The Tough Act of Fighting Financial Crime

Much of the industry has experienced some degree of regulatory relief in the early days of the second Trump administration. However, the White House has also pledged to crack down on illegal activity such as drug trafficking. That would result in stricter oversight of banks’ compliance with the Bank Secrecy Act — laws and regulations that require financial institutions to play a key role in fighting money laundering and other criminal acts. Doing that right requires considerable investment in technology and people.

The environment was already challenging: BSA/AML enforcement actions rose under the Biden administration, with an uptick in related consent orders issued against smaller banks last year. Bank Director’s 2025 Risk Survey, conducted in January, found that the percentage of bank senior executives and board members who reported heightened scrutiny by examiners of BSA/AML compliance over the prior 18 months rose from 20% in 2024 to 31% this year.

It’s become increasingly tough to fight financial crime, says Ashley Farrell, practice leader of financial crimes with Baker Tilly. “Whatever happens with regulatory expectations, what an AML officer and their team is dealing with every day — cybercrime, ransomware, sophisticated elder abuse scams — is getting way more complex,” she says. “It doesn’t matter how much regulatory burden [banks] have. What they’re seeing is very complicated, getting more complicated and will not get less complicated.”

In the 2025 Risk Survey, 46% of respondents said their bank invested in technology for their BSA/AML program over the prior 18 months. Forty-two percent reported their institution had improved training for frontline employees, and 41% added BSA/AML compliance staff.

Technology can help alleviate some of the burden on bank staff, particularly given the demand for skilled analysts with appropriate technical acumen, Farrell says.

Fortifying BSA/AML Staff
Conducting a threat landscape analysis can help bank leaders identify compliance gaps and appropriately allocate budget and resources, says Sarah Beth Felix, founder and president of Palmera Consulting. The process requires “thinking like a criminal,” she says. How would illicit actors move or conceal money through your institution? “An investment in technology,” she says, “really is only as good as the threat landscape analysis performed before selecting the technology.”

The bank’s designated BSA officer can help the board understand the threat landscape and how equipped the institution is to respond to potential threats, Farrell says. The board should expect to regularly receive the results of testing, examinations and suspicious activity reports (SARs). A low level of SARs could indicate the bank lacks either the right technology or the right people in that function.

The best technology ultimately can’t replace genuine human curiosity. Indicators associated with a particular criminal activity can sometimes be programmed into monitoring software, but they are often ultimately caught by a hyper-suspicious analyst acting on gut instinct, Felix says. “Those red flags definitely need to be taken into account, but those are only effective if the person looking at those red flags has that [hyper-suspicious] mindset,” she says.

The bank should also have a succession plan for their top BSA/AML officer, even if that person is nowhere near retirement age, Farrell says. Who will replace that individual? Regulators want to see continuity planning around BSA/AML staffing and generally won’t forgive excuses.

“There are staffing challenges in AML,” Farrell says. “People with this kind of background are in high demand.”

Documenting the BSA/AML Program
Documentation can be a simple but effective way for a bank to demonstrate to its examiners that its BSA/AML compliance program is being maintained, and updates are communicated regularly to the board. But smaller banks often struggle with this documentation, says Jim Richards, founder and principal of RegTech Consulting. He recommends that banks create and maintain a centralized program document that outlines responsibilities for each business unit, lines of reporting and training programs. The BSA officer would maintain that document and update it whenever changes are made to the BSA/AML program or new training is implemented. He likens it to a car owner’s manual that includes a record of maintenance performed on the vehicle.

“Then when the regulators come in, you hand them the document. They love it. Audit loves it, regulators love it,” he says. “If I could tell a small bank board anything, it would be to insist on a program document.”

Directors can ask questions to understand whether investments in technology and training are having their intended impact. For example, the board might ask whether the BSA officer noticed any changes in staff referrals for unusual activity after new training has been introduced.

“Every bank is different, but you should receive as many referrals from your staff as you have actionable alerts from your monitoring system,” Richards says. “The reality is that your best source for unusual activity is your people.”