🇺🇸 United States · FinCEN

FinCEN Compliance, End to End

Built for US financial institutions and money services businesses regulated under the Bank Secrecy Act — covering the USA PATRIOT Act, the CDD Final Rule, beneficial ownership reporting under the Corporate Transparency Act, and SAR filing through BSA E-Filing.

Book a Demo All Regulations

About FinCEN

The US Treasury's Financial Crime Bureau

The Financial Crimes Enforcement Network (FinCEN) is a bureau of the US Department of the Treasury. It administers the Bank Secrecy Act (BSA) and serves as the United States' Financial Intelligence Unit, collecting and analysing financial data to combat money laundering, terrorist financing, and other financial crimes.

The BSA — first enacted in 1970 and substantially expanded by the USA PATRIOT Act in 2001 and the Anti-Money Laundering Act of 2020 — applies to a broad universe of US financial institutions: banks, credit unions, money services businesses, broker-dealers, mutual funds, casinos, futures commission merchants, insurance companies, and registered investment advisers. Crypto-asset firms operating in the US also fall within scope as money services businesses.

FinCEN does not directly examine institutions — that is delegated to functional regulators such as the OCC, FDIC, Federal Reserve, NCUA, SEC, CFTC, and IRS — but it issues binding rules, sets reporting standards, publishes Geographic Targeting Orders, and operates the BSA E-Filing System through which all federally regulated SARs and CTRs are submitted.

The Statutes & Rules

A Layered Federal Framework

US AML obligations sit across primary statute, implementing regulations under 31 CFR Chapter X, and FinCEN advisories. One Constellation maps to all of them.

BSA

Bank Secrecy Act

The foundational US AML statute — the recordkeeping, reporting, and program requirements for covered financial institutions, including the obligation to file Currency Transaction Reports and Suspicious Activity Reports.

USA PATRIOT Act

USA PATRIOT Act §326

The Customer Identification Program (CIP) requirements — minimum standards for verifying customer identity at account opening, plus correspondent-banking due diligence under §312 and §313.

CDD Rule

CDD Final Rule (2018)

The Customer Due Diligence rule — codifies the four pillars of an AML program and adds the explicit beneficial-ownership identification requirement for legal-entity customers.

CTA / BOI

Corporate Transparency Act

Beneficial-ownership reporting to FinCEN's BOI registry — a central federal database of beneficial owners that financial institutions can query for CDD purposes (subject to access rules).

AMLA 2020

Anti-Money Laundering Act 2020

The most significant BSA reform in two decades — expanded whistleblower rewards, new enforcement priorities, and a mandate for FinCEN to publish national AML/CFT priorities every four years.

OFAC

OFAC Sanctions Programs

Administered separately by the Office of Foreign Assets Control, but inseparable in practice — the SDN list, Sectoral Sanctions, and country-specific programs that every US institution must screen against.

The Obligations

What FinCEN Requires — and How We Address It

The BSA and the CDD Final Rule require every covered institution to operate the four pillars of an AML program — plus a fifth following the 2018 CDD rule. Here is how each maps to the platform.

Customer Identification Program (CIP)

Verify the identity of every customer at account opening using risk-based procedures — covering name, date of birth, address, and identification number for individuals.

One ConstellationUS identity verification with SSN/ITIN matching, document verification, biometric liveness, and structured CIP evidence packs retained for the statutory five-year period.

Customer Due Diligence & Beneficial Ownership

Identify and verify any individual owning 25% or more of a legal-entity customer, plus a single individual with significant management responsibility.

One ConstellationUBO unwrapping, control-person identification, BOI-aware data capture, and integration paths to FinCEN's BOI registry where access is permitted.

Risk-Based AML Program (4 Pillars + 5)

Maintain written internal policies, a designated BSA compliance officer, ongoing training, independent testing, and risk-based ongoing CDD as the fifth pillar.

One ConstellationBSA officer dashboards, training-completion tracking, structured policy management, and full audit-export packs for independent-testing engagements.

Ongoing Monitoring & Suspicious Activity Detection

Monitor transactions for patterns inconsistent with the customer's known profile. Detect activity meeting the criteria for SAR filing under 31 CFR 1020.320 and equivalent.

One ConstellationReal-time transaction monitoring tuned to BSA typologies — structuring, layering, funnel accounts, third-party-payment red flags — with full case management.

OFAC Sanctions Screening

Screen every customer and counterparty against the SDN list, Sectoral Sanctions Identifications, and active country-program lists in real time at onboarding and on every transaction.

One ConstellationReal-time OFAC screening with fuzzy matching, full disposition workflows, and 50%-Rule logic to identify entities owned by sanctioned parties.

SAR & CTR Filing via BSA E-Filing

File Suspicious Activity Reports within 30 days of detection (60 if no suspect identified). File Currency Transaction Reports for cash transactions over $10,000.

One ConstellationSAR and CTR generation directly from the case record, BSA E-Filing-compatible XML export, and full audit evidence retained for the five-year statutory period.

Recordkeeping & Travel Rule

Retain all CDD records and SAR documentation for at least five years. Comply with the BSA Travel Rule for funds transfers of $3,000 or more — passing originator and beneficiary information.

One Constellation5+ year encrypted retention by default, full versioned audit trails, and Travel Rule message exchange for both fiat and virtual-asset transfers.

The Cost of Getting It Wrong

FinCEN & OFAC Penalties Are Substantial

Federal AML enforcement combines FinCEN civil money penalties, OFAC settlements, criminal prosecution under the BSA, and individual liability for compliance officers in egregious cases.

$1B+

Largest US AML penalties on record

10 yrs

Maximum imprisonment under BSA

Personal

Liability for compliance officers

Strict

OFAC liability — no intent required

Built for the United States

What FinCEN-Aligned Compliance Looks Like

100%

BSA Coverage

5 yrs

Default Record Retention

XML

Native BSA E-Filing Format

OFAC

Real-Time Sanctions Feed

FinCEN FAQ

Common Questions

Is my firm covered by the BSA?+

The BSA covers a wide universe of "financial institutions" defined by 31 USC 5312 — including banks, credit unions, broker-dealers, mutual funds, money services businesses, casinos, insurance companies, futures commission merchants, and SEC-registered investment advisers (subject to the 2024 final rule). Crypto-asset firms operating in the US generally fall within scope as money services businesses. The platform is configured per institution type so the right rules apply automatically.

How does the platform handle SAR and CTR filing through BSA E-Filing?+

Cases identified by transaction monitoring or analyst review are packaged directly into the FinCEN SAR or CTR templates. The export is BSA E-Filing-compatible XML, which uploads directly into the BSA E-Filing System. Filing-deadline tracking — 30 days from detection (60 if no suspect identified) for SARs, 15 days for CTRs — is built into the workflow.

Does the platform support the CDD Rule beneficial-ownership requirements?+

Yes. UBO unwrapping identifies every individual owning 25% or more of a legal-entity customer, plus the single control person required under the CDD Final Rule. Where the FinCEN BOI registry access is permitted under the Corporate Transparency Act access rules, integration is supported.

How are OFAC sanctions screened?+

The OFAC SDN list, Sectoral Sanctions Identifications List, and active country-program lists are screened in real time against every customer and counterparty on every transaction. The 50% Rule — which extends sanctions to entities owned 50% or more by sanctioned parties — is applied through ownership data and entity resolution. Updates flow into the platform as soon as OFAC publishes them.

What about the BSA Travel Rule for crypto-asset firms?+

The Travel Rule applies to any funds transfer of $3,000 or more — and FinCEN has proposed lowering the threshold to $250 for cross-border virtual-asset transfers. The platform supports Travel Rule message exchange for both fiat and virtual-asset transfers, with originator and beneficiary information passed in the appropriate protocol format.

Does One Constellation provide US regulatory advice?+

No. We provide the technology platform that helps you implement and demonstrate compliance with the BSA, CDD Rule, and OFAC programs. Interpreting these obligations as they apply to your specific institution type and business model is the responsibility of your compliance and legal functions, typically supported by external counsel.

FinCEN Compliance, Done Properly

See the BSA workflows, OFAC screening, and BSA E-Filing SAR/CTR export live — with the actual templates and audit evidence your federal examiner will ask for.