AML and KYC Compliance: Filing Requirements for Regulated Businesses
Anti-money laundering and know-your-customer regulations create ongoing compliance obligations. Here is what must be filed, when, and the penalties for failure.
What AML/KYC requires
Anti-money laundering (AML) and know-your-customer (KYC) regulations require businesses, particularly in financial services, to verify customer identities, monitor transactions, and report suspicious activity. These are not optional policies. They are legal obligations with criminal penalties for non-compliance.
Who must comply
AML/KYC requirements apply to:
- Banks and credit unions
- Money services businesses (MSBs) including crypto exchanges and payment processors
- Broker-dealers and investment advisers
- Insurance companies
- Real estate professionals (for certain transactions)
- Casinos and gambling businesses
- Precious metals dealers
- Any business designated by FinCEN
Key filing obligations
| Filing | Trigger | Deadline | Penalty |
|---|---|---|---|
| Suspicious Activity Report (SAR) | Suspected money laundering, fraud, or other criminal activity | 30 days from detection (60 if no suspect identified) | Up to $1 million per violation + criminal prosecution |
| Currency Transaction Report (CTR) | Cash transactions exceeding $10,000 | 15 days after transaction | Up to $250,000 per violation |
| FinCEN Registration (MSB) | Operating as a money services business | Before commencing operations, renew every 2 years | $5,000 per day |
| OFAC screening | Every transaction, every customer | Real-time | Up to $20 million per violation |
| Customer Due Diligence (CDD) | New accounts and periodic reviews | At onboarding + ongoing | Regulatory action |
| Beneficial Ownership (CDD Rule) | New legal entity accounts | At account opening | Regulatory action |
The BSA/AML compliance programme
Every covered institution must maintain a BSA/AML compliance programme with five pillars:
- Internal controls: Policies and procedures for detecting and reporting suspicious activity
- BSA/AML compliance officer: A designated individual responsible for the programme
- Training: Ongoing training for all relevant employees
- Independent testing: Annual independent review of the programme (audit)
- Customer due diligence: Risk-based procedures for verifying customer identity and monitoring transactions
State-level requirements
US states add their own AML requirements on top of federal obligations:
- New York (DFS): Part 504 requires transaction monitoring and filtering programmes with annual board certifications
- California (DFPI): Examination-based supervision with detailed record-keeping requirements
- Texas (TDOB): State-level money transmitter licensing with its own AML requirements
For businesses licensed in multiple states, this creates overlapping and sometimes conflicting obligations.
International AML frameworks
| Jurisdiction | Regulatory body | Key legislation |
|---|---|---|
| United Kingdom | FCA | Money Laundering Regulations 2017 |
| European Union | National regulators | 6th Anti-Money Laundering Directive (6AMLD) |
| Singapore | MAS | Corruption, Drug Trafficking and Other Serious Crimes Act |
| Hong Kong | SFC / HKMA | Anti-Money Laundering and Counter-Terrorist Financing Ordinance |
| UAE | CBUAE | Federal Decree-Law No. 20 of 2018 |
| Cayman Islands | CIMA | Proceeds of Crime Act |
How CompCal helps
CompCal tracks your regulatory filing deadlines including FinCEN registration renewals, state licensing renewals, and annual compliance certifications. For multi-jurisdictional businesses, every AML filing deadline appears in one dashboard.