What are the current AML regulations in North America? | Napier AI

Compliance with anti-money laundering (AML) regulations is essential for any regulated organisation in North America, both in the United States and Canada. The region combines some of the most influential AML/CFT frameworks in the world, with highly active supervisors and increasing scrutiny of banks, fintech, payments, crypto and other regulated sectors.

Broadly speaking, AML regulations in North America are the set of laws, regulations and guidelines designed to prevent money laundering and terrorist financing, aligned with the recommendations of the Financial Action Task Force (FATF).

In this article, we provide a clear and up-to-date overview of:

• The main AML legal frameworks in the United States and Canada

• The supervisory bodies that monitor compliance

• Key obligations for regulated companies

• Recent updates and trends in regulatory enforcement

• The most common challenges in complying

• How technological solutions such as Napier AI help simplify compliance and improve efficiency

AML regulations in North America are a set of laws, rules, and guidelines designed to prevent money laundering and terrorist financing in the United States and Canada.

North America operates under some of the most advanced AML/CFT frameworks in the world, aligned with the standards of the Financial Action Task Force (FATF/GAFI). Although the United States and Canada have different regulatory structures, both countries maintain strict requirements aimed at preventing financial crime.

In the United States, the AML regime is based on the Bank Secrecy Act (BSA) and the USA PATRIOT Act, reinforced by the Anti-Money Laundering Act of 2020, which introduces technological modernisation, virtual asset regulation and a federal register of beneficial owners. Oversight and enforcement fall primarily to FinCEN, along with other sectoral regulators such as the OCC, Federal Reserve, FDIC, and SEC.

In Canada, the AML framework is structured by the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA). The authority responsible for supervising and enforcing these obligations is FINTRAC (Financial Transactions and Reports Analysis Centre of Canada), which acts as the country's financial intelligence unit and supervises banks, fintech, payment providers, casinos, real estate, MSBs, VASPs and other regulated sectors. FINTRAC requires risk-based programmes, identification controls, ongoing monitoring, and mandatory reporting of suspicious transactions.

Together, the United States and Canada require robust, risk-based AML programmes supported by technology and strict oversight, making the region a highly regulated and demanding environment for any organisation.

United States – Bank Secrecy Act (BSA)

‍

The Bank Secrecy Act (BSA), enacted in 1970, is the basis of the US AML regime. It establishes mandatory requirements for:

• Suspicious activity reports (SARs)

• Cash transaction reports (CTRs)

• Detailed records of fund transfers

• Risk-based internal AML programmes

The BSA is administered and enforced by FinCEN, which coordinates supervision with federal banking agencies.

‍

United States – USA PATRIOT Act

‍

The USA PATRIOT Act significantly strengthened the BSA following the attacks of 2001. It includes:

• Strict Customer Identification Programme (CIP) requirements

• Enhanced due diligence (EDD) for foreign customers and correspondent banking relationships

• Mandatory cooperation between financial institutions and federal authorities

• Prohibition on relationships with foreign shell banks

It is a central pillar of the fight against financial terrorism in the country.

‍

United States – Anti-Money Laundering Act of 2020 (AMLA 2020)

‍

AMLA 2020 modernises the US AML framework and introduces structural changes such as:

• Federal registration of beneficial owners under FinCEN

• Enhanced supervision of fintech, MSBs and virtual asset providers

• Incentives and protections for AML whistleblowers

• Explicit focus on technology adoption, innovation and advanced analytics

It is considered the biggest AML reform since the Patriot Act.

‍

Canada – Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA)

‍

The PCMLTFA is Canada's primary AML/CFT law. It defines key obligations for banks, fintech companies, MSBs, casinos, real estate agencies, professional services firms, and VASPs. It includes requirements for:

• Customer identification and verification

• Risk-based AML programmes

• Ongoing monitoring of relationships and transactions

• Mandatory reporting to FINTRAC (STRs, Large Cash Transactions, Electronic Funds Transfers Reports)

• Beneficial ownership records

This law is periodically updated to align with FATF standards and address emerging risks.

‍

Canada – OSFI regulations and guidelines

‍

For federal banks and insurers, the OSFI regulator issues supplementary guidelines that set expectations for:

• Governance and oversight of senior management

• Ongoing risk assessments

• Effective internal audit

• Data integrity and technology controls

OSFI maintains one of the most rigorous supervisory standards on the continent.

‍

In North America, AML/CFT compliance is overseen by a group of specialised federal agencies that regulate banks, fintech, payments, stockbrokers, MSBs, and other sectors subject to financial crime prevention obligations.  

In the United States the main AML supervisory bodies are:

‍

FinCEN (Financial Crimes Enforcement Network)

National AML authority. Administers the BSA, receives SARs and CTRs, manages the beneficial ownership register and establishes AML/CFT guidelines.

‍

OFAC (Office of Foreign Assets Control)

A US Treasury Department agency responsible for administering and enforcing US economic sanctions programmes. Although OFAC does not directly regulate AML, sanctions screening is mandatory for banks, fintech companies, MSBs, PSPs, stockbrokers and VASPs.

‍‍

OCC (Office of the Comptroller of the Currency)

Supervises national banks and enforces penalties for BSA violations.

‍

Federal Reserve (FED)

Supervises member banks and bank holding companies with strict BSA/AML obligations.

‍

FDIC (Federal Deposit Insurance Corporation)

Supervises insured banks; evaluates AML controls, transaction monitoring, and reporting to FinCEN.

‍‍

SEC (Securities and Exchange Commission)

Supervises stockbrokers and securities firms with specific AML obligations.

‍

FINRA (Financial Industry Regulatory Authority)

Self-regulatory body that supervises securities intermediaries and requires robust AML programmes.

‍

CFTC (Commodity Futures Trading Commission)

Regulates companies operating in derivatives and futures markets, with applicable AML requirements.

In Canada the main AML supervisory bodies are:

‍

FINTRAC (Financial Transactions and Reports Analysis Centre of Canada)

Financial intelligence unit and primary AML regulator in the country. Oversees banks, fintech, MSBs, VASPs, casinos, real estate and other designated sectors. Receives STR, LCTR and EFTR reports and maintains AML/CFT compliance guidelines.

‍

OSFI (Office of the Superintendent of Financial Institutions)

Supervises federal banks, insurers, and large financial institutions. Issues strict guidelines on risk governance, internal auditing, and AML expectations.

‍

Provincial regulators (by sector)

Some sectors, such as lawyers, accountants, and gaming, are subject to additional provincial regulators.

‍

Regulated businesses in the United States and Canada must comply with a set of AML/CFT obligations designed to prevent money laundering and terrorist financing. Although the two countries have different legal frameworks, their requirements coincide on the following fundamental elements:

Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD)

Both the BSA in the United States and the PCMLTFA in Canada require clear customer identification, identity verification, risk assessment, and enhanced controls for high-risk relationships.

Example: In the United States, FinCEN's CDD Rule requires identification of the beneficial owner; in Canada, FINTRAC requires documentary and non-documentary verifications based on risk.

Ongoing monitoring and transaction surveillance

Organisations must continuously monitor unusual activities and suspicious patterns.

Example: US banks must implement monitoring systems capable of detecting structuring; in Canada, risk-based monitoring is required for sectors such as casinos and MSBs.

‍

Mandatory reporting of suspicious activities

All entities must report transactions that may indicate money laundering or terrorist financing.

Example: In the US, SARs must be filed with FinCEN; in Canada, organisations file STRs with FINTRAC.

Screening for national and international sanctions

Both countries require customers and transactions to be checked against relevant sanctions lists.

Example:

• In the US, screening against the OFAC list is mandatory.

• In Canada, the lists in the Regulations Implementing the United Nations Resolutions on Terrorism Financing and other federal laws must be complied with.

Record-keeping

Detailed records must be kept for several years, including customer information, transactions and reports.

Example: The United States requires 5 years of retention under the BSA; Canada typically requires 5 years under the PCMLTFA.

Ongoing staff training

AML programmes must include regular role-specific training to ensure that employees recognise red flags and fulfil their responsibilities.

Example: Both FinCEN and FINTRAC evaluate the quality of training programmes during inspections.

These obligations apply to banks, fintech companies, payment providers, stockbrokers, MSBs, VASPs, casinos, real estate agencies and other sectors subject to regulation in both the United States and Canada.

‍

The AML regulatory landscape in North America has undergone significant changes in recent years, driven by pressure from the FATF, technological modernisation, and increased risks associated with digital payments and virtual assets. The most important updates include:

1. United States: Beneficial Ownership Reporting (2024–2025)

One of the biggest developments in the US AML regime is the entry into force of the requirement to register beneficial owners under the Corporate Transparency Act (CTA), administered by FinCEN.

• Since January 2024, millions of companies must submit information about their beneficial owners to the Beneficial Ownership Registry.

• From 2025, stricter deadlines and penalties for failing to submit or update information will begin to apply.

• This represents a structural change in corporate transparency in the United States.

2. United States: Continued implementation of the Anti-Money Laundering Act of 2020 (AMLA 2020)

The AMLA continues to introduce additional obligations, including:

• Enhanced supervision of fintech, MSBs, and virtual asset providers.

• Increased information sharing between financial institutions and regulators.

• Explicit focus on AML innovation, including AI, automation, and advanced analytics.

• Expansion of protections for whistleblowers.

3. Canada: Recent reforms to the PCMLTFA (2019–2024)

Canada has progressively updated its AML framework to align with FATF standards and improve regulatory coverage. Key changes include:

• Full inclusion of VASPs (virtual asset service providers) as regulated entities.

• Strengthened rules for beneficial ownership and identity verification.

• New obligations for crowdfunding platforms and payment providers.

• Stricter requirements for ongoing monitoring and risk documentation for DNFBP sectors.

4. Reinforced expectations of oversight by FINTRAC and US regulators

Both FINTRAC and US regulators (OCC, FED, FDIC, SEC, FINRA) have increased the frequency and depth of their inspections, with a particular focus on:

• Quality and effectiveness of AML programmes

• Data integrity and monitoring systems

• Appropriate use of technology to reduce false positives

• Up-to-date and documented risk assessments

• Traceability and governance of automated models

These updates underscore a clear trend: North America is moving towards more transparent, technology-driven, risk-based compliance, where organisations must integrate intelligent monitoring systems, robust sanctions controls, and consistent, auditable reporting processes.

‍

Although the United States and Canada have robust AML frameworks, regulated companies face significant challenges in effectively complying with all obligations. Here are some of the most common challenges in the region:

Complex and constantly evolving regulatory frameworks

In both the United States and Canada, regulations are frequently updated to address new risks, particularly those related to digital payments, fintech, and virtual assets.

Example:

The implementation of the Beneficial Ownership Registry in the US and recent amendments to the PCMLTFA in Canada require organisations to continually review and adjust their AML programmes.

Growing volume of transactions and data

North America is one of the world's most financially active markets. The rise of instant payments, e-commerce, and cross-border transfers generates large volumes of data that are difficult to monitor manually.

Example:

Financial institutions must monitor millions of transactions daily, which leads to operational overload if they do not have the right technology in place.

High levels of false positives

Legacy systems and static rules generate excessive alerts that overwhelm compliance teams.

Example:

Banks and MSBs in the US report false positive rates exceeding 90 per cent when using traditional rules without AI or dynamic segmentation.

Technological fragmentation and legacy systems

Many organisations operate with outdated infrastructures that hinder data integration, real-time detection and complete decision traceability.

Example:

Canadian institutions with multiple legacy systems have difficulty unifying information for FINTRAC, especially in sectors such as insurance and regional banking.

Shortage of specialised compliance talent

The region faces growing demand for AML professionals, especially in emerging sectors such as fintech, PSPs and crypto.

Example:

In both the US and Canada, supervisors have highlighted failures related to insufficient staffing, inadequate training and lack of governance in risk models.

‍

How technology simplifies AML compliance in North America

AML compliance in the United States and Canada has become increasingly complex due to new regulatory requirements, growing data volumes, and greater scrutiny from FinCEN, FINTRAC, and other supervisors. In this context, modern technological solutions play an essential role in helping organisations manage risk more efficiently and sustainably.

Advanced platforms such as Napier AI Continuum enable the transformation of AML programmes in three key areas:

‍

Greater operational efficiency through AI and automation

Artificial intelligence helps reduce false positives, prioritise relevant alerts and provide explainable recommendations to support decision-making.

Impact: less manual burden on analysts, greater accuracy in investigations and faster resolution times.

‍

Scalability and performance for high transaction volumes

The North American market is one of the most dynamic in the world, with large flows of payments, crypto assets and digital commerce. Napier AI enables these volumes to be processed at high speed without sacrificing accuracy or traceability. ‍

‍

Enhanced compliance and more robust reporting

Napier AI facilitates the generation of consistent and auditable regulatory reports for obligations such as SARs (United States) or STRs/EFTRs (Canada). Every decision made by the system is recorded, allowing for demonstration of effectiveness in audits by FinCEN, FINTRAC, or other regulators.

‍

Data integration and 360-degree view of risk

The platform unifies information from multiple internal and external systems, reducing silos and improving the detection of suspicious patterns. This is especially valuable for banks, fintechs, PSPs, and MSBs operating in multiple states or provinces.

Together, these capabilities enable North American organisations to strengthen their AML programmes, reduce risk and improve efficiency in an increasingly demanding regulatory environment.

‍

The AML framework in the United States and Canada is one of the most advanced and demanding in the world. With constantly evolving regulations, new obligations such as beneficial owner registration, and increasingly strict oversight by FinCEN, FINTRAC, OSFI and other agencies, organisations need robust, scalable, technology-backed compliance programmes.

Napier AI's NextGen solutions enable banks, fintechs, payment providers, MSBs, VASPs, and other regulated businesses to reduce operational burden, improve risk detection, and demonstrate effective compliance in audits and regulatory reviews.

If your organisation operates in North America, now is the time to strengthen your AML strategy.

Learn more about financial crime compliance, read the Napier AI / AML Index.

‍