Anti-money laundering (AML) regulations are a set of procedures, laws, and regulations designed to halt the practice of generating income through illegal actions, such as laundering money. The use of open source software may present risks related to anti-money laundering and sanctions compliance, particularly if the software is used to facilitate financial transactions.
Intersection With Open Source
If an open-source software is being used to develop financial applications, it must include features that support AML compliance. These might include, for example, the ability to track and report suspicious transactions, perform customer due diligence, and ensure "Know Your Customer" (KYC) protocols.
As open-source code is publicly accessible, the development community has a responsibility to ensure that their software does not inadvertently facilitate money laundering activities.
Crypto-Currencies: There is also consideration for open source decentralized projects and cryptocurrency. "Crypto" has recevied tremendous scrutiny though significant effort is being made in the development of Central Bank Digital Currencies (CDBCs)
Bank Secrecy Act 1970
The Bank Secrecy Act of 1970 (BSA), also known as the Currency and Foreign Transactions Reporting Act, is a U.S. law requiring financial institutions in the United States to assist U.S. government agencies in detecting and preventing money laundering. The BSA is sometimes referred to as an anti-money laundering law (AML) or jointly as BSA/AML.
A significant software industry has developed around providing software to analyze transactions in an attempt to identify transactions or patterns of transactions that may indicate AML. This implies that open source software in certain uses may have to comply with collecting transaction information, as well as potentially developing new open source software solutions that may support BSA reporting.
Example: In 2012, HSBC was charged with willfully failing to maintain an effective anti-money laundering program and willfully facilitating financial transactions for customers in countries under U.S. sanctions, including Iran, Sudan, and Libya. HSBC ultimately agreed to pay a $1.3 billion settlement to resolve the charges, which represented the largest penalty ever imposed under the Bank Secrecy Act at the time.