SupraPay Logo
SupraPayConformité

FinCEN / BSA Crosswalk (U.S. MSB)

FinCEN / BSA Crosswalk (U.S. MSB) — Control Mapping (Bridge-Integrated)

Purpose: Provide a compliance “crosswalk” that maps key U.S. Bank Secrecy Act (BSA) / FinCEN MSB obligations to the Company’s internal controls, procedures, and evidence artifacts, including controls performed by Bridge where applicable.

Primary reference hub: FinCEN BSA statutes and regulations page: https://www.fincen.gov/resources/statutes-and-regulations/bank-secrecy-act.

Notes

  • This crosswalk is non-exhaustive and must be tailored to the Company’s specific MSB activities, products, and jurisdictions.
  • Regulatory citations below are provided to support program structuring; confirm applicability with counsel and/or Compliance.

A. Core AML Program (MSB)

Requirement (typical MSB AML program elements): maintain a written AML program reasonably designed to prevent MSB services from being used to facilitate money laundering and terrorist financing, including (commonly) internal controls, designation of a compliance officer, training, and independent review/testing.

  • Regulatory anchor (commonly cited): 31 CFR 1022.210 (Anti-money laundering programs for money services businesses).
  • Policy coverage: AML/CTF Policy & Procedures Sections 4, 13, 14, 15, 16.
  • Operational controls:
    • Governance/RACI for Bridge vs Company responsibilities.
    • Risk assessment cadence, change management on product launch.
    • Training program and completion tracking.
    • Independent testing plan and remediation tracking.
  • Evidence artifacts:
    • Approved AML policy (versioned).
    • Training roster/completion logs.
    • Audit/testing reports, issue tracker, closure evidence.

B. Suspicious Activity Reporting (SAR) — MSB

Requirement: identify and report suspicious activity in accordance with applicable SAR rules; maintain supporting documentation and confidentiality controls.

  • Regulatory anchor (commonly cited): 31 CFR 1022.320 (Reports by money services businesses of suspicious transactions).
  • Policy coverage:
    • AML/CTF Policy & Procedures Section 12.1 (SAR governance/procedures).
    • Transaction Monitoring Policies & Procedures Sections 7–8 (alerting/investigation/escalation).
  • Operational controls:
    • Alert triage and investigation workflow with SLAs.
    • Escalation package to Bridge where Bridge is the filing party.
    • Case narrative standards and review/approval (4-eyes).
    • Confidentiality / anti-tipping-off controls.
  • Evidence artifacts:
    • Case files and supporting evidence.
    • SAR decisioning logs and approvals.
    • Escalation communications and closure outcomes.

C. Currency Transaction Reporting (CTR)

Requirement: report certain currency transactions meeting applicable thresholds/criteria; retain related records.

  • Regulatory anchors (commonly cited):
    • 31 CFR 1010.311 (Reports of transactions in currency).
    • 31 CFR 1010.306 (Filing requirements for reports of transactions in currency).
  • Policy coverage: AML/CTF Policy & Procedures Section 12.2 (CTR governance/procedures).
  • Operational controls:
    • Aggregation logic across accounts and time windows (as applicable).
    • Identification of currency-in/currency-out events that trigger CTR obligations.
    • Coordination with Bridge/PSPs/banks where they are filing parties.
  • Evidence artifacts:
    • CTR decisioning records, aggregation reports.
    • Filing confirmations (where applicable).

D. Recordkeeping (BSA) — Funds Transfers / “Travel Rule”

Requirement: maintain required records for funds transfers and transmittals of funds, including required originator/beneficiary information and retention of records.

  • Regulatory anchors (commonly cited):
    • 31 CFR 1010.410 (Records to be made and retained by financial institutions).
    • 31 CFR 1010.415 (Records of extensions of credit and cross-border transfers, as applicable).
  • Policy coverage:
    • AML/CTF Policy & Procedures Section 11 (record retention) and 12.3 (BSA recordkeeping).
    • Transaction Monitoring Policies & Procedures Section 4 and 13 (data sources, retention).
  • Operational controls:
    • Data model captures required “travel rule” fields for covered transfers (as applicable).
    • Integrity logging and immutability controls.
    • Retrieval procedures for examinations and lawful requests.
  • Evidence artifacts:
    • Data dictionaries and schemas.
    • Event logs and retention policies.
    • Retrieval test results (periodic).

E. MSB Registration (if applicable)

Requirement: register as an MSB with FinCEN where required and maintain supporting documentation.

  • Regulatory anchor (commonly cited): 31 CFR 1022.380 (Registration of money services businesses).
  • Policy coverage: Program Parameters and Definitions (program metadata; regulator/framework selection).
  • Operational controls / evidence:
    • Current MSB registration and renewal documentation.
    • Record of covered activities and legal entity structure.