AML Compliance Checklist for Small Business
Use this interactive checklist to identify gaps in your BSA/AML compliance program before your next examination. Learn exactly what examiners look for and how to pass your AML audit.
How to Use This Checklist
Check off each item your business currently has in place. Items marked Critical are the most common examination findings. Missing any of these will likely result in a regulatory finding. Click any item to see examiner notes and details.
24
Total checklist items
13
Critical items
98%
Exam pass rate with Soflo
Written AML Policy & Procedures
Written AML policy manual exists and is signed by senior management
CriticalPolicy was reviewed and updated within the past 12 months
CriticalPolicy covers all current products, services, and customer types
CriticalSAR filing procedures are documented
CriticalCTR filing procedures are documented (if applicable)
Recordkeeping requirements are documented
BSA Risk Assessment
Written BSA risk assessment exists
CriticalRisk assessment was completed or updated within the past 12 months
CriticalRisk assessment covers products, services, customers, and geographies
CriticalCustomer risk rating methodology is documented
Risk assessment drives the design of your AML controls
Annual Employee Training
All relevant employees completed AML training within the past 12 months
CriticalTraining completion certificates are retained for all employees
CriticalTraining content is relevant to your specific business type
CriticalNew employees received training before handling transactions
Training records are organized and easily retrievable
Independent Program Review
Independent review was conducted within the past 12 months
CriticalReviewer was independent (did not review their own work)
CriticalWritten review report exists with findings and recommendations
CriticalPrior review findings have been remediated
Review covered all five pillars of the AML program
Customer Due Diligence (CDD)
Customer Identification Program (CIP) procedures are documented
CriticalBeneficial ownership procedures are in place (for legal entity customers)
CriticalOngoing customer monitoring procedures are documented
Enhanced Due Diligence (EDD) procedures exist for high-risk customers
How to Pass an AML Audit: 5 Expert Tips
From Soflo compliance experts who have helped 500+ businesses prepare for and pass regulatory examinations.
Organize your documentation before the exam
Examiners will request specific documents. Have your policy manual, risk assessment, training records, and independent review report organized and immediately accessible.
Know your own program
Your BSA compliance officer should be able to explain every element of your AML program without referring to documents. Examiners will ask questions directly.
Don't guess, say you'll follow up
If you don't know the answer to an examiner's question, say you'll follow up with documentation. Guessing incorrectly is worse than not knowing.
Address prior findings proactively
If you had findings from a prior examination, document what you did to remediate them. Examiners always check whether prior findings were addressed.
Show your program is risk-based
Examiners want to see that your controls are proportionate to your risk. Be prepared to explain why your controls are appropriate for your specific risk profile.
Not Sure Where You Stand?
Soflo's compliance experts will review your current program and identify every gap before your next examination.
AML Audit Questions Answered
What do AML examiners look for during an audit?
AML examiners evaluate five core areas: (1) whether your written AML policy is current and complete, (2) whether your BSA risk assessment accurately reflects your business risk, (3) whether all required employees completed annual training with documented certificates, (4) whether your independent program review was conducted by a qualified, independent party, and (5) whether your Customer Due Diligence (CDD) procedures are adequate and consistently applied.
How do I pass an AML audit?
To pass an AML audit, you need: a current written AML policy manual, a completed BSA risk assessment, documented annual training records with certificates for all relevant employees, an independent review conducted within the past 12 months, and Customer Due Diligence procedures that are consistently applied. The most common audit failures are outdated policies, missing training records, and independent reviews conducted by non-independent parties.
What is the most common AML compliance gap for small businesses?
The three most common AML compliance gaps for small businesses are: (1) outdated AML policy manuals that do not reflect current FinCEN requirements or the business's current products and services, (2) missing or incomplete annual training records, employees completed training but certificates were not retained, and (3) independent reviews conducted by the BSA compliance officer themselves, which does not meet the "independence" requirement.
How often must AML training be completed?
FinCEN requires annual AML/BSA training for all employees who handle transactions or interact with customers. Training must be completed at least once per calendar year, and completion must be documented with records that can be produced during examination. New employees should receive training before they begin handling transactions.
What happens if you fail an AML audit?
If you fail an AML audit (regulatory examination), the consequences depend on the severity of the deficiencies. Minor gaps typically result in a Matters Requiring Attention (MRA) or Matters Requiring Immediate Attention (MRIA), written findings that require a corrective action plan. Serious or repeated failures can result in civil money penalties ($25,000–$1,000,000+ per violation), cease and desist orders, or criminal referrals to the Department of Justice.
Found Gaps in Your AML Program?
Soflo fixes every gap on this checklist: written policy, risk assessment, annual training, and independent review, at a fixed annual price. No consultants. No hourly billing.