Efficiency as a Mandate: BSA Modernization and Its Implications for Financial Institutions

By: Timothy Stokes, CRCM, Managing Director

In mid-June 2025, Deputy Secretary of the Treasury Michael Faulkender delivered prepared remarks at the 62nd Bank Secrecy Act Advisory Group (BSAAG) plenary session held in Washington, DC. Organized by the Financial Crimes Enforcement Network (FinCEN), the BSAAG brings together the representatives of the financial services industry, law enforcement, and regulatory agencies to discuss the data, utility, and effectiveness of Bank Secrecy Act (BSA) reporting.

At each plenary, FinCEN typically releases a statistical snapshot of BSA reporting’s usefulness. This review provides the industry with valuable feedback from the agency on the impact of its reporting efforts.

According to FinCEN’s Year in Review for Fiscal Year 2024, BSA data remains essential to law enforcement. For example, in FY 2024, Suspicious Activity Reports (SARs) and Currency Transaction Reports (CTRs) were linked to:

  • 32% of active FBI cases involving complex financial crimes,
  • 16% involving international terrorism, and
  • 40% involving organized crime and illicit drugs.

This year’s plenary was notable for an expanded representation of community banks, which included twice as many as in prior years. Deputy Secretary Faulkender cited this change as evidence of the Trump administration’s commitment to “putting Main Street first.” His remarks centered on a clear message: the BSA must be modernized to reflect the complexity and evolution of today’s financial system. Novel components like financial technology companies (fintechs) and cryptocurrency were not contemplated in the decades-old law, and new technology has provided criminals with more channels through which they can launder money.

Four Principles for Modernizing the BSA

Faulkender outlined four guiding principles for BSA modernization:

  1. Statutory authority: Regulation must be clearly mandated by law.
  2. Efficiency: Rules must consider the cost-benefit balance of implementation.
  3. Fairness and clarity: Regulations should be objective, consistent, and understandable.
  4. Regulatory performance: Supervision must be efficient, accountable, and transparent.

Of these, efficiency was emphasized as the top priority.

Faulkender acknowledged both the direct and indirect costs that financial institutions face in managing regulatory requirements. To improve efficiency, he suggested institutions should focus on national security risks and be “explicitly permitted” to de-prioritize lower-risk customers and activities. In short, more attention and resources should be directed toward higher-risk areas.

Implementing Efficiency: Two Paths Forward

There are two main avenues through which FinCEN can implement BSA modernization goals and promote the efficiency principle:

1. Regulatory Reform

Modernization may occur through various regulatory reform mechanisms, such as:

  • New legislation enacted by Congress,
  • Final rules published in the Federal Register, and
  • Regulatory bulletins or interpretive guidance.

These mechanisms differ in complexity and timelines, but each could authorize or require institutions to make process changes. The nature and scope of those changes will influence how institutions operationalize them and will likely impact the achievement of any meaningful efficiency gains. 

2. National AML/CFT Priorities

In 2021, FinCEN introduced a formal list of national priorities for AML and countering the financing of terrorism (AML/CFT). These priorities continue to guide institutions and regulators on risk focus areas and are required to be updated at least every four years. It is important to note that, like with mandates issued through regulatory reform, institutions are expected to review and incorporate the applicable priorities into their overarching BSA/AML programs. Deputy Secretary Faulkender has directed that this year’s update explicitly include efficiency and cost-benefit analysis.

Whether through regulatory reform or national priority expectations, financial institutions will be required to consider and incorporate efficiency and cost-benefit analysis into their BSA/AML programs. Given this, it seems “efficiency principle” and “efficiency mandate” can be used interchangeably. 

Deputy Secretary Faulkender has urged his team to act swiftly, but there is currently no timeline for formal issuance.

A Closer Look at the Efficiency Principle (Mandate)

When we think about efficiency, we tend to think about resource allocation, so at face value it seems the “efficiency principle” is about better resource allocation. Historically, institutions have been expected to allocate sufficient resources to meet compliance obligations, and lack of resources has never been an acceptable excuse for falling short. However, regulators have not traditionally been responsible for evaluating the inefficiencies of those resource demands.

Given the wide variation of institutional size, customer base, and products offered, a one-size-fits-all approach to BSA/AML compliance is neither realistic nor effective. The risk profile of a multi-trillion-dollar global bank differs significantly from that of a small community bank. Moreover, fintechs, money transmitters, and cryptocurrency issuers have risk profiles that do not align with those institutions offering more traditional banking products.

FinCEN has long advocated a risk-based approach to BSA/AML program management. Traditionally, this has been interpreted as directing resources according to risk exposure, not as permission to “de-prioritize” any category of AML obligation. Now, Faulkender’s remarks suggest institutions may actively de-prioritize lower-risk areas, so long as greater focus is given to higher-risk segments.

This raises a very important question: Does shifting resources from one area to another truly create efficiency, or are we just rebalancing efforts? The answer may lie in effectiveness. Reallocation could lead to more meaningful outcomes, even if overall effort remains the same, yet efficiencies may be gained

Institutional Considerations

While the idea of regulator-endorsed efficiency is appealing, the lack of specific guidance introduces uncertainty. Financial institutions are accustomed to clear direction from FinCEN. Without it, there’s a risk of inconsistent interpretation and uneven application across the industry, particularly in determining what it means to “de-prioritize” lower-risk customers and activities. Put simply, we need a target to aim for. While it may be difficult to hit a moving target, it is impossible to hit one that isn’t there. 

Just as the industry listens when FinCEN speaks, so too do the bad actors, and “de-prioritize” almost certainly caught their attention. “Modernization” means change, and change can create or expose vulnerabilities within an institutions’ BSA/AML program for criminals to exploit. Remaining vigilant and proactively seeking and addressing those vulnerabilities will be key to managing risk throughout the modernization effort. 

In general, institutions should exercise caution and avoid the temptation to begin making wholesale process changes or de-prioritizing anything without due regard and careful consideration. It is tempting, and the prospect of becoming more efficient in an area that has historically just been a cost center for institutions is extremely alluring. Due diligence among institutions will vary greatly, but should at a minimum include: 

  • Confirming de-prioritization aligns with their risk appetite and tolerance;
  • Ensuring the Board understands how de-prioritization impacts the institution and obtaining and documenting Board approval for any policy or program changes;
  • Assessing system capabilities, considering cost implications, and upgrading (or downgrading) automated systems as needed; and
  • Involving human resources if staffing changes are being considered.

Given the complexity, cross-functional collaboration is essential. Outside subject-matter experts may be necessary to guide institutions through changes, particularly where technology, legal, or HR implications are involved.

An Example of Practical Efficiency

A straightforward path to efficiency begins with the institution’s BSA/AML risk assessment. This tool should already identify lower-risk products and services. From there, institutions can then examine how resources are currently allocated and consider further adjustments.

Similarly, through Customer Due Diligence (CDD) programs, most institutions already risk-rate individual customers. These ratings can be leveraged to de-prioritize lower-risk clients. 

However, before de-prioritizing anything or anybody determined to be “lower-risk” under existing processes, it is critical that institutions ensure their risk assessment and risk-rating methodologies are solid. Institutions should validate that customers or activities previously rated lower risk, truly are. 

Validation may include:

  • Independent testing of risk assessments and rating models;
  • Statistical analysis (e.g., above-the-line/below-the-line testing);
  • Control effectiveness reviews;
  • Review and remediation of audit or examination findings.

Once confident in the accuracy of risk assessment results and customer risk ratings, institutions may begin considering the avenues through which they may gain efficiencies. These may include:

  • Reduced headcount;
  • Simplified system requirements or fewer licenses;
  • Decreased data storage needs; and
  • Streamlined training content.

Still, most institutions lack dedicated efficiency teams, and these efforts often fall outside the BSA Officer’s scope. A methodical, measured approach, with potential third-party support, can help ensure that only impactful, sustainable efficiencies are pursued.

Conclusion

The financial services industry is evolving rapidly due to technology, new market entrants, and shifting consumer behaviors. These changes have outpaced the framework established under the BSA, prompting a much overdue push for modernization.

Efficiency is just the first of four modernization principles, but it sets the tone. Institutions that are prepared  with robust risk assessments, adaptive programs, and strong governance will be best positioned to navigate the changes that lie ahead. Financial institutions that embrace risk-based thinking and that approach change with discipline will find themselves ahead of the curve. 

ABOUT THE AUTHOR

Tim Stokes is a Managing Director at Asurity Advisors with nearly 25 years of experience in the financial services industry. He has extensive knowledge and expertise in both anti-money laundering and consumer protection financial laws and regulations. He has served in roles as Bank Secrecy Act (BSA) Officer at institutions of varying sizes and was a Senior Outreach Specialist and Regulatory Liaison with the Financial Crimes Enforcement Network (FinCEN). Tim works with clients on all facets of their BSA/AML/CFT programs, including risk assessments, program builds and optimization, KYC/CDD/EDD programs, and training. Tim holds a B.S. in Organizational Psychology and is a Certified Regulatory Compliance Manager. 

If you would like more information please, provide your email address

Related Insights

Reconsideration of Value: A critical component of appraisal review
By CARL PRY, CRCM, CRP – Senior Advisor for Asurity Advisors (Article originally published in ABA Risk and Compliance, May/June […]
Read more
FinCEN Extends Beneficial Ownership Information Reporting Deadline
By Bart Statowski, Director of Advisory Services On February 18, 2025, the U.S. District court for the Eastern District of […]
Read more
Fair Servicing in Focus: Navigating Regulatory Expectations and Managing Fair Lending Risks 
Originally published in ABA Risk and Compliance, March/April 2025   A review of recent CFPB enforcement action and Supervisory Highlights […]
Read more