Accounting firms operating in the United States or providing services to US clients face increasingly stringent anti-money laundering obligations. These requirements stem from a comprehensive regulatory framework that has expanded significantly over the past two decades, particularly following the implementation of enhanced due diligence measures and beneficial ownership reporting requirements. For accounting firms, AML compliance is no longer a peripheral concern but a core operational requirement that directly affects firm liability, client relationships and regulatory standing.
This article examines the key AML obligations applicable to accounting firms in the United States, with particular focus on the Bank Secrecy Act framework, FinCEN guidance and US-specific compliance requirements. It explores how these obligations apply to accounting firms and identifies the practical steps necessary to establish and maintain a compliant programme.
The Bank Secrecy Act: The Foundation of US AML Law
The Bank Secrecy Act, codified at 31 USC Chapter 53 (31 USC 5311 et seq), enacted in 1970, remains the primary federal statute governing money laundering prevention in the United States. Although originally designed to regulate financial institutions, the BSA’s requirements have been extended to various non-bank financial businesses, including accounting firms that engage in certain financial activities.
Under the BSA, accounting firms are considered money services businesses if they engage in specified financial activities. The threshold determination is critical, as it determines whether full AML compliance obligations apply. Firms that accept currency exchange services, provide cheque cashing services, or process money transfers may fall within this definition. However, many accounting firms argue that they do not meet the MSB definition if their primary function is tax preparation and traditional accounting services. This position requires careful analysis and documentation, as FinCEN has clarified that the characterisation depends on the actual services provided rather than how the firm describes itself.
The BSA imposes four principal obligations on covered financial businesses. First, firms must establish an AML compliance programme with a designated compliance officer. Second, they must maintain records of all transactions involving currency and maintain other relevant documentation. Third, they must report certain suspicious activities to FinCEN through suspicious activity reports. Fourth, they must report large currency transactions through currency transaction reports. For accounting firms, these obligations create significant operational and administrative requirements.
FinCEN's Regulatory Framework
The Financial Crimes Enforcement Network, a bureau of the US Department of the Treasury, administers the BSA and develops AML policy for the United States. FinCEN issues regulations codified at 31 CFR Chapter X, guidance and rules of particular importance to non-bank financial businesses. Understanding FinCEN’s current direction and expectations is essential for any accounting firm seeking to maintain compliance.
FinCEN has progressively expanded the scope of AML obligations for certain professional service providers. A critical Final Rule by FinCEN addressed the application of AML requirements to accountants. The rule established that accountants may be covered financial institutions if they provide financial agency services. Financial agency services include accepting deposits, transferring money or facilitating the transfer of money or currency, as defined in 31 CFR 1010.100. The rule clarified that traditional accounting services such as bookkeeping, tax preparation and financial statement preparation do not constitute financial agency services and do not trigger AML obligations.
However, FinCEN’s guidance also recognised that some accounting firms do provide services that fall within the definition of financial agency services. If an accounting firm accepts client funds in an escrow account, maintains trust accounts, or processes payments on behalf of clients, the firm may be engaged in financial agency services and therefore subject to AML requirements under 31 CFR Chapter X. The determining factor is whether the accounting firm is accepting or holding client funds in a capacity that could facilitate money laundering.
More recently, FinCEN has focused increasing attention on beneficial ownership transparency. The Corporate Transparency Act, codified at 31 USC 5336 and implemented through FinCEN’s regulations at 31 CFR 1010.380, imposed obligations on certain entities to report information to FinCEN about their beneficial owners. However, on 26 March 2025, FinCEN issued an interim final rule significantly revising the scope of these requirements. The revised regulations now exempt all entities created under US law from beneficial ownership reporting obligations. The beneficial ownership reporting requirement now applies only to entities formed under the law of a foreign country that have registered to do business in any US State or tribal jurisdiction. Whilst this change affects direct reporting obligations for most accounting firms’ clients, many accounting firms still face advisory obligations in assisting clients with proper understanding of their obligations and in ensuring they do not inadvertently facilitate non-compliance.
The Beneficial Ownership Regime
The beneficial ownership information reporting requirements represent a significant expansion of US AML policy. Effective 1 January 2024, FinCEN requires most business entities to report information about individuals who ultimately own or control the company. This requirement applies to corporations, limited liability companies, partnerships and other eligible entities formed or registered in the United States.
For accounting firms, the beneficial ownership rule creates both compliance and advisory challenges. Firms must ensure that they understand the scope of reporting obligations that apply to their clients. More importantly, many accounting firms now risk secondary liability exposure if they assist clients in evading these reporting requirements or if they facilitate the creation of shell companies designed to obscure beneficial ownership.
The beneficial ownership rule defines a beneficial owner as an individual who, directly or indirectly, owns 25 percentage or more of the ownership interests of a reporting company or exercises substantial control over the company. The rule also captures those who instruct the formation or major decisions of a company even without direct ownership. This broad definition requires careful analysis when advising clients about corporate structuring and beneficial ownership reporting obligations.
Specific AML Obligations for Accounting Firms
For accounting firms that are determined to be covered financial institutions under the BSA, a comprehensive compliance programme is mandatory. The programme must include several core elements, regardless of firm size or specific services provided.
Customer Due Diligence Requirements
For firms determined to be covered financial institutions under the BSA, customer due diligence represents the foundation of effective AML compliance. The Customer Due Diligence Rule, finalised by FinCEN in 2016 and codified at 31 CFR 1010.230, requires accounting firms to establish procedures to identify clients and verify their identity using reliable documentation. For individuals, this requires obtaining a government-issued identification document and confirming its authenticity. For business entities, firms must identify the entity, verify its legal existence and identify its beneficial owners or controllers.
The enhanced due diligence rules set forth in 31 CFR 1010.610 and 1010.620, which apply to high-risk clients or transactions, requiring firms to take additional steps to understand the nature and purpose of client relationships and to assess the risk of money laundering or sanctions violations. High-risk clients may include those with connections to jurisdictions with weak AML frameworks, individuals or entities subject to sanctions, or entities engaged in businesses known for higher money laundering risk such as real estate or cash-intensive operations.
Suspicious Activity Reporting
Covered firms must establish procedures to identify and report suspicious activities to FinCEN under 31 USC 5318(g) and related regulations at 31 CFR 1010.320. A suspicious activity report must be filed if a firm detects a transaction that involves or aggregates to at least five thousand dollars and that the firm knows, suspects or has reason to suspect involves money laundering or violates the Bank Secrecy Act. The report must be filed within 30 days of identifying the suspicious activity.
For accounting firms, identifying suspicious activities requires understanding the factual circumstances and having established protocols for staff to recognise red flags. Common red flags in the accounting context include clients requesting unusual or aggressive cash transactions, requests to obscure the nature of payments or the parties involved in transactions, or inconsistencies between stated business activities and actual financial flows. The firm must maintain internal procedures for analysing transactions and determining whether reporting is required. Record keeping obligations are set forth in 31 CFR 1010.430, which requires that supporting documentation for SARs be maintained for 5 years from the date of filing.
Currency Transaction Reporting
If a covered accounting firm engages in transactions involving currency of ten thousand dollars or more, it must file a currency transaction report with FinCEN under 31 USC 5313 and 31 CFR 1010.410. The report must be filed within 15 days of the transaction and must identify the customer, describe the transaction and indicate whether the transaction is suspicious. However, many accounting firms can avoid this obligation by not engaging in currency transactions directly.
Compliance Officer and Programme Administration
Accounting firms subject to BSA requirements must designate a compliance officer responsible for developing and implementing the firm’s AML compliance programme under 31 USC 5318 and related CFR provisions including 31 CFR 1010.210 and 1020.210. The compliance officer must be accountable for monitoring compliance, training personnel and maintaining necessary records. The firm must also document the compliance programme in writing and review it periodically to ensure effectiveness.
The compliance programme must address the firm’s specific business activities and risk profile. A firm that provides only tax preparation services and does not handle client funds will have a simpler programme than a firm that maintains trust accounts or processes client payments. However, all programmes must include customer identification and verification procedures as outlined in 31 CFR 1010.210(a)(2), suspicious activity monitoring and reporting, record keeping requirements under 31 CFR 1010.410 et seq, and regular staff training on AML obligations.
Record Keeping and Retention
Accounting firms must maintain records sufficient to reconstruct financial transactions and to demonstrate compliance with BSA obligations. These records typically include client information, transaction details and communications relating to suspicious activities. Records must generally be retained for at least 5 years as specified in 31 CFR 1010.430 though specific retention periods may vary depending on the nature of the record.
Practical Compliance Considerations
Assessing Whether AML Obligations Apply
The first practical step for any accounting firm is to determine whether it is a covered financial institution. This analysis requires careful examination of the services provided. A firm should document its findings and maintain evidence supporting its determination. The analysis should address whether the firm provides financial agency services as defined in 31 CFR 1010.100. If the firm operates in multiple jurisdictions or offers diverse services, this analysis may be complex and may justify specialist advice.
Red Flag Identification
Accounting firms should develop written policies identifying common red flags. These policies should be tailored to the firm’s specific activities and client base. For a firm providing bookkeeping services, red flags might include cash deposits inconsistent with reported business activities or unusual wire transfers to high-risk jurisdictions. For a firm processing payroll, red flags might include requests to pay certain employees in cash or to round payroll payments upward without clear explanation. The policies should ensure compliance with 31 USC 5324, which criminalises structuring transactions to evade reporting requirements.
Client Onboarding and Due Diligence
Firms should implement standardised procedures for client onboarding that include identity verification and basic risk assessment in accordance with 31 CFR 1010.230. The procedure should be documented and followed consistently. For business clients, the firm should gather information about the client’s business activities, ownership structure and anticipated transaction patterns. This information informs the risk assessment and determines whether enhanced due diligence 31 CFR 1010.610 is required.
Staff Training
All firm personnel involved in client service, financial transactions or AML compliance should receive regular training on the firm’s compliance policies and on AML legal obligations under 31 USC 5318 and related regulations. Training should address red flag identification, suspicious activity reporting procedures and record keeping requirements. Documentation of training completion should be maintained as part of the compliance programme.
Monitoring and Testing
The compliance programme should include procedures for monitoring client activity for potential suspicious patterns as required under 31 CFR 1010.210(a)(5). For many accounting firms, this monitoring occurs during routine service delivery as accountants review client financial records and transactions. However, firms should establish explicit procedures requiring staff to document and report identified concerns. Periodic testing of the compliance programme, such as through file reviews or scenario analysis, helps identify gaps in implementation.
Avoiding Secondary Liability
Accounting firms face risks if they knowingly assist clients in evading AML obligations. Under 31 USC 5318, firms should ensure that they advise clients of their obligations and decline to assist in evasive schemes. The prohibition on structuring at 31 USC 5324 applies to conduct undertaken with knowledge that the purpose is to evade reporting requirements, and accounting firms must be careful not to facilitate such conduct.
Interaction with International Clients
Accounting firms that serve international clients face additional AML considerations. FinCEN maintains lists of jurisdictions and individuals subject to sanctions. Firms should implement procedures to screen clients and transactions against these lists as part of their due diligence obligations under 31 CFR 1010.230. Clients with connections to high-risk jurisdictions may require enhanced due diligence under 31 CFR 1010.610. Firms should maintain awareness of changing sanctions regimes and update their procedures accordingly. The obligations relating to correspondent accounts for foreign financial institutions are set forth at 31 CFR 1010.610.
Recent Developments and Regulatory Trends
FinCEN has signalled heightened focus on AML obligations for professional service providers. In recent years, FinCEN has issued guidance on specific risks and has continued to refine its regulatory approach. The March 2025 interim final rule amending 31 CFR 1010.380 represents a significant shift in beneficial ownership reporting requirements, narrowing the scope of domestic reporting obligations while maintaining requirements for foreign entities. Accounting firms should anticipate that FinCEN may issue additional guidance on the interaction between AML obligations and other regulatory requirements. Compliance programmes should be reviewed and updated regularly to reflect regulatory developments.
Conclusion
AML compliance obligations for accounting firms in the United States rest on a complex foundation of BSA requirements, FinCEN regulations and guidance, and beneficial ownership reporting rules. The extent of an accounting firm’s obligations depends on the services it provides and whether it qualifies as a covered financial institution. However, all accounting firms should be aware of their potential obligations and should implement appropriate risk management procedures.
For firms that are covered financial institutions, establishing a comprehensive AML compliance programme is essential. This programme must include documented procedures for customer due diligence, suspicious activity identification and reporting, record maintenance and staff training. The compliance programme should be proportionate to the firm’s business activities and risk profile but must be documented and implemented consistently.
Given the complexity of US AML law and the significant consequences of non-compliance, accounting firms are well advised to undertake a careful legal analysis of their specific obligations. Firms offering services that could potentially trigger AML requirements should document their analysis and seek specialist advice where appropriate. Regular review of the compliance programme and awareness of regulatory developments will help ensure that the firm maintains effective AML compliance over time.
The regulatory environment for AML compliance continues to evolve. Professional accounting firms should remain informed of developments in FinCEN guidance and should participate in professional organisations that track regulatory changes. By implementing effective compliance procedures and maintaining awareness of regulatory requirements, accounting firms can manage AML risks whilst serving their clients effectively.
