Banking Compliance Regulations, Laws, & Standards by Country

Banks are critical institutions charged with managing money for individuals, businesses, and even governments. If a bank handles money poorly, it can cause profound disruptions in more than just people’s daily lives. It can also cause dangerous instability in the economies and politics of regions, nations, and even worldwide alliances.

‍

So no matter where you go in the world, governments will have some form of control framework placed on banks and other financial institutions. Banks need to comply with these assigned obligations in order to operate in certain jurisdictions without facing penalties from regulators.

‍

However, this is made difficult by the fact that different countries and regions have different rules and regulatory bodies for banks. So this article will serve as a guide to some of the key banking compliance regulations and regulators from countries and regions around the world. It will also offer some general guidelines for complying with banking regulations in the event that they overlap between jurisdictions.

‍

To help organizations stay compliant, we’ll cover the following:

‍

‍

Click a link in the table below to jump to the section on banking compliance standards for a particular country or region.

‍

‍

First, though, let’s answer a basic question: what does regulatory compliance in banking specifically refer to?

‍

‍

‍

Banking regulatory compliance refers to the policies and procedures that financial institutions implement to adhere to financial industry standards of conduct. Standards are set by government agencies and other regulatory bodies to maintain the stability of national and global financial systems.

‍

‍

Money, as a concept, has become fundamental to how modern societies and economies work. And banks are some of the foremost financial institutions when it comes to safeguarding and managing money for both individuals and organizations.

‍

If banks deliberately mismanage money or allow it to be stolen through other financial crimes, financial systems could collapse as people lose trust in them. Not only that, but bad actors could take control of economies and even governments with their financial power. This could lead to nations—and even the world—being run according to their agendas.

‍

So governments and intergovernmental organizations must regulate banks and other financial institutions to ensure they operate in the interest of the public good. And banks must comply with these regulations to maintain the trust of governments and the general public.

‍

That includes enforcing organizational rules to not only detect and block external threats but also to protect money from being misused and misappropriated inside a bank.

‍

‍

Of course, every country or geographic area is in a different situation. So specific bank compliance regulations and authoritative bodies will be unique to some places. Here’s a look at the banking compliance frameworks in select nations and regions.

‍

‍

Having one of the biggest economies in the world, the US has a large and complex financial system with several regulators and laws to keep it running smoothly.

‍

‍

Main Bank Regulators in the United States (US)

The primary US banking regulators are the OCC and the Federal Reserve. Other agencies have been formed over the years to protect banking customers (FDIC & CFPB); fight financial crime at home and abroad (FinCEN & OFAC); and enforce financial reporting standards (FFIEC).

‍

‍

‍

Main Bank Regulations to Follow in the United States (US)

The US has several banking laws in place that deal with areas such as licensing, capital adequacy, reporting standards, and countering financial crime. It also has regulations that deal with protecting banking customers from discrimination and unfair practices. While some of them were created in the 1800s or earlier, others date back only to the 1970s or even the early 21st century.

‍

• National Bank Act (Licensing & Supervision): This law created the OCC and requires all national banks to receive licensing from the agency before beginning operations.
• Federal Reserve Act (Capital Adequacy & Risk Management): This law established the Federal Reserve System as the USA's central bank, and requires banks to reserve some of their assets to guard against economic downturn.
• Banking Act of 1933 (Capital Adequacy & Risk Management): Also sometimes called the Glass-Steagall Act, this law created the FDIC and requires banks to insure their customers’ deposits (up to a certain amount) should the bank fail.
• Sarbanes-Oxley Act (Reporting & Disclosure): Passed in 2002 after a series of corporate accounting scandals, this law outlines required procedures for US corporations—including banks—in retaining and reporting financial information.
• Dodd-Frank Wall Street Reform and Consumer Protection Act (Consumer Privacy & Protection): Though its actual regulations on banks have been rolled back in recent years, the Dodd-Frank Act created the CFPB in 2010 to enforce laws protecting investors and bank customers from unfair financial practices.
• Bank Secrecy Act (AML & CFT): The Bank Secrecy Act requires banks to document suspicious financial activity and report it to regulators such as FinCEN. Bank Secrecy Act compliance allows banks to help those agencies in preventing money laundering and other financial crime.
• USA PATRIOT Act (AML & CFT): Amendments made by this law place stricter requirements on banks to know their customers and report suspicious activity, in order to prevent money laundering and terrorist financing.
• Community Reinvestment Act (Training & Awareness): Requires banks to not discriminate between census block groups in terms of income when serving their communities. Banks must still operate safely and soundly, but their ability to service lower-income neighborhoods is factored into audits to approve or deny expansions, mergers, or acquisitions.

‍

‍

Canada has a much smaller economy than the US or even the UK, the latter of which its banking system is based on. However, Canada still usually ranks inside or near the top 10 richest countries in the world, so it has its fair share of banking regulations as well.

‍

‍

Main Bank Regulators in Canada

The Office of the Superintendent of Financial Institutions (OSFI) and the Minister of Finance are the two regulators who need to approve a license for a bank to operate in Canada. Other regulators assist with objectives like managing risks, protecting consumers, operating secure payments systems, and fighting financial crime.

‍

‍

‍

Main Bank Regulations to Follow in Canada

The majority of compliance requirements for banks in Canada are set out by the Bank Act. Most other important laws deal with governing the creation and operation of other regulatory agencies.

‍

• Bank Act (Licensing & Supervision): This is the primary law governing banks in Canada. Among many other things, it defines different categories of banks, and outlines the procedures and rules for becoming a licensed bank.
• Canadian Payments Act (Regulatory Framework Creation): Sets out the legal framework for Payments Canada, Canada’s payment and settlement clearing house. All chartered banks in Canada are required to use and be compliant with this system.
• Canada Deposit Insurance Corporation Act (Capital Adequacy & Risk Management): Established the CDIC, and requires banks to insure depositor assets up to a certain amount in the event a bank fails.
• Financial Consumer Protection Framework Regulations (Consumer Privacy & Protection): Strengthens protections for bank customers in Canada, including allowing larger deposits without fees; requiring banks to resolve formal complaints within a limited time frame; and requiring banks to disclose who is liable for unauthorized payment card transactions, and when.

‍

‍

‍

‍

Main Bank Regulators in the UK

The two primary bank regulators in the UK are the Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA). The PRA is focused more on licensing and managing operational risks in banks to keep the UK’s financial sector stable. The FCA is more concerned with preventing financial crime and other activities that generate reputational risk for the UK’s banks.

‍

‍

‍

Main Bank Regulations to Follow in the UK

Many of the UK’s regulations have been “onshored” from the European Union. However, the UK still has a few key financial laws that originate from within the kingdom.

‍

• Financial Services and Markets Act 2000 (Licensing & Supervision): The main legislation that regulates banks in the UK, it prohibits financial institutions from operating without proper licensing.
• Banking Act 2009 (Capital Adequacy & Risk Management): Outlines protocols for stabilizing a bank that’s having financial difficulties.
• Financial Services Banking Reform Act 2013 (Consumer Privacy & Protection): Separates commercial and investment banking, gives priority to depositor assets if a bank fails, requires banks to hold additional loss-bearing debt instruments, and holds individual decision-makers accountable for bank misconduct.

‍

‍

The European Union is currently made up of 27 countries from across Europe. Therefore, its banking regulations tend to be fairly general in nature in order to accommodate the peculiarities of each member nation.

‍

‍

Main Bank Regulators in the European Union

As each country in the EU has its own federal financial system already in place, the EU itself only has a few primary banking regulators. The European Banking Authority (EBA) is the main one, responsible for creating regulations for financial systems throughout the EU to keep them operating safely and honestly. The European Central Bank (ECB) is another, which supervises EU banks and works to keep the value of the euro (the European Union’s common currency) stable.

‍

‍

‍

Main Bank Regulations to Follow in the European Union

Each member country of the EU has some of its own regulations for its respective financial sector. However, they also follow a series of general rules from EU regulators known as “directives”. Here are a few prominent ones.

‍

• Financial Groups Directive (Licensing & Supervision): Subjects banks that are part of larger financial conglomerates to additional supervision, besides just sector-specific monitoring.
• Capital Requirements Directive (Capital Adequacy & Risk Management): Requires banks to keep a certain percentage of their assets in reserve to guard against financial instability.
• Deposit Guarantee Schemes Directive (Capital Adequacy & Risk Management): This directive is about protecting customers in the event a bank fails. This includes setting minimum amounts of money for deposit accounts that a bank must insure; setting a time limit on reimbursing customers; and requiring banks to inform customers about this insurance.
• Markets in Financial Instruments Directive (Financial Reporting & Disclosure): Requires several kinds of investments offered by banks to have thorough information reported about them.
• Payment Services Directive (AML & CFT): Outlines harmonized conduct rules—including those regarding security and customer ID verification—for all electronic payments providers in the EU (including banks).
• Market Abuse Directive (AML & CFT): Prohibits insider trading (including illegally disclosing insider information) and other forms of market manipulation.
• Bank Recovery and Resolution Directive (Controls & Audits): Requires banks to have emergency plans for dealing with financial crises, and allows federal governments to enforce and help with implementation of these plans. It also gives regulators new options for dealing with bank failures.
• Acquisitions Directive (Outsourcing & Vendor Management): Standardizes the criteria and processes by which banks and other financial institutions are allowed to acquire or merge with others.

‍

‍

Similar to Canada, Australia has a fairly strong financial sector (top 10-15 in the world) that is based somewhat on the much larger system from the UK. Much of its financial regulation is aimed at ensuring banks operate in a fair and honest manner.

‍

‍

Main Bank Regulators in Australia

Australia’s financial sector is mainly governed by the Council of Financial Regulators (CFR), a joint body consisting of the APRA, RBA, ASIC, and Australian Treasury. A few other organizations assist with preventing criminal or otherwise unethical financial activities.

‍

‍

‍

Main Bank Regulations to Follow in Australia

Banking laws in Australia are primarily focused on promoting transparency and fairness in how banks manage their finances and in who owns them.

‍

• Banking Act 1959 (Licensing & Supervision): One of the two main pieces of legislation regulating banking in Australia. Chiefly, it prohibits organizations from offering banking services—or from describing their activities as “banking” (or related terms)—without receiving approval from the APRA.
• Reserve Bank Act 1959 (Capital Adequacy & Risk Management): The other main financial regulatory law in Australia. It created the RBA as a central bank for setting national monetary policy as separate from the commercial banking sector.
• Corporations Act 2001 (Reporting & Disclosure): Governs the conduct of corporations in Australia, including financial institutions. This includes their financial reporting and other transparency obligations, as well as the government’s powers to intervene if they become insolvent.
• Financial Sector Collection of Data Act 2001 (Reporting & Disclosure): Sets requirements on financial institutions to report data and activities to the APRA for supervisory and statistical purposes.
• Financial Sector Shareholdings Act 1998 (Consumer Privacy & Protection): Places limits on how much ownership stake an entity can have in a financial institution, except if given permission from the Australian Treasury. This helps to promote competition and avoid instability that would come from concentrated ownership of the financial sector.

‍

‍

Like Canada and Australia, Mexico has a relatively large economy (top 15-20 in the world), and so requires significant financial regulation. Its laws seem more in favor of bank customers than in some other places.

‍

‍

Main Bank Regulators in Mexico

The main overall bank regulator in Mexico is the Secretariat of Finance and Public Credit (SHCP). This government branch contains other financial regulation departments, including the National Banking Securities Commission (CNBV), which is primarily responsible for licensing and supervising banks. Banxico, Mexico’s central bank, also plays a role.

‍

‍

‍

Main Bank Regulations to Follow in Mexico

Mexico’s financial laws are standard for most places, but a few are more geared towards protecting bank customers than elsewhere.

‍

• Credit Institutions Law (Licensing & Supervision): Also known as the Banking Law or the LIC, it governs the creation and operation of banks in Mexico.
• Law for the Transparency and Organization of Financial Services (Reporting & Disclosure): Regulates disclosures that have to be made to Mexican financial customers, especially concerning fees for services and commissions earned by financial employees.
• Financial Services User Protection and Defence Law (Consumer Privacy & Protection): Covers the protection of Mexican financial customers, including information, dispute resolution, and legal counsel.
• General Provisions referred to in Article 115 of the Credit Institutions Law (AML & CFT): These set requirements for Mexican banks in relation to identifying and monitoring their customers, as well as reporting transactions that could be indicative of money laundering, terrorism financing, or other financial crime.
• General Regulations Applicable to Credit Institutions (Internal Controls & Audits): Outline general conduct rules for Mexican banks, including capital requirements, internal controls, and financial reporting.

‍

‍

Brazil has a somewhat unique financial system in that some regulations are specific to certain types of institutions. And some business sectors that are counted as part of the financial industry elsewhere in the world are not in Brazil, and so have separate regulations.

‍

‍

Main Bank Regulators in Brazil

Most banking regulation in Brazil falls to the National Monetary Council (CNM) and the Brazilian Central Bank (BCB). Other authorities, such as the Brazilian Securities and Exchange Commission (CVM) and the Financial & Capital Markets Association (ANBIMA), oversee investment companies.

‍

The insurance industry is considered separate from Brazil’s financial system, and so has its own unique regulations.

‍

‍

‍

Main Bank Regulations to Follow in Brazil

As mentioned, applicable financial laws in Brazil may differ between types of institutions. Generally, though, they are focused on risk management.

‍

• Brazilian Banking Law (Licensing & Supervision): Also called Law No. 4595/1964, this is the main bank regulation law in Brazil. It establishes the CNM and BCB as the primary bank regulators in Brazil, and requires their authorization to operate a bank in Brazil.
• CNM Resolution 4553/2017 (Regulatory Framework Creation): Distinguishes between different types of banks in Brazil for the purpose of applying different regulatory requirements to each of them (where necessary).
• CNM Resolution 4958/2021 (Capital Adequacy & Risk Management): Sets out general capital requirements for licensed financial institutions in Brazil.
• CNM Resolution 4019/2011 (Capital Adequacy & Risk Management): Lays out what actions the BCB may take when a bank’s operations threaten the integrity of the rest of Brazil’s financial system.
• BCB Resolution 54/2020 (Reporting & Disclosure): Outlines requirements for Brazilian banks in terms of reporting on finances and risk measurements.
• BCB Circular 3978/2020 (AML & CFT): Sets a risk-based framework for preventing money laundering, terrorist financing, and other financial crimes in Brazilian banks, including KYC procedures, PEP classifications, and information-sharing rules.
• CNM Resolution 4557/2017 (Internal Controls & Audits): Provides Brazilian banks with a best practices framework for risk management, capital maintenance, and information disclosure.

‍

‍

Nigeria has a developing economy, around the top 40 in the world. Therefore, it has to walk a fine line between adopting policies for financial growth and not letting opportunistic criminals take advantage of its banking system.

‍

‍

Main Bank Regulators in Nigeria

Nigeria’s central financial regulator is the Central Bank of Nigeria. Unlike some other places, Nigeria doesn’t have a government agency that specifically regulates the financial sector; instead, the Corporate Affairs Commission—which regulates all businesses in Nigeria—oversees banking compliance.

‍

‍

‍

Main Bank Regulations to Follow in Nigeria

Of note regarding Nigeria’s financial regulations is the recent developments in its AML & CFT initiatives. Since almost the beginning of the Financial Action Task Force in 2000, Nigeria was put on the agency’s blacklist for being deficient in AML/CFT systems and uncooperative in improving them. It is only since the 2010s that Nigeria has significantly committed to correcting this, and thus been moved off the blacklist.

‍

• Banks and Other Financial Institutions Act (Licensing & Supervision): Sometimes called the BOFIA, this is the main banking regulation law in Nigeria. It sets requirements for licensing, capital adequacy, operation, and supervision of banks in Nigeria.
• Companies and Allied Matters Act (Licensing & Supervision): Establishes the Corporate Affairs Commission (CAC) and requires all businesses in Nigeria, including banks, to register their information with the CAC before beginning operation.
• Nigerian Deposit Insurance Corporation Act (Capital Adequacy & Risk Management): Created the NDIC and outlines what happens when the CBN steps in to manage a failing bank. It also governs paying out insured deposit amounts to the failing bank’s customers.
• Money Laundering Prevention and Prohibition Act (AML & CFT): Provides an institutional and legal framework for preventing, detecting, and prosecuting money laundering and other financial crimes in Nigeria. Responsible for creating AML bodies such as the EFCC, NFIU, and the EFCC-led Special Control Unit against Money Laundering (SCUML).
• Corporate Governance Guidelines for Commercial, Merchant, Non-Interest and Payment Service Banks in Nigeria (Internal Controls & Audits): Outlines minimum standards for corporate governance of banks in Nigeria.

‍

‍

Bank compliance laws can differ from place to place, but they generally have some common goals: to keep financial systems stable and trustworthy by limiting unnecessary risk, fostering transparency, protecting customers, and shutting out bad actors.

‍

So there are some broad steps that can be taken to achieve and maintain regulatory compliance in banking, no matter where in the world a bank chooses to operate.

‍

‍

1. Register for a license and supervision from the appropriate authorities

As institutions that play important social roles as well as financial ones, banks need authorization and supervision from government branches and agencies to operate pretty much anywhere in the world. Governments need to be sure banks are willing, able, and actively working to maintain their integrity, both for citizens and for the broader national (or even global) economy.

‍

So one of the fundamental steps to meeting bank compliance requirements is to know what organizations in a country or geographic area are responsible for granting bank licenses and overseeing bank operations. A bank needs to go through the processes of registering for an operating license and regulatory supervision, to prove it’s qualified to operate as a bank and that it’s actually operating as intended.

‍

‍

2. Build a plan for following regulations

Banks have to comply with many regulatory rules, which is often difficult when banks are organizations with many moving parts. So banks need frameworks for what risks they’re trying to avoid, and how each level of the company’s corporate governance will work towards minimizing exposure to those risks. The specifics of this framework should be accessible to all employees of the bank at all times so they always know the right thing to do in terms of compliance.

‍

‍

3. Secure enough money to remain solvent, but have a backup plan as well

A bank is still a business, so it needs to have its own solid financial bedrock on which to operate. Things can go wrong in terms of investment losses, clients not paying back money they owe, theft and other fraud, and more. So banks need to be prepared to deal with those losses, including—as many countries require—having deposit insurance to safeguard customer money in the event of a banking crisis.

‍

‍

4. Set out procedures for reporting and disclosing relevant information

To earn and maintain trust from governments, shareholders, and customers, banks need to be honest about how they operate. Most regulatory agencies require banks to send periodic reports regarding how their finances look, including estimates about how much risk they face. They also tend to mandate that banks clearly communicate other information to shareholders and consumers so they can make informed financial decisions.

‍

‍

5. Protect customers and have fair policies for dealing with them

Many countries and territories have authorities that can discipline banks if their policies vis-a-vis clients aren’t sufficiently fair or honest. Besides, having customer-unfriendly policies tends to make it hard for a bank to gain or keep clients.

‍

Banks should spell terms and conditions out explicitly whenever possible, and provide as good of customer service as doesn’t invite undue risk for the bank itself. A component of that must be to safeguard the confidentiality of customer information. Failure to do so won’t only have consequences for the people involved; it will also cause the bank issues in terms of trust and regulatory scrutiny.

‍

‍

6. Put safeguards against financial crime in place

Most federal governments (and some regional organizations) have agencies dedicated to preventing money laundering, terrorist financing, WMD proliferation funding, and other financial crimes. And they can impose severe penalties on banks that don’t do their part in helping to curb these illegal activities.

‍

That’s why banks need to have well-defined programs for detecting and stopping financial crime. These will include many of the other elements on this list, including creating a specialized department, instituting internal controls, conducting organization-wide training, auditing the company occasionally (sometimes through third parties, which is required in some places), and investigating suspicious customers.

‍

Specifically, banks should have ways of confirming clients’ identities and assessing their profiles for risks of criminal activity. That includes checking if they’re on sanctions lists or other financial regulatory lists. It should also include ongoing monitoring of customer transactions, and submitting reports of potentially suspicious activity to the proper authorities.

‍

‍

7. Implement, test, and modify internal compliance procedures

Threats to a bank’s integrity can come from inside as well as outside, and outside risks can be made more threatening by a lack of internal safeguards. So a bank needs to create and enforce policies that allow for employees to do their jobs while creating as little unnecessary risk as possible. These should include backup plans for what employees should do if something goes wrong.

‍

Banks also need to do periodic internal checks to ensure employees are following these risk-reducing guidelines and determine whether these rules may need adjustment. In some places, these internal audits are not enough, and a bank must submit itself to independent third-party auditors for inspection—including auditing the bank’s own auditing functions.

‍

‍

8. Properly vet any third parties worked with

Banks may choose to work with other companies to improve their operations, offer additional services, and so on. But these partners should be held to standards at least as strict as those the bank itself is subject to. As a starting point, that includes the bank performing identity verification, risk assessment, and activity monitoring as if the partner were a business client.

‍

It should also involve the bank communicating with partner companies about their own internal controls. How do they protect client data? How do they ensure their accounting practices are transparent and correct? What are their auditing procedures, and how often are they performed? These are some of the types of questions banks need to ask of their partners. 

‍

‍

9. Make sure all employees are aware of the importance of compliance

While compliance operations often get siloed in large organizations such as banks (at least to some degree), the fact is that everyone working at a bank has a role to play in compliance. So the bank’s employee training programs should emphasize the importance of adhering to regulations in everyday operations, regardless of what position an employee fills.

‍

This should include explaining what regulations the bank needs to follow, and why. It should also include prompting and answering questions from employees about compliance in their roles, as well as creating thorough reference materials that are accessible to employees whenever needed for reference. All of this should be updated periodically to cover new obligations and emerging risks.

‍

‍

‍

Use Unit21 to Meet Bank Compliance Requirements Across the Globe

Complying with regulatory requirements in a single country is challenging enough for a bank, let alone doing so if expanding into international markets. Having a basic compliance framework to build off of is helpful, but adjusting it to nuances between different countries and regions can be a very resource-intensive process.

‍

Fortunately, having the right RegTech tools on your side can speed up or even automate compliance-related tasks, lightening the workload and saving both time and money. Take, for example, Unit21’s Transaction Monitoring and Case Management solutions. Our compliance infrastructure allows for expanded data integration, visual link analysis, and automated report filing—all of which allows you to identify suspicious behavior more accurately and act on it faster.

‍

‍Contact us for a demo to see how it works in practice.

‍

‍