Audit of FinCEN's Management of BSA Data—User Access and System of Records Notice

View Report

Date Issued

Tuesday, February 17, 2026

Submitting OIG

Department of the Treasury OIG

Agencies Reviewed/Investigated

Department of the Treasury

Report Number

OIG-26-015

Report Type

Audit

Agency Wide

Yes

Number of Recommendations

Questioned Costs

Funds for Better Use

Report updated under NDAA 5274

Open Recommendations

This report has 14 open recommendations.

Recommendation Number	Significant Recommendation	Recommended Questioned Costs	Recommended Funds for Better Use
1-1	Yes	$0	$0
The Director of FinCEN should conduct and document an assessment of FinCEN’s decision to offer bulk data access, including the potential risks and how those risks are being mitigated.
1-2	Yes	$0	$0
The Director of FinCEN should update FinCEN’s bulk data access SOP to specify how to conduct and document reviews of requests and periodic reevaluations of agencies’ need for bulk data access, including which personnel are responsible for conducting these reviews and approving access.
1-3	Yes	$0	$0
The Director of FinCEN should conduct and document a reevaluation of the basis for granting each agency access to bulk data, in accordance with the bulk data SOP, to determine whether the overall benefits of continuing to provide such access outweigh the potential downsides and whether those downsides can be mitigated effectively.
2-1	Yes	$0	$0
The Director of FinCEN should review and update the BSA data SORN to ensure it identifies all routine uses and specifically and clearly describes the purpose of bulk data and how external agencies will use the data. Also, ensure FinCEN accurately details its administrative practices.
2-2	Yes	$0	$0
The Director of FinCEN should ensure that FinCEN, going forward, complies with SORN requirements in the Privacy Act, Treasury regulations, OMB guidance, and Treasury’s Handbook.
3-1	Yes	$0	$0
The Director of FinCEN should update FinCEN’s BSA data SOPs to require verification that an MOU has been executed with an agency before its users are granted access to BSA data.
4-1	Yes	$0	$0
The Director of FinCEN should ensure SOPs specifically cover platform program access and require the execution of an MOU with external agencies before providing their users platform program access.
4-2	Yes	$0	$0
The Director of FinCEN should update FinCEN’s BSA data SOPs to clearly specify the types of access to which they apply.
4-3	Yes	$0	$0
The Director of FinCEN should execute MOUs with all agencies participating in the platform program.
5-1	Yes	$0	$0
The Director of FinCEN should immediately review BSA data MOUs to determine which require updates and execute updated MOUs with those external agencies.
5-2	Yes	$0	$0
The Director of FinCEN should update FinCEN’s BSA data SOPs to require that FinCEN personnel periodically review MOUs to determine if they require an update, and if so, execute updated MOUs with those external agencies.
6-1	Yes	$0	$0
The Director of FinCEN should update FinCEN’s BSA data SOPs to ensure accurate tracking and consistent documentation of BSA data MOUs.
7-1	Yes	$0	$0
The Director of FinCEN should update FinCEN’s BSA data SOPs to require a review to ensure FinCEN personnel appropriately maintain MOUs and related documentation. Ensure the update specifies that decision matrices are appropriately maintained.
8-1	Yes	$0	$0
The Director of FinCEN should update FinCEN’s BSA data SOPs to require that FinCEN identify and permit designees to sign MOUs in lieu of FinCEN’s Director and FinCEN personnel and external agency officials record the execution date on MOUs.