US AML Laws: A Guide to Anti-Money Laundering Regulations
US AML laws are the body of federal rules that require financial institutions to detect money laundering, prevent it, and report it. Two statutes anchor the framework. First came the Bank Secrecy Act of 1970, and the Anti-Money Laundering Act of 2020 brought it up to date. Enforcement runs through FinCEN. Several other agencies share the job, among them the OCC, the Federal Reserve, the FDIC, and the SEC. For any covered institution, meeting these obligations is a legal duty. More than that, it is the main defense that keeps illicit money out of the system.
Written for compliance and AML teams, this guide is not aimed at individuals. America runs one of the largest economies in the world, and that scale makes it a target. Rules keep shifting as criminals adapt and regulators respond. What follows is the US AML legal regime in plain terms. Then come the screening and monitoring controls that put it into practice, plus the changes that reshaped parts of the rulebook through 2026.
What are US AML Laws?
Anti-money laundering, or AML, is the set of legal controls that stop criminals from passing the proceeds of crime through the financial system as if the funds were clean. In the United States, the rules home in on three things. Detection of money laundering and the financing of terrorism comes first. Reporting it comes next. And prevention, stopping the activity before it lands, is the third. FinCEN sits at the center of the regime. Around it, the OCC, the Federal Reserve, the FDIC, and the SEC each enforce the rules within the institutions they supervise.
No single statute does the work here. Think of it instead as a stack of laws passed over five decades. Each one closed a gap the last one left open. Read together, they give regulators and law enforcement the records, reports, and powers they need to follow the money.
Key Components of US AML Laws
A handful of statutes form the backbone of AML regulation in the United States. Each was built to add a piece the earlier laws were missing.
1. The Bank Secrecy Act of 1970
The Bank Secrecy Act of 1970 is the foundation, and the oldest of the major US AML laws. One basic obligation it set still drives compliance today: certain banks and similar institutions must keep records and file reports that are useful to criminal, tax, and regulatory investigators. Those filings, including currency transaction reports, give investigators the leads they need to detect and prosecute money laundering and related fraud.
2. Money Laundering Control Act of 1986
For the first time, the Money Laundering Control Act of 1986 made money laundering a federal crime. Structuring became a crime too. Picture someone breaking large cash deposits into smaller ones to dodge CTR filings. On top of that, the law pushed banks to build controls that catch laundering before it settles.
3. Anti-Drug Abuse Act of 1988
Widening the net came next, through the Anti-Drug Abuse Act of 1988. Before it, the reporting duty sat mostly with banks. More businesses got pulled in. Car dealers had to report large currency transactions. So did real estate professionals and others who had been outside the regime.
4. The USA PATRIOT Act of 2001
Passed after September 11, the USA PATRIOT Act was built to help law enforcement and financial institutions cut off the money behind terrorism. Government surveillance powers expanded. Controls on financial transactions tightened too, with a sharp focus on cross-border activity. And institutions were pushed toward stronger customer identification and due diligence.
5. The Anti-Money Laundering Act of 2020
Of all of them, the Anti-Money Laundering Act (AMLA) of 2020 is the most significant overhaul in a generation, modernizing the regime to match how financial crime actually works now. Several changes came at once. Customer due diligence expectations got stronger. New beneficial ownership rules arrived through the Corporate Transparency Act. Penalties for AML offenses went up. And a whistleblower program with real financial incentives took shape. One more change matters: the risk-based approach became a legal requirement rather than just a supervisory expectation.
The Five Pillars of a US AML Program
Most compliance teams build their program around the five pillars that examiners expect to see. Four of them come from decades of BSA rulemaking. FinCEN's 2018 Customer Due Diligence Rule added the fifth. Later, the AMLA made the risk-based approach that underpins all of them a matter of law.
So what are the pillars? A designated and qualified BSA compliance officer. Written internal policies and controls. Ongoing employee training. Independent testing of the program. And risk-based customer due diligence that includes ongoing monitoring. Miss any one of them and a regulator has something to fault. Each pillar needs an owner, documentation, and evidence that it actually runs.
US AML Regulations and Reporting Requirements
US AML regulations spell out exactly what covered institutions have to do day to day. Their point is to keep effective programs in place that cut the risk of money laundering and terrorist financing. A few core requirements sit at the heart of every program.
Customer Identification Program (CIP). Every covered institution needs a Customer Identification Program to verify the identity of anyone opening an account, using documentary and non-documentary methods before the relationship goes live.
Customer Due Diligence (CDD). Institutions must perform Customer Due Diligence to understand who their customers are, what the relationship is for, and the risk each one carries. Higher-risk customers move into enhanced due diligence.
Suspicious Activity Reporting (SAR). When a transaction looks like it could involve money laundering or another crime, the institution has to file a Suspicious Activity Report with FinCEN within the required window.
Currency Transaction Reporting (CTR). Banks and other covered businesses must file a report on any cash transaction above $10,000 in a single business day. Decades on, that threshold has held steady.
Who Must Comply With US AML Laws?
Reach here goes well beyond banks. Plenty of business types count as a covered "financial institution" under the BSA, and each carries its own AML obligations.
- Banks and credit unions
- Broker-dealers in securities
- Money services businesses (MSBs)
- Mutual funds
- Insurance companies
- Futures commission merchants and introducing brokers in commodities
- Casinos and card clubs
- Dealers in precious metals, stones, and jewels
Who Regulates AML in the USA?
The Financial Crimes Enforcement Network, a bureau of the U.S. Department of the Treasury, is the lead agency for US AML laws. FinCEN writes the rules. FinCEN collects the reports. And FinCEN shares intelligence with law enforcement. None of that happens in isolation, though. Enforcement is shared across several supervisors. Banks chartered nationally fall to the Office of the Comptroller of the Currency (OCC). Three more agencies each enforce AML requirements within the institutions they oversee: the Federal Reserve, the FDIC, and the Securities and Exchange Commission (SEC). Sanctions are a separate matter, run by the Treasury's Office of Foreign Assets Control (OFAC), and screening has to satisfy them.
Sanctions Screening Under US AML Laws
Sanctions screening is where US AML compliance meets US foreign policy. OFAC maintains two key lists. One is the Specially Designated Nationals and Blocked Persons (SDN) List. Broader still is the Consolidated Sanctions List. Covered institutions are expected to screen customers, counterparties, and transactions against them. Hit a match and you could be looking at a blocked transaction, a frozen account, and a filing obligation.
This sanctions screening process in AML usually runs in two places. At onboarding, the institution checks a new customer before the account opens. After that, screening repeats whenever the lists change or the customer's details change, and transaction screening runs in real time or close to it. Good programs do three things well. Clear matching criteria come first. Fuzzy matching catches spelling variants and aliases. And tuned thresholds keep analysts from drowning in false positives. OFAC liability is strict. An institution can be penalized even when a sanctioned party slipped through by accident. So the controls have to be genuinely reliable rather than a box-ticking exercise.
PEP Screening and the AML Process
Politically exposed persons sit in a higher-risk bracket because their position can open the door to bribery and corruption. US AML rules do not set a single national PEP list. But they do expect institutions to identify these customers and apply enhanced due diligence that matches the risk.
A working PEP screening process starts at onboarding, where the institution checks whether a customer or a connected party holds a prominent public function. Onboarding is not the end of it. People move into and out of public roles, so screening repeats on a schedule. Any positive result then triggers closer review, source-of-funds checks, and senior sign-off before the relationship continues. Running alongside, the same engine usually does adverse media checks at the same time, surfacing negative news that a static list would miss.
AML Transaction Monitoring and Screening
Screening tells you who a customer is. Transaction monitoring tells you what they do. US AML laws expect covered institutions to watch activity over the life of a relationship and flag anything that looks like laundering, structuring, or terrorist financing.
AML transaction screening covers both ends of a payment. Parties to a transaction get checked against sanctions and watchlists, and the behavior itself gets studied for patterns that do not fit the customer's profile. Several things raise alerts for an analyst to review. Sudden spikes are one. So are round-number transfers, rapid movement through multiple accounts, and activity tied to high-risk jurisdictions. When the review confirms a concern, the institution files a SAR. Volume is the challenge most teams face. Rules that are too blunt drown analysts in false positives. So many institutions now layer machine learning on top of fixed rules to score risk more accurately and put the worst cases first.
How to Choose AML Screening Software for US Compliance
Plenty of AML screening software crowds the market, and the labels can blur together. A few questions cut through the noise when you are matching a tool to US AML obligations.
Start with coverage. Any system worth a look has to screen against several sources at once. OFAC's SDN and consolidated lists are the baseline. Add the major global sanctions regimes, PEP data, and adverse media, with updates that land fast when designations change. Look hard at match quality next. Three things decide whether your analysts spend their time on real risk or on noise: fuzzy matching, alias handling, and tunable thresholds. Then check the workflow. KYC and AML screening should connect cleanly to onboarding and case management, with an audit trail that an examiner can follow. Ask how transaction monitoring is built. Can rules be adjusted without an engineering project? Does the vendor support the SAR and CTR reporting you owe FinCEN? Finally, weigh how the tool fits the systems you already run. Force a full rebuild and a platform rarely earns its place.
Book an AML Screening Demo to see how these pieces fit together against a real US compliance use case.
Recent Changes to US AML Laws (2024-2026)
US AML laws do not sit still, and the period from 2024 through 2026 brought some of the biggest shifts in years. Run a compliance program and a few changes are worth knowing.
The Corporate Transparency Act and beneficial ownership reporting. The Corporate Transparency Act took effect on January 1, 2024 and, as written, required a wide range of companies to report their beneficial owners to FinCEN. Then a run of court challenges changed the picture sharply. In March 2025, FinCEN issued an interim final rule that removed the reporting requirement for U.S. companies and U.S. persons. Under the current rule, all entities formed in the United States and their beneficial owners are exempt from filing. Now a "reporting company" covers only entities formed under foreign law that have registered to do business in a U.S. state or tribal jurisdiction. Foreign reporting companies still have to file, and they are not required to report any U.S. persons as beneficial owners. FinCEN has said it intends to finalize the rule, so teams should treat this as a moving target and watch for the final version.
The Investment Adviser AML Rule. FinCEN finalized a rule extending BSA AML and SAR obligations to many registered investment advisers and exempt reporting advisers. The effective date has since moved. In late 2025, FinCEN pushed it from January 1, 2026 to January 1, 2028, buying time to review the rule and tailor it to the range of business models in the advisory sector. Advisers in scope get a longer runway, but the direction of travel is clear.
The Residential Real Estate Transfers Rule. FinCEN's rule on residential real estate took effect on March 1, 2026 after an earlier delay. It requires reporting to FinCEN of beneficial ownership information for certain non-financed transfers of residential property, closing a gap that all-cash real estate deals had long left open.
For how these rules compare elsewhere, see our guide to AML in India.
How KYC Hub Helps With US AML Compliance
KYC Hub offers an end-to-end AML screening and monitoring solution that turns these US AML obligations into a working flow. The platform leads with exhaustive AML screening. Around that core sit continuous monitoring and AML alerts, global adverse media intelligence, network intelligence, and global data coverage. So a covered institution can run the checks US AML laws require from a single place rather than stitching tools together.
Screening sits at the front of the process. At onboarding and on an ongoing basis, the platform checks customers and counterparties against sanctions lists, PEP data, and adverse media, with the matching controls needed to catch aliases and variants without flooding analysts. Continuous monitoring then watches the relationship over time, raising alerts when a customer's profile or risk changes. Network intelligence helps surface hidden connections between parties. Global data coverage extends the same checks to customers and counterparties outside the United States. Here the aim is simple. Onboarding stays fast and accurate without falling out of compliance. High-risk cases surface early. And the audit trail holds up to examiner scrutiny. All of it works alongside the systems you already run rather than forcing a rebuild.
If US AML compliance is a cost you want to control without weakening your defenses, the quickest way to judge fit is to watch it run with your own use case. Book an AML Screening Demo and we will walk through the screening and monitoring flow.
Conclusion
US AML laws keep tightening as financial crime evolves and the rules catch up. The Bank Secrecy Act sets the foundation. The AML Act of 2020 modernized it. And the changes from 2024 through 2026 show how fast parts of the regime can move. For covered institutions, the work comes down to a few habits. Know which laws apply to you. Build a program around the five pillars. Screen and monitor properly. Then test the controls so they hold. Get that right and AML stops being a drag on onboarding. Done well, it turns into proof that the business can be trusted.
Also check: ID Verification in the USA.



