Wipfli logo
Insights - Articles, Blogs and on-demand webcasts

Articles & E-Books


Bank Secrecy Act training expectations and best practices

Jun 22, 2020

A financial institution’s Bank Secrecy Act (BSA)/Anti-Money Laundering (AML) training program is important for two main reasons.

First, training is one of the five pillars of the BSA. The assessment of the training program is just one of the methods examiners use to gauge the overall adequacy of the financial institution’s BSA/AML compliance program. And second, employees are an integral tool in the financial institution’s suspicious activity monitoring program.

Well-trained employees will be able to help identify and report potential suspicious activity. Though the regulatory requirement for training is clear, the method on how to complete it and what should be included in the training programs are a little gray. Even the timing requirements for training are a little confusing.

Technically, the FFIEC BSA AML Examination manual does not use the word “annual” when addressing training; however, the best practice expectation of most examiners is annual BSA training.

There are several approaches to training staff: You can do a broad training for all or customized to specific jobs. You can also find training online or conduct it in-person.

Online training is a convenient method to get all staff trained at different times; however, online training is also fairly generic and not specific to each institution. If you do choose online training, be sure to supplement that training with education on the institution’s own policies and procedures.

As a guide, the following are BSA/AML training topics that should be included for several job types:

Frontline staff and tellers:

  • Office of Foreign Assets Control (OFAC)
  • Currency Transaction Reports (CTRs)
  • Monetary instrument sales
  • Customer Identification Program (CIP) (for staff opening new accounts)
  • Customer Due Diligence/Enhanced Due Diligence (CDD/EDD), including beneficial ownership requirements
  • Suspicious activity reporting requirements
  • Wire transfers
  • How to identify suspicious activity
  • Examples of suspicious activity related to frontline transactions


  • OFAC
  • CIP
  • CDD/EDD/beneficial ownership
  • CTRs (if applicable, since not all lenders deal with cash)
  • Suspicious activity reporting requirements
  • How to identify suspicious activity
  • Examples of suspicious activity related to lending transactions

Operations staff:

  • OFAC
  • Wire transfers
  • Automated Clearing House (ACH)/International ACH Transactions (IAT)
  • International transaction activity
  • How to identify suspicious activity
  • Examples of suspicious activity related to backroom operations

New hires:

BSA/AML training should be part of the onboarding process and provided in a reasonable amount of time in relation to the employee’s start date. For tellers (and any other cash handling positions), the institution should consider providing training prior to the employee gaining access to a cash drawer. As a best practice, initial training should include at least an overview of BSA/AML, introduction to the institution’s own policies and procedures, and training related specifically to the employee’s position.

BSA officer:

The BSA officer is expected to be fully knowledgeable and the “expert” about BSA and all of the related regulations. Because of that expectation, the BSA officer’s training cannot be limited simply to the general training provided to other staff. The BSA officer should be attending external training sessions/workshops, on a regular basis, that are geared specifically toward duties of the BSA officer and advanced BSA topics.

Documenting training

As the saying goes in the audit and exam world, “If you didn’t document it, it didn’t really happen.” And for that reason, it is extremely important to retain documentation of all training. The documentation should include content of the training, who attended the training and the date the training was completed.

If you rely on online education, there are typically dashboard reports to manage all employee activity. The reports usually track courses assigned to each employee, the due date of the courses, the completion date and a score from the quiz from each area. Online courses also typically offer a summary of everything covered in each session. It would be a good idea to retain this summary with the training records.

For live training, sign-in attendance logs may be the easiest way to document who attended. Be sure all employee names are legible and that the records also identify individuals who should have attended the training but did not. And of course, retain a copy of the training materials.

External training seminars, webinars and workshops will typically provide some sort of certificate for completing the training. Retain the certificates and a summary of the training or actual materials for documentation.

The main point of all of this training — and what can seem like endless documentation — is to ensure regulatory requirements are satisfied and, most importantly, employees are knowledgeable about the BSA and management’s expectations. The institution’s employees are one of the greatest tools for discovering and reporting potential suspicious activity. Be sure they have the resources they need to help your institution achieve your BSA objectives.


Kristen J. Ferwerda, CRCM
Manager, Compliance
View Profile