KYC AML Compliance for US Money Services Businesses

Money services businesses operate at the highest-risk end of the financial services spectrum. MSBs process high volumes of cash transactions, serve unbanked or underbanked populations, facilitate cross-border remittances, and increasingly operate digital payment and cryptocurrency services — all of which make them prime targets for money laundering, terrorist financing, and sanctions evasion.

Regulators know this. FinCEN sets mandatory BSA/AML programme requirements for all MSBs under 31 CFR Part 1022. The IRS — acting as FinCEN’s delegated BSA examiner — conducts on-site examinations of MSB compliance programmes. State regulators impose money transmitter licensing requirements and conduct their own compliance reviews. And OFAC sanctions obligations apply separately to every US MSB, with violations carrying severe civil and criminal penalties.

Unlike banks, MSBs receive no prudential regulatory support. There is no FDIC backstop, no Federal Reserve oversight, no OCC examination. The entire compliance burden falls on the MSB itself — and FinCEN, the IRS, and state regulators hold the MSB fully accountable for failures, including failures by agents and authorised delegates operating under the MSB’s licence.

This page outlines the specific KYC and AML requirements of each regulatory authority governing US MSBs and explains how KYCsphere’s unified platform helps money transmitters, currency exchangers, check cashers, prepaid access providers, and fintech payment platforms meet all of them without managing multiple disconnected compliance systems.

What is a Money Services Business?

Under 31 CFR § 1010.100(ff), FinCEN defines an MSB as any person doing business in one or more of the following capacities — at a threshold of more than $1,000 per person per day for most categories, with no threshold for money transmission:

  • Money transmitters — businesses that accept and transmit funds or monetary value, including domestic and international remittance companies, payment platforms, digital wallet providers, and peer-to-peer payment services
  • Currency dealers or exchangers — businesses that exchange foreign currencies or deal in foreign exchange at or above the $1,000 daily threshold
  • Check cashers — businesses that cash cheques, drafts, or other instruments for a fee at or above the $1,000 daily threshold
  • Issuers, sellers, and redeemers of money orders or traveller’s checks — including postal agents, retail issuers, and financial kiosks
  • Prepaid access providers and sellers — businesses that issue, sell, or redeem prepaid access products including prepaid debit cards and stored-value programmes
  • Virtual currency administrators and exchangers — businesses that accept and transmit convertible virtual currency (CVC), operate cryptocurrency exchanges, or administer digital asset systems; classified as money transmitters under FinCEN’s 2013 and 2019 guidance

Banks, SEC-registered broker-dealers, and CFTC-regulated entities are excluded from the MSB definition. Every other non-bank entity engaging in the activities above is an MSB subject to FinCEN registration and full BSA/AML compliance obligations.

The MSB Regulatory Framework

MSBs answer to a distinct set of regulatory authorities compared to banks or broker-dealers. Understanding each authority’s role is essential before building a compliant BSA/AML programme.

  • FinCEN (Financial Crimes Enforcement Network) — The primary federal rulemaker for MSBs under 31 CFR Part 1022. Sets mandatory AML programme requirements, registration obligations, SAR and CTR filing rules, recordkeeping requirements, the Funds Travel Rule, and agent monitoring obligations. Every US MSB must register with FinCEN and maintain a FinCEN-compliant AML programme.
  • IRS (Internal Revenue Service) — Acts as FinCEN’s delegated BSA examiner for MSBs. IRS examiners conduct on-site BSA/AML compliance examinations of money services businesses on FinCEN’s behalf — reviewing AML programme adequacy, SAR and CTR filing quality, recordkeeping practices, and transaction monitoring effectiveness. The IRS is the primary examination authority most MSBs will encounter.
  • State Regulators — Most states require money transmitters to obtain a state money transmitter licence (MTL) in addition to federal FinCEN registration. State regulators — typically the state banking or financial services department — conduct their own AML and compliance examinations, impose licence conditions, and can revoke licences for compliance failures. Many states use the Nationwide Multistate Licensing System (NMLS).
  • OFAC (Office of Foreign Assets Control) — Administers US economic sanctions programmes. All US MSBs must screen customers and transactions against OFAC sanctions lists — entirely separately from BSA/AML obligations. MSBs are particularly high-risk for OFAC exposure given their cross-border remittance volumes and international customer bases.

Most MSBs interact with all four of these authorities simultaneously. FinCEN registration and IRS examinations apply to all MSBs. State money transmitter licensing applies to most. And OFAC obligations apply universally. KYCsphere is designed to address all four on one platform.

FinCEN: BSA/AML Registration and Programme Requirements for MSBs

FinCEN governs all US MSBs under 31 CFR Part 1022 and is the source of every primary compliance obligation. FinCEN registration is mandatory, and the AML programme requirements under 31 CFR § 1022.210 are the foundation on which IRS examinations and state regulatory reviews are built.

Regulatory RequirementHow KYCsphere Meets It
FinCEN Registration — 31 CFR § 1022.380 — every MSB must register with FinCEN by filing Form 107 within 180 days of commencing operations; registration must be renewed every two calendar years; failure to register carries civil penalties of up to $5,000 per day and potential criminal prosecutionKYCsphere’s Regulatory Reporting module maintains documented records of registration status, renewal deadlines, and supporting documentation — ensuring the MSB’s compliance officer has complete, auditable registration records available for IRS examinations
Written AML Programme — 31 CFR § 1022.210 — four mandatory pillars: policies, procedures, and internal controls; a designated compliance officer; employee training; and independent review; the programme must be risk-based and reasonably designed to prevent the MSB from being used for money laundering or terrorist financingKYCsphere provides the complete technology infrastructure for all four programme pillars — configurable risk-based internal controls and workflows, compliance officer oversight tools, training record management, and audit-ready documentation for independent review — within one unified platform
Suspicious Activity Reports (SARs) — 31 CFR § 1022.320 — file FinCEN Form 111 within 30 days of detection (60 days if no subject is identified) for transactions of $2,000 or more involving suspected money laundering, fraud, or terrorist financing; the $2,000 SAR threshold for MSBs is lower than the $5,000 threshold applicable to banksAlert Management flags suspicious transactions at the $2,000 MSB threshold. Regulatory Reporting automates FinCEN Form 111 SAR filing through the BSA E-Filing System with built-in narrative guidance and data completeness validation
Currency Transaction Reports (CTRs) — file for cash transactions exceeding $10,000; multiple transactions by the same person on the same day must be aggregated; structuring to avoid CTR thresholds must be detected and reportedTransaction Monitoring detects cash transactions above the $10,000 threshold, aggregates same-day transactions by the same customer, and flags structuring patterns. Regulatory Reporting automates CTR filing through the BSA E-Filing System
Funds Travel Rule — 31 CFR § 1010.410 — transmit originator and beneficiary information with funds transmittals of $3,000 or more to the next financial institution in the payment chain; five-year recordkeeping obligation; the Travel Rule is the most commonly cited BSA violation by the IRS against MSBs engaged in virtual currency transmissionTransaction Monitoring captures all required originator and beneficiary data for qualifying transmittals. All Funds Travel Rule records are retained in immutable cloud storage for the full five-year period with a complete audit trail
Recordkeeping — 31 CFR § 1010.415 — maintain records for the purchase of monetary instruments — including money orders, bank drafts, and cashier’s cheques — for $3,000 or more in currency; records must include customer name, address, date of birth, and identification details; retain for five yearsKYC Onboarding collects and retains all required customer information at transaction origination. All records are maintained in immutable cloud storage within KYCsphere’s Microsoft Azure infrastructure with five-year retention
Agent List Maintenance — 31 CFR § 1022.380(d) — MSBs must maintain a list of all authorised agents, updated annually each January 1; the list must include agent name, address, and transaction volume data current within 45 days of the due date; the list must be available to FinCEN and IRS on request and retained for five yearsKYC Onboarding module maintains structured agent and authorised delegate records with all required data fields, annual update workflows, and five-year retention — producing the agent list documentation that IRS examiners and FinCEN request
Agent Monitoring — 31 CFR § 1022.210(d)(1)(iii) — MSB principals must implement risk-based procedures to monitor agent activity on an ongoing basis; evaluate agent operations continuously; detect variations suggesting non-compliance; handle non-compliant agents including contract termination where necessaryTransaction Monitoring provides ongoing monitoring of transaction activity at the agent level. Alert Management flags unusual transaction patterns or compliance anomalies at individual agent locations for compliance officer review
Section 314(a) law enforcement requests — respond within 14 calendar days to FinCEN requests to search customer records; 314(b) voluntary information sharing with other financial institutions also availableKYC Onboarding provides automated search across the full customer and transaction database with documented response tracking within the 14-day FinCEN deadline
Prepaid Access Records — 31 CFR § 1022.420 — providers and sellers of prepaid access must collect and retain transaction records and customer information for prepaid access transactionsKYC Onboarding and Transaction Monitoring capture and retain all required prepaid access transaction records and customer identification data

IRS: BSA Examination Authority for MSBs

The IRS — through its Small Business and Self-Employed Division — acts as FinCEN’s delegated BSA examiner for money services businesses. IRS examiners conduct on-site compliance examinations using the FinCEN BSA/AML Examination Manual for Money Services Businesses. The IRS has independent authority to issue civil money penalties for BSA violations and to refer cases to FinCEN for further enforcement action.

Regulatory RequirementHow KYCsphere Meets It
AML programme adequacy — IRS examiners review the MSB’s written AML programme for completeness across all four pillars: policies and procedures, compliance officer designation, employee training, and independent review; programmes that are generic, untailored to the MSB’s specific risk profile, or not implemented in practice are cited as deficienciesKYCsphere provides a fully implemented, risk-based AML programme with configurable controls tailored to the MSB’s specific transaction types, customer base, and geographic risk — producing the evidence of a working, institution-specific programme that IRS examiners require
SAR filing quality and timeliness — IRS examiners scrutinise SAR filing timeliness (30-day deadline from detection), narrative completeness, and evidence that the MSB has implemented policies to detect the suspicious activity that triggered the SAR; missing SARs, late filings, and inadequate narratives are among the most common IRS examination findingsAlert Management and Case Management maintain documented timelines from suspicious activity detection to SAR filing decision — giving IRS examiners a clear audit trail of detection, investigation, escalation, and filing dates that demonstrates 30-day deadline compliance
CTR filing accuracy — IRS examiners verify that CTRs are filed for all qualifying cash transactions, that same-day aggregation is being applied correctly, and that structuring is being detected and reportedTransaction Monitoring enforces $10,000 CTR threshold monitoring with automated same-day aggregation across multiple transactions by the same customer. Regulatory Reporting produces an auditable filing record for every CTR submitted
Funds Travel Rule compliance — the Funds Travel Rule is the most commonly cited BSA violation by the IRS against MSBs engaged in virtual currency and traditional money transmission; IRS examiners verify that required originator and beneficiary data is being collected and transmitted with qualifying funds transfersTransaction Monitoring captures all required Travel Rule data fields for qualifying transmittals and maintains immutable five-year records — providing IRS examiners with complete, auditable Travel Rule compliance documentation for every qualifying transaction
Recordkeeping completeness — IRS examiners review $3,000 monetary instrument purchase records for completeness, including customer identity verification details; missing or incomplete records are a common examination findingKYC Onboarding collects and retains all required customer identification and transaction records at point of service. All records are structured, searchable, and retrievable during IRS examinations without manual file reconstruction
Independent testing adequacy — IRS examiners verify that the MSB’s AML programme has been independently tested by a qualified party, that test findings have been documented, and that deficiencies have been tracked to remediationKYCsphere generates complete, examiner-ready audit documentation — alert dispositions, SAR decisions, CTR filings, Travel Rule records, and programme metrics — providing internal and external auditors with the evidence base for independent testing, and producing the remediation documentation IRS examiners expect to see
Agent list and agent monitoring — IRS examiners verify that the MSB maintains a current, complete agent list meeting all regulatory data requirements and that the principal has implemented risk-based procedures to monitor agent complianceKYCsphere’s KYC Onboarding maintains all required agent list data fields with annual update workflows. Agent-level transaction monitoring and alert workflows provide the risk-based monitoring documentation IRS examiners review

State Regulators: Money Transmitter Licensing and State AML Compliance

Most US states require money transmitters and other MSBs to obtain a state money transmitter licence (MTL) in addition to federal FinCEN registration. Forty-nine states and the District of Columbia have money transmitter licensing regimes, most administered through the Nationwide Multistate Licensing System (NMLS). State regulators conduct their own compliance examinations and can revoke licences, impose civil money penalties, and require remediation for compliance deficiencies.

Regulatory RequirementHow KYCsphere Meets It
State money transmitter licence (MTL) — most states require a separate MTL for each state where the MSB operates; licence applications typically require a written AML programme, audited financial statements, surety bonds, background checks on principals, and ongoing annual renewalKYCsphere’s documented AML programme, audit-ready compliance records, and examination-ready reporting provide the compliance documentation that state licensing applications and annual renewal submissions require
State AML programme requirements — state regulators typically require the same four-pillar AML programme as FinCEN; some states (notably New York under NYDFS BitLicense) impose enhanced requirements including cybersecurity controls, transaction monitoring certification, and consumer protection obligationsKYCsphere’s no-code configuration allows the AML programme to be tailored to state-specific requirements — including enhanced monitoring thresholds, additional customer identification requirements, or state-specific reporting workflows — without IT involvement or separate platform instances for each state
NYDFS BitLicense — 23 NYCRR Part 200 — New York’s BitLicense imposes specific requirements on virtual currency businesses including cybersecurity controls, AML programme documentation, transaction monitoring certification, consumer disclosure obligations, and annual compliance filing with NYDFSKYCsphere’s Microsoft Azure cloud infrastructure meets NYDFS Cybersecurity Regulation (Part 500) expectations. Transaction Monitoring supports the programme documentation and annual certification process. Regulatory Reporting supports NYDFS annual compliance filing requirements
State examination readiness — state examiners review the same AML programme elements as the IRS, with particular focus on consumer protection, complaint handling, and financial condition in addition to BSA compliance; some states coordinate joint examinations with FinCENKYCsphere’s immutable audit trail and examination-ready compliance documentation support state examinations without manual file preparation — providing state examiners with complete records of customer onboarding, screening, transaction monitoring, alert handling, and SAR filings
Multi-state compliance management — MSBs operating across multiple states face non-uniform licensing requirements, reporting deadlines, and examination standards that must be managed simultaneouslyKYCsphere’s configurable compliance workflows allow state-specific rules, thresholds, and reporting requirements to be managed within a single platform — eliminating the need for separate compliance systems or manual tracking of state-by-state variation

OFAC: Sanctions Compliance for MSBs

OFAC administers US economic and trade sanctions programmes. Sanctions obligations are entirely separate from FinCEN’s BSA framework — every US MSB must screen customers and transactions against OFAC sanctions lists regardless of size, business model, or which state they are licensed in. MSBs are at particularly high OFAC risk given their cross-border remittance volumes, international customer bases, and exposure to high-risk jurisdictions.

Regulatory RequirementHow KYCsphere Meets It
SDN List and Consolidated Sanctions List screening — screen all customers, senders, receivers, and transaction parties against OFAC’s Specially Designated Nationals List and Consolidated Sanctions List before executing any transaction; ongoing screening of existing customers as lists are updatedSanctions Screening provides continuous real-time screening against the OFAC SDN List, Consolidated Sanctions List, UN Consolidated List, EU Sanctions, and UK Sanctions — with AI-powered fuzzy-matching to catch name variations, aliases, and transliterations that exact-match screening misses
Country-based sanctions programmes — block all transactions involving prohibited jurisdictions including Iran, North Korea, Russia, Cuba, and Syria; cross-border remittance MSBs face particularly high country-based sanctions exposure given their international transaction corridorsAutomated country-based sanctions controls flag all transactions involving OFAC-prohibited jurisdictions or payment corridors before transaction execution — critical for remittance MSBs processing high volumes of international transfers
OFAC 50% Rule — entities owned 50% or more directly or indirectly by an SDN are themselves blocked even if not listed separately; for MSBs dealing with business senders and receivers, this requires beneficial ownership screening through corporate structuresCustomer Due Diligence traces UBO ownership chains for business customers through legal entity structures to identify indirect OFAC exposure under the 50% Rule
Blocking and rejecting transactions — immediately block transactions involving SDNs; reject transactions that cannot be processed without violating sanctions; document all blocking and rejecting actions for OFAC reportingAlert Management and Case Management provide structured workflows for reviewing, escalating, blocking, and documenting OFAC match decisions — with a complete internal audit trail for each disposition
OFAC reporting — report all blocked transactions and blocked property to OFAC within 10 business days; file annual reports of blocked assetsRegulatory Reporting handles documentation and reporting of blocked transactions within OFAC’s 10-business-day deadline
Virtual currency and OFAC — FinCEN and OFAC have jointly clarified that OFAC sanctions apply to virtual currency transactions; cryptocurrency exchanges and digital asset MSBs must screen wallet addresses and transaction parties against OFAC SDN designations including designated crypto addressesSanctions Screening screens all transaction parties including digital asset transaction counterparties against OFAC designations — addressing the specific virtual currency sanctions screening obligation that is increasingly a focus of OFAC enforcement

Why MSBs Choose KYCsphere

  • Built for high-volume, high-risk transaction environments — KYCsphere’s transaction monitoring and alert management scale to the transaction volumes of money transmitters and remittance businesses, with configurable monitoring rules that address MSB-specific risk typologies including structuring, smurfing, rapid fund movement, and cross-border layering.
  • Agent network compliance in one platform — KYCsphere manages agent and authorised delegate records, agent transaction monitoring, and compliance documentation for the entire agent network within the same platform used for direct customer compliance — eliminating the separate agent monitoring systems that most MSBs operate today.
  • IRS examination-ready at all times — Every SAR filing decision, CTR filing, Travel Rule record, customer identification document, and agent monitoring alert is immutably logged with timestamps and full decision trails. IRS examiners get the complete, organised BSA compliance record they need without the MSB scrambling to reconstruct files before examination.
  • Multi-state licence support in one platform — KYCsphere’s no-code configuration adapts compliance workflows, reporting formats, and monitoring thresholds to state-specific requirements across all states where the MSB operates — without separate platform instances or manual state-by-state compliance tracking.
  • Lower SAR threshold built in — The MSB SAR threshold of $2,000 — compared to $5,000 for banks — is configured as the default detection threshold in KYCsphere, ensuring MSBs are not inadvertently applying bank-level thresholds to their transaction monitoring and SAR filing obligations.
  • AI that manages high false-positive volumes — Fuzzy-name matching for OFAC screening, AI-driven anomaly detection in transaction monitoring, and risk-based alert prioritisation reduce the disproportionately high false-positive rates that MSBs face given their cash-intensive, cross-border transaction profiles.
  • Microsoft Azure cloud security meeting FinCEN expectations — Deployed on Microsoft Azure with 99.9% uptime, SOC 2-compliant security, and immutable record storage meeting FinCEN’s five-year BSA recordkeeping retention requirements — with no on-premises infrastructure and no capital expenditure.

Who KYCsphere Serves in the MSB Sector

  • Money transmitters and remittance companies processing domestic and international funds transfers requiring full FinCEN, IRS, state MTL, and OFAC compliance across high transaction volumes
  • Currency exchangers and foreign exchange businesses managing customer identification, transaction recordkeeping, and OFAC screening for foreign currency transactions
  • Check cashers requiring customer identification, transaction monitoring, and CTR filing automation for high-volume cash transactions
  • Prepaid access providers and sellers managing the specific customer identification and transaction recordkeeping requirements for prepaid access programmes under 31 CFR § 1022.420
  • Cryptocurrency exchanges and virtual asset service providers classified as money transmitters under FinCEN’s guidance, requiring CIP, AML programme, SAR filing, Funds Travel Rule compliance, and OFAC virtual currency screening
  • Fintech payment platforms providing domestic or cross-border payment services that meet the FinCEN definition of money transmission and require a scalable compliance infrastructure from day one
  • MSB principals with agent networks requiring both direct compliance and agent monitoring, agent list management, and agent-level transaction surveillance within one platform

Conclusion

US money services businesses carry the highest inherent AML risk of any non-bank financial institution — and face the full weight of FinCEN’s BSA programme requirements, IRS examination authority, state money transmitter licensing and compliance reviews, and OFAC’s sanctions framework simultaneously. With no prudential regulatory support and full accountability for agent network compliance on top of direct operations, the compliance burden on MSBs is disproportionately heavy relative to the resources many MSBs have available.

KYCsphere provides a single unified platform that automates the complete MSB KYC and AML compliance lifecycle — from customer identification and onboarding through transaction monitoring, SAR and CTR filing, Funds Travel Rule recordkeeping, agent list management, agent monitoring, OFAC screening, and state-specific compliance workflows — all in one connected system with the immutable audit trail that FinCEN, IRS examiners, state regulators, and OFAC expect.

KYCsphere meets every layer of US MSB KYC/AML compliance — automatically.

Frequently Asked Questions

What are the primary compliance obligations for a US money services business?

Every US MSB must register with FinCEN by filing Form 107 within 180 days of commencing operations and renew registration every two years. MSBs must develop and implement a written AML programme with four mandatory pillars — policies and procedures, a designated compliance officer, employee training, and independent review. MSBs must file SARs for suspicious transactions of $2,000 or more, file CTRs for cash transactions exceeding $10,000, comply with the Funds Travel Rule for transmittals of $3,000 or more, maintain monetary instrument purchase records for transactions of $3,000 or more in cash, and maintain a current list of authorised agents. OFAC sanctions screening obligations apply separately from all BSA requirements.

Who examines MSBs for BSA/AML compliance?

The IRS — through its Small Business and Self-Employed Division — acts as FinCEN’s delegated BSA examiner for money services businesses. IRS examiners conduct on-site compliance examinations using FinCEN’s BSA/AML Examination Manual for Money Services Businesses, reviewing AML programme adequacy, SAR and CTR filing compliance, Funds Travel Rule compliance, recordkeeping practices, and agent monitoring. The IRS can issue civil money penalties for BSA violations and refer matters to FinCEN for further action. State regulators conduct separate compliance examinations as part of their money transmitter licence oversight.

What is the SAR threshold for MSBs and how does it differ from banks?

The MSB SAR reporting threshold is $2,000 — lower than the $5,000 threshold that applies to banks. MSBs that know, suspect, or have reason to suspect that a transaction or pattern of transactions involves $2,000 or more and meets SAR filing criteria must file FinCEN Form 111 within 30 days of detection, or within 60 days if no subject is identified. The lower threshold reflects the higher inherent money laundering risk associated with MSB transaction types and customer profiles. MSBs that inadvertently apply bank-level thresholds to their transaction monitoring and SAR filing risk systematic under-reporting that is a common IRS examination finding.

Are cryptocurrency exchanges required to register as MSBs?

Yes. Under FinCEN’s 2013 and 2019 guidance, virtual currency administrators and exchangers — including cryptocurrency exchanges, digital wallet providers that control private keys, and crypto-to-fiat conversion platforms — are classified as money transmitters and therefore as MSBs subject to full BSA compliance obligations. This includes FinCEN registration, written AML programme requirements, SAR and CTR filing, Funds Travel Rule compliance, and OFAC sanctions screening including against OFAC-designated cryptocurrency wallet addresses. The Funds Travel Rule is the most commonly cited BSA violation by the IRS against MSBs engaged in virtual currency transmission.

Do MSBs need a state money transmitter licence in addition to FinCEN registration?

Yes, in most states. FinCEN registration is a federal requirement but does not satisfy state licensing obligations. Forty-nine states and the District of Columbia require separate money transmitter licences for businesses conducting money transmission within the state. Licence applications typically require a written AML programme, audited financial statements, surety bonds, background checks on principals, and ongoing compliance reporting. Most states use the Nationwide Multistate Licensing System (NMLS). New York imposes additional requirements under the NYDFS BitLicense for virtual currency businesses, including cybersecurity controls and annual compliance certification.

What are an MSB’s obligations with respect to its agents?

MSB principals are responsible for the BSA compliance of their authorised agents and must implement risk-based procedures to monitor agent activity on an ongoing basis. This includes maintaining a current agent list updated annually each January 1, with agent name, address, and transaction volume data current within 45 days of the list due date. The list must be available to FinCEN and IRS on request and retained for five years. Beyond the list, principals must evaluate agent operations continuously, monitor for variations suggesting non-compliance, and have procedures for handling non-compliant agents including contract termination. IRS examiners regularly review agent list completeness and agent monitoring adequacy during MSB examinations.