Why FinTech AML Is Different (Start Here)

Welcome to AMLReady. This is our practical workshop on anti-money-laundering for fintech. Here is the idea that runs underneath everything we'll cover.

The laws have not changed for a fintech. The Bank Secrecy Act, the rules in title thirty-one of the Code of Federal Regulations, the sanctions obligations from the Office of Foreign Assets Control: they apply to a neobank, a payments app, or a crypto exchange the same way they apply to a hundred-year-old bank. What changes is the operating reality.

A fintech onboards customers in ninety seconds with no branch, moves money in real time, rides on someone else's banking rails, and launches products faster than a control framework can keep up. So the obligations are familiar, but the place where fintechs get them wrong is almost always the same: applying a control that was designed for a slow, in-person, single-institution world to a fast, digital, multi-party one. That gap is what this workshop is about.

Let's set expectations for the next fifteen lectures. We'll start with the question that decides everything else: are you, the fintech, a financial institution under the Bank Secrecy Act, and if so, what kind? Then we'll look at the model most fintechs actually run on, the sponsor-bank or Banking-as-a-Service arrangement, and where the legal obligation really sits inside it.

From there we build the program: the pillars, digital onboarding and identity, customer due diligence and beneficial ownership, transaction monitoring at scale, sanctions screening, the Travel Rule, virtual currency, state licensing, the convergence of fraud and AML, suspicious-activity and currency-transaction reporting, and finally what a regulatory exam looks for. Each lecture follows the same rhythm: here's the rule, here's where fintechs get it wrong, and here's how to apply it.

This workshop is built for the people who actually carry fintech AML risk day to day. That's founders and operators who need to understand what they're signing up for, compliance and risk professionals stepping into a fintech for the first time, and the product managers and engineers who build the money-movement features and quietly make compliance decisions in code. You don't need to be a BSA expert to start.

We'll define the key terms as we go and spell out the acronyms the first time we use them. But you should come ready to think, because in fintech the compliance question is rarely 'what does the rule say' and almost always 'how does the rule apply to a product the rule's authors never imagined.'

Now, the most important thing in this entire workshop, said plainly. This is an educational workshop. It is built only from public sources: the Bank Secrecy Act and its regulations, FinCEN guidance, OFAC's published frameworks, the F-F-I-E-C BSA slash AML Examination Manual, state regulators, and the F-A-T-F international standards.

It is not legal advice, it is not compliance advice, and it is not a substitute for a qualified professional who knows your specific facts. Whether your particular product makes you a money transmitter, which state licenses you need, and exactly how a sanctions screen should be tuned are fact-specific questions with real legal consequences. Your obligations are set by FinCEN, by OFAC, by your federal banking partner's regulators, and by the states, not by this course.

Use this workshop to understand the landscape and ask better questions. Then confirm every real decision with qualified counsel.

Here's the mental model to carry through the whole workshop. Almost every fintech feature maps onto an existing Bank Secrecy Act obligation, if you know where to look. A 'send money to a friend' button is a transmittal of funds, which means the Travel Rule may apply.

A 'sign up in two minutes' flow is a Customer Identification Program decision. A 'business account' is a beneficial-ownership obligation. So when you look at any feature, ask three questions: who is the financial institution here, what exactly is the product doing with money, and who is the customer.

Get those right and the obligations fall into place. The fintechs that get into trouble are almost never the ones who didn't know the rule existed. They're the ones who treated compliance as something to bolt on after launch, after scale, after the money was already moving.

Build it in as a design constraint from the start. Retrofitting controls onto a live, high-volume product is exactly where enforcement actions come from.

Here's how to get the most from this. Watch actively, pause when a term is new, and say the acronyms out loud, because BSA, AML, CIP, CDD, MSB, OFAC, SAR, CTR, and VASP will all become second nature. As you go, keep mapping each lecture back to your own product or your client's product: where does this obligation land for us, and who owns it.

We won't promise that finishing this workshop makes you compliant, because no honest course can; compliance is specific to your facts and your regulators. What we promise is a clear, practical map of how BSA/AML obligations actually apply in fintech, so you can spot the gaps before an examiner does. In the next lecture, we tackle the foundational question that everything else depends on: is your fintech even a financial institution under the law, and if so, which kind.