BSA / FinCEN compliance
The complete guide to Bank Secrecy Act, FinCEN, and Anti-Money Laundering requirements for security token platforms, blockchain-based securities, and tokenized assets.
Key takeaways
Show me the regulation
Each panel below is the full structured detail for a regulation referenced in this guide — drawn from the OMINEX regulation registry. Expand any one to see the citation, what it requires in plain language, what fields the examiner reads from the snapshot, the retention period, and the specific OMINEX event types that produce the evidence.
The Bank Secrecy Act (BSA) is the foundational U.S. anti-money-laundering law administered by FinCEN. It requires financial institutions — including broker-dealers, transfer agents, and platforms facilitating securities transactions — to assist government agencies in detecting and preventing money laundering and terrorist financing.
For digital asset platforms dealing with securities, BSA/AML compliance is mandatory regardless of the securities exemption used (Reg D, Reg A+, Reg CF, or Reg S). The core obligation is establishing a comprehensive AML program with four pillars: a written AML program, a designated BSA Compliance Officer, ongoing employee training, and independent testing.
All U.S. persons and entities must screen customers, counterparties, and transactions against OFAC sanctions lists (SDN, sectoral, non-SDN) as well as UN, EU, and HMT consolidated lists. Transactions with sanctioned persons, entities, or jurisdictions are strictly prohibited, and OFAC has confirmed that sanctions apply to digital assets and blockchain-based transactions.
Screening must occur at account opening, before every transaction, when OFAC lists are updated, and periodically for existing customers. OMINEX wallet-bound attestation records make sanctions-screening status auditable across counterparties without re-exposing PII.
Traditional KYC verification creates siloed data within each platform. Wallet-bound attestations address that by creating verifiable proofs of BSA/AML compliance that are cryptographically linked to blockchain wallet addresses without transmitting underlying PII.
Privacy-preserving (only the fact of verification is shared), reviewable by downstream counterparties, and independently verifiable (records can be examined and tampering is detectable in regulatory audits).
FinCEN's CIP rule requires collecting and verifying customer identity before establishing a relationship. Verification can be documentary (government ID) or non-documentary (database checks).
Documents
Understand the nature and purpose of the customer relationship. For legal entities, identify and verify beneficial owners with 25%+ ownership or significant control.
Documents
Additional scrutiny for high-risk customers: PEPs, high-risk jurisdictions, complex ownership, cash-intensive businesses, and high-value transactions.
Documents
Continuous transaction monitoring and periodic review to detect suspicious activity. Update customer information and risk profiles as relationships evolve.
Documents
| Entity type | Threshold, deadline, and authority |
|---|---|
| Broker-dealers | $5,000 threshold; file within 30 days (60 if no suspect identified). Authority: FinCEN / FINRA. |
| Banks / credit unions | $5,000 threshold (or $25,000 with no suspect); file within 30 days. Authority: FinCEN. |
| Money services businesses | $2,000 threshold; file within 30 days. Authority: FinCEN. |
| Casinos | $5,000 threshold; file within 30 days. Authority: FinCEN. |
Resource
New stablecoin AML requirements for PPSIs and DASPs
Resource
Accredited investor verification and reasonable-steps requirements
Resource
Why neutral verification matters for regulatory compliance
From rule to operating fit
The mandate map shows where verification and recordkeeping requirements already apply across digital assets, tokenized capital markets, and related infrastructure. The business case explains how OMINEX helps teams reduce manual proof gathering, answer diligence faster, and move deals forward with less operational drag.
Originally published November 2024 · Last reviewed December 2024
