USA AML, KYC & Identity Verification
Compliance
A comprehensive guide to United States identity verification, Know Your Customer, and Anti-Money Laundering requirements under the Bank Secrecy Act, USA PATRIOT Act, FinCEN regulations, and OFAC — and how InTouch's platform addresses every obligation for US-facing entities.
USA Regulatory Framework — Key Laws
Who Must Comply in the United States
BSA obligations apply to "financial institutions" as broadly defined in 31 CFR Chapter X. Coverage has expanded significantly through the PATRIOT Act and AMLA.
Banks & Credit Unions
All federally and state-chartered banks, savings associations, credit unions. Supervised by OCC, FDIC, Federal Reserve, NCUA.
Money Services Businesses
Money transmitters, forex dealers, check cashers, prepaid access providers, cryptocurrency exchanges. Must register with FinCEN.
Broker-Dealers & Investment Firms
SEC-registered broker-dealers, futures commission merchants. Investment advisers now subject to AML requirements (2026).
Real Estate
FinCEN Geographic Targeting Orders require title insurance companies to report beneficial ownership in all-cash transactions.
Insurance Companies
Certain insurance products (life insurance, annuities) trigger BSA obligations and SAR filing requirements.
Precious Metals & High-Value Goods
Dealers in precious metals, stones, and jewels must file SARs and CTRs under AML programme rules.
Customer Identification Program (CIP)
The CIP requirement under 31 CFR §1020.220, established by Section 326 of the USA PATRIOT Act, is the USA equivalent of identity verification obligations. Every customer opening an account must be identified and verified.
What CIP Requires — Minimum Identification Information
| Required Information | Requirement Details |
|---|---|
| Full Legal Name | Customer's full legal name as it appears on government-issued identification. For legal entities, the full registered legal name. |
| Date of Birth | Required for natural persons. Must match the date of birth on the identification document presented. |
| Address | For individuals: residential street address (no P.O. Box unless no residential address). For legal entities: principal place of business. |
| Identification Number | USA persons: SSN or ITIN. Non-USA persons: passport number and country of issuance. Legal entities: TIN/EIN. |
| Verification Method | Documentary: Government-issued photo ID (passport, driver's licence, state ID). Non-documentary: biometric liveness detection, consumer reporting data, or financial statement verification. |
| OFAC List Check | Mandatory screening against OFAC SDN List and terrorist watch lists at account opening. |
| Record Retention | All CIP records must be retained for 5 years after account closure. |
InTouch performs AI-powered OCR and authenticity verification across all USA identity document types — USA passports, all 50-state driver's licences, and state-issued IDs. Passive biometric liveness detection combined with facial match between the captured biometric and the identity document photograph satisfies both documentary and non-documentary verification methods under 31 CFR §1020.220.
Customer Due Diligence (CDD) — The Four Pillars + Beneficial Ownership
The FinCEN CDD Final Rule (2018) formalized the KYC framework into four core elements, plus the identification and verification of beneficial owners of legal entity customers.
The Four Pillars of CDD
The 6 Pillars of a USA AML Compliance Programme
1. Written Policies & Procedures
Documented, board-approved AML/CFT policies covering all CDD, CIP, monitoring, and reporting obligations.
2. Risk Assessment
Institution-wide risk assessment identifying ML/TF exposure across products, services, customers, and geographies.
3. Designated Compliance Officer
A qualified BSA/AML Compliance Officer responsible for day-to-day programme management and reporting.
4. Employee Training
Regular, documented training for all relevant staff on recognizing suspicious activity and reporting obligations.
5. Independent Testing
Periodic independent audit of the AML programme's effectiveness — internal or third-party review.
6. Customer Due Diligence
Risk-based CDD programme including CIP, beneficial ownership, ongoing monitoring, and SAR/CTR reporting.
Mandatory Reporting — CTR, SAR & OFAC
The BSA and implementing regulations require covered institutions to file specific reports with FinCEN via the BSA E-Filing System.
| Report Type | Trigger | Threshold | Deadline |
|---|---|---|---|
| CTR — Currency Transaction Report | Cash transactions in a single business day | Exceeding $10,000 aggregate | 15 calendar days |
| SAR — Suspicious Activity Report | Transactions involving unlawful activity | ≥$5,000 for banks; ≥$2,000 for MSBs | 30 days (60 if no suspect) |
| CMIR — International Currency | Physical currency across USA borders | Exceeding $10,000 | At time of entry/departure |
| FBAR — Foreign Bank Accounts | USA persons with foreign account interest | Aggregate >$10,000 annually | April 15 (Oct 15 extension) |
FinCEN's October 2025 joint FAQ clarified: (1) No SAR required solely because transactions are near the $10,000 CTR threshold; (2) No mandatory 90-day continuing activity review; (3) No requirement to document decisions not to file SARs.
OFAC Compliance — Mandatory for All US Persons
Block & Reject Transactions
Immediately block any transaction involving a designated party on the SDN List or sanctioned country.
Report Blocked Property
File report with OFAC within 10 business days of blocking, plus annual reports.
Screen Customers & Transactions
Screen all customers and transactions against SDN List and country sanctions in real time.
Strict Liability
OFAC violations carry strict liability. Civil penalties up to $375,000 per violation or 2x transaction value.
How InTouch Covers USA Compliance Needs
InTouch's platform provides the verification, screening, risk assessment, and audit trail capabilities that USA-facing entities need to meet BSA, CIP, CDD, and OFAC obligations.
- ›Full name, DOB, ID number — verified
- ›Documentary verification — government ID
- ›Non-documentary verification — biometric
- ›Address verification — independent source
- ›OFAC SDN screening — mandatory
- ›Beneficial ownership — ≥25% threshold
- ›Customer risk profile documentation
- ›5-year record retention
- ✓AI OCR across all USA ID types — passports, 50-state driver's licences, state IDs
- ✓Passive biometric liveness + facial match to document photo
- ✓Satisfies both documentary and non-documentary CIP methods
- ✓Address validation from trusted bureau sources
- ✓Full OFAC SDN screening — all 40+ programme lists
- ✓KYB with UBO capture — configurable to 25% USA threshold
- ✓Risk Rating Engine — 10-category weighted scoring
- ✓Automated 5-year audit trail — immutable, timestamped, PDF export
OFAC & AML Sanctions Screening
Full OFAC Coverage
All 40+ OFAC SDN programme lists including Counter-Terrorism, Iran, Russia, North Korea, Cuba, Syria, Venezuela, Magnitsky, Cyber, and more.
OFAC Non-SDN Lists
SSI (Sectoral Sanctions), FSE (Foreign Sanctions Evaders), NS-CMIC (Chinese Military-Industrial), CAPTA, NS-MBS, NS-PLC.
PEP/PIP Screening
Foreign PEPs, Domestic PEPs, International Organisation PEPs, PIPs, associates, and family members — satisfies Section 312 EDD.
Global Watchlists
1,400+ enforcement lists including all US-specific lists: FBI, DEA, FinCEN, SEC, CFTC, DOJ, FDIC, and more.
Adverse Media
Global coverage in 30+ languages; results categorized by typology (ML, fraud, corruption, TF, narcotics, sanctions evasion).
SAR Decision Evidence
Every screening result timestamped and logged — provides documented basis for SAR filing decisions required by FinCEN.
AI-Powered OCR for USA Document Verification
InTouch's intelligent Optical Character Recognition (OCR) technology is purpose-built for the USA market, providing comprehensive coverage across all 50 states while maintaining the flexibility to adapt to specific state requirements and document variations.
Generic OCR Engine
Our adaptive OCR engine is designed to handle identity documents from all 50 US states, recognizing and extracting data from diverse document formats, layouts, and security features without requiring state-specific configuration.
Custom Training Capability
The OCR system can be trained on any provided data sets to improve accuracy for specific document types, state variations, or specialized use cases — ensuring optimal performance for your specific verification requirements.
Current Coverage
Pre-trained models currently include California driver's licences and USA passports, with the capability to rapidly expand coverage to additional state-specific documents as needed by your compliance programme.
Whether you're verifying customers across multiple states or focusing on specific regional markets, InTouch's OCR adapts to your needs. The system extracts critical CIP data fields — full legal name, date of birth, address, document number, expiration date, and security features — with high accuracy, supporting both documentary verification requirements under 31 CFR §1020.220 and audit trail documentation for regulatory examinations.
USA Compliance Mapping — InTouch Coverage
The table below maps every major USA BSA/AML/CIP/OFAC obligation to the specific InTouch feature that addresses it.
| USA Requirement | Legal Basis | InTouch Feature | Status |
|---|---|---|---|
| CIP identity verification — full name, DOB, ID number | 31 CFR §1020.220 | Identity Verification — AI OCR across all USA document types | Covered |
| Documentary verification — government photo ID | CIP · PATRIOT Act §326 | USA passports, 50-state driver's licences, state IDs | Covered |
| Non-documentary verification | 31 CFR §1020.220 | Passive biometric liveness + facial match | Covered |
| Address verification | CIP requirements | Best Address — bureau-sourced validation | Covered |
| OFAC SDN screening — mandatory at onboarding | CIP · OFAC | Combined AML Check — all OFAC SDN lists | Covered |
| OFAC non-SDN lists (SSI, FSE, NS-CMIC) | OFAC programmes | Combined AML Check — all non-SDN lists | Covered |
| Customer risk profile — nature & purpose | FinCEN CDD · 31 CFR §1010.230 | Risk Rating Engine — 10-category scoring | Covered |
| Beneficial ownership — ≥25% threshold | FinCEN CDD Rule | KYB — UBO capture and verification | Covered |
| EDD for PEPs / high-risk customers | BSA risk-based · §312 | PEP Screening + EDD routing | Covered |
| Adverse media screening | BSA risk-based approach | Adverse Media Check — 30+ languages | Covered |
| Ongoing customer monitoring | FinCEN CDD — Pillar 4 | Periodic re-screening + bulk automation | Covered |
| 5-year CIP record retention | 31 CFR §1020.220 | Automated audit trail — immutable, PDF export | Covered |
This document provides a general summary of USA AML, KYC, and identity verification requirements as at May 2026. US regulatory requirements are complex, institution-specific, and subject to frequent amendment. This does not constitute legal advice. USA-regulated institutions should engage qualified USA AML counsel to assess their specific obligations. For current FinCEN guidance, refer to fincen.gov.
Built for global compliance.
The same platform that powers FICA compliance in South Africa covers the OFAC, CIP, CDD, and BSA screening obligations of US-facing entities.
No credit card required · Cancel anytime