Anti-money laundering (AML) refers to the comprehensive legal, regulatory, and institutional framework — anchored by the Bank Secrecy Act (BSA), the USA PATRIOT Act, and the Anti-Money Laundering Act of 2020 (AMLA) — that requires financial institutions to detect, deter, and report transactions that may involve proceeds of illegal activity.
AML is the broader compliance discipline built on top of the Bank Secrecy Act (BSA). While the BSA established the foundational reporting requirements (CTRs, SARs), AML has evolved into a comprehensive risk management function encompassing customer due diligence (CDD), enhanced due diligence (EDD) for high-risk relationships, transaction monitoring, sanctions screening (see [[ofac-sanctions-screening]]), and enterprise-wide AML programs. The regulatory architecture: (1) Bank Secrecy Act (31 U.S.C. §§ 5311–5336) — foundation, administered by FinCEN (fincen.gov). (2) USA PATRIOT Act (2001) — added Section 326 (customer identification programs) and Section 312 (correspondent account due diligence); codified at 31 U.S.C. § 5318. (3) FinCEN CDD Rule (2016, 31 CFR § 1010.230) — added beneficial ownership requirements for legal entity customers. (4) Anti-Money Laundering Act of 2020 (AMLA 2020, see [[amla-2020]]) — most significant overhaul since PATRIOT Act; added whistleblower protections, new corporate transparency requirements, and FinCEN reform authority. The five pillars of an effective AML program (per FinCEN guidance at fincen.gov/resources/statutes-regulations/guidance): (1) Internal controls and policies. (2) Independent testing/audit. (3) Designated AML compliance officer. (4) Ongoing staff training. (5) Customer due diligence (CDD). For small business borrowers, AML compliance means: expect identity verification (government ID, EIN documentation), beneficial ownership certification, source-of-funds questions for large transactions, and possible enhanced due diligence for high-risk industries (cannabis-adjacent, cash-intensive, international transactions). These are legal requirements on the lender — not optional — and are not personal judgments about your business.
Questions about business ownership, purpose of funds, and source of revenue are required by federal AML regulations — specifically FinCEN's Customer Due Diligence (CDD) rule (31 CFR § 1010.230) and the BSA (31 U.S.C. §§ 5311–5336). Lenders face significant regulatory penalties for deficient AML programs. These questions apply to all borrowers — they reflect regulatory compliance, not suspicion of your business. See fincen.gov for the underlying regulatory requirements.
Cash-intensive businesses (restaurants, retail, car washes, laundromats), cannabis-adjacent businesses, money services businesses (MSBs), pawn shops, and businesses with significant international transaction volumes typically face enhanced due diligence (EDD) under AML frameworks. This doesn't mean these businesses can't get financing — it means the underwriting process involves more documentation. FinCEN publishes industry-specific AML guidance at fincen.gov/resources/statutes-regulations/guidance.
Know Your Customer (KYC) is a component of AML — the identity verification and customer due diligence process conducted at account opening and on an ongoing basis. AML is the broader framework: KYC + transaction monitoring + sanctions screening + SAR filing + the full internal compliance program. KYC is the front door of AML. Both are governed by FinCEN under the Bank Secrecy Act (fincen.gov).