Bank Secrecy Act
First passed in 1970 and variously known as the Bank Secrecy Act (BSA), Anti-Money Laundering Law (BSL/AML), Currency and Foreign Transaction Reporting Act, or , this legislation is intended to prevent, not encourage, bank secrecy that protects criminal activity.  BSA and the Gramm-Leach-Bliley Act, and the Know Your Customer regulations that implement BSA, are, to some extent, at cross-purposes. GLBA tries to protect individual privacy, while BSA and related regulations try to bring money laundering to light. While the Internal Revenue Service was the first administrator, much has shifted to the Financial Crimes Enforcement Network (FinCEN) of the U.S. Department of the Treasury.
After the 9-11 Attacks, the original focus om money laundering, primarily for drug and gambling activities, became entwined with PATRIOT Act provisions to avoid transferring funds that can be used for terrorism. The institutions covered expanded from traditional banks to broadly defined financial institutions, including mortgage companies, pawnbrokers, used car dealerships, and many other businesses.
Covered institutions must file three types of reports:
- Currency Transaction Report (CTR): Cash transactions in excess of $10,000 during the same business day, including cash for substitute checks. The amount over $10,000 can be either from one transaction or a combination of cash transactions; CTRs are submitted to the Internal Revenue Service.
- Negotiable Instrument Log (NIL): Cash purchases of negotiable instruments (e.g., money orders, cashiers checks, travelers cheques) totaling from $3,000 to $10,000, inclusive; these are filed with the Internal Revenue Service.
- Suspicious Activity Report (SAR): Any cash transaction where the customer seems to be trying to avoid BSA reporting requirements (e.g., CTR, NIL). A SAR must also be filed if the customer's actions indicate that s/he is laundering money or otherwise violating federal criminal law. The customer must not know that a SAR is being filed. These reports are filed with FinCen.
The CTR and NIL are similar, in that they, respectively, deal with getting cash for negotiable instruments, or getting negotiable instruments for cash. Having a one of these reports filed is not intended to throw suspicion of wrongdoing, since there are perfectly legitimate reasons why people might purchase large amounts of travelers' checks or obtain large amounts of cash -- both may be for vacations. They are more intended for government detection of patterns of suspicious activity, as might be seen by transactions at multiple banks.
Suspicious Activity Report
A financial institution that files an SAR suspects wrongdoing. It may give investigative information to the government, a practice that many consider an inherent conflict of interests, since financial institutions are just that, and not sworn law enforcement.
Even a single SAR may not raise governmental suspicion, but there is much possibility for bad will, and even lawsuits, if financial institutions freeze accounts without strong reason. If the institution is concerned enough that an account freeze may be in order, it is high time to bring in law enforcement, presumably in cooperation with the institution's attorneys.
It is wise for financial institutions first creating relationships with such businesses to set reasonable expectations with their customers. There is nothing wrong with telling the customer about the rules under which the institution operates, only without disclosing the fact of specific reports. Not only are there criminal penalties for financial institutions that do not file the required report, but there are also very stiff penalties for the institution that tells the customer a SAR has been filed. Treat SARs as extremely sensitive, and have a clear definition of a responsible manager that can actually file them.
Balancing privacy and government need
Civil libertarians have expressed concern about the intrusion into private matters, and putting commercial financial institutions into the role of information collectors. Law enforcement and counterterrorism specialists believe the Act provides essential data.
The General Accountability Office, in 2008, recommended that a number of transactions could be eliminated from CTR requirements without loss of security value.