Skip to main content


Anti-Money Laundering (AML) Source Tool for Mutual Funds

May 12, 2017

This guide was last updated on May 16, 2022.

This research guide, or “source tool,” is a compilation of key AML laws, rules, and guidance applicable to “mutual funds” (i.e., open end investment companies as defined in Section 5(a)(1) of the Investment Company Act of 1940). Several statutory and regulatory provisions impose AML obligations on mutual funds. A wealth of related AML guidance materials is also available. To aid research efforts into AML requirements and to assist mutual funds with AML compliance, this source tool organizes key AML compliance materials and provides related source information.

When using this research tool, you should keep the following in mind:

First, mutual funds are responsible for complying with all AML requirements to which they are subject. Although this research guide summarizes some of the key AML obligations that are applicable to mutual funds, it is not comprehensive. You should not rely on the summary information provided but should refer to the relevant statutes, rules, orders, and interpretations.

Second, AML rules, regulations, and orders are subject to change and may change quickly. Statutes that include AML-related provisions may be amended from time to time, and new statutes may be enacted which include AML-related provisions. The Anti-Money Laundering Act of 2020 (AMLA) tasked the Secretary of the Treasury, in consultation with specified regulators and law enforcement, with undertaking a review of BSA regulations and guidance and directed the Secretary to make appropriate changes to improve the efficiency of the regulations and guidance.[1] Other provisions of AMLA and the Corporate Transparency Act require the Secretary to revise the AML program rules and beneficial ownership rule.[2]

Finally, you will find a list of telephone numbers and useful websites at the end of this guide. If you have questions concerning the meaning, application, or status of a particular law, rule, order, or interpretation, you should consult with an attorney experienced in the areas covered by this guide.

This source tool represents the views of the staff of the Division of Examinations. It is not a rule, regulation, or statement of the Securities and Exchange Commission (“Commission”). The Commission has neither approved nor disapproved its content.  This source tool, like all staff guidance, has no legal force or effect: it does not alter or amend applicable law, and it creates no new or additional obligations for any person.

The Division of Examinations regularly publishes Risk Alerts on its webpage,, some of which deal with AML topics, and also maintains a source tool regarding the AML obligations of broker-dealers.


The following topics are addressed in this guide:

  1. The Bank Secrecy Act
  2. The USA PATRIOT Act
  3. AML Programs
  4. Customer Identification Programs
  5. Beneficial Ownership
  6. Due Diligence Programs for Correspondent Accounts
  7. Due Diligence Programs for Private Banking Accounts
  8. Suspicious Activity Monitoring and Reporting
  9. Other Reporting and Recordkeeping Requirements
  10. Information Sharing With Law Enforcement and Financial Institutions
  11. Special Measures Imposed by the Financial Crimes Enforcement Network
  12. Office of Foreign Asset Control (OFAC) Sanctions Programs and Other Lists
  13. Selected Additional AML Resources
  14. Useful Contact Information

1. The Bank Secrecy Act

The Bank Secrecy Act (BSA), initially adopted in 1970, established the basic framework for AML obligations imposed on financial institutions. Among other things, it authorizes the Secretary of the Treasury to issue regulations requiring financial institutions to keep records and file reports on financial transactions that may be useful in investigating and prosecuting money laundering and other financial crimes. Treasury has determined that mutual funds should be considered “financial institutions” for certain purposes and thus certain BSA rules are applicable to mutual funds. The Financial Crimes Enforcement Network (FinCEN), a bureau within Treasury, has regulatory responsibilities for administering the BSA.

Source Documents:

  • Bank Secrecy Act: The Bank Secrecy Act is codified at 31 U.S.C. §§ 5311 et seq.
  • Bank Secrecy Act Rules: The rules adopted by Treasury implementing the BSA are located at 31 C.F.R. Chapter X. 31 C.F.R. Chapter X is comprised of a “General Provisions Part” and separate financial-institution-specific parts for those financial institutions subject to FinCEN regulations. The General Provisions Part (Part 1010) contains regulatory requirements that apply to more than one type of financial institution, and in some cases, individuals. The financial-institution-specific parts contain regulatory requirements specific to a particular type of financial institution. Part 1024 pertains to mutual funds (31 C.F.R. §§ 1024.100 et seq.).


The USA PATRIOT Act was enacted by Congress in 2001 in response to the terrorist attacks on September 11, 2001. Among other things, the USA PATRIOT Act amended and strengthened the BSA. One provision of the Act mandated a study that ultimately contained recommendations for extending certain AML obligations to open-end investment companies, or mutual funds. Currently, as a result of the USA PATRIOT Act and its implementing rules, there are a number of BSA/AML obligations that are applicable to “mutual funds,” including:

  • AML compliance programs;
  • customer identification programs;
  • obtaining beneficial ownership information and customer due diligence;
  • monitoring, detecting, and filing reports of suspicious activity;
  • due diligence for foreign correspondent accounts, including prohibitions on transactions with foreign shell banks;
  • due diligence for private banking accounts;
  • mandatory information-sharing (in response to requests by federal law enforcement);
  • compliance with “special measures” imposed by FinCEN to address particular AML concerns; and
  • other reporting and recordkeeping requirements, including requirements to file currency transaction reports and reports in connection with foreign bank and financial accounts.

Source Documents:

3. AML Programs

Section 352 of the USA PATRIOT Act amended the BSA to require financial institutions to implement AML programs. Toward that end, FinCEN has implemented a rule that requires mutual funds to establish AML programs. Because mutual funds operate through a variety of different business models, one generic AML program is not possible; rather, each mutual fund must develop a program based upon its own business structure. As a result, each mutual fund complex should identify its vulnerabilities, understand applicable BSA requirements, identify the risk factors relating to these requirements, design the procedures and controls that will be required to reasonably assure compliance with these requirements, and periodically assess the effectiveness of the procedures and controls.

A mutual fund’s AML compliance program must be in writing, must be approved by the mutual fund’s board of directors, and must include at a minimum:

  • policies, procedures, and internal controls reasonably designed to prevent the mutual fund from being used for money laundering or the financing of terrorist activities and to achieve compliance with the BSA and its implementing rules;
  • the designation of a person or persons responsible for implementing and monitoring the operations and internal controls of the AML program (AML Officer);
  • ongoing AML training for appropriate persons;
  • an independent test of the mutual fund’s AML program conducted by the mutual fund’s personnel or by a qualified outside party. For the testing to be independent, it must not be done by the same employees involved in the operation or oversight of the AML program; and
  • risk-based procedures for conducting ongoing customer due diligence. These should include, but not be limited to, procedures to: (1) identify and verify the identity of customers, (2) understand the nature and purpose of customer relationships so customer risk profiles can be developed, and (3) conduct ongoing monitoring to identify and report suspicious transactions as well as to maintain and update customer information, including beneficial ownership information.

Because mutual funds do not have direct employees, they may delegate certain aspects of their AML programs to their service providers; however, mutual funds remain responsible for assuring compliance with the rule and overseeing the performance of any delegated responsibilities. In addition, if a mutual fund delegates responsibility for its AML program to a service provider, the mutual fund must obtain a written consent that will ensure the ability of federal regulators to obtain information and records relating to the AML program and to inspect the third party for purposes of the program.

Rule 38a-1 under the Investment Company Act of 1940 requires investment companies, including mutual funds to establish and implement compliance programs that include provisions for compliance with the BSA and rules adopted thereunder. Under Rule 38a-1, fund compliance programs include oversight over the compliance efforts of service providers through which the fund conducts its business (e.g., the fund’s investment adviser, principal underwriter, administrator and transfer agent of the fund).

Source Documents:

4. Customer Identification Programs

Section 326 of the USA PATRIOT Act amended the BSA to require financial institutions to establish written customer identification programs (CIP). A joint SEC/FinCEN implementing rule imposes CIP obligations on mutual funds. The implementing rule requires mutual funds to establish, document, and maintain a written CIP that includes procedures for:

  • obtaining customer identifying information from each customer prior to account opening;
  • verifying the identity of each customer, to the extent reasonable and practicable, within a reasonable time before or after account opening;
  • making and maintaining a record of all information obtained relating to customer identity and verification;
  • determining within a reasonable time after account opening or earlier whether a customer appears on any list of known or suspected terrorist organizations designated by Treasury;[3] and
  • providing each customer with adequate notice, prior to opening an account, that information is being requested to verify the customer’s identity.

The CIP rule provides that, under certain defined circumstances, mutual funds may rely on the performance of another financial institution to fulfill some or all of the requirements of the mutual fund’s CIP. For a mutual fund to rely on another financial institution, the reliance must be reasonable. The financial institution being relied on by the mutual fund must be subject to an AML program rule and be regulated by a federal functional regulator. The mutual fund and the other financial institution must enter into a contract, and the other financial institution must certify annually to the mutual fund that it has implemented an AML program. The other financial institution must also certify to the mutual fund that the financial institution will perform the specified requirements of the mutual fund’s CIP.[4]

Source Documents:

5. Beneficial Ownership

Covered financial institutions are required to establish and maintain written procedures that are reasonably designed to identify and verify beneficial owners of legal entity customers and to include such procedures in their anti-money laundering compliance program required under 31 U.S.C. 5318(h) and its implementing regulations.

Legal entity customer means an account holder that is a corporation, limited liability company, or other entity that is created by the filing of a public document with a Secretary of State or similar office, a general partnership, and any similar entity formed under the laws of a foreign jurisdiction.

Beneficial owner means each of the following:

  1. Each individual, if any, who, directly or indirectly, through any contract, arrangement, understanding, relationship or otherwise, owns 25 percent or more of the equity interests of a legal entity customer; and
  2. A single individual with significant responsibility to control, manage, or direct a legal entity customer, including:
    1. An executive officer or senior manager (e.g., a chief executive officer, chief financial officer, chief operating officer, managing member, general partner, president, vice president or treasurer); or
    2. Any other individual who regularly performs similar functions.
  3. If a trust owns directly or indirectly, through any contract, arrangement, understanding, relationship or otherwise, 25 percent or more of the equity interests of a legal entity customer, the beneficial owner shall mean the trustee. If an entity that is excluded from the definition of “legal entity customer” owns directly or indirectly, through any contract, arrangement, understanding, relationship or otherwise, 25 percent or more of the equity interests of a legal entity customer, no individual need be identified with respect to that entity’s interests.

Source Documents:

6. Due Diligence Programs for Correspondent Accounts and Enhanced Due Diligence for Certain Foreign Bank Correspondent Accounts

Section 312 of the USA PATRIOT Act amended the BSA to, among other things, impose special due diligence requirements on financial institutions that establish, maintain, administer, or manage a private banking account or a “correspondent account” in the United States for a “non-United States person.”

A correspondent account includes any account established for a foreign financial institution (including a foreign bank) to receive deposits from, or to make payments or other disbursements on behalf of, the foreign financial institution, or to handle other financial transactions related to the foreign financial institution.

FinCEN’s regulations implementing the special due diligence requirements provide, among other things, that a “covered financial institution” (which includes a mutual fund) is required to establish a risk-based due diligence program reasonably designed to enable the mutual fund to detect and report money laundering conducted through, or involving, a foreign correspondent account established, maintained, administered, or managed by the covered financial institution in the United States for a foreign financial institution.

In the case of a correspondent account established, maintained, administered, or managed in the United States for certain foreign banks, the due diligence program must include “enhanced” due diligence procedures in accordance with certain requirements specified in FinCEN’s regulations.

Source Documents:

7. Due Diligence Programs for Private Banking Accounts

Section 312 of the USA PATRIOT Act amended the BSA to, among other things, impose special due diligence requirements on financial institutions that establish, maintain, administer, or manage a private banking account or a “correspondent account” in the United States for a “non-United States person.” FinCEN regulations provide that a “covered financial institution” is required to maintain a due diligence program that includes policies, procedures, and controls that are reasonably designed to detect and report any known or suspected money laundering or suspicious activity conducted through or involving a “private banking account” that is established, maintained, administered, or managed in the U.S. by the financial institution. In addition, the regulations set forth certain minimum requirements for the required due diligence program with respect to private banking accounts and require enhanced scrutiny to any such accounts where the nominal or beneficial owner is a “senior foreign political figure.”

The regulations define a “private banking account” as an account that: (a) requires a minimum deposit of assets of at least $1,000,000; (b) is established or maintained on behalf of one or more non-U.S. persons who are direct or beneficial owners of the account; and (c) has an employee assigned to the account who is a liaison between the financial institution and the non-U.S. person.

The definition of “senior foreign political figure” extends to any member of the political figure’s immediate family, and any person widely and publicly known to be a close associate of the foreign political figure as well as any entities formed for the benefit of such persons (such persons are commonly referred to as PEPs, or Politically Exposed Persons).

The definition of “beneficial owner” is limited to individuals with control over the account (as opposed to passive investors with only financial interests). Although the definition of a “covered financial institution” under FinCEN’s regulations includes mutual funds, FinCEN acknowledged when it adopted its rule that, “as a general matter,” accounts held by public corporations, mutual funds, or other collective investment vehicles would not fall within the definition of “private banking account.” In addition, in December 2005, FinCEN stated that “mutual funds do not currently offer private banking accounts.”

Source Documents:

8. Suspicious Activity Monitoring and Reporting

Section 356 of the USA PATRIOT Act amended the BSA to require financial institutions to monitor for, and report, suspicious activity (so-called SAR reporting).

Under FinCEN’s SAR rule (31 C.F.R. § 1024.320), a mutual fund is required to file a suspicious activity report if: (i) a transaction is conducted or attempted to be conducted by, at, or through a mutual fund; (ii) the transaction involves or aggregates funds or other assets of at least $5,000; and (iii) the mutual fund knows, suspects, or has reason to suspect that the transaction:

  1. involves funds derived from illegal activity or is intended or conducted to hide or disguise funds or assets derived from illegal activity as part of a plan to violate or evade any federal law or regulation;
  2. is designed to evade any requirements set forth in regulations implementing the BSA;
  3. has no business purpose or apparent lawful purpose or is not the sort in which the particular customer would normally be expected to engage, and the broker-dealer knows of no reasonable explanation for the transaction after examining the available facts, including the background and possible purpose of the transaction; or
  4. involves use of the broker-dealer to facilitate criminal activity. 

Mutual funds must report the suspicious activity using FinCEN SAR Form 111, which is confidential. FinCEN maintains instructions for filing the form, which detail, among other things, the minimum information requirements for the form.

Mutual funds must maintain a copy of any SAR filed and supporting documentation for a period of five years from the date of filing the SAR.

The rule recognizes that the activity of a particular mutual fund shareholder may involve more than one mutual fund in a mutual fund complex, so the rule permits all the mutual funds involved in a particular suspicious transaction to file a single joint report. As with other AML requirements applicable to mutual funds, the adopting release acknowledges that a mutual fund may contract with a service provider to perform the reporting obligation as the mutual fund’s agent, and thus the service provider will be aware of the circumstances surrounding the filing of the SAR. Nevertheless, the mutual fund remains responsible for assuring compliance with the rule and must maintain an active working relationship with the service provider’s compliance personnel to oversee the performance of its SAR reporting obligations.

In situations that require immediate attention, such as terrorist financing or ongoing money laundering schemes, mutual funds should immediately notify law enforcement in addition to filing a SAR. In addition, if a mutual fund wishes to immediately report suspicious activities, in addition to filing a SAR, they may call FinCEN’s Hotline at 1-866-556-3974.[5]

Source Documents:

9. Other Reports and Recordkeeping Requirements

Mutual funds have other reporting obligations imposed by the BSA. They include:

Currency Transaction Reports (CTRs): Mutual funds are obligated to file with FinCEN CTRs (Form 112, formerly IRS Form 4789) for certain currency transactions involving the transfer of more than $10,000 in currency. ’The CTR filing obligation covers incoming, outgoing, and exchange transactions in currency. Under the CTR rule, a financial institution must treat multiple transactions as a single transaction if the financial institution has knowledge that the transactions are conducted by or on behalf of the same person and result in either cash in or cash out totaling more than $10,000 during any one business day.

Reports of Foreign Bank and Financial Accounts (FBARs): Mutual funds may be required to file FBARs if the mutual fund has a financial interest in, or signature authority over, any bank account, securities account, or “other financial account” (as defined in 31 C.F.R. § 1010.350(c)(3)) in a foreign country and the aggregate value of these accounts exceeds $10,000. FBARs are filed using Form 114.

The Recordkeeping and Travel Rule and Related Recordkeeping Requirements: Mutual funds are subject to requirements relating to the creation and retention of records involving the transmittal of funds (Recordkeeping and Travel Rule). The rule applies to transmittals of funds in amounts that equal or exceed $3,000, and requires the transmittor’s financial institution to obtain and retain name, address, and other information about the transmittor and the transaction. The Recordkeeping and Travel Rule requires the recipient’s financial institution and, in certain instances, the transmittor’s financial institution to obtain or retain identifying information about the recipient. The rule also requires that certain information obtained or retained by the transmittor’s financial institution “travel” with the transmittal order through the payment chain.

FinCEN’s amendment to the definition of “financial institution” also resulted in mutual funds being required to create and retain records for certain extensions of credit and cross-border transfers of currency, monetary instruments, checks, investment securities, and credit. These requirements apply to transactions in amounts exceeding $10,000.

These rules provide for exceptions for certain transactions entered into by the mutual fund, including transactions with banks, broker-dealers and federal, state, and local governments.

Source Documents:

10. Information Sharing with Law Enforcement and Financial Institutions

Two provisions relating to information sharing were added to the BSA by the USA PATRIOT Act. One provision requires broker-dealers to respond to mandatory requests for information made by FinCEN on behalf of federal law enforcement agencies. The other provides a safe harbor to permit and facilitate voluntary information sharing among financial institutions.

Mandatory Information Sharing (Section 314(a) Requests): FinCEN’s BSA information sharing rules, under Section 314(a), authorize law enforcement agencies with criminal investigative authority to request that FinCEN solicit, on the agency’s behalf, certain information from a financial institution (including a mutual fund). These requests are often referred to as “Section 314(a) information requests.” Upon receiving such a request, a financial institution is required to search its records to determine whether it has accounts for, or has engaged in transactions with, any specified individual, entity, or organization. If the financial institution identifies an account or transaction identified with any individual, entity or organization named in the request, it must report certain relevant information to FinCEN.

Some mutual funds register directly with FinCEN to receive Section 314(a) notices; others rely on their affiliated bank or broker-dealer intermediaries to register and conduct these searches. Mutual funds should maintain the confidentiality of any request and any responsive reports to FinCEN. Mutual funds with questions concerning Section 314(a) requests should contact FinCEN.

Source Documents:

Voluntary Information Sharing Among Financial Institutions: Section 314(b): A separate safe harbor provision encourages and facilitates voluntary information sharing among participating financial institutions. The safe harbor provision, added to the BSA by Section 314(b) of the USA PATRIOT Act, protects financial institutions, including investment companies, from certain liabilities in connection with sharing certain AML related information with other financial institutions for the purposes of identifying and reporting activities that may involve terrorist acts or money laundering activities. FinCEN’s implementing regulations (31 C.F.R. § 1010.540) require that a financial institution or an association of financial institutions that intends to share information pursuant to the regulations must file an annual notice with FinCEN, maintain procedures to protect the security and confidentiality of the information, and take reasonable steps to verify that the financial institution or association of financial institutions with which it intends to share the information has filed the required notice with FinCEN. This may be done by checking a list that FinCEN makes available. FinCEN’s website contains an online registration system for section 314(b) notifications.

Source Documents:

11. Special Measures Imposed by the Secretary of the Treasury

Section 311 of the USA PATRIOT Act amended the BSA to authorize the Secretary of the Treasury to require financial institutions, including mutual funds, to take “special measures” to address particular money laundering concerns. The Secretary of the Treasury may impose special measures on foreign jurisdictions, financial institutions, or transactions and accounts found to be of “primary money laundering concern.” FinCEN’s BSA Rules include special measures that, among other things, prohibit “covered financial institutions” (which includes open-end investment companies registered with the Commission) from opening or maintaining certain correspondent accounts.

Source Documents:

12. OFAC Sanctions Programs and Other Lists

OFAC is an office within Treasury that administers and enforces economic and trade sanctions, based on U.S. foreign policy and national security goals, against targeted foreign countries, terrorism sponsoring organizations, international narcotics traffickers, and those engaged in activities related to the proliferation of weapons of mass destruction. OFAC acts under presidential wartime and national emergency powers, as well as authority granted by specific legislation, to impose controls on transactions and freeze foreign assets under U.S. jurisdiction.

OFAC’s sanctions programs are separate and distinct from, and in addition to, the AML requirements imposed on mutual funds under the BSA.

As a tool in administering sanctions, OFAC publishes lists of sanctioned countries and persons that are continually being updated. Its list of Specially Designated Nationals and Blocked Persons (SDNs) lists individuals and entities from all over the world whose property is subject to blocking and with whom U.S. persons cannot conduct business. OFAC also administers country-based sanctions that are broader in scope than the “list-based” programs.

In general, OFAC regulations require funds to:

  • block accounts and other property or property interests of entities and individuals that appear on the SDN list and blocked persons or entities that are blocked by operation of law;
  • block accounts and other property or property interests of governments, other entities and individuals subject to blocking under OFAC country-based programs; and
  • reject prohibited, unlicensed trade and financial transactions, including those  with OFAC-sanctioned countries.

Funds must report all blockings and rejections of prohibited transactions to OFAC within 10 days of their being identified and then annually. OFAC has the authority to impose substantial civil penalties administratively. To guard against engaging in OFAC prohibited transactions, it is advisable that funds or their service providers “screen against the OFAC list.” U.S. investment companies and their investment managers also should conduct the necessary due diligence to ensure that their investment decisions do not violate U.S. sanctions. OFAC has stated that it will take into account the adequacy of a firm’s OFAC compliance program when it evaluates whether to impose a penalty if an OFAC violation has occurred.

Investment companies and their investment managers should also be aware of other lists, such as the Financial Action Task Force (“FATF”) publications that identify “high risk and other monitored jurisdictions” and list countries with weak measures to combat money laundering and terrorist financing. If transactions originate from, or are routed to, any FATF-identified countries, it might be an indication of suspicious activity.[8]

Source Documents:

13. Selected Additional AML Resources

SEC Staff Materials:

FinCEN Materials:


14. Useful Contact Information


Financial Institutions Hotline:


Regulatory Helpline:


Office of Public Affairs:


General Information: 


FinCEN website:

Securities and Futures:‌financial_institutions/‌secs_futures/




OFAC website:

SEC Staff

Division of Investment Management, Office of Regulatory Policy


Division of Examinations, Office of Chief Counsel


Examination Hotline for SEC-Registered Entities

202-551-EXAM (3926)

SEC SAR Alert Message Line

202-551-SARS (7277)

SEC website


[1] William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021, Pub. L. No. 116-283, § 6216, 134 Stat. 3388, 4582-83 (2021).

[2] Id. §§ 6101(b), 6403(d).

[3] As of the date of this guide, there are no designated government lists to verify specifically for CIP purposes. Customer comparisons to lists issued by OFAC involve separate and distinct requirements.

[4] FinCEN and the federal banking agencies have issued guidance applicable to banks regarding the CIP rule that may be of interest to securities firms. See Interagency Interpretive Guidance on Customer Identification Program Requirements under Section 326 of the USA PATRIOT Act (Apr. 28, 2005).

[5]  Mutual funds may also, but are not required to, contact the SEC to report situations that may require immediate attention by the SEC. The SEC SAR Alert Message Line number [202-551-SARS (7277)] should only be used in cases where a mutual fund has filed a SAR that may require immediate attention by the SEC and wants to alert the SEC about the filing. Calling the SEC SAR Alert Message Line does not alleviate the mutual fund’s obligation to file a SAR or notify an appropriate law enforcement authority.

[6] SAR Activity Reviews include two separate publications: SAR Activity Review Trends, Tips & Issues and SAR Activity Review by the Numbers. They were published under the auspices of the Bank Secrecy Act Advisory Group. These publications include: statistics regarding SAR filings and trends; an industry forum highlighting compliance issues and practices prepared by private sector members of the Advisory Group; and guidance regarding practical issues relevant to SAR filing and reporting.

[7] FinCEN staff have indicated that the responses to Questions 17 and 18 in this Advisory are no longer completely accurate due to the expiration on July 1, 2004, of an exception relating to coded names and pseudonyms, at which time FinCEN confirmed the prohibition of the use of coded names and pseudonyms, but determined that the Travel Rule should be read to allow the use of mailing addresses. See 68 Fed. Reg. 66708 (Nov. 28, 2003).

[8] As of the date of this guide, FATF has identified Iran and North Korea as high risk jurisdictions. Eighteen other countries are also “monitored jurisdictions.” See

Return to Top