Bank Secrecy Act / Customer Identification / Customer Due Diligence Program

Ensure these policies address all applicable requirements. Refer to the interagency Bank Secrecy Act/Anti-Money Laundering (BSA/AML) Examination Manual developed by the Federal Financial Institutions Examination Council member agencies, for information on the policy requirements, including how a member’s identity will be verified. The BSA program needs to be commensurate with the proposed federal credit union’s respective BSA/AML risk profiles and address the following required elements:

• System of internal controls

• Independent testing

• Designated person or persons responsible

• Training

• Customer due diligence

In general, BSA requires credit unions to track cash transactions and purchases of cash equivalents, such as money orders, and to comply with other recordkeeping and reporting requirements. The forms used most frequently by credit unions to report transactions are the Currency Transaction Report and the Suspicious Activity Report.

The Customer Identification Program (CIP)/Customer Due Diligence (CDD) policy must detail the method to verify a person’s identity and include risk-based procedures for conducting ongoing customer due diligence and complying with beneficial ownership requirements for legal entity customers. It should indicate who will handle or respond to the information sharing requests (commonly known as 314a lists) provided by the Financial Crimes Enforcement Network (FinCEN).

Separate policies may be developed for BSA, CIP, and CDD if preferred. BSA regulatory requirements are located in NCUA regulations §§ 748.1, Filing of reports; and 748.2, Procedures for monitoring Bank Secrecy Act (BSA) compliance. Additional guidance is found on NCUA’s Bank Secrecy Act Resources site in NCUA’s section of the FFIEC BSA/AML Examination Agency Resources site.

The BSA statute and implementing regulations can be viewed on FinCEN’s website.

Last updated on March 30, 2026