Anti-Money Laundering Policy
ANTI-MONEY LAUNDERING (AML) POLICY
Bank Secrecy Act/Anti-Money Laundering Compliance Program
DOCUMENT INFORMATION
| Field | Information |
|---|---|
| Company Name | [________________________________] |
| Policy Version | [____] |
| Effective Date | [__/__/____] |
| Last Reviewed | [__/__/____] |
| Next Review Due | [__/__/____] |
| Approved By | [________________________________] |
| Board Approval Date | [__/__/____] |
SECTION 1: POLICY STATEMENT AND OVERVIEW
1.1 Policy Statement
[________________________________] (the "Company") is committed to full compliance with all applicable anti-money laundering (AML) laws and regulations, including the Bank Secrecy Act (BSA), the USA PATRIOT Act, the Anti-Money Laundering Act of 2020, and implementing regulations issued by the Financial Crimes Enforcement Network (FinCEN).
The Company prohibits money laundering, terrorist financing, and other financial crimes and has established this AML Compliance Program to detect and prevent such activities.
1.2 Scope
This policy applies to:
☐ All employees of the Company
☐ All officers and directors
☐ All independent contractors and agents
☐ All business lines and subsidiaries
☐ All customers and business relationships
1.3 Program Components
This AML Compliance Program includes:
- Internal Policies, Procedures, and Controls - Reasonably designed to prevent the Company from being used for money laundering or terrorist financing
- AML Compliance Officer - Designated person responsible for implementing the program
- Training Program - Ongoing training for appropriate personnel
- Independent Testing - Periodic independent review of the program
SECTION 2: AML COMPLIANCE OFFICER
2.1 Designation
The Company designates the following individual as the AML Compliance Officer:
| Field | Information |
|---|---|
| Name | [________________________________] |
| Title | [________________________________] |
| Department | [________________________________] |
| Phone | [________________________________] |
| [________________________________] | |
| Appointment Date | [__/__/____] |
| FinCEN Point of Contact Registered | ☐ Yes ☐ No |
2.2 Qualifications
The AML Compliance Officer shall have:
☐ Demonstrated knowledge of BSA/AML requirements
☐ Understanding of the Company's products, services, customers, and geographic locations
☐ Authority to implement and enforce the AML program
☐ Appropriate training and certifications (CAMS or equivalent preferred)
☐ Direct access to senior management and the Board of Directors
2.3 Responsibilities
The AML Compliance Officer is responsible for:
☐ Implementing and administering the AML Compliance Program
☐ Ensuring policies and procedures are current and effective
☐ Coordinating independent testing of the program
☐ Filing Suspicious Activity Reports (SARs) with FinCEN
☐ Overseeing Currency Transaction Reports (CTRs) filing
☐ Serving as primary contact for regulatory examinations
☐ Providing AML training to employees
☐ Reporting to senior management on AML matters
☐ Updating risk assessments
☐ Monitoring changes in regulations
2.4 Escalation Authority
The AML Compliance Officer has authority to:
☐ Decline to open accounts
☐ Close accounts presenting unacceptable risk
☐ File SARs without prior approval from business units
☐ Escalate concerns directly to senior management or the Board
☐ Suspend transactions pending investigation
SECTION 3: RISK ASSESSMENT
3.1 Risk-Based Approach
The Company's AML program is risk-based, focusing resources on areas of highest money laundering and terrorist financing risk.
3.2 Risk Categories
Customer Risk Factors:
| Risk Level | Customer Types |
|---|---|
| Higher Risk | ☐ Non-resident accounts |
| ☐ Politically Exposed Persons (PEPs) | |
| ☐ Money services businesses | |
| ☐ Cash-intensive businesses | |
| ☐ Non-profit organizations | |
| ☐ Foreign correspondent accounts | |
| ☐ Private banking customers | |
| Standard Risk | ☐ Domestic individuals |
| ☐ Established businesses | |
| ☐ Publicly traded companies |
Geographic Risk Factors:
| Risk Level | Locations |
|---|---|
| Higher Risk | ☐ FATF high-risk jurisdictions |
| ☐ OFAC sanctioned countries | |
| ☐ Countries known for drug trafficking | |
| ☐ Tax haven jurisdictions | |
| Standard Risk | ☐ Domestic transactions |
| ☐ FATF member countries |
Product/Service Risk Factors:
| Risk Level | Products/Services |
|---|---|
| Higher Risk | ☐ Wire transfers |
| ☐ Private placements | |
| ☐ Cash transactions | |
| ☐ International transactions | |
| ☐ Correspondent accounts | |
| Standard Risk | ☐ Standard brokerage accounts |
| ☐ Domestic securities transactions |
3.3 Risk Assessment Process
☐ Risk assessment conducted at least annually
☐ Risk assessment updated when business changes significantly
☐ Risk assessment documented and maintained
☐ Results reported to senior management
Current Risk Assessment Date: [__/__/____]
Next Review Due: [__/__/____]
SECTION 4: CUSTOMER IDENTIFICATION PROGRAM (CIP)
4.1 Program Requirements
The Company's CIP is designed to enable the Company to form a reasonable belief regarding the true identity of each customer.
4.2 Information Collection - Individuals
Required Information:
☐ Full legal name
☐ Date of birth
☐ Residential address (not P.O. Box)
☐ Identification number:
☐ For U.S. persons: Social Security Number
☐ For non-U.S. persons: Taxpayer ID, passport number, alien ID, or government-issued ID
4.3 Information Collection - Entities
Required Information:
☐ Full legal name
☐ Principal place of business address
☐ Taxpayer Identification Number (EIN)
☐ State/Country of organization
Beneficial Ownership (CDD Rule):
☐ Identify all beneficial owners with 25% or more ownership interest
☐ Identify at least one individual with significant managerial control
☐ Collect CIP information for all beneficial owners
4.4 Identity Verification
Documentary Verification:
☐ Government-issued ID with photograph (driver's license, passport)
☐ ID must be unexpired
☐ Copy retained in accordance with records retention policy
Non-Documentary Verification:
☐ Consumer reporting agency data
☐ Public databases
☐ References from other financial institutions
☐ Financial statements
4.5 Verification Timeframe
☐ Verification completed within a reasonable time after account opening
☐ Verification completed before account becomes fully operational
☐ Enhanced verification for higher-risk customers
4.6 Customer Notice
☐ Notice provided to customers that information is being requested to verify identity
☐ Notice provided before or during account opening
Sample Notice Language:
"IMPORTANT INFORMATION ABOUT PROCEDURES FOR OPENING A NEW ACCOUNT: To help the government fight the funding of terrorism and money laundering activities, Federal law requires all financial institutions to obtain, verify, and record information that identifies each person who opens an account. What this means for you: When you open an account, we will ask for your name, address, date of birth, and other information that will allow us to identify you. We may also ask to see your driver's license or other identifying documents."
SECTION 5: CUSTOMER DUE DILIGENCE (CDD)
5.1 Standard Due Diligence
For all customers:
☐ Collect and verify identifying information
☐ Understand the nature and purpose of the customer relationship
☐ Develop a customer risk profile
☐ Conduct ongoing monitoring
5.2 Enhanced Due Diligence (EDD)
For higher-risk customers, conduct enhanced due diligence including:
☐ Additional identity verification
☐ Source of funds/wealth verification
☐ Purpose of account/relationship
☐ Expected account activity
☐ Closer scrutiny of transactions
☐ Senior management approval for account opening
☐ More frequent account reviews
EDD Required For:
☐ Politically Exposed Persons (PEPs)
☐ Customers from high-risk jurisdictions
☐ Cash-intensive businesses
☐ Money services businesses
☐ Non-profit/charitable organizations
☐ Correspondent accounts
☐ Private banking relationships
5.3 Ongoing Monitoring
☐ Transaction monitoring conducted
☐ Customer information updated periodically
☐ Changes in activity patterns investigated
☐ Risk profile updated as appropriate
SECTION 6: TRANSACTION MONITORING AND SUSPICIOUS ACTIVITY
6.1 Transaction Monitoring
The Company monitors customer transactions to identify potentially suspicious activity through:
☐ Automated transaction monitoring systems
☐ Manual review of exception reports
☐ Employee referrals
☐ Periodic account reviews
☐ Law enforcement inquiries
6.2 Red Flags and Indicators
Customer Red Flags:
☐ Customer refuses to provide required CIP information
☐ Identification documents appear altered or forged
☐ Information provided is inconsistent with other sources
☐ Customer is evasive about source of funds
☐ Customer's address is associated with multiple unrelated accounts
☐ Customer is on OFAC or other sanctions list
☐ Customer is subject to negative news or adverse media
Transaction Red Flags:
☐ Transactions inconsistent with customer profile
☐ Large cash deposits followed by immediate wire transfers
☐ Transactions just below reporting thresholds (structuring)
☐ Unusual or unexplained international transfers
☐ Transactions involving high-risk jurisdictions
☐ Layering of transactions to obscure source of funds
☐ Round dollar amounts or repetitive transaction patterns
☐ Third-party funding without explanation
☐ Rapid movement of funds through multiple accounts
6.3 Suspicious Activity Investigation
Investigation Procedures:
- ☐ Document the triggering activity
- ☐ Review account history and documentation
- ☐ Gather additional information as needed
- ☐ Consult with AML Compliance Officer
- ☐ Document investigation findings
- ☐ Determine if SAR filing is warranted
- ☐ Take appropriate action (file SAR, close account, etc.)
6.4 Investigation Documentation
☐ All investigations documented in writing
☐ Investigation file includes:
☐ Description of suspicious activity
☐ Relevant account documents
☐ Transaction records
☐ Analysis performed
☐ Decision and rationale
☐ Files retained per records retention policy
SECTION 7: SUSPICIOUS ACTIVITY REPORTING
7.1 SAR Filing Requirements
A SAR must be filed when the Company knows, suspects, or has reason to suspect that a transaction:
☐ Involves funds from illegal activity
☐ Is designed to evade BSA reporting requirements
☐ Lacks a lawful purpose
☐ Involves the use of the Company to facilitate criminal activity
7.2 Filing Thresholds
| Customer Type | Threshold |
|---|---|
| Broker-Dealers | $5,000 or more |
| Money Services Businesses | $2,000 or more |
| Banks | $5,000 or more (or any amount if suspect is employee) |
7.3 Filing Timeline
| Scenario | Deadline |
|---|---|
| Subject known at detection | 30 calendar days from detection |
| Subject unknown at detection | 60 calendar days from detection (30 days to identify) |
| Continuing activity | Every 90 days (file within 120 days of prior SAR) |
| Ongoing law enforcement request | Follow law enforcement guidance |
7.4 SAR Filing Procedures
- ☐ AML Compliance Officer reviews investigation
- ☐ SAR drafted using FinCEN BSA E-Filing system
- ☐ SAR reviewed for accuracy and completeness
- ☐ SAR filed electronically with FinCEN
- ☐ Confirmation of filing retained
- ☐ Supporting documentation maintained
- ☐ SAR not disclosed to subject of report (Tipping Off prohibition)
7.5 SAR Confidentiality
☐ SAR filings are confidential
☐ Disclosure to subject is prohibited (18 U.S.C. § 1510(b)(2))
☐ Safe harbor protection for good faith filings (31 U.S.C. § 5318(g)(3))
☐ SAR-related documents maintained separately and securely
SECTION 8: CURRENCY TRANSACTION REPORTING
8.1 CTR Filing Requirements
A Currency Transaction Report (CTR) must be filed for each transaction in currency (cash) exceeding $10,000 conducted by or on behalf of one person in a single day.
8.2 CTR Filing Procedures
☐ CTR filed within 15 calendar days of transaction
☐ Filed electronically via FinCEN BSA E-Filing
☐ Multiple transactions aggregated for single customer
☐ CTR not required for exempted customers (with proper documentation)
8.3 CTR Exemptions
Exempt customers may include:
☐ Banks and financial institutions
☐ Federal, state, and local governments
☐ Listed public companies
☐ Subsidiaries of listed public companies
☐ Eligible non-listed businesses (Phase II exemption)
Exemption Requirements:
☐ Exemption documented on FinCEN Form 110
☐ Annual review of exempt customers
☐ Exemption revoked if no longer appropriate
SECTION 9: OFAC COMPLIANCE
9.1 Sanctions Screening
☐ All customers screened against OFAC Specially Designated Nationals (SDN) List
☐ Screening conducted at account opening
☐ Periodic re-screening conducted
☐ Screening conducted when lists are updated
☐ Transactions screened for sanctioned parties and countries
9.2 OFAC Lists Monitored
☐ Specially Designated Nationals (SDN) List
☐ Consolidated Sanctions List
☐ Sectoral Sanctions Identifications (SSI) List
☐ Foreign Sanctions Evaders (FSE) List
☐ Non-SDN Palestinian Legislative Council List
9.3 Match Handling
☐ Potential matches investigated immediately
☐ True matches result in blocked transactions
☐ OFAC contacted for guidance when necessary
☐ Blocked assets reported to OFAC within 10 business days
SECTION 10: INFORMATION SHARING
10.1 Section 314(a) Requests
☐ Process established to respond to FinCEN 314(a) requests
☐ Responses provided within required timeframe (14 days)
☐ Search results documented
☐ Confidentiality maintained
10.2 Section 314(b) Voluntary Sharing
☐ Company enrolled in 314(b) program: ☐ Yes ☐ No
☐ Annual certification filed with FinCEN
☐ Procedures for sharing established
☐ Safe harbor protections understood
SECTION 11: RECORDKEEPING
11.1 Record Retention Requirements
| Record Type | Retention Period |
|---|---|
| CIP records | 5 years after account closed |
| Beneficial ownership records | 5 years after account closed |
| SAR filings and supporting documents | 5 years from filing date |
| CTR filings and supporting documents | 5 years from filing date |
| AML training records | 5 years |
| Risk assessments | 5 years |
| Independent testing reports | 5 years |
| Correspondence with law enforcement | 5 years |
11.2 Record Storage
☐ Records maintained in easily retrievable format
☐ Electronic records properly backed up
☐ Access to records limited to authorized personnel
☐ Records available for regulatory examination
SECTION 12: TRAINING PROGRAM
12.1 Training Requirements
All applicable employees must receive AML training:
☐ Upon hiring (within 30 days)
☐ Annually thereafter
☐ When significant changes to regulations or procedures occur
12.2 Training Content
Training covers:
☐ Overview of BSA/AML requirements
☐ Company's AML policies and procedures
☐ Customer identification requirements
☐ Red flags and suspicious activity indicators
☐ SAR and CTR reporting obligations
☐ OFAC compliance
☐ Employee responsibilities
☐ Consequences of non-compliance
12.3 Training Documentation
| Employee Name | Position | Training Date | Trainer | Next Due |
|---|---|---|---|---|
| [________________________________] | [____] | [__/__/____] | [____] | [__/__/____] |
| [________________________________] | [____] | [__/__/____] | [____] | [__/__/____] |
| [________________________________] | [____] | [__/__/____] | [____] | [__/__/____] |
SECTION 13: INDEPENDENT TESTING
13.1 Testing Requirements
☐ Independent testing conducted annually (or per risk assessment)
☐ Testing performed by qualified independent party
☐ Testing covers all aspects of AML program
13.2 Testing Scope
☐ Risk assessment adequacy
☐ CIP procedures and compliance
☐ CDD and EDD procedures
☐ Transaction monitoring effectiveness
☐ SAR filing timeliness and quality
☐ CTR filing accuracy
☐ OFAC screening
☐ Training program effectiveness
☐ Recordkeeping compliance
☐ Board and management oversight
13.3 Testing Documentation
| Field | Information |
|---|---|
| Last Independent Test Date | [__/__/____] |
| Testing Firm/Individual | [________________________________] |
| Findings | ☐ Satisfactory ☐ Needs Improvement ☐ Unsatisfactory |
| Remediation Status | [________________________________] |
| Next Test Due | [__/__/____] |
SECTION 14: BOARD AND SENIOR MANAGEMENT OVERSIGHT
14.1 Board Responsibilities
☐ Approve AML policy annually
☐ Receive periodic reports on AML compliance
☐ Ensure adequate resources for AML program
☐ Review independent testing results
☐ Oversee remediation of deficiencies
14.2 Senior Management Responsibilities
☐ Support AML Compliance Officer
☐ Ensure policy implementation
☐ Allocate resources appropriately
☐ Review AML reports and metrics
☐ Escalate significant issues to Board
14.3 Reporting Schedule
| Report | Frequency | Recipient |
|---|---|---|
| AML Activity Summary | Quarterly | Senior Management |
| SAR Filing Summary | Quarterly | Senior Management |
| Independent Testing Results | Annual | Board of Directors |
| Risk Assessment Update | Annual | Board of Directors |
| Program Effectiveness Report | Annual | Board of Directors |
SECTION 15: POLICY VIOLATIONS AND DISCIPLINARY ACTION
15.1 Consequences of Non-Compliance
Violations of this policy may result in:
☐ Verbal warning
☐ Written warning
☐ Suspension
☐ Termination
☐ Referral for criminal prosecution (in severe cases)
15.2 Regulatory Penalties
AML violations can result in:
☐ Civil money penalties
☐ Criminal prosecution
☐ Regulatory enforcement actions
☐ Reputational damage
☐ Loss of licenses
SECTION 16: POLICY REVIEW AND APPROVAL
16.1 Annual Review
This policy shall be reviewed and updated at least annually by:
☐ AML Compliance Officer
☐ Legal/Compliance Department
☐ Senior Management
☐ Board of Directors (approval)
16.2 Approval
This Anti-Money Laundering Policy is hereby approved:
______________________________________
AML Compliance Officer Signature
[________________________________]
Name (Print)
Date: [__/__/____]
______________________________________
Chief Executive Officer Signature
[________________________________]
Name (Print)
Date: [__/__/____]
______________________________________
Board Chair/Director Signature
[________________________________]
Name (Print)
Date: [__/__/____]
SOURCES AND REFERENCES
- FinCEN BSA/AML Resources: https://www.fincen.gov/resources/statutes-and-regulations/bank-secrecy-act
- FFIEC BSA/AML Examination Manual: https://bsaaml.ffiec.gov/manual
- FINRA Rule 3310: https://www.finra.org/rules-guidance/rulebooks/finra-rules/3310
- OFAC Sanctions Programs: https://ofac.treasury.gov/sanctions-programs-and-country-information
- FinCEN SAR FAQs (October 2025): https://www.fincen.gov/resources/frequently-asked-questions-regarding-fincen-suspicious-activity-report-sar
This template is provided for informational purposes only and does not constitute legal advice. AML requirements vary by institution type and are subject to change. Consult with qualified AML professionals and legal counsel before implementing any AML program.
About This Template
Compliance documents are what regulated businesses use to prove they follow the rules that apply to their industry, whether that is privacy, anti-money-laundering, consumer protection, or sector-specific requirements. Regulators look for consistent policies, up-to-date records, and clear evidence of employee training. The cost of getting compliance paperwork right is almost always smaller than the cost of an enforcement action, fine, or public disclosure.
Important Notice
This template is provided for informational purposes. It is not legal advice. We recommend having an attorney review any legal document before signing, especially for high-value or complex matters.
Last updated: February 2026