BSA AML Compliance Review Checklist [FREE PDF]

The Bank Secrecy Act (BSA) and Anti-Money Laundering (AML) regulations require financial institutions to maintain robust compliance programs under 31 CFR Chapter X and FinCEN guidance. Institutions must implement adequate internal controls, conduct independent testing, and designate a qualified compliance officer as outlined in the FFIEC BSA/AML Examination Manual. Regular compliance reviews help identify program deficiencies before regulatory examinations and protect institutions from civil mon

• Industry: Banking
• Frequency: Quarterly
• Estimated Time: 60-90 minutes
• Role: Compliance Officer
• Total Items: 37
• Compliance: 31 CFR Chapter X (BSA Regulations), FinCEN BSA/AML Examination Manual 2022, 31 U.S.C. 5318 - Compliance, Due Diligence, Recordkeeping, 31 CFR 1020.320 - SAR Filing Requirements, 31 CFR 1010.311 - CTR Filing Requirements

BSA/AML Program Governance

Assess the foundational governance structure of the BSA/AML compliance program including board oversight and officer designation.

• Has the board of directors formally approved a written BSA/AML compliance program within the past 12 months?
• Is a designated BSA Compliance Officer formally appointed in writing with documented qualifications?
• Has the BSA Officer received adequate training within the past 12 months relevant to current regulatory requirements?
• Are BSA/AML program updates communicated to senior management and the board with documented evidence?
• Does the institution have an adequate BSA/AML budget with documented resource allocation?

Customer Identification Program (CIP)

Evaluate the institution's CIP procedures for collecting, verifying, and retaining customer identification information.

• Does the CIP collect all required identifying information (name, DOB, address, ID number) for every new account?
• Are identity verification procedures documented and consistently applied for both documentary and non-documentary methods?
• Is customer identification information retained for a minimum of 5 years after account closure?
• Are customers screened against OFAC SDN list at account opening and on an ongoing basis?
• Are CIP exceptions tracked, escalated, and resolved within documented timeframes?
• Does the institution maintain a customer notice of CIP requirements as required?

Customer Due Diligence (CDD) & Enhanced Due Diligence (EDD)

Verify that CDD and EDD procedures meet FinCEN requirements for beneficial ownership and risk-based monitoring.

• Are beneficial ownership requirements collected for all legal entity customers at account opening (25% threshold)?
• Is a risk-based customer risk rating system in place and applied consistently across all customer segments?
• Are Enhanced Due Diligence (EDD) procedures applied to all high-risk customers including PEPs and foreign correspondent banks?
• Are customer risk ratings reviewed and updated at least annually or upon triggering events?
• Is there a documented process for identifying and exiting high-risk relationships that cannot be adequately managed?

Transaction Monitoring & Suspicious Activity Detection

Evaluate the effectiveness of transaction monitoring systems and alert management processes.

• Is an automated transaction monitoring system in place with documented tuning and validation records?
• Are transaction monitoring alert backlogs maintained at manageable levels with documented resolution timeframes?
• Are alert dispositions documented with sufficient narrative to support the investigation decision?
• Are staff conducting transaction monitoring reviews adequately trained and credentialed?
• Does the monitoring program include coverage of all transaction channels including wire transfers, ACH, and cash?
• Is the current transaction monitoring alert volume and closure rate documented for this review period?

SAR & CTR Filing Compliance

Assess the timeliness, accuracy, and completeness of Suspicious Activity Report and Currency Transaction Report filings.

• Are all SARs filed within the required 30-day deadline (60 days if no suspect identified) per FinCEN requirements?
• Are SAR narratives complete, accurate, and include the who, what, when, where, why, and how of the suspicious activity?
• Are Currency Transaction Reports (CTRs) filed for all cash transactions exceeding $10,000 within the required timeframe?
• Are CTR exemptions properly documented, reviewed annually, and limited to eligible businesses?
• Is there a SAR confidentiality policy preventing disclosure to subjects with documented employee acknowledgment?

Training Program & Independent Testing

Evaluate the completeness of BSA/AML training records and the scope of independent audit testing.

• Have all applicable employees completed BSA/AML training within the past 12 months with documented completion records?
• Has an independent BSA/AML audit been completed within the past 12 months by qualified internal or external auditors?
• Are all prior audit findings tracked in a management action plan with target remediation dates?
• Does training content cover current FinCEN advisories, geographic targeting orders, and emerging typologies?
• Is the independent testing scope sufficient to cover all BSA/AML program pillars and high-risk areas?

Recordkeeping & Information Sharing

Confirm that recordkeeping and Section 314 information sharing obligations are being met.

• Are wire transfer records maintained for all transfers of $3,000 or more with all required data elements?
• Does the institution respond to Section 314(a) information requests from FinCEN within the required 14-day timeframe?
• Is the institution registered for the Section 314(b) voluntary information sharing program with current registration?
• Are all BSA records retained for a minimum of 5 years and readily available for regulatory examination?
• Are there documented procedures for responding to law enforcement subpoenas and legal process related to BSA records?

Related Financial Services Banking Checklists

• Loan Documentation Completeness Review Checklist [FREE PDF]
• Customer Identity Verification KYC Check Checklist [FREE PDF]
• Bank Disaster Recovery Plan Review Checklist [FREE PDF]
• Credit Union Board Governance Audit Checklist [FREE PDF]
• Bank Vault and Safe Deposit Box Audit Checklist [FREE PDF]
• Teller Cash Drawer Balancing Procedure Checklist [FREE PDF]
• Bank Cybersecurity Controls Assessment Checklist [FREE PDF]
• Wire Transfer Authorization Verification Checklist [FREE PDF]

Related Compliance Audit Checklists

• Loan Documentation Completeness Review Checklist [FREE PDF] - FREE Download
• Customer Identity Verification KYC Check Checklist [FREE PDF] - FREE Download
• Bank Disaster Recovery Plan Review Checklist [FREE PDF] - FREE Download
• Credit Union Board Governance Audit Checklist [FREE PDF] - FREE Download
• Financial Services Privacy Compliance Audit Checklist [FREE PDF] - FREE Download
• Bank Internal Controls SOX Assessment Checklist [FREE PDF] - FREE Download

Why Use This BSA AML Compliance Review Checklist [FREE PDF]?

This bsa aml compliance review checklist [free pdf] helps banking teams maintain compliance and operational excellence. Designed for compliance officer professionals, this checklist covers 37 critical inspection points across 7 sections. Recommended frequency: quarterly.

Ensures compliance with 31 CFR Chapter X (BSA Regulations), FinCEN BSA/AML Examination Manual 2022, 31 U.S.C. 5318 - Compliance, Due Diligence, Recordkeeping, 31 CFR 1020.320 - SAR Filing Requirements, 31 CFR 1010.311 - CTR Filing Requirements. Regulatory-aligned for audit readiness and inspection documentation.

Frequently Asked Questions

Browse More Checklists

• All Compliance Audit Checklists
• Financial Services Banking Checklists
• Browse 9,600+ Free Checklist Templates
• Operations Blog
• Book a Demo