Why Fintech Companies Should Have a Bank Secrecy Act Compliance Program

Noory Song, Senior Manager, Financial Services Consulting Practice

It matters if your financial technology (fintech) company qualifies as a financial institution—especially when it comes to meeting regulatory requirements.

In the past decade, many fintech companies have significantly expanded and increased their product offerings. As a company’s offerings expand, however, its product offerings and services could recategorize it as a financial institution—affecting the rules and regulations the company is subject to.

Here, learn key compliance requirements growing fintech companies should be aware of, steps to implement an effective compliance program, and more.

What Qualifies as a Financial Institution?

The Bank Secrecy Act/Anti-Money Laundering (BSA/AML) rules and regulations, as stated in 31 Code of Federal Regulations (CFR) Chapter X, apply to all financial institutions—including certain fintech companies.

31 CFR Chapter X Part 1010 defines financial institution as any US agent, agency, branch, or office of a person doing business—on a regular basis or as an organized business concern—in at least one of these capacities:

  • Bank
  • Securities broker or dealer
  • Money services business
  • Telegraph company
  • Casino
  • Card club
  • Person subject to supervision by any state or federal bank supervisory authority
  • Futures commission merchant
  • Introducing broker in commodities
  • Mutual fund

Any business or agency can be considered a financial institution if it engages in an activity the Secretary of the Treasury determines to be similar to, related to, or a substitute for any of the activities listed above.

Also, any business with cash transactions that have a high degree of usefulness in criminal, tax, or regulatory matters can be identified as a financial institution.

What Qualifies as a Money Services Business?

Many fintech companies qualify as financial institutions under the definition of a money services business.

Money services business is defined as a person doing business—on a regular basis or as an organized or licensed business concern—wholly or substantially within the United States, in at least one of the following capacities:

  • Foreign-exchange dealer
  • Check casher
  • Issuer or seller of traveler’s checks or money orders
  • Prepaid-access provider or seller
  • Money transmitter
  • US Postal Service

If any products or services a fintech company offers fall within these categories, there’s a high likelihood it may be considered a money services business and subject to BSA/AML requirements. 

Develop a BSA/AML Compliance Program

As BSA/AML enforcement and monitoring conducted by regulators continues to expand and become more stringent, many fintech companies are finding that their business partnerships are requiring increased BSA/AML compliance—especially if they’re financial institutions subject to BSA/AML requirements.

Five Pillars of BSA/AML Compliance

Accordingly, many fintech companies need to develop, implement, and maintain a sufficient BSA/AML compliance program. This program must be developed around the five pillars of BSA/AML compliance:

  1. System of internal controls
  2. Independent testing
  3. Designated BSA compliance officer or individual responsible for day-to-day compliance
  4. Appropriate personnel training
  5. Appropriate risk-based procedures for conducting ongoing customer due diligence

Consequences of BSA/AML Noncompliance

Failure to implement a comprehensive BSA/AML compliance program can expose companies to not only regulatory scrutiny but also potential civil or criminal liability.

Many fintech companies are more focused on expanding and developing revenue streams and product offerings than dedicating already limited resources toward developing and implementing compliance programs. These companies often reach out for help after being subject to regulatory scrutiny, fines, or lost business opportunities.

Next Steps

Fintech companies of all sizes can benefit from actively monitoring the legal and regulatory compliance landscape to stay up to date with BSA/AML compliance trends and best practices.

It’s also important to fully understand how financial institution is defined in the code of federal regulations and be familiar with how BSA/AML requirements apply to a business. This helps a company implement appropriate risk-based BSA/AML programs to reduce potential regulatory scrutiny and legal exposure as well as avoid facilitating illicit activities.

We’re Here to Help

For more information about navigating BSA/AML compliance requirements, contact your Moss Adams professional.

Ask a Question

Assurance, tax, and consulting offered through Moss Adams LLP. ISO/IEC 27001 services offered through Cadence Assurance LLC, a Moss Adams company. Wealth management offered through Moss Adams Wealth Advisors LLC. Services from India provided by Moss Adams (India) LLP.

Related Topics

2021 Risks and Opportunities for Financial Institutions
Fintech Quarterly: Insight from Venture Capitalists
Fintech Quarterly: Cryptocurrency, Fintech, and Banking

Contact Us with Questions

Enter security code:
 Security code