Introduction
International money transfer operations sit at the intersection of federal law, state licensing regimes, and cross-border obligations—and regulators expect full compliance across all of them simultaneously. For money transmitters, fintech founders, and embedded finance providers, the consequences of getting it wrong are severe: civil penalties, criminal prosecution, license revocation, and sponsor bank relationships terminated without warning.
This guide is written for compliance officers and financial services operators building or managing international transfer programs. It covers the Bank Secrecy Act, FinCEN Travel Rule, OFAC sanctions screening, and the multi-jurisdictional requirements that apply when you operate across the US, UK, EU, and Canada.
TLDR
- The BSA, FATCA, Travel Rule, and OFAC sanctions screening form the foundational US compliance stack for international money transfers.
- AML programs must include KYC/CIP, Customer Due Diligence, transaction monitoring, and SAR filing, each triggered at specific dollar thresholds.
- Cross-border operations add jurisdiction-specific obligations from the UK, EU, and Canada on top of your US requirements.
- Non-compliance carries severe consequences: civil fines, criminal charges, and loss of licenses—making compliance program design a strategic priority, not an operational afterthought.
The Regulatory Framework: Key Laws Governing International Money Transfers
International money transfer regulation is layered: federal law sets the baseline in the US, but state money transmitter licensing, foreign regulator requirements, and interagency coordination add complexity. Compliance teams must map all applicable rules before operations begin.
Key US Federal Frameworks
Bank Secrecy Act (BSA) serves as the cornerstone of US AML regulation. It requires financial institutions and money services businesses (MSBs) to:
- Maintain comprehensive AML programs
- File Currency Transaction Reports (CTRs) for cash transactions exceeding $10,000
- File Suspicious Activity Reports (SARs) when suspicious activity is detected
- Retain all records for at least five years
FinCEN administers and enforces BSA compliance for all covered institutions.
The aggregation rule applies when a financial institution knows multiple transactions are conducted by or on behalf of the same person and result in cash in or cash out totaling more than $10,000 during a single business day. This aggregation rule prevents structuring—the deliberate breaking of transactions into smaller amounts to evade reporting thresholds, which is itself a federal crime under 31 USC 5324.
FATCA (Foreign Account Tax Compliance Act) requires foreign financial institutions and US persons to report foreign financial accounts and assets to the IRS. Two key forms trigger at specific thresholds:
- FBAR (FinCEN Form 114): Required when aggregate foreign account balances exceed $10,000 at any time during the calendar year; due April 15 with automatic extension to October 15.
- Form 8938: Required for specified individuals and domestic entities, with thresholds varying by filing status and location:
| Filer Category | End of Tax Year | Any Time During Year |
|---|---|---|
| US individuals (Unmarried/Married filing separately) | More than $50,000 | More than $75,000 |
| US individuals (Married filing jointly) | More than $100,000 | More than $150,000 |
| Individuals living abroad (Unmarried/Married filing separately) | More than $200,000 | More than $300,000 |
| Individuals living abroad (Married filing jointly) | More than $400,000 | More than $600,000 |
| Specified domestic entities | More than $50,000 | More than $75,000 |
Tax reporting aside, federal law also directly governs what your customers see before they send money. **Dodd-Frank Act and Regulation E** impose consumer protection requirements through the CFPB's remittance transfer rules. Before payment, providers must disclose the transfer amount, transfer fees, taxes, total cost, exchange rate, covered third-party fees, and the exact amount the recipient will receive. This applies to any company offering consumer-facing international transfer products.
State Licensing Overlay
Beyond federal MSB registration with FinCEN, most US states independently require money transmitter licenses (MTLs). Thirty-one states have enacted the Money Transmission Modernization Act in full or part, and licensed money transmitters in MTMA states account for 99% of reported money transmission activity nationwide.
Each state sets its own thresholds, documentation requirements, and compliance standards. Montana does not regulate money transmitters at all, while other states add lower reporting thresholds beyond federal BSA minimums. Arizona requires reporting to the attorney general for transactions involving or aggregating $5,000 or more in funds or other assets when suspected of illegal activity or lacking lawful purpose, and mandates specific recordkeeping when cashing any check of $1,000 or more.
Operating without proper state licensing is a common and costly compliance failure for early-stage fintechs and money transmitters—often discovered only during sponsor bank due diligence or regulatory examination.
AML, KYC, and CDD: Core Compliance Obligations for Money Transmitters
AML compliance is a program requirement, not a checklist. FinCEN's BSA rules require covered institutions to maintain a written AML compliance program built on four core pillars:
- Internal controls to assure ongoing compliance
- Independent testing conducted by bank personnel or an outside party
- Designated compliance officer responsible for coordinating and monitoring day-to-day compliance
- Training programs for appropriate personnel
FinCEN's 2016 Customer Due Diligence Rule added what's commonly called the fifth pillar: ongoing customer due diligence requirements, including identifying and verifying beneficial ownership for legal entity customers.
Know Your Customer (KYC) and CIP Requirements
Customer Identification Program (CIP) requirements mandate collection and verification of specific identifying information at account opening:
- Name
- Date of birth (for individuals)
- Address
- Government-issued identification number
For transfers of $3,000 or more, recordkeeping rules require additional data on both sender and recipient to be collected and retained for five years.
CIP establishes who a customer is — but CDD and EDD determine how risky they are.
Customer Due Diligence (CDD) requires ongoing risk assessment of customer relationships throughout the lifecycle of the account, not just at onboarding. Enhanced Due Diligence (EDD) applies when a customer presents elevated risk, including:
- Politically Exposed Persons (PEPs)
- High-volume senders with unexplained transaction patterns
- Customers in high-risk or sanctioned jurisdictions
- Legal entities with complex or opaque ownership structures
The 2016 CDD Rule also requires financial institutions to identify and verify any individual who owns 25% or more of a legal entity, and any individual who controls it. This beneficial ownership requirement became mandatory in May 2018, targeting the shell company structures commonly used to obscure illicit funds.
Transaction Monitoring and SAR Filing
Transaction monitoring systems must flag unusual patterns — including structuring, where customers deliberately break transfers into smaller amounts to evade reporting thresholds. Structuring is a federal crime under 31 USC 5324, regardless of whether the underlying funds are legitimate.
Suspicious Activity Reports (SARs) must be filed for suspected transactions of $2,000 or more involving potential fraud, money laundering, or other financial crime. Filing deadlines are strict:
- 30 calendar days after initial detection of suspicious activity if a suspect is identified
- 60 calendar days if no suspect is identified
The "no tipping off" rule prohibits institutions from informing the subject of a SAR that a report has been filed. Institutions must maintain SAR documentation internally for five years and keep it confidential — compliance teams must carefully manage customer communications during investigations to avoid violations.
The Travel Rule, OFAC Sanctions, and Cross-Border Transparency
The FinCEN Travel Rule (31 CFR 1010.410) requires that for any funds transmittal of $3,000 or more involving more than one financial institution, the originating institution must pass specific information to the next institution in the payment chain:
- Transmittor name, address, and account number
- Transmittor's financial institution identity
- Amount and execution date
- Recipient's financial institution identity
- Recipient name, address, and account number (if available)
OFAC sanctions screening is mandatory for all US financial institutions and MSBs. Transactions must be screened against OFAC's Specially Designated Nationals (SDN) list and applicable sanctions programs before processing. Transactions involving sanctioned individuals, entities, or jurisdictions must be blocked or rejected and reported to OFAC within 10 business days.
Failure to screen is itself a violation, regardless of whether a sanctioned party was actually involved. As OFAC's guidance makes clear, there is no mandate to use specific software — but there is a firm requirement not to violate the law by doing business with a target or failing to block property.
That screening obligation depends entirely on institutions having complete originator and beneficiary data — which is where message format standards become critical. SWIFT MT 202 COV format changes introduced in 2009 addressed this directly: the MT 202 COV became mandatory for bank-to-bank cover payments on behalf of customers, with required fields for originator and beneficiary information. This increased transparency enables OFAC screening at the intermediary level, not just at the originating institution.
A 2021 enforcement action illustrates the impact: regulators found that Mashreq Bank's London branch purposefully failed to identify the originating institution in MT 202 messages, deceiving a New York branch into processing transactions for Sudan by hiding originator information in separate bank-to-bank messages.
In multi-hop cross-border transfers, obligations shift depending on each institution's role in the chain:
- Originating institutions must collect and transmit complete transmittor and beneficiary data
- Intermediary institutions must screen received data against OFAC lists and pass information forward intact
- Beneficiary institutions must verify recipient information and retain records per BSA requirements
Enforcement actions most commonly arise not from a single institution's failure, but from gaps between institutions — where each assumed the other had screened. Documenting which obligations apply at each node of your specific payment architecture is where most compliance programs fall short.
Multi-Jurisdictional Compliance: US, UK, EU, and Canada
Each jurisdiction maintains distinct regulatory bodies and frameworks:
- United States: FinCEN enforces the Bank Secrecy Act
- United Kingdom: FCA supervises payment institutions; HMRC supervises money service businesses under the Money Laundering Regulations 2017; requires appointment of a Money Laundering Reporting Officer (MLRO)
- European Union: AMLD6 (Sixth Anti-Money Laundering Directive) and Transfer of Funds Regulation (TFR) extend Travel Rule-style requirements to crypto-assets
- Canada: FINTRAC enforces the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA), requiring appointment of a Chief Anti-Money Laundering Officer (CAMLO) for MSBs
Critical Cross-Border Compliance Differences
UK: Personal Liability Under SMF17
The MLRO is a mandatory Senior Management Function (SMF17) under the FCA's Senior Managers and Certification Regime, carrying direct personal liability. If a firm breaches FCA requirements, the MLRO can be held personally accountable for failing to take reasonable steps to prevent or stop the breach.
EU: TFR Payee Verification and the €0 Crypto Floor
Effective December 30, 2024, the TFR requires verification of payee information for transfers exceeding €1,000. For crypto-asset transfers sent or received by a crypto-asset service provider (CASP), no minimum threshold applies — creating a €0 floor that covers every transaction.
Canada: LCTR Filing Deadlines
Large Cash Transaction Reports (LCTR) must be filed within 15 calendar days when receiving CAD$10,000 or more in cash. The threshold mirrors US CTR requirements, but the forms, procedures, and FINTRAC filing portal are jurisdiction-specific.
These jurisdiction-specific rules also carry a practical cross-border consequence that trips up many operators: licensing in one market does not transfer to another.
A company licensed in one jurisdiction cannot automatically operate in another. Post-Brexit, the UK is no longer part of the EU regulatory framework, eliminating passporting rights that previously allowed UK-authorized firms to operate across the EU.
Enforcement exposure is real even without intent. OFAC's 2023 settlement with Uphold HQ Inc. resulted in a $72,230.32 penalty for apparent sanctions violations involving Iran, Cuba, and Venezuela — demonstrating that cross-border operators face multi-jurisdictional enforcement risk even when not deliberately targeting sanctioned markets.
Reporting, Recordkeeping, and Documentation Requirements
Multiple reporting obligations operate simultaneously, each with distinct thresholds, deadlines, and retention requirements:
| Requirement | Threshold | Deadline / Retention |
|---|---|---|
| Currency Transaction Report (CTR) | More than $10,000 cash | 15 calendar days |
| Suspicious Activity Report (SAR) - MSB | $2,000 or more | 30 days (60 if no suspect) |
| OFAC Block/Reject Report | Prohibited transaction | 10 business days |
| FBAR (FinCEN Form 114) | Aggregate > $10,000 | April 15 (auto-extension to Oct 15) |
| FINTRAC LCTR (Canada) | CAD$10,000 or more | 15 calendar days |
| BSA Recordkeeping (General) | N/A | 5 years minimum |
| Travel Rule Recordkeeping | $3,000 or more | 5 years |
The five-year minimum recordkeeping requirement under the BSA applies to transaction records, CIP documentation, and SAR filings. Records must be retrievable and available for examination by FinCEN, OFAC, or other regulators on request. Audit trail completeness is a primary examination focus.
Documentation obligations scale directly with transfer size:
- $3,000+: Travel Rule and enhanced recordkeeping activate
- $10,000+ cash: CTR filing required
- Higher-value transfers: Source of funds documentation and enhanced due diligence records expected
State-level requirements may impose even lower thresholds than federal rules, as demonstrated by Arizona's $5,000 suspicious activity reporting threshold and $1,000 check-cashing recordkeeping requirement. Failing to meet any of these thresholds — federal or state — carries significant penalties.
Penalties for FBAR and FATCA Non-Compliance:
FBAR violations carry severe civil penalties: for penalties assessed on or after January 17, 2025, non-willful violations can result in fines up to $16,536 per violation, while willful violations can result in fines up to $165,353 per violation—or 50% of the account balance, whichever is greater. Criminal prosecution remains possible for willful violations.
FATCA Form 8938 non-compliance triggers penalties starting at $10,000, with an additional $10,000 for each 30-day period of continued failure after IRS notice, up to a maximum additional penalty of $50,000.
Building a Compliant International Transfer Program
Compliance is not a one-time setup but an ongoing program requiring continuous oversight, testing, and refinement. Effective international transfer compliance requires a designated compliance officer with sufficient authority, independence, and resources.
In the US, this role is the BSA Officer; in the UK, the Money Laundering Reporting Officer (MLRO); in Canada, the Chief Anti-Money Laundering Officer (CAMLO). Many early-stage fintechs and money transmitters underestimate the complexity and seniority required until they face regulatory examination or sponsor bank due diligence review.
Operational Components Every Compliant Program Must Include
- Written AML/BSA policies and procedures tailored to your business model and risk profile
- Risk-based customer onboarding process with appropriate KYC/CIP controls
- Automated transaction monitoring with tuned rule sets that minimize false positives while catching genuine risk
- Regular independent compliance audits or testing to validate program effectiveness
- Ongoing staff training ensuring personnel understand their obligations and responsibilities
Regulators evaluate programs on whether they are commensurate with the institution's risk profile, not just whether documentation exists on paper. A well-documented but poorly executed program will fail examination.
Fraxtional's Fractional Compliance Leadership Model
Fraxtional addresses the specific challenge faced by fintech startups and money transmitters that need director-level compliance expertise to satisfy sponsor bank requirements and regulatory examinations without the cost and commitment of a full-time executive hire. The fractional compliance leadership model provides experienced BSA Officers, CCOs, CAMLOs, and MLROs on flexible engagement bases—typically three to nine months—scaling with your needs and growth stage.
Critically, these are not external consultants. They serve as named compliance officers in regulatory filings, contracts, and audits, carrying direct accountability from day one.
For money transmitters, engagements are structured around licensing support, regulatory compliance, and ongoing AML/BSA program management. Core work typically includes:
- Transaction monitoring recalibration
- Sanctions controls optimization
- KYC/KYB procedure evaluation aligned with sponsor bank requirements
Fintech startups typically begin with advisory engagements to establish foundational compliance frameworks before regulatory scrutiny intensifies, then scale to full-scope fractional leadership as transaction volumes and complexity grow.
Fraxtional's frameworks are pre-approved by sponsor banks across lending, cards, and wallets, built by Directors with backgrounds at top US banks and BSA regulators. The firm has been recognized as a Leader in Compliance with the T100 Finance Award, with a track record supporting money transmitters across the US, Canada, UK, and EU.
The model also eliminates the typical 6-to-12 month recruitment and onboarding period. Organizations can deploy qualified executives immediately, with flexibility to adjust engagement scope over time and structured transition support when permanent in-house leadership is hired.
Frequently Asked Questions
Do wire transfers over $10,000 get reported to the IRS?
Financial institutions file Currency Transaction Reports (CTRs) with FinCEN—not directly with the IRS—for cash transactions over $10,000. Separately, FBAR and FATCA reporting rules require individuals and entities to disclose foreign accounts with balances exceeding $10,000 to FinCEN and the IRS respectively.
What is the BSA Travel Rule and who does it apply to?
The Travel Rule requires any financial institution—including non-bank MSBs and money transmitters—involved in a funds transfer of $3,000 or more to pass specific sender and recipient information to the next institution in the payment chain. It applies equally to banks and non-bank financial institutions.
What licenses does a money transmitter need to operate internationally?
In the US, money transmitters must register as MSBs with FinCEN and hold individual state money transmitter licenses (MTLs) in each state of operation. Cross-border operations require separate authorization from the relevant regulator in each target jurisdiction—FCA in the UK, FINTRAC in Canada, and national competent authorities across the EU.
What are the penalties for failing to file an FBAR or FATCA report?
Willful failure to file an FBAR can result in civil penalties up to $165,353 or 50% of the account balance per violation—plus potential criminal prosecution (figures reflect 2025 penalty assessments). FATCA non-compliance starts at $10,000, with additional $10,000 increments for continued failure after IRS notice, up to a $50,000 maximum.
How does OFAC screening apply to international wire transfers?
Every US financial institution and MSB must screen all parties to a transfer against OFAC's SDN list before processing. Transactions involving sanctioned parties or jurisdictions must be blocked or rejected and reported to OFAC within 10 business days. Failure to screen is itself a violation—regardless of whether a sanctioned party was actually involved.
What is the difference between a BSA Officer, MLRO, and CAMLO?
These are jurisdiction-specific titles for the mandatory compliance officer role: BSA Officer is required in the US under FinCEN rules, MLRO (Money Laundering Reporting Officer) is required in the UK under FCA Money Laundering Regulations, and CAMLO (Chief Anti-Money Laundering Officer) is required in Canada under FINTRAC's PCMLTFA rules. All carry personal accountability for the institution's AML program.
