CCO logo
Focused certification exam prep
Start practice
Home / Study Resources / Core Study Guides / Credit Union BSA AML Compliance Officer Duties

Credit Union BSA AML Compliance Officer Duties

Updated 11 min read CCO Exam Prep
Table of Contents
TL;DR
  • Domain 4 (BSA/AML and Operational Compliance) is a dedicated CCO exam domain requiring mastery of FinCEN rules, SAR filing, and OFAC screening.
  • A credit union BSA/AML Compliance Officer must maintain a written program covering all five BSA pillars, including independent testing.
  • The CCO exam tests how BSA intersects with Domains 1-3, so siloed studying will leave gaps in your preparation.
  • SAR confidentiality requirements, CTR thresholds, and beneficial ownership rules are recurring, high-weight topics in Domain 4 question sets.

What BSA/AML Compliance Actually Means at a Credit Union

The Bank Secrecy Act (BSA) is the primary federal law requiring financial institutions - including federally chartered and state-chartered credit unions - to assist the government in detecting and preventing money laundering, terrorist financing, and other financial crimes. "AML" (Anti-Money Laundering) describes the practical program a credit union builds to comply with the BSA and related regulations administered by the Financial Crimes Enforcement Network (FinCEN), a bureau of the U.S. Department of the Treasury.

For a credit union, this is not an abstract regulatory exercise. It directly shapes how accounts are opened, how transactions are monitored, how employees are trained, and how suspicious activity is identified and reported. The person responsible for overseeing all of this is the BSA/AML Compliance Officer - and in the credit union environment, that responsibility often falls to the same individual who holds the broader Credit Union Compliance Officer (CCO) designation or is actively working toward it.

Understanding what this role demands in practice is essential both for career success and for passing the CCO certification exam, where Domain 4: BSA/AML and Operational Compliance represents a substantial and technically demanding portion of the test.

Why This Matters Beyond the Exam: NCUA examiners treat BSA/AML compliance as a priority examination area. Weaknesses in a credit union's BSA program can result in enforcement actions, civil money penalties, and reputational damage - making the CCO's BSA knowledge directly tied to institutional risk.

Domain 4: BSA/AML and Operational Compliance - What the CCO Exam Tests

The CCO certification exam is organized into four domains. Domain 4 focuses specifically on BSA/AML and Operational Compliance, and it is among the most technically dense areas of the exam. Candidates who underestimate its scope - or who only review the BSA at a surface level - frequently encounter questions that require applied, scenario-based knowledge rather than simple definition recall.

Domain 4: BSA/AML and Operational Compliance

This domain tests a candidate's ability to apply BSA/AML requirements within a credit union context, including regulatory reporting obligations, member due diligence, and internal controls.

  • Currency Transaction Report (CTR) requirements, thresholds, and exemptions
  • Suspicious Activity Report (SAR) filing triggers, timelines, and confidentiality rules
  • Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) rules
  • Beneficial Ownership requirements for legal entity members
  • OFAC compliance and screening obligations
  • BSA Officer designation requirements under federal regulations
  • Record retention requirements for BSA-related documents
  • Independent testing and internal audit of the BSA program
  • Operational controls: dual controls, segregation of duties, cash handling compliance

Questions in Domain 4 are frequently scenario-based. Rather than asking "what is the CTR threshold," the exam may present a multi-part transaction scenario and ask whether a CTR must be filed, whether the transaction patterns suggest structuring, or whether an exemption applies. This format rewards candidates who practice with realistic, applied questions - which is exactly why working through the CCO Exam Prep practice test platform with Domain 4 questions is so valuable.

SAR Confidentiality: A High-Stakes Sub-Topic

One area that generates significant exam questions - and real-world compliance risk - is SAR confidentiality. Federal law prohibits a credit union from notifying any person involved in the transaction that a SAR has been filed or is being considered. The CCO exam tests this rule in nuanced scenarios: What happens when a member's attorney asks about account activity? Can a board member discuss a filed SAR with a merger partner under due diligence? What are the limits of sharing SAR information within a corporate family?

These are not hypothetical edge cases. They represent real situations that credit union compliance officers encounter, and the exam reflects that reality.

The Day-to-Day Duties of a Credit Union BSA/AML Compliance Officer

While the exam tests conceptual knowledge, the CCO designation ultimately prepares candidates for active professional responsibilities. A compliance officer whose role includes BSA/AML oversight will typically manage a wide range of recurring activities.

Transaction Monitoring and Alert Review

Most credit unions use automated transaction monitoring systems that flag activity based on rules and thresholds. The BSA/AML Compliance Officer - or a team they supervise - reviews these alerts, investigates flagged transactions, and makes filing determinations. This requires comfort with both the regulatory standards (when must a SAR be filed?) and the credit union's specific risk profile and membership base.

CTR Filing and Exemption Management

Currency Transaction Reports must be filed for cash transactions exceeding $10,000 in a single business day, aggregated across a member's accounts. The CCO must ensure that CTR filing procedures are accurate, that staff understand aggregation rules, and that Phase I and Phase II exemptions are properly documented and reviewed annually. Errors in CTR filing are a frequent NCUA examination finding.

Member Due Diligence Programs

When a new account is opened - whether for an individual, a small business, a nonprofit, or another entity - the credit union's CDD program governs what information must be collected and verified. For legal entity members, the Beneficial Ownership Rule requires identifying natural persons who own 25% or more of the entity, plus a controlling person. The CCO ensures that front-line staff understand these requirements and that the credit union's account opening procedures reflect current regulatory expectations.

Beneficial Ownership in Practice: The CCO exam tests not just the 25% ownership threshold, but also the certification process, when recertification is required, and what happens when a beneficial owner refuses to provide information. These are details that front-line staff often get wrong, and the compliance officer is responsible for closing that gap.

BSA Training Program Administration

Federal regulations require that all credit union employees receive BSA/AML training appropriate to their roles. The compliance officer is typically responsible for designing or sourcing this training, tracking completion, and ensuring that training content reflects current regulatory developments. Board members and senior management must also receive periodic BSA training, which is a distinct obligation that examiners verify.

OFAC Screening

The Office of Foreign Assets Control (OFAC) maintains sanctions lists that prohibit financial institutions from doing business with designated individuals, entities, and countries. The BSA/AML Compliance Officer oversees the credit union's OFAC screening program - ensuring that screening occurs at account opening, during transactions involving wire transfers, and when the OFAC list is updated. The consequences of an OFAC violation are severe, and the CCO exam tests both the screening obligation and the steps required when a potential match is identified.

The Five Pillars of a BSA Program and Why Each Appears on the CCO Exam

A legally compliant BSA program at a credit union must be built on five foundational pillars. The CCO exam references these pillars directly, and exam questions frequently ask whether a described program meets all five requirements or identify which element is missing or deficient.

BSA Program Pillar What It Requires Common Exam Angle
Internal Policies, Procedures, and Controls Written program approved by the board; covers all BSA obligations Scenario: Is the written policy sufficient for the identified risk?
Designation of a BSA Compliance Officer Board-designated individual responsible for day-to-day compliance Can the BSA Officer role be combined with other duties?
Ongoing Employee Training Role-appropriate training for all staff; documented completion Which employees require training, and how often?
Independent Testing (Audit) Annual audit of the BSA program by an independent party What qualifies as "independent"? Can internal audit fulfill this?
Customer Due Diligence (CDD) Know-your-customer procedures; beneficial ownership for entities When is EDD required? What triggers recertification?

Each pillar generates its own cluster of exam questions. Candidates who study these as isolated topics often struggle with questions that require understanding how the pillars interact - for example, how a deficiency in employee training undermines the effectiveness of the credit union's internal controls.

How BSA/AML Intersects with Other CCO Exam Domains

One of the most important things a CCO exam candidate can understand is that Domain 4 does not exist in isolation. The BSA/AML obligations of a credit union compliance officer intersect directly with Domains 1, 2, and 3 in ways that the exam actively tests.

Domain 1: Credit Union Regulatory Basics

Domain 1 covers the regulatory framework within which credit unions operate, including the role of NCUA, the Federal Credit Union Act, and the relationship between federal and state regulators. BSA/AML authority flows through this framework. FinCEN has regulatory authority over the BSA, but NCUA examines credit unions for BSA compliance. Understanding this dual-authority structure is essential for answering Domain 1 questions that touch on examiner authority and for understanding why BSA examination findings carry weight at the NCUA level.

Domain 2: Deposit and Account Compliance

Domain 2 addresses account opening, deposit regulations, and the rules governing how credit unions interact with members at the account level. CDD and beneficial ownership requirements sit at the intersection of Domains 2 and 4. When a question asks about what information must be collected before opening a business account, that is simultaneously a Domain 2 and Domain 4 question.

Domain 3: Lending Compliance

BSA/AML considerations arise in lending contexts as well. Suspicious activity in loan accounts - large cash paydowns, loan proceeds being rapidly withdrawn and transferred, third-party payoffs - can trigger SAR filing obligations. The credit union's AML monitoring program must cover loan activity, not just deposit transactions, and the CCO exam reflects this expectation.

Key Takeaway

When you study for the CCO exam, treat Domain 4 as a thread that runs through all four domains - not a standalone chapter. Questions that seem to be about account opening (Domain 2) or lending (Domain 3) often have a BSA/AML dimension embedded in them.

Who Hires a Certified Compliance Officer for BSA/AML Work

Credit unions of all sizes hire individuals specifically for BSA/AML compliance functions, though the title and scope vary. At smaller credit unions, a single compliance officer may hold responsibility for all four CCO exam domains - regulatory basics, deposit compliance, lending compliance, and BSA/AML. At larger institutions, there may be a dedicated BSA Officer who reports to a Chief Compliance Officer.

The CCO certification is valued by employers across this spectrum. It signals that a candidate has demonstrated knowledge across the full range of credit union compliance obligations, including the technically demanding BSA/AML domain. Credit union leagues, CUSO networks, and state-chartered credit unions supervised by state regulators all operate within this same BSA framework, creating consistent demand for credentialed compliance professionals.

For those preparing to enter this field or advance within it, reviewing resources like How to Pass the CCO Exam in 2026 can help you understand how to structure your overall exam preparation alongside the domain-specific depth required for BSA/AML topics.

Preparing Specifically for Domain 4 on the CCO Exam

Because Domain 4 is dense with regulatory detail and heavily scenario-based, it benefits from a structured preparation approach that goes beyond reading FinCEN guidance and NCUA examination procedures.

Week 1

BSA Foundations and the Five Pillars

  • Read FinCEN's BSA requirements applicable to credit unions and NCUA's BSA/AML examination procedures
  • Memorize the five-pillar structure and be able to identify deficiencies in described programs
  • Practice CTR aggregation scenarios, including multi-account and multi-day aggregation
Week 2

SAR Filing, CDD, and Beneficial Ownership

  • Work through SAR filing timelines, triggers, and confidentiality rules using scenario questions
  • Study the Beneficial Ownership Rule: thresholds, certification process, and recertification triggers
  • Review CDD vs. EDD: when enhanced due diligence is required and what it must include
Week 3

OFAC, Structuring, and Cross-Domain Integration

  • Study OFAC screening obligations, the steps when a match is identified, and penalty structure
  • Review structuring definitions and how to identify structuring patterns in transaction scenarios
  • Practice Domain 4 questions alongside Domain 2 (account opening) and Domain 3 (lending) to identify cross-domain connections

Using the CCO Exam Prep practice test platform during each of these weeks - particularly for Domain 4 scenario questions - accelerates the pattern recognition that exam-day success requires. The platform's question format mirrors the applied, scenario-based style of the actual CCO exam, making it the most efficient complement to your content review.

It is also worth noting that candidates who have previously reviewed Credit Union BSA AML Compliance Officer Duties as a reference point for the professional role itself often find it easier to contextualize exam questions - because they understand not just what the regulation says, but why a compliance officer in the field would make a particular decision.

Record retention is another area that catches unprepared candidates off guard. The BSA requires credit unions to retain certain records for five years - CTRs, SARs, CDD records, and others. Knowing the retention periods, what they apply to, and where they are documented in the regulation is a straightforward but frequently tested detail.

Finally, do not overlook the operational compliance elements of Domain 4, which include dual control requirements for vault and cash operations, night deposit procedures, and ATM compliance. These topics are less glamorous than SAR filing, but they appear on the exam and reflect real operational risks that a compliance officer is expected to manage. Accessing targeted Domain 4 question sets through the CCO Exam Prep practice test site is one of the most direct ways to identify and close these gaps before exam day.

Frequently Asked Questions

What specific topics in BSA/AML does the CCO exam focus on most heavily?

Domain 4 of the CCO exam emphasizes SAR filing requirements and confidentiality, CTR thresholds and aggregation rules, the Beneficial Ownership Rule for legal entity members, OFAC screening obligations, and the five-pillar BSA program structure. Scenario-based questions that require you to apply these rules to specific situations are particularly common.

Is the BSA/AML domain tested separately from the other CCO exam domains?

The CCO exam covers all four domains in an integrated format, not as separate sections. While Domain 4 addresses BSA/AML and Operational Compliance specifically, many questions require knowledge that spans multiple domains - particularly the intersection of BSA requirements with account opening (Domain 2) and lending compliance (Domain 3).

Do credit unions need a separate BSA Officer in addition to a compliance officer?

Federal regulations require credit unions to designate a BSA Compliance Officer, but this role can be combined with broader compliance responsibilities. At smaller credit unions, the CCO and BSA Officer are often the same person. At larger institutions, these may be separate positions. The CCO exam tests the designation requirement itself, including what qualifications and board approval are involved.

How does OFAC compliance differ from BSA/AML compliance, and are both tested on the CCO exam?

BSA/AML compliance focuses on detecting and reporting suspicious financial activity related to money laundering and financial crimes. OFAC compliance is about screening transactions and accounts against sanctions lists to prevent dealings with designated parties. Both are tested in Domain 4 of the CCO exam, though they operate under different legal authorities - FinCEN for BSA and the U.S. Treasury's OFAC for sanctions.

What is the best way to prepare for the scenario-based questions in Domain 4?

The most effective preparation combines a thorough reading of FinCEN guidance and NCUA BSA examination procedures with active practice on scenario-based questions. Generic memorization of definitions is not sufficient for Domain 4 - you need to practice applying rules to specific situations. Using the CCO Exam Prep practice test platform with a focus on Domain 4 question sets is the most targeted approach available.

Continue reading:

Ready to pass your CCO exam?

Put this into practice with free CCO questions across every exam domain.