WSJ logo
Forbes logo
Fox News logo
CNN logo
Bloomberg logo
Los Angeles Times logo
Washington Post logo
The Epoch Times logo
Telemundo logo
New York Times
NY Post logo
NBC logo
Daily Beast logo
USA Today logo
Miami Herald logo
CNBC logo
Dallas News logo

BSA Red Flags

John W. Sellers
Attorney John W. Sellers
BSA Red Flags Team Lead
Former DOJ Trial Attorney
envelope iconContact John

The Bank Secrecy Act, or BSA, requires financial institutions in the U.S. to help federal law enforcement detect and crack down on money laundering by keeping records of financial transactions and reporting suspicious activity.

But that raises an important question: What amounts to “suspicious activity” that should be reported to law enforcement?

On the one hand, financial institutions need to comply with the law and generally want to help prevent the laundering of money, which is often done to finance illegal operations and even terrorism. On the other hand, over-divulging information about your customers’ financial transactions can lead to a reputation for not taking your clients’ confidentiality seriously.

The BSA enforcement lawyers at the national law firm Oberheiden P.C. can help your financial institution strike an appropriate balance between these conflicting interests. To help you better understand when you should report suspicious activity to law enforcement, here are five types of red flags to look out for in a financial transaction or a customer.

5 Types of Suspicious Activity That Should Raise Red Flags for BSA Reporting

When a financial institution notes strange financial activity among one or several of its customers, it may be a sign of illegal conduct. There are numerous red flags that could justify further follow up. They can be divided into five overlapping categories:

  1. Cash transactions
  2. Credit transactions
  3. Customer behavior
  4. Inconsistent activity
  5. Employee activity

Under the BSA, financial institutions who notice any of these red flags should closely scrutinize the transaction and parties related to it. If closer scrutiny does not find a legal purpose or reasonable business transaction, it should generally get reported. Financial institutions should remember that their goal is to forward potential violations on to law enforcement for further investigation – not conduct the investigation themselves.

Cash Transactions

Lots of people make cash transactions for the convenience of it. However, because it is more difficult to trace cash transactions than those that use a card or credit, the use of cash can raise red flags about elicit activity, especially if:

  • There is a very high amount of cash transactions being performed
  • Cash deposits seem designed to fall below a certain reporting threshold
  • Cash is deposited in an account and then quickly transferred overseas

In many cases, these types of cash transactions are designed to evade scrutiny. The very fact that they are trying to avoid looking suspicious makes them suspect and worthy of closer inspection.

Credit Transactions

Just because a transaction was done with credit and can be easily traced does not mean that it is exempt from further scrutiny. Credit transactions should raise red flags if:

  • They happen frequently and in rounded amounts
  • They send or receive money from an international tax haven or a high-risk country, particularly if the customer does not have a business connection to it
  • Numerous credit transfers are made into an account and then the aggregate amount is quickly transferred out of it
  • There is missing information about the transaction
  • A third-party service provider is involved in the transaction
  • Huge chunks of a loan are paid off in a single transaction, with no apparent source of the funds used to make the payment

Because these transactions happen with credit, there should be more of a paper trail that a financial institution can follow to determine if there is a legitimate reason for it, or if it should get reported.

Customer Behavior

A pattern or practice of a customer’s financial behavior can raise red flags, as can an employee’s perception of how the customer acts in real life. Some red flags that warrant further follow up include when a customer:

  • Uses identification documents that seem suspicious, cannot be verified, or that are rarely used
  • Does not want to provide information about his or her business or the purpose of it
  • Tries to talk an employee at the financial institution out of filing a required report
  • Makes transactions that appear to be well above what one would expect, given his or her employment
  • Makes several transactions in rapid succession that seem designed to fall below a threshold necessary to trigger action
  • Is a company that is reluctant to divulge information about its beneficial owners

These and other suspicious activities should raise some red flags at the financial institution that holds the customer’s funds or that was in the process of creating an account for the customer.

Inconsistent Activity

When opening accounts, customers – particularly business customers – have to disclose lots of information about their current and anticipated practices. Inconsistencies with these disclosures, or with the customer’s history of prior banking transactions, could raise red flags. Examples include:

  • Maintaining assets or funds well above what would be expected, given the line of business
  • Depositing funds that have no apparent connection to the customer’s business
  • Funds being moved from one bank to another, and then back again
  • Anomalous activity that does not have an apparent connection to the customer’s business
  • A sudden and drastic change in use of the account

In many cases, there is a legitimate reason that is hidden from view. Financial institutions should still investigate to find out what it is, if there is one.

Employee Activity

Customers are not the only ones who can launder money. Bank employees can also raise red flags that warrant further scrutiny, like:

  • Engaging in a pattern of internal policy violations, often in relation to a single customer
  • Living a lifestyle that cannot be explained on the employee’s salary
  • Overriding a hold that was placed on a client account because of suspicious activity

In some cases, nefarious actors are able to get an agent inside a bank or to bribe an existing employee in order to help them launder money. Financial institutions need to remain vigilant to these possibilities.

Put our highly experienced team on your side

Dr. Nick Oberheiden
Dr. Nick Oberheiden



Lynette S. Byrd
Lynette S. Byrd

Former DOJ Trial Attorney


Brian J. Kuester
Brian J. Kuester

Former U.S. Attorney

Amanda Marshall
Amanda Marshall

Former U.S. Attorney

Local Counsel

Joe Brown
Joe Brown

Former U.S. Attorney

Local Counsel

John W. Sellers
John W. Sellers

Former Senior DOJ Trial Attorney

Linda Julin McNamara
Linda Julin McNamara

Federal Appeals Attorney

Aaron L. Wiley
Aaron L. Wiley

Former DOJ attorney

Local Counsel

Roger Bach
Roger Bach

Former Special Agent (DOJ)

Chris Quick
Chris J. Quick

Former Special Agent (FBI & IRS-CI)

Michael S. Koslow
Michael S. Koslow

Former Supervisory Special Agent (DOD-OIG)

Ray Yuen
Ray Yuen

Former Supervisory Special Agent (FBI)

Report Suspicious Activity to FinCEN

Financial institutions should have procedures in place for when suspicious financial activity is detected, including how it is determined whether to report it. If the decision is made to report the activity to law enforcement, it has to be done through a BSA Suspicious Activity Report (BSAR) and submitted to Financial Crimes Enforcement Network (FinCEN), the bureau of the U.S. Department of the Treasury that analyzes financial data for signs of money laundering. Financial institutions file the BSAR through FinCEN’s BSAR E-Filing System. The report has to be filed within 30 days of the suspicious activity being detected.

Importantly, 31 U.S.C. § 5318(g)(3) insulates financial institutions from civil liability from the person whose information is being disclosed.

Penalties Associated With Bank Secrecy Act Disclosures

Financial institutions that fail to uphold their legal obligations under the BSA face a wide range of monetary penalties and civil fines. Some of the most common are laid out in the penalty adjustment table provided at 31 C.F.R. § 1010.821. In 2022, they range from $1,253 for negligent violations of BSA provisions that do not have their own specific penalty, all the way up to over $1.5m for failing to conduct due diligence related to shell companies.

Additionally, there are penalties for divulging the contents, or even the existence of, a BSAR. 31 U.S.C. § 5322 and 31 C.F.R. § 1010.840 provide for some significant penalties for a violation of this sort:

  • Civil penalties of up to $100,000 for each violation,
  • Criminal penalties of up to $250,000, and
  • Up to 5 years imprisonment.

These penalties are incredibly steep because they can impede a pending law enforcement investigation.

Several Frequently Asked Questions About the BSA and Oberheiden P.C.

What is the BSA?


The Bank Secrecy Act, also known as the Currency and Foreign Transactions Reporting Act of 1970, is a federal law that requires financial institutions to report suspicious financial activity and transactions to law enforcement in order to prevent illegality, fraud, and money laundering. The BSA is commonly referred to as an anti-money laundering law (AML), or jointly as BSA/AML.

Because the BSA amended numerous sections of U.S. law, rather than creating a cohesive grouping of new statutes, it is commonly cited as Pub. L. No. 91-508. Executive regulations pertaining to the BSA are found at 12 C.F.R. § 21.11 and 12 C.F.R. § 21.21.

Does the BSA Amount to an Illegal Search Under the Fourth Amendment?


The Fourth Amendment to the U.S. Constitution forbids “searches and seizures” that are “unreasonable.” There is a case to be made that, by requiring financial institutions to keep records of financial transactions and to report suspicious ones to law enforcement, that the BSA violates this amendment.

The Supreme Court of the United States, however, has said that this is not the case.

In 1974, in California Bankers Association v. Shultz, the Court stated that keeping records of financial transactions was not a “search” of them and did not amount to a “seizure,” mainly because banks had always maintained such records. It also held that the depositors did not have standing to challenge the reporting of their suspicious activity or transactions to law enforcement. This is a sort of precursor to the third party doctrine, which states that an inspection by law enforcement of data or evidence that was voluntarily given to a third party does not constitute a “search” under the Fourth Amendment, as the owner of the data waived their privacy rights to it.

What Financial Institutions Fall Under the Guise of the BSA?


The definition of “financial institution” that the BSA uses is quite broad. According to 31 U.S.C. § 5312(a)(2), there are 26 types of entities that fall within the definition and the BSA’s regulatory reach. Some of the most important are:

  • Any bank insured by the Federal Deposit Insurance Corporation (FDIC)
  • Commercial banks or trust companies
  • Private bankers
  • Any agency or branch of a foreign bank that operates in the U.S.
  • Credit unions
  • Thrift institutions
  • Regulated broker dealers
  • Credit card operators
  • Insurance companies
  • Loan or finance companies
  • Travel agencies
  • Casinos and gaming establishments

It also includes any person acting on behalf of one of these institutions.

Why Doesn’t Oberheiden P.C. Call Itself the Preeminent BSA Defense Firm?


Because we prefer to let the experience of our attorneys, our long track record of successes, and our happy clients speak for themselves.

All of the lawyers that Oberheiden P.C. has on staff are senior-level, with a high level of experience in corporate compliance and business litigation. Their experience allows us to provide exceptional and detailed legal advice that is endowed with the kind of foresight that only comes with many years in the field.

That experience has led to a track record of success, including in compliance with the strict terms of the BSA. Even where clients have made mistakes and ignored the red flags of suspicious activities, our attorneys have been able to intervene on their behalf and secure an outcome that they could live with.

This has produced a long list of happy clients who have seen our work in action and left excellent reviews of it.

The BSA Enforcement Attorneys at Oberheiden P.C. Can Guide Your Company Through this Process

Complying with the BSA is crucial. Doing it is difficult. Knowing what constitutes a red flag that should be investigated is important, but is also only the first step in a long process that carries the potential for lots of legal exposure.

The lawyers at Oberheiden P.C. have helped numerous financial institutions through this complicated process in the past. Contact them online or call their law office at (888) 680-1745 to schedule a consultation.

WordPress Lightbox