← Industry Insights
Compliance Solution

US AML Laws: A Guide to Anti-Money Laundering Regulations

Updated Jun 2026 · 11 min read
SHAREinXf
AML in the USA: A Guide to the USA AML Laws & Regulations

US AML laws are the body of federal rules that require financial institutions to detect money laundering, prevent it, and report it. Two statutes anchor the framework. First came the Bank Secrecy Act of 1970, and the Anti-Money Laundering Act of 2020 brought it up to date. Enforcement runs through FinCEN. Several other agencies share the job, among them the OCC, the Federal Reserve, the FDIC, and the SEC. For any covered institution, meeting these obligations is a legal duty. More than that, it is the main defense that keeps illicit money out of the system.

Written for compliance and AML teams, this guide is not aimed at individuals. America runs one of the largest economies in the world, and that scale makes it a target. Rules keep shifting as criminals adapt and regulators respond. What follows is the US AML legal regime in plain terms. Then come the screening and monitoring controls that put it into practice, plus the changes that reshaped parts of the rulebook through 2026.

What are US AML Laws?

Anti-money laundering, or AML, is the set of legal controls that stop criminals from passing the proceeds of crime through the financial system as if the funds were clean. In the United States, the rules home in on three things. Detection of money laundering and the financing of terrorism comes first. Reporting it comes next. And prevention, stopping the activity before it lands, is the third. FinCEN sits at the center of the regime. Around it, the OCC, the Federal Reserve, the FDIC, and the SEC each enforce the rules within the institutions they supervise.

No single statute does the work here. Think of it instead as a stack of laws passed over five decades. Each one closed a gap the last one left open. Read together, they give regulators and law enforcement the records, reports, and powers they need to follow the money.

Key Components of US AML Laws

A handful of statutes form the backbone of AML regulation in the United States. Each was built to add a piece the earlier laws were missing.

1. The Bank Secrecy Act of 1970

The Bank Secrecy Act of 1970 is the foundation, and the oldest of the major US AML laws. One basic obligation it set still drives compliance today: certain banks and similar institutions must keep records and file reports that are useful to criminal, tax, and regulatory investigators. Those filings, including currency transaction reports, give investigators the leads they need to detect and prosecute money laundering and related fraud.

2. Money Laundering Control Act of 1986

For the first time, the Money Laundering Control Act of 1986 made money laundering a federal crime. Structuring became a crime too. Picture someone breaking large cash deposits into smaller ones to dodge CTR filings. On top of that, the law pushed banks to build controls that catch laundering before it settles.

3. Anti-Drug Abuse Act of 1988

Widening the net came next, through the Anti-Drug Abuse Act of 1988. Before it, the reporting duty sat mostly with banks. More businesses got pulled in. Car dealers had to report large currency transactions. So did real estate professionals and others who had been outside the regime.

4. The USA PATRIOT Act of 2001

Passed after September 11, the USA PATRIOT Act was built to help law enforcement and financial institutions cut off the money behind terrorism. Government surveillance powers expanded. Controls on financial transactions tightened too, with a sharp focus on cross-border activity. And institutions were pushed toward stronger customer identification and due diligence.

5. The Anti-Money Laundering Act of 2020

Of all of them, the Anti-Money Laundering Act (AMLA) of 2020 is the most significant overhaul in a generation, modernizing the regime to match how financial crime actually works now. Several changes came at once. Customer due diligence expectations got stronger. New beneficial ownership rules arrived through the Corporate Transparency Act. Penalties for AML offenses went up. And a whistleblower program with real financial incentives took shape. One more change matters: the risk-based approach became a legal requirement rather than just a supervisory expectation.

The Five Pillars of a US AML Program

Most compliance teams build their program around the five pillars that examiners expect to see. Four of them come from decades of BSA rulemaking. FinCEN's 2018 Customer Due Diligence Rule added the fifth. Later, the AMLA made the risk-based approach that underpins all of them a matter of law.

So what are the pillars? A designated and qualified BSA compliance officer. Written internal policies and controls. Ongoing employee training. Independent testing of the program. And risk-based customer due diligence that includes ongoing monitoring. Miss any one of them and a regulator has something to fault. Each pillar needs an owner, documentation, and evidence that it actually runs.

US AML Regulations and Reporting Requirements

US AML regulations spell out exactly what covered institutions have to do day to day. Their point is to keep effective programs in place that cut the risk of money laundering and terrorist financing. A few core requirements sit at the heart of every program.

Customer Identification Program (CIP). Every covered institution needs a Customer Identification Program to verify the identity of anyone opening an account, using documentary and non-documentary methods before the relationship goes live.

Customer Due Diligence (CDD). Institutions must perform Customer Due Diligence to understand who their customers are, what the relationship is for, and the risk each one carries. Higher-risk customers move into enhanced due diligence.

Suspicious Activity Reporting (SAR). When a transaction looks like it could involve money laundering or another crime, the institution has to file a Suspicious Activity Report with FinCEN within the required window.

Currency Transaction Reporting (CTR). Banks and other covered businesses must file a report on any cash transaction above $10,000 in a single business day. Decades on, that threshold has held steady.

Who Must Comply With US AML Laws?

Reach here goes well beyond banks. Plenty of business types count as a covered "financial institution" under the BSA, and each carries its own AML obligations.

  • Banks and credit unions
  • Broker-dealers in securities
  • Money services businesses (MSBs)
  • Mutual funds
  • Insurance companies
  • Futures commission merchants and introducing brokers in commodities
  • Casinos and card clubs
  • Dealers in precious metals, stones, and jewels

Who Regulates AML in the USA?

The Financial Crimes Enforcement Network, a bureau of the U.S. Department of the Treasury, is the lead agency for US AML laws. FinCEN writes the rules. FinCEN collects the reports. And FinCEN shares intelligence with law enforcement. None of that happens in isolation, though. Enforcement is shared across several supervisors. Banks chartered nationally fall to the Office of the Comptroller of the Currency (OCC). Three more agencies each enforce AML requirements within the institutions they oversee: the Federal Reserve, the FDIC, and the Securities and Exchange Commission (SEC). Sanctions are a separate matter, run by the Treasury's Office of Foreign Assets Control (OFAC), and screening has to satisfy them.

Sanctions Screening Under US AML Laws

Sanctions screening is where US AML compliance meets US foreign policy. OFAC maintains two key lists. One is the Specially Designated Nationals and Blocked Persons (SDN) List. Broader still is the Consolidated Sanctions List. Covered institutions are expected to screen customers, counterparties, and transactions against them. Hit a match and you could be looking at a blocked transaction, a frozen account, and a filing obligation.

This sanctions screening process in AML usually runs in two places. At onboarding, the institution checks a new customer before the account opens. After that, screening repeats whenever the lists change or the customer's details change, and transaction screening runs in real time or close to it. Good programs do three things well. Clear matching criteria come first. Fuzzy matching catches spelling variants and aliases. And tuned thresholds keep analysts from drowning in false positives. OFAC liability is strict. An institution can be penalized even when a sanctioned party slipped through by accident. So the controls have to be genuinely reliable rather than a box-ticking exercise.

PEP Screening and the AML Process

Politically exposed persons sit in a higher-risk bracket because their position can open the door to bribery and corruption. US AML rules do not set a single national PEP list. But they do expect institutions to identify these customers and apply enhanced due diligence that matches the risk.

A working PEP screening process starts at onboarding, where the institution checks whether a customer or a connected party holds a prominent public function. Onboarding is not the end of it. People move into and out of public roles, so screening repeats on a schedule. Any positive result then triggers closer review, source-of-funds checks, and senior sign-off before the relationship continues. Running alongside, the same engine usually does adverse media checks at the same time, surfacing negative news that a static list would miss.

AML Transaction Monitoring and Screening

Screening tells you who a customer is. Transaction monitoring tells you what they do. US AML laws expect covered institutions to watch activity over the life of a relationship and flag anything that looks like laundering, structuring, or terrorist financing.

AML transaction screening covers both ends of a payment. Parties to a transaction get checked against sanctions and watchlists, and the behavior itself gets studied for patterns that do not fit the customer's profile. Several things raise alerts for an analyst to review. Sudden spikes are one. So are round-number transfers, rapid movement through multiple accounts, and activity tied to high-risk jurisdictions. When the review confirms a concern, the institution files a SAR. Volume is the challenge most teams face. Rules that are too blunt drown analysts in false positives. So many institutions now layer machine learning on top of fixed rules to score risk more accurately and put the worst cases first.

How to Choose AML Screening Software for US Compliance

Plenty of AML screening software crowds the market, and the labels can blur together. A few questions cut through the noise when you are matching a tool to US AML obligations.

Start with coverage. Any system worth a look has to screen against several sources at once. OFAC's SDN and consolidated lists are the baseline. Add the major global sanctions regimes, PEP data, and adverse media, with updates that land fast when designations change. Look hard at match quality next. Three things decide whether your analysts spend their time on real risk or on noise: fuzzy matching, alias handling, and tunable thresholds. Then check the workflow. KYC and AML screening should connect cleanly to onboarding and case management, with an audit trail that an examiner can follow. Ask how transaction monitoring is built. Can rules be adjusted without an engineering project? Does the vendor support the SAR and CTR reporting you owe FinCEN? Finally, weigh how the tool fits the systems you already run. Force a full rebuild and a platform rarely earns its place.

Book an AML Screening Demo to see how these pieces fit together against a real US compliance use case.

Recent Changes to US AML Laws (2024-2026)

US AML laws do not sit still, and the period from 2024 through 2026 brought some of the biggest shifts in years. Run a compliance program and a few changes are worth knowing.

The Corporate Transparency Act and beneficial ownership reporting. The Corporate Transparency Act took effect on January 1, 2024 and, as written, required a wide range of companies to report their beneficial owners to FinCEN. Then a run of court challenges changed the picture sharply. In March 2025, FinCEN issued an interim final rule that removed the reporting requirement for U.S. companies and U.S. persons. Under the current rule, all entities formed in the United States and their beneficial owners are exempt from filing. Now a "reporting company" covers only entities formed under foreign law that have registered to do business in a U.S. state or tribal jurisdiction. Foreign reporting companies still have to file, and they are not required to report any U.S. persons as beneficial owners. FinCEN has said it intends to finalize the rule, so teams should treat this as a moving target and watch for the final version.

The Investment Adviser AML Rule. FinCEN finalized a rule extending BSA AML and SAR obligations to many registered investment advisers and exempt reporting advisers. The effective date has since moved. In late 2025, FinCEN pushed it from January 1, 2026 to January 1, 2028, buying time to review the rule and tailor it to the range of business models in the advisory sector. Advisers in scope get a longer runway, but the direction of travel is clear.

The Residential Real Estate Transfers Rule. FinCEN's rule on residential real estate took effect on March 1, 2026 after an earlier delay. It requires reporting to FinCEN of beneficial ownership information for certain non-financed transfers of residential property, closing a gap that all-cash real estate deals had long left open.

For how these rules compare elsewhere, see our guide to AML in India.

How KYC Hub Helps With US AML Compliance

KYC Hub offers an end-to-end AML screening and monitoring solution that turns these US AML obligations into a working flow. The platform leads with exhaustive AML screening. Around that core sit continuous monitoring and AML alerts, global adverse media intelligence, network intelligence, and global data coverage. So a covered institution can run the checks US AML laws require from a single place rather than stitching tools together.

Screening sits at the front of the process. At onboarding and on an ongoing basis, the platform checks customers and counterparties against sanctions lists, PEP data, and adverse media, with the matching controls needed to catch aliases and variants without flooding analysts. Continuous monitoring then watches the relationship over time, raising alerts when a customer's profile or risk changes. Network intelligence helps surface hidden connections between parties. Global data coverage extends the same checks to customers and counterparties outside the United States. Here the aim is simple. Onboarding stays fast and accurate without falling out of compliance. High-risk cases surface early. And the audit trail holds up to examiner scrutiny. All of it works alongside the systems you already run rather than forcing a rebuild.

If US AML compliance is a cost you want to control without weakening your defenses, the quickest way to judge fit is to watch it run with your own use case. Book an AML Screening Demo and we will walk through the screening and monitoring flow.

Conclusion

US AML laws keep tightening as financial crime evolves and the rules catch up. The Bank Secrecy Act sets the foundation. The AML Act of 2020 modernized it. And the changes from 2024 through 2026 show how fast parts of the regime can move. For covered institutions, the work comes down to a few habits. Know which laws apply to you. Build a program around the five pillars. Screen and monitor properly. Then test the controls so they hold. Get that right and AML stops being a drag on onboarding. Done well, it turns into proof that the business can be trusted.

Also check: ID Verification in the USA.

[ FREQUENTLY ASKED QUESTIONS ]

Any questions? We got you.

What is AML screening?

AML screening is the process of checking a customer or transaction against risk indicators to detect money laundering. It usually covers three layers: sanctions screening against watchlists, PEP and adverse media screening, and transaction monitoring over the life of the relationship. Covered institutions run it at onboarding and on an ongoing basis to meet their BSA obligations.

What is sanctions screening in AML?

Sanctions screening in AML is the check that compares customers, counterparties, and transactions against lists of sanctioned individuals, entities, and countries. In the United States this centers on OFAC's Specially Designated Nationals (SDN) List and Consolidated Sanctions List, plus major international lists for firms with cross-border activity. It runs at onboarding and again whenever lists or customer details change.

What is sanctions screening in AML and KYC?

Within a KYC process, sanctions screening is the step that confirms a customer is not on any applicable sanctions or watchlist before the account is approved. It sits alongside identity verification and PEP screening as part of customer due diligence, and it repeats periodically because OFAC designations change over time.

What is AML sanctions screening?

AML sanctions screening is the part of an anti-money laundering program that enforces sanctions law. It blocks an institution from doing business with parties the U.S. government has designated, by matching customers and payments against OFAC lists and freezing or rejecting anything that hits. Because OFAC liability is strict, the screening has to be reliable rather than a formality.

When is AML screening required?

AML screening is required at customer onboarding, before a covered institution opens an account or provides a service. It is also required on an ongoing basis: sanctions and PEP checks repeat when lists or customer details change, and transaction monitoring runs continuously throughout the relationship. The BSA and its implementing rules make these checks mandatory for covered institutions.

What is AML testing?

AML testing is the independent review of an anti-money laundering program to confirm the controls actually work. It is one of the five pillars, usually carried out by internal audit or an external party, and it samples real cases, retests screening and monitoring logic, and checks that suspicious transactions were reported on time. It is a recurring exercise that surfaces gaps before a regulator does.

What are the AML requirements in the USA?

The core AML requirements in the USA are to maintain a written AML program built on the five pillars, run a Customer Identification Program, perform customer due diligence, screen against sanctions and PEP lists, monitor transactions, file Suspicious Activity Reports and Currency Transaction Reports, and keep records for the required period. The exact obligations depend on the type of institution.

Who controls money laundering in the USA?

FinCEN, the Financial Crimes Enforcement Network, is the lead agency for AML in the United States. It writes the rules under the Bank Secrecy Act and collects the reports institutions file. Other regulators enforce AML requirements within their sectors, including the OCC, the Federal Reserve, the FDIC, and the SEC, while OFAC administers sanctions.

What is the US Money Laundering Control Act?

The Money Laundering Control Act of 1986 is the federal law that first made money laundering a crime in the United States. It also criminalized structuring transactions to evade reporting and set penalties for individuals and entities involved in laundering. It remains one of the foundational US AML laws.

[ KYC HUB ]

Screen and monitor for financial crime in real time

Sanctions, PEP and adverse-media screening with ongoing transaction monitoring and case management.

Explore the AML screening & monitoringBook a demo
[ RELATED READING ]
How Anti-Money Laundering Software Works: Your guide in 2026
[ Compliance Solution ]

Anti Money Laundering Tool: How It Works in 2026

An anti money laundering tool screens customers, watches their transactions, and reports what looks suspicious. Here is how the technology really works in 2026 and how to choose it.

Apr 2026 · 21 min read
AI in Transaction Monitoring by 2026: What Will Actually Work
[ Transaction Monitoring ]

AI in Transaction Monitoring by 2026: What Will Actually Work

Learn how AI in transaction monitoring by 2026 enables real-time detection, adaptive risk scoring, and next-gen AML compliance.

Jan 2026 · 14 min read
Top Revolutionary AML Trends Shaping Compliance in 2026
[ Compliance Solution ]

AML Trends in 2026: What Compliance Teams Need to Know

A practical guide to the AML trends shaping compliance programs in 2026, from AI-driven detection and risk-based strategy to crypto, sanctions, and trade-based laundering risk.

Dec 2025 · 6 min read