How to Prepare for a BSA/AML Examination in 2026
A practical guide to getting your SAR filing decisions, alert triage records, and supervisory approvals examination-ready.
BSA examinations are getting more rigorous
FinCEN and federal banking regulators have steadily increased their expectations for BSA/AML programs over the past several years. Examiners are no longer satisfied with evidence that SARs were filed — they want to see the full decision chain: how alerts were triaged, who investigated, what evidence was reviewed, who approved the filing decision, and when each step happened.
For institutions using AI or automated systems in their AML workflows, the scrutiny is even higher. Regulators want to understand not just the outcome, but the reasoning process and the human oversight that governed it.
The five decision points examiners will ask about
Every BSA/AML workflow contains decision points that need documentation. These are the moments examiners will focus on:
Alert triage. When a transaction monitoring alert fires, who reviewed it? What was the disposition? Alerts dismissed without investigation are a major examination risk.
Investigation scope. What data was reviewed during the investigation? Which systems were queried? What patterns were identified or ruled out?
Filing decision. Who decided to file (or not file) a SAR? What was the rationale? Was there supervisory review of the decision?
Supervisory approval. Did a qualified supervisor review and approve the filing decision? When did the approval happen relative to the filing?
Timeliness. Were filing deadlines met? Can you prove when each step in the workflow occurred? Timestamp integrity is critical.
Where most BSA programs fall short
The most common examination finding isn't that institutions made wrong decisions. It's that they can't adequately document the decisions they made.
Alert triage decisions live in case management tools with limited audit trails. Investigation notes are stored in free-text fields that can be edited after the fact. Filing decisions are communicated via email. Supervisory approvals are verbal or implied.
When an examiner asks "show me the approval chain for this SAR filing," the BSA team spends days reconstructing it from fragments across multiple systems. The result is a narrative that the examiner has to take on faith — because there's no way to independently verify it.
Building an examination-ready BSA workflow
The fix isn't more documentation. It's better documentation infrastructure. Every decision point in your BSA workflow should produce a tamper-evident record at the moment it happens — not weeks later when the examiner calls.
That means recording alert triage decisions, investigation findings, filing decisions, and supervisory approvals into an append-only ledger that no one can alter after the fact. Each record should be timestamped, attributed to a specific person, and cryptographically linked to the records before and after it.
When the examiner asks for evidence, you hand them a self-contained evidence packet that they can verify independently. No trust required. No narrative needed. The math proves the record is authentic.
Seal every BSA workflow decision — alert triage, investigation, filing, and approval — into a tamper-proof record built for FinCEN examiners.
Get notified when we publish.
No spam. Just new articles on examination readiness, cryptographic compliance, and proving high-stakes decisions.