The Patriot Act for Businesses

The Patriot Act requires banks and businesses to verify the identity of any new customer seeking to open an account or to engage in large purchase and sale transaction. The Act requires that financial institutions need to have in place a system for customer identification, verification, record keeping, customer notice, and data list screening. The Act also requires that the businesses check 12 different lists retained by nine federal agencies—including the Denied Parties, Embargoed Countries and International Traffic in Arms Debarment lists—to determine the identity of customers. The Denied Parties list (Specially Designated Nationals List) can be found on the Department of Treasury website, Officer of Foreign Assets Control (

Section 326 of the U.S.A. Patriot Act calls for the following:

  • Verifying the identity of any person seeking to open an account, to the extent reasonable and practicable, and;
  • Maintaining records of the information used to verify the person’s identity, including name, address, and other identifying information, and;
  • Determining whether the person appears on any lists of known or suspected terrorists or terrorist organizations provided to the financial institution by any government agency.

Although for first instance, the act looks as it is directed towards banks, this is not true. The act applies to businesses as well.   This article is geared towards informing businesses who deal with large financial transactions; specifically, international transactions like wire transfers.

Generally, all business could now fall under the Patriot Act reporting requirements whether they are understood to fall within the definition of “financial institution,” as all businesses ultimately transacts money with people and other businesses. As such, whether explicit in the Act or definitional section, each and every business should assess what it needs to do to comply with the Act.

If feasible, businesses should designate a compliance officer to assure the business is complying with federal laws. If a compliance officer is not an option, businesses should have a procedure in place to make sure compliance guidelines are observed. Then the business should consider the following steps with all new customers:

  1. Regulators expect that you can correlate the relationship between all parties in a transaction, which when linked, can detect questionable activity. In other words, find out who is your customer’s customer or who is the final person or entity that benefits from the transaction.
  2. Take reasonable steps to verify the customer’s identity, such as obtaining a copy of a valid driver’s license, passport or other form of government–issued identification to ensure a customer’s identity
  3. File the verification documents with the business and if necessary with local and federal law enforcement.
  4. Check the customer’s and the customer’s organization’s name (if relevant) against a list of known and suspected terrorist organizations. This can be done by reviewing the law enforcement lists mentioned above, especially the Denied persons list published by the Treasury Department.
  5. If a match occurs, the compliance officer has a duty to report the person or organization to local and federal law enforcement.

Small business should take additional measures to comply with all government regulations to make sure they are not involved, however remote, in a money laundering transaction. In addition to know your customer, monitor suspicious activities, and records retention, businesses must go the extra step and investigate new customers through various government agencies like the OFAC.

OFAC Compliance

The Office of Foreign Assets Control (OFAC) of the U.S. Department of the Treasury administers and enforces a series of new laws that impose economic and trade sanctions against targeted foreign countries and their agents, terrorism sponsoring organizations and agencies, and international narcotics traffickers based on U.S. foreign policy and national security goals.

Under these laws, financial institutes, securities firms, and insurance companies are obligated to block or “freeze” property and payment of any funds transfers or transactions, and to report all blockings to OFAC within 10 days of occurrence. Any institution in non-compliance is open to adverse publicity, fines, and even criminal penalties.

Many of the sanctions are based on United Nations and other international mandates, are multilateral in scope, and involve close co-operation with allied governments.

As a business, dealing with international clients or transaction, it is expected of you to comply with the OFAC investigating and reporting requirement.


Whenever a customer deposits a currency in excess of $10,000, you shall submit an IRS Form 4789 (CTR) – to the IRS by the 15th day following the date of the transaction.

Please note that Multiple same-day transactions by or on behalf of a customer shall be treated as a single transaction for the purposes of the compliance.  Any suspicious activity that raises a red flag to the average person should be flagged and reported as possible money laundering transaction.


The Act Provides for Large Penalties for Noncompliance. Penalties for non-compliance with the Act’s requirements are severe. The federal government may assess companies criminal penalties of up to $1 million per incident. Civil fines of $250,000 per incident may be assessed as well. Further, executives may be fined and even imprisoned depending on the severity of the violations. Forfeiture of accounts and other assets in question is another possible penalty. While these penalties are extremely severe, the negative publicity of having violated the Patriot Act may be the worst penalty yet.

Compliance with the Act is an essential aspect of doing business. All businesses should have mechanisms in place to identify and properly report “suspicious transactions,” currency transactions in excess of $10,000, and people or entities listed on any of the “watch lists.” With the proper training, advice and procedures, compliance with these required acts should become a normal and easy part of doing business in today’s business environment.

Planning and preparation today will affect the ability to grow your business tomorrow. By following the guidelines stated above, you should be well on your way toward protecting your business from the perils of criminal activity and the wrath of the regulators.


Disclaimer. Nothing in related to the enclosed information should be construed and or considered as legal advice for any individual, entity, case, or situation. The following information is prepared for advertisement purposes only. The information is intended ONLY to be general and should not be relied upon for any specific situation. For legal advice on your specific situation, we encourage you to consult with an attorney experienced in the area of International Law.