Skip to content
  • There are no suggestions because the search field is empty.

FinCEN Compliance Checklist for Community Banks

Bank Secrecy Act (BSA) & Anti-Money Laundering Compliance Checklist

The Financial Crimes Enforcement Network (FinCEN) is the United States financial intelligence unit and is responsible for administering and enforcing Anti-Money Laundering (AML) requirements under the Bank Secrecy Act (BSA). Community banks operating within the United States are required to establish, maintain, and administer a risk-based AML compliance program designed to detect and prevent money laundering, terrorist financing, fraud, and other financial crimes.

This checklist is intended to help community banks understand the core compliance requirements that may apply to their institution. While specific regulatory expectations may vary based on asset size, geographic footprint, customer base, products, services, and risk profile, all community banks are expected to maintain an effective BSA/AML compliance framework and demonstrate ongoing compliance during regulatory examinations.

A community bank is generally considered a financial institution subject to FinCEN regulations if it accepts deposits, makes loans, processes payments, maintains customer accounts, facilitates wire transfers, issues cashier's checks, provides treasury management services, or offers other banking products and services. These institutions may serve retail customers, small businesses, commercial clients, non-profit organizations, municipalities, and other legal entities.

If your organization operates as a community bank within the United States, it is important to ensure that your AML compliance program meets FinCEN requirements and aligns with regulatory expectations established by federal banking agencies. Failure to maintain an effective compliance program can result in regulatory enforcement actions, monetary penalties, reputational damage, and increased scrutiny from examiners.

Required - Mandatory by regulation

Needs tool - Technology required

BSA/AML Program Framework

  • Written BSA/AML compliance program approved by Board of Directors Required
  • Designated BSA Officer with authority and sufficient resources Required
  • Provide regular reporting of BSA/AML activities to Board and senior management Required
  • Document and maintain a BSA/AML risk assessment (enterprise-wide) Required
  • Establish AML/BSA policies and procedures tailored to bank's risk profile Required
  • Annual independent audit of BSA/AML program (internal or external) Required
  • Comprehensive AML training program for all employees (annual minimum) Required
  • Training for Board and senior management on AML compliance requirements Required

Customer Identification Program (CIP) & Due Diligence

  • Collect and verify identity of all customers at account opening Required, Needs tool
  • Verify identity using non-documentary and/or documentary evidence Required
  • Compare customer identity against FinCEN Exclusion List, OFAC lists, and negative media Required, Needs tool
  • Identify and verify beneficial owners (25%+ ownership) of all legal entity customers Required
  • Understand the nature and purpose of each customer relationship (CDD - Customer Due Diligence Rule ) Required
  • Obtain information on source of funds/source of wealth for higher-risk customers Required
  • Enhanced due diligence (EDD) for higher-risk customers (foreign PEPs, shell companies, etc.) Required, Needs tool
  • Ongoing monitoring and update of customer information on a periodic basis Required, Needs tool

Suspicious Activity Reporting

  • File Suspicious Activity Reports (SARs) for suspicious transactions Required
  • File SARs within 30 calendar days of detection of suspicious activity Required
  • Establish internal SAR procedures, including investigation and documentation Required
  • Designate individuals responsible for SAR review and filing Required
  • Train staff on recognizing suspicious activity and escalation procedures Required
  • Maintain confidentiality regarding SAR filings (tipping-off prohibition) Required

Currency Transaction Reporting

  • File Currency Transaction Reports (CTRs) for cash transactions exceeding $10,000 Required
  • Implement systems to aggregate transactions to detect structuring or "smurfing" Required, Needs tool]
  • Train tellers and branch staff on CTR requirements Required

OFAC Sanctions Compliance

  • Screen all customers against OFAC SDN (Specially Designated Nationals) List at account opening Required, Needs tool
  • Implement ongoing OFAC screening procedures (on list updates and new sanctions designations) Required, Needs tool
  • Freeze accounts of customers matching OFAC designations Required
  • Report blocked transactions to OFAC within 10 business days Required
  • Maintain records of OFAC compliance actions and blocked transactions Required
  • Document OFAC sanctions policies and procedures Required

Customer Due Diligence Rule

  • Identify all beneficial owners of legal entity customers (persons owning 25%+ of entity) Required
  • Verify beneficial owner identity through government ID or other reliable means Required, Needs tool
  • Maintain records of beneficial owners and update periodically Required
  • Understand the purpose of the customer relationship (business type, transaction patterns) Required
  • Implement ongoing monitoring of customer and beneficial owner information Required, Needs tool

Transaction Monitoring

  • Implement transaction monitoring system (automated + manual review) Required, Needs tool
  • Monitor for suspicious patterns: unusual amounts, frequency, destinations Required Needs tool
  • Monitor for structuring/smurfing (multiple small transactions to avoid reporting) Required, Needs tool
  • Document investigation and escalation procedures Required
  • Escalate suspicious transactions to SAR review process within defined timeframe Required

Correspondent Banking & Third-Party Risk

  • Conduct due diligence on all correspondent banking relationships Required
  • Enhanced due diligence on correspondent banks in high-risk jurisdictions Required
  • Obtain Board approval before establishing correspondent banking relationships Required
  • Obtain management certification regarding beneficial owners of correspondent banks Required
  • Ongoing monitoring of correspondent bank activity and compliance Required
  • Document vendor risk management and third-party compliance assessment procedures Required

Record-keeping & Documentation

  • Retain all CIP documentation for minimum 5 years after account closure Required
  • Maintain CDD and beneficial ownership records for 5+ years Required
  • Maintain records of all SARs and CTRs filed (and related documentation) Required
  • Document all SAR investigations and decisions Required
  • Maintain transaction records and monitoring activity logs Required
  • Keep audit trail of all AML system modifications and compliance reviews Required
  • Maintain training records and employee certifications Required

Regulatory Compliance & Examination Readiness

  • Prepare for periodic OCC/FDIC/Federal Reserve BSA examinations Required
  • Document policies and procedures in audit-ready format Required
  • Maintain evidence of compliance testing and controls effectiveness Required
  • Address any prior examination findings and regulatory requests Required

Need help with your FinCEN compliance program? Click here to schedule a call with one of our experts.