor provisions apply even if the report of activity that is a possible violation of law or regulation is made orally or in some form other than through the use of a SAR. (6/2001)

Question 12a: A business customer of a depository institution provides payroll checks to individual employees for work performed. Each payroll check is under $10,000. However, several employees cash their payroll checks individually on the same business day, which results in an aggregate cash out from the business customer’s account in an amount exceeding $10,000. Would the institution be required to file a CTR, if no one person received an amount in excess of $10,000?

Answer 12a: The financial institution would not need to file a CTR because it would not be involved in a single cash transaction (or multiple cash transactions for which a duty to aggregate would arise) of more than $10,000. A financial institution must treat multiple transactions in currency as a single transaction if the financial institution has knowledge that the multiple transactions are "by or on behalf of any person" and result in cash in or cash out totaling more than $10,000 during any one business day. According to the facts described above, the cashing of checks would be conducted by or on behalf of each individual employee (rather than the business on whose account each check is drawn), and no one employee would be cashing more than $10,000 in a single transaction or in multiple transactions during the same business day.

Question 13b: Would a CTR be required if several individual employees endorsed their respective payroll checks (all individual payroll checks are under $10,000 but combined they aggregate to an amount that exceeds $10,000), and made the checks payable to one employee who, in turn, cashed them at a financial institution for the purpose of distributing the proceeds back to the individual employees?

Answer 13b: A CTR would be required in this instance because one person is receiving more than $10,000 in currency. (10/2001).

Question 13c: Is a CTR required when a person presents a check, in excess of $10,000, for payment in cash at a financial institution and receives less than $10,000 after fees, or other deductions, are charged against the amount of the check?

Answer 13c: The BSA only requires a CTR for a transaction in currency, such as a deposit, withdrawal, exchange or transfer of currency, in excess of $10,000. A transaction in currency involves the physical transfer of currency from one person to another. Accordingly, the transfer of currency below $10,000 would not trigger the CTR requirement, despite the amount of the check. For example, if a person cashed a check for $10,100 and received $9,990 after a service fee was charged against the amount of the check, the financial institution would not be required to file a CTR. On the other hand, if a person purchased a cashier’s check for $9,990 and paid a service fee of $20 for a total of $10,010 in cash, the financial institution would be required to file a CTR. The key lies in the amount of the physical deposit, withdrawal, exchange or transfer of currency. (10/2001).

Question 14: Is a state-licensed check-cashing business exemptible under the BSA?

Answer 14: The CTR exemption regulations do not distinguish between a “licensed” or “non-licensed” business. In determining whether any check-cashing business is eligible for exemption from currency transaction reporting requirements, a depository institution must determine whether the business falls into either of two categories described below: (12/2017)

1. An entity listed on one of the major national stock exchanges, or a subsidiary of an entity listed on those stock exchanges as described in 31 CFR § 1020.315). If a customer falls under one of the categories identified in 31 CFR § 1020.315, the depository institution does not need to determine if the business activity is considered ineligible for exemption as identified in 31 CFR § 1020.315(e)(8). Once the depository institution has determined that the customer qualifies for an exemption based on the above criteria, the depository institution may file a one-time DEP form.

2. A non-listed business, if the criteria of 31 CFR § 1020.315 are met. Determining if a business can be considered a non-listed business depends, in part, on whether the customer is primarily engaged in one or more of the ineligible business activities listed in 31 CFR § 1020.315. If primarily engaged in such ineligible business activities, then the customer cannot be treated as a non-listed business.

a. One of the ineligible business activities listed in 31 CFR § 1020.315 is serving as a financial institution. Under the BSA, the definition of “Financial Institution” includes money services businesses (MSBs) [31 CFR 1010.100(ff)]. A check casher is defined as an MSB if it cashes checks in an amount greater than $1,000 in currency or monetary instruments for any one person in any one day in one or more transactions [31 CFR 1010.100(ff)(2)]. Consequently, if the check casher meets the definition of an MSB, it is considered to be serving as a financial institution. Therefore, if the check casher is defined as an MSB and is primarily engaged (see item b. below) in the business of cashing checks [or other ineligible business activity listed in 31 CFR § 1020.315, then it is ineligible for treatment as an exempt person.

b. If a business engages in multiple business activities (e.g., money transmission in addition to check cashing), it may be treated as a non-listed business so long as no more than 50% of its gross revenues is derived from one or more of the ineligible business activities listed in § 1020.315.

Example 1: A check casher (whether licensed or non-licensed) that cashes checks in an amount less than $1,000 in currency or monetary instruments for any one person on any one day and is not involved in any other ineligible business activity, or derives no more than 50% of its gross revenue from any such business, may be exempted from CTR reporting requirements as a non-listed business (assuming that all other criteria listed in 31 CFR § 1020.315 are met).

Example 2: A check casher (whether licensed or non-licensed) that cashes checks in an amount more than $1,000 in currency or monetary instruments for any one person on any one day and derives more than 50% of its gross revenue from cashing checks (and/or other ineligible business activity) may not be exempted from CTR reporting requirements as a non-listed business because it is serving as a financial institution under the BSA regulations.

Question 15: Does FinCEN prepare and distribute training materials, such as videos, on the BSA reporting and recordkeeping requirements?

Answer 15: FinCEN does not currently prepare or distribute training videos or materials. FinCEN frequently participates in conferences and other forums to discuss BSA reporting and recordkeeping requirements, developments relating to FinCEN's regulations, and counter money laundering efforts.

FinCEN’s publications also impart information that may be useful in the preparation of training materials, such as SAR Guidance, Strategic Analytical Reports, and The SAR Activity Review: Trends, Tips & Issues, which are available on FinCEN’s web site under the tab for “Reports & Publications". FinCEN also frequently issues guidance to financial institutions on BSA reporting and recordkeeping requirements.

Furthermore, financial institutions, particularly depository institutions such as banks, thrifts and credit unions, have significant resource materials available to help them train from their industry associations and other sources in the private sector. In addition, the primary regulators may also provide publications and resource material to use in BSA training and may be consulted on BSA compliance issues.(10/2001).

Question 16: When a Federal, state or local government official, as part of his or her official duties, engages in a transaction in currency over $10,000, or purchases a monetary instrument for more than $3,000 in currency, as a non-accountholder, what kind of identifying information must a financial institution obtain?

Answer 16: Government officials sometimes need to conduct large currency transactions as part of their official duties. For example, a law enforcement official may wish to convert seized currency into monetary instruments for security reasons. Banks are not required to file a CTR when a Federal, state or local government official, as part of his or her official duties, engages in a transaction in currency over $10,000. In addition, banks do not need to file a Designation of Exempt Person form (FinCEN Form 110) for customers that are a department or agency of the United States, of any State, or of any political subdivision of any State. A bank should, however, take the steps to ensure that the customer is eligible for the exemption (that the customer is a government official conducting business on behalf of a government agency) and document the basis for that determination (e.g., reviewing the customer’s law enforcement credentials or government photo ID). Non-bank financial institutions, however, are required to file a CTR when a Federal, state or local government official, as part of his or her official duties, engages in a transaction in currency over $10,000.

Regardless if a financial institution is required to file or voluntarily files a currency transaction report for this scenario, it generally is required only to obtain, verify, and record identifying information pertaining to the agency for which the individual is working. Thus, any employee identification number, address, or other identifying information obtained should correspond to the government agency involved, and not the government official conducting the transaction.

Notwithstanding the above, a financial institution should still obtain and record the name of the government official conducting the transaction. Regarding the purchase of a monetary instrument for more than $3,000 in currency, a financial institution should record the name and date of birth of the government official, for the financial institution’s records. (12/2018)

Questions 17: Can you provide guidance on how money services businesses should conduct independent reviews of their anti-money laundering programs?

Answer 17: There are frequently asked questions regarding how to conduct independent reviews on money services business anti-money laundering programs. FinCEN has issued the following guidance 1.

The Bank Secrecy Act requires money services businesses to establish anti-money laundering programs that include “an independent audit function to test programs.” In implementing this requirement, we determined to make clear that money services businesses are not required to hire a certified public accountant or an outside consultant to conduct a review of their programs. Rather, the relevant Bank Secrecy Act regulation requires money services businesses to establish anti-money laundering programs with written policies and procedures that:

Provide for independent review to monitor and maintain an adequate program. The scope and frequency of the review shall be commensurate with the risk of the financial services provided by the money services business. Such review may be conducted by an officer or employee of the money services business so long as the reviewer is not the person designated in paragraph (d)(2) of this section.

The primary purpose of the independent review is to monitor the adequacy of the money services business’ anti-money laundering program. The review should determine whether the business is operating in compliance with the requirements of the Bank Secrecy Act and the business’ own policies and procedures. Each money services business should identify and assess the money laundering risks that may be associated with its unique products, services, customers, and geographic locations. Regardless of where risks arise, money services businesses must take reasonable steps to manage them. Each money services business should focus resources on the areas of its business that management believes pose the greatest risks, and the level of sophistication of the associated internal controls should be appropriate for the size, structure, risks, and complexity of the money services business.

Question 18(a): What should be done during the review? The review should provide a fair and unbiased appraisal of each of the required elements of the company’s anti-money laundering program, including its Bank Secrecy Act-related policies, procedures, internal controls, recordkeeping and reporting functions, and training.

Answer 18(a): The review should include testing of internal controls and transactional systems and procedures to identify problems and weaknesses and, if necessary, recommend to management appropriate corrective actions. For example, if the program requires that a particular employee or category of employee should be trained once every six months, then the independent testing should determine whether the training occurred and whether the training was adequate.

The review also should cover all of the anti-money laundering program actions taken by – or defined as part of the responsibility of – the designated compliance officer. These actions include, for example, the determination of the level of money laundering risks faced by the business, the frequency of Bank Secrecy Act anti-money laundering training for employees, and the adoption of procedures for implementation and oversight of program-related controls and transactional systems.

Question 18(b): Who should conduct the review?

Answer 18(b): Our regulations require an independent review, not a formal audit by a certified public accountant or third-party consultant. Accordingly, a money services business does not necessarily need to hire an outside auditor or consultant. The review may be conducted by an officer, employee or group of employees, so long as the reviewer is not the designated compliance officer and does not report directly to the compliance officer.

Question 18(c): How often should the review occur?

Answer 18(c): The review should be conducted on a periodic basis. The scope and frequency of the review will depend on the money services business’ risk assessment, which should take into account the business’ products, services, customers, and geographic locations. For some money services businesses, based on their risk assessments, an annual review may not be necessary; for others, more frequent review may be warranted. For example, if the money services business’ risk assessment changes, more frequent review may be prudent. Similarly, if compliance problems are identified in a review, it may be advisable to advance the date of the next review to confirm that corrective actions have been taken.

Question 18(d): Should the review be documented in some manner and reported to management?

Answer 18(d): Yes. The person or persons responsible for conducting the review should document the scope of the review, procedures performed, transaction testing completed, if any, findings of the review, and recommendations to management for corrective actions, if any. After the review, the reviewer or the designated compliance officer should track deficiencies and weaknesses discovered during the review and document corrective actions taken by the money services business. All of the documentation should, as appropriate, be made accessible to government examiners and law enforcement personnel who have authority to examine such documents. (9/2006)