The IRS — not FinCEN — is the primary federal examiner for most money services businesses. Under a delegation agreement with the Treasury Department, the IRS's Small Business/Self-Employed Division conducts BSA compliance examinations of MSBs nationwide. The examination process is governed by IRS Internal Revenue Manual (IRM) 4.26.9, which is publicly available and tells you exactly what examiners are trained to look for.
Most MSB owners are caught off guard when an examination notice arrives. Understanding how the process works, what documents will be requested, and what causes findings can mean the difference between a clean exam and civil money penalties that reach tens of thousands of dollars per violation per day.
Who Examines MSBs and Why
The Bank Secrecy Act requires the Treasury Department to examine financial institutions for BSA compliance. For most MSBs, that examination authority is delegated to the IRS under a Memorandum of Understanding. FinCEN retains authority to assess civil money penalties, but the IRS conducts the fieldwork.
MSBs are selected for examination based on several criteria: FinCEN registration data, Currency Transaction Report (CTR) and Suspicious Activity Report (SAR) filing patterns, referrals from state regulators, tips, and periodic compliance checks of newly registered businesses. A brand-new FinCEN registrant has a higher-than-average chance of being examined within the first two years of registration precisely because examiners want to ensure new entrants understand their obligations.
Key point: An IRS BSA examination is not a tax examination. The examiner is not reviewing your income tax return. They are reviewing your anti-money laundering compliance program and your transaction records. The two processes are entirely separate.
The Three Phases of an IRS BSA Examination
Pre-Contact and Initial Document Request
Before contacting you, the examiner reviews your FinCEN registration data, your CTR and SAR filing history, and any prior examination results. When the examination opens, you receive an initial contact letter and an Information Document Request (IDR) listing the documents required for the exam. You typically have 10–30 days to respond. The IDR commonly requests: your written BSA/AML compliance program, your BSA policies and procedures, training records, independent review reports, employee training materials, transaction logs, and a list of your agents or authorized delegates.
On-Site or Remote Review
The examiner reviews the documents you provide and typically conducts an on-site visit to your primary place of business. During the visit, they interview the designated compliance officer (or the owner, if no formal compliance officer exists), observe transaction processing procedures, review physical transaction records, and verify that your written program matches how the business actually operates. Discrepancies between your written procedures and actual practice are a common source of findings. If the examiner identifies a concern — for example, CTRs that appear to have been improperly structured or not filed — they may expand the scope of the examination.
Closing and Report
After the fieldwork, the examiner prepares a Report of Examination. If no violations are found, the exam closes with a letter indicating no findings. If violations are identified, the report details each finding, the applicable regulatory citation, and the examiner's recommendation for follow-up action. For minor or technical violations, the examiner may issue a warning. For substantive violations — particularly absent or inadequate written programs, unreported CTRs, or failure to file SARs — the case may be referred to FinCEN for civil money penalty assessment.
What Examiners Actually Check
IRM 4.26.9 is organized around the four pillars of a BSA/AML compliance program under 31 CFR 1022.210. Examiners work through each pillar systematically.
Pillar 1 — Written Policies and Procedures
The examiner will request your written BSA/AML compliance program and read it. They are evaluating whether it is tailored to your specific business (not a generic template left unmodified), whether it addresses the actual money laundering risks you face based on your products, customer types, and geographic footprint, and whether it meets the minimum requirements of 31 CFR 1022.210. A program that simply restates the law without providing operational guidance on how your business will comply is treated as inadequate. Examiners are specifically trained to identify "shelf programs" — documents that exist but clearly have never been used.
Pillar 2 — Designated Compliance Officer
You must have a named individual responsible for day-to-day BSA compliance. The examiner will ask who that person is and will interview them. They are evaluating whether the compliance officer actually understands the BSA requirements applicable to your business, whether they have the authority and resources to implement the program, and whether they receive adequate training. An owner who says "I'm the compliance officer" but cannot explain the CTR filing threshold or SAR filing requirements will create an adverse finding.
Pillar 3 — Employee Training
Every employee who handles transactions or interacts with customers must be trained in BSA/AML requirements. The examiner will ask for training records: who was trained, when, what the training covered, and whether new employees are trained before handling transactions. Verbal training with no documentation is treated the same as no training. You need written records — sign-in sheets, training completion certificates, or written quizzes — for every employee.
Pillar 4 — Independent Review
Your compliance program must be reviewed periodically by someone who is neither your compliance officer nor reports to your compliance officer. The examiner will ask when your last independent review was conducted, who conducted it, what it covered, and what the findings were. If you have never had an independent review, that is a finding. If your "independent reviewer" is your compliance officer reviewing their own work, that is a finding. The reviewer can be an outside consultant, an attorney, or even a knowledgeable employee in a different role — but the independence requirement is absolute.
Transaction Record Review
In addition to the four pillars, examiners review your actual transaction records. Under the BSA, MSBs are required to retain transaction records for five years (31 CFR 1010.430). Examiners will pull a sample of transactions and verify:
- CTRs were filed for all cash transactions over $10,000 in a single business day, including aggregated transactions by the same person
- Monetary Instrument Sales Logs were maintained for cash purchases of monetary instruments between $3,000 and $10,000 (31 CFR 1010.415)
- Travel Rule records were kept for transmittals of $3,000 or more (31 CFR 1010.410(f)) — for money transmitters only
- Customer Identification Program (CIP) procedures were followed — customer ID was verified and recorded for transactions meeting recordkeeping thresholds
- OFAC screening was performed — no transactions with sanctioned individuals, entities, or countries
Missing or incomplete transaction records significantly increase the likelihood of penalty referral. Structured transactions — where a customer breaks a single transaction into multiple transactions to avoid the CTR threshold — are a serious BSA violation, and examiners are trained to identify patterns that suggest structuring.
The Most Common Examination Findings
- ! No written BSA/AML compliance program — or a generic program that was never customized to the business. This is the single most common finding in MSB examinations.
- ! Missing or incomplete employee training records — verbal training with no documentation, or no training at all for part-time or seasonal employees.
- ! No independent review — the compliance officer reviewing their own work, or no review conducted at any point.
- ! CTR filing errors — missing CTRs for aggregated transactions, incorrect customer information on filed CTRs, or failure to aggregate multiple same-day transactions by the same person.
- ! Inadequate transaction records — missing Monetary Instrument Sales Logs, incomplete CIP records, or records not retained for the required five-year period.
- ! OFAC screening gaps — no documented OFAC screening process, or screening that only occurs at account opening rather than at every transaction.
Penalties for BSA Violations
Civil money penalties for BSA violations are assessed by FinCEN and can be severe. Under 31 U.S.C. § 5321, willful violations of BSA recordkeeping and reporting requirements can result in penalties up to $100,000 per violation. For pattern violations — for example, a series of unreported CTRs — each missed filing is a separate violation. A small business that missed 15 CTRs over 12 months faces potential penalties in the millions of dollars, though FinCEN typically considers ability to pay and cooperation in determining actual assessed amounts.
For criminal violations — including willful failure to maintain an AML program under 31 U.S.C. § 5318(h) — penalties include up to 10 years imprisonment and fines up to $500,000 per violation. Criminal referrals from IRS BSA examinations are relatively rare for small MSBs but are most likely when examiners find evidence of deliberate non-compliance or actual money laundering activity.
How to Prepare for an Examination
The single most effective preparation for a BSA examination is having a complete, customized, and actively maintained written compliance program before the examiner arrives. Examiners are experienced at identifying programs that were assembled after receiving an examination notice — the document dates, the lack of training records, and the absence of any independent review history all tell the story.
Before any examination notice arrives, you should be able to produce on short notice: your written BSA/AML compliance program, training records for all current and recent employees, your most recent independent review report, your OFAC screening records, your Monetary Instrument Sales Logs (if applicable), your CTR filing history, and your SAR filing history (if you are a money transmitter).
If you receive an examination notice and do not have these documents, your priority is to build them as quickly and accurately as possible. A program assembled after the notice is better than no program, but it will be less credible than a program with a documented history of use, training, and review.
Get exam-ready with complete compliance templates
Our template packages include every document an IRS examiner will ask for — written BSA/AML program, CIP manual, training materials with sign-off records, independent review checklist, and more. Fully editable Word documents, traceable to specific regulatory requirements.
View Compliance Packages → How It Works