MSB Registration: What It Requires and Who It Applies To

What is MSB Registration?

Money Services Business (MSB) Registration is a federal compliance requirement under the Bank Secrecy Act (BSA), codified at 31 CFR Part 1022, that requires businesses engaged in defined financial services to register with the Financial Crimes Enforcement Network (FinCEN) before operating. FinCEN finalized the MSB definition and registration framework in 1999, though the BSA itself dates to 1970.

The policy logic isn't complicated. MSBs process high volumes of cash, often serve customers who lack traditional bank accounts, and operate across state and international borders. Those characteristics make them attractive conduits for money laundering, fraud proceeds, and terrorist financing. Registration gives FinCEN a live map of who's operating, where, and in what capacity.

Registration isn't a single filing. Every MSB must complete initial registration within 180 days of establishing the business, then re-register every two years via FinCEN's BSA E-Filing System. Material changes, including ownership transfers, new service types, or a new principal business address, require an updated filing within 180 days of the change.

The Anti-Money Laundering Act of 2020 (AMLA 2020) tightened the BSA framework and gave FinCEN expanded authority over unregistered MSBs, including new penalty ceilings and broader subpoena powers. Registration is the first gate in a full BSA/AML program. Without it, every subsequent obligation, SAR filing, CTR reporting, customer identification, operates on an unregistered foundation.

Who does MSB Registration apply to?

FinCEN's regulations at 31 CFR § 1010.100 define seven categories of MSB. A business qualifies if it conducts any of the following:

• Money transmitters: Any person that accepts currency, funds, or value and transmits it to another location or person by any means. No dollar threshold applies. This covers traditional wire transfer companies, digital payment platforms, crypto exchanges that facilitate user-to-user transfers, and cross-border remittance services.
• Currency dealers and exchangers: Businesses that exchange one currency for another for more than $1,000 per customer per day. Airport forex kiosks, international money transfer shops, and crypto-to-fiat conversion services all fall here.
• Check cashers: Businesses that cash third-party checks, drafts, or similar instruments for a fee, exceeding $1,000 per customer per day.
• Issuers of money orders: Any person issuing money orders with face value exceeding $1,000 per customer per day.
• Sellers or redeemers of money orders: Same $1,000 threshold.
• Issuers of traveler's checks: Same $1,000 threshold.
• Prepaid access providers: Businesses selling or redeeming prepaid access products, including gift cards and prepaid debit programs, exceeding $1,000 per customer per day.

Two entities are explicitly excluded: the US Postal Service, and banks, credit unions, and broker-dealers already subject to federal examination. Those institutions carry their own AML obligations under parallel frameworks.

Jurisdictional scope is broad. A foreign company transmitting funds on behalf of US customers is an MSB under US law, regardless of where it's incorporated. FinCEN has stated this position explicitly in guidance, and federal prosecutors have acted on it.

Two thresholds stand out. The $1,000 per-customer per-day limit applies to most categories. Money transmitters face no threshold at all: if your business moves funds, registration is required.

What does MSB Registration require?

Registration activates a set of concrete, time-bound obligations:

1. File FinCEN Form 107 (Registration of Money Services Business) within 180 days of establishing the business. The form identifies business owner(s), principal location, the types of financial services offered, and every agent authorized to conduct transactions on the MSB's behalf.

2. Re-register every two years. The renewal window opens 180 days before expiration. A lapsed registration carries the same legal exposure as never registering.

3. List all agents annually. An MSB using third-party agents must list each agent's name, address, and identification number. FinCEN guidance requires this list to be reviewed for accuracy each year and updated at each two-year renewal.

4. Update within 180 days of material changes. Ownership transfers, new financial services, principal address changes, and significant agent network changes all require a fresh filing. The clock starts at the date of the change, not when compliance learns about it.

5. Maintain a written AML program. Registration triggers the full BSA program obligations: a designated compliance officer, written policies and procedures, employee training, and independent testing. The program must be reasonably designed to prevent the MSB from being used to launder money.

6. File Currency Transaction Reports for cash transactions over $10,000. See CTR filing rules for thresholds and form requirements.

7. File Suspicious Activity Reports for transactions of $2,000 or more that the MSB knows or suspects involve illicit activity. See SAR filing obligations for specific thresholds and filing deadlines.

8. Implement a Customer Identification Program. Written, consistently applied procedures for collecting and verifying customer identity on transactions above applicable thresholds. Undocumented practices don't survive an examination.

9. Retain all records for five years from the date of creation. This covers registration documents, transaction records, SAR copies where retention is required, and agent lists. Records must be available to FinCEN on request within a reasonable timeframe.

What evidence do regulators expect?

FinCEN examiners and state bank regulators arrive with a consistent set of requests. On exam day, expect the following:

• Active registration confirmation: A current FinCEN Form 107 filing with valid confirmation number. An expired registration is a standalone finding before the examiner reviews anything else.
• Written AML program: A signed, dated policy document covering customer identification, transaction monitoring, SAR and CTR filing procedures, and recordkeeping. "We have a program" doesn't work without the document.
• Compliance officer designation: An org chart or formal role description naming the individual responsible for AML oversight, with evidence that person is actively exercising the role.
• Training records: Completion logs for all staff handling financial transactions. Regulators expect annual training at minimum, with documented coverage of SAR and CTR obligations.
• Independent audit results: Periodic testing of the AML program by someone genuinely separate from the compliance function. If the compliance officer doubles as the auditor, examiners notice.
• SAR and CTR filing logs: A complete record of every report filed, including date, transaction amount, triggering activity, and decision rationale. Examiners cross-reference these against raw transaction data to test for gaps or structuring.
• Agent due diligence records: Documentation of how each agent was vetted before authorization, what monitoring has been conducted since, and any suspicious activity identified at agent locations.
• Transaction monitoring evidence: Whether the system is rules-based or AI-assisted, examiners want calibration records, alert disposition logs, and written escalation procedures for high-risk alerts.
• Customer identification records: For transactions above applicable thresholds, the specific identity documents collected and the verification steps taken. Consistency matters as much as completeness.

Common failure modes

The same patterns appear across FinCEN enforcement actions and state examination findings:

• Operating without ever registering. Still the most common violation among smaller operators. Arthur Budovsky ran Liberty Reserve as an unlicensed money transmitter moving approximately $6 billion globally before his 2013 arrest and subsequent guilty plea. The DOJ's press release on the Liberty Reserve conviction is worth reading for any compliance team explaining this risk to management.

• Registration lapse. Businesses that register once and miss the two-year renewal end up in the same legal position as an unregistered operator. It's a frequent failure in businesses that grew through acquisition or restructured ownership without compliance involvement in the deal process.

• Incomplete or stale agent lists. MSBs using retail agent networks frequently fail to list all agents or let the list go stale as agents change. FinCEN has cited this specifically in examination findings.

• Missing the 180-day update window after M&A. Compliance teams often don't learn about an ownership change until well after it closes. The 180-day clock starts at closing regardless.

• Crypto platforms assuming they're exempt. FinCEN's 2013 guidance (FIN-2013-G001) made clear that virtual currency exchangers and administrators are MSBs. Platforms that ignored it have faced criminal referrals. FinCEN assessed a $110 million civil penalty against BTC-e in 2017 partly for operating as an unregistered MSB while processing over $4 billion in transactions, including ransomware proceeds (FinCEN enforcement action).

• Treating state licensing as a substitute for federal registration. They're separate obligations running on separate tracks. A New York BitLicense or California money transmitter license doesn't satisfy the FinCEN registration requirement.

Penalties for non-compliance

Under 31 U.S.C. § 5321, civil penalties for willful BSA violations reach $25,000 per day of violation. Under 31 U.S.C. § 5322, criminal penalties for willful violations carry fines up to $250,000 and imprisonment up to five years. Where the violation involves a pattern of illegal activity, the ceiling rises to $500,000 and ten years.

AMLA 2020 raised the civil penalty ceiling for certain violations to the greater of $1 million or twice the amount of the underlying transaction, whichever is higher.

Three enforcement cases show the range:

Western Union (2017): $586 million across DOJ criminal charges, FinCEN civil penalties, and FTC civil enforcement. Western Union's liability arose from maintaining an inadequate AML program and processing transactions it knew involved consumer fraud through agent locations. The full deferred prosecution agreement is in the DOJ's press release. Western Union was registered throughout. The fine was for what it did after registration.

MoneyGram (2012): $100 million forfeiture under a deferred prosecution agreement with DOJ, for failure to maintain an effective AML program and failure to act on known fraud at specific agent locations. DOJ release here.

BTC-e (2017): $110 million FinCEN civil penalty for operating as an unregistered MSB and processing over $4 billion in transactions, including proceeds from multiple exchange hacks and ransomware campaigns.

State-level exposure adds another layer. New York, California, and Texas each impose independent penalties for missing state money transmitter licenses. Those fines run on separate tracks from FinCEN's federal enforcement, and both can apply simultaneously.

Related regulations and frameworks

MSB Registration sits at the entry point of the BSA/AML compliance architecture. The key relationships:

The Bank Secrecy Act is the parent statute. Registration activates the full set of BSA program requirements: written AML policies, training, independent testing, CTR and SAR filing, and five-year recordkeeping. Registration without operating the program offers no legal protection.

The FinCEN CDD Rule applies to MSBs serving legal entity customers. If an MSB transmits funds on behalf of a company, it must identify the beneficial owners who own or control 25% or more of that entity. This obligation runs alongside registration and has its own examination record requirements.

AMLA 2020 modernized the BSA framework and expanded the beneficial ownership reporting regime through the Corporate Transparency Act. The underlying corporate entity operating an MSB may have independent CTA beneficial ownership reporting obligations to FinCEN, separate from the MSB registration itself.

Internationally, FATF Recommendation 14 covers wire transfer and payment service provider obligations. MSBs with cross-border remittance operations should also review FATF Recommendation 32 on cash couriers, which addresses parallel controls for physical cash movement across borders. Crypto-adjacent MSBs should consult FATF's virtual assets guidance, which FinCEN has largely incorporated into its own supervisory approach.

State money transmitter licensing operates in parallel and is not optional. Forty-nine US states require independent licenses for money transmission. FinCEN registration doesn't substitute for them, and state regulators conduct their own examinations on separate schedules. An MSB with FinCEN registration but missing five state licenses has five active enforcement exposures.

Section 314(a) information-sharing requests from FinCEN and law enforcement also reach registered MSBs. Once registered, an MSB is in FinCEN's contact list for time-sensitive law enforcement requests, which carry their own response obligations.

How FluxForce supports MSB Registration compliance

FluxForce's AI agents automate the core compliance processes that registered MSBs must operate. Aiden Flux runs continuous transaction monitoring and builds alert queues for SAR and CTR decisions. Nova Sentinel screens customers and agents against sanctions lists, PEP databases, and adverse media. Every decision comes with a full audit trail, so examiners can trace any transaction from raw data to final disposition without manual reconstruction. For compliance officers managing MSB registration obligations and the full BSA program that comes with it, see how the FluxForce RegTech platform works in practice.