A BSA analyst is the person who reads transaction alerts, decides which ones become Suspicious Activity Reports, and files them with FinCEN within 30 days. At a fintech, they are also the person who stands between your sponsor bank and a termination letter. This guide is for hiring managers scoping the role, not candidates looking for jobs.
What a BSA analyst actually does.
The Bank Secrecy Act requires any financial institution - including a licensed money transmitter or a fintech operating under a sponsor bank - to maintain a program that detects and reports suspicious activity. A BSA analyst is the human who executes that program day to day.
A typical week: triage alerts from the transaction monitoring system (Unit21, Hummingbird, Sardine, or equivalent), investigate the ones that cannot be cleared with obvious context, escalate the ones that meet SAR criteria, write the narrative, file the SAR, and document the rationale cleanly enough that a regulator examining the file two years later can follow the logic. CTR filings, 314(a) responses, OFAC screening hits, and sanctions review typically also sit in scope.
The difference between a bank BSA analyst and a fintech one.
This is the single most common mis-hire. A BSA analyst who has only worked at a bank is used to a mature case management system, a dedicated L1/L2/L3 escalation chain, and typologies that move in slow motion (structuring, trade-based ML, cash-intensive businesses). A fintech BSA analyst faces velocity an order of magnitude higher, alerts on behavior the bank model has never seen (synthetic identity at account opening, account takeover, P2P abuse, crypto-adjacent flows), and usually no L2 to escalate to.
A senior bank hire dropping into a Series A fintech often stalls in month three. The case management tool is less mature. The rules need tuning, not just operating. The product team moves faster than the compliance policy. You need a candidate who is comfortable in that environment, not one who will ask where the MANTAS dashboard is.
The best fintech BSA analysts treat alert volume as a product problem, not a staffing problem. They push back on rules that generate noise. They partner with engineering on data gaps. Bank analysts are trained to process. Fintech analysts need to fix.
What to look for by seniority.
Junior BSA analyst (0-2 years). Entry-level, typically reviewing alerts with a playbook. Required: clear written English (the SAR narrative is literally the product), attention to detail, familiarity with OFAC screening and name matching, willingness to follow procedure. Nice to have: CAMS-eligible and actively studying for it, coursework in AML/financial crime, internship at a bank compliance team.
Mid-level BSA analyst (2-5 years). Owns their queue, escalates confidently, and writes SAR narratives that do not require rewrite. Strong mid-level candidates can explain typologies cleanly (structuring, layering, smurfing, funnel accounts), navigate 314(a) and 314(b) requests, and work independently on complex investigations. CAMS certification is the norm.
Senior BSA analyst / team lead (5+ years). Can run the program at a small fintech without a dedicated BSA Officer, mentor junior analysts, and partner with engineering on rule tuning. Senior candidates often have prior fintech experience or have seen a regulator exam through to close. Often step into BSA Officer duties at the right-sized company.
- Baseline CAMS (ACAMS) - standard expectation for anyone past junior
- Strong signal CFE, CAFCA, or relevant typology-specific training
- Context-dependent Prior experience at a licensed MSB, neobank, or crypto exchange if that matches your scope
How to write a BSA analyst job description that does not sound like a bank posting.
Most BSA analyst JDs online are copies of bank role descriptions. They list "policies, procedures, and controls" and ask for "10+ years of experience in a federally regulated institution." Senior fintech candidates scroll past them. If your JD reads like a bank posting, you will get bank applicants - and bank applicants will struggle at fintech velocity.
About the role: You will investigate transaction monitoring alerts, own SAR filings, and help us tune our AML program as we scale from [X transactions/month] to [Y]. You will report to [BSA Officer / Head of Compliance] and partner closely with product and engineering on rule design, data availability, and alert quality.
Key responsibilities: Triage and investigate alerts from [Unit21 / Sardine / Hummingbird / internal tooling]. Own SAR decisioning and filings end to end, including FinCEN submission. File CTRs as required. Respond to 314(a) requests and OFAC screening hits. Document investigation rationale clearly enough for a regulator examiner to follow two years later.
Requirements: 2+ years in BSA/AML at a bank, MSB, neobank, or crypto entity. CAMS certification or active pursuit. Ability to write a clean SAR narrative. Familiarity with at least one transaction monitoring platform. Comfort with ambiguity and with product teams that move faster than your policy stack.
Interview questions that actually test BSA capability.
"Walk me through your SAR narrative structure. What do you always include, and what do you leave out?" A strong analyst describes who, what, when, where, and why, with clear facts and no speculation. A weak analyst describes a template they were given.
"You get an alert on a customer who has 12 prior false positives and one live one that looks real. Walk me through your investigation." Look for an analyst who treats each alert on its own merits while still using history for context, not an analyst who auto-clears based on prior dispositions.
"Your transaction monitoring system generates 300 alerts a day. Realistically, maybe 15 are worth reading. What do you do?" Good candidates talk about segmentation, rule tuning, and engineering partnership. They do not say "I will work through all of them." Scaling analysts is not scalable.
"What is the difference between a SAR and a CTR, and when would you file both on the same transaction?" Knowledge check. If they cannot answer, they are not ready.
"Tell me about a time a product change materially increased your alert volume. What did you do?" The best answer involves partnering with product upstream, not building out a bigger queue downstream.
KPIs and salary benchmarks.
Good BSA analyst KPIs focus on program quality, not volume. Volume metrics (alerts closed, SARs filed) reward going fast and shallow. Quality metrics reward getting the filings right.
SAR narrative rework rate: Percentage of SARs that need rewrite after QA. Median alert close time: Time from alert generation to disposition. Escalation accuracy: Percentage of escalated alerts that resulted in a SAR (if too low, the analyst is over-escalating; if too high, they are under-triaging). Audit finding count: Findings attributable to this analyst's cases during external audit.
| Seniority Level | Experience | Salary Range (2026, US) |
|---|---|---|
| Junior BSA Analyst | 0-2 years | $65,000 - $80,000 |
| Mid-Level BSA Analyst | 2-5 years | $80,000 - $105,000 |
| Senior BSA Analyst / Team Lead | 5+ years | $105,000 - $135,000 |
Comp varies meaningfully by geography and by whether the role is at a bank (lower base, stronger benefits) versus a fintech (higher base, equity upside). CAMS certification typically adds 5-8% to base. Fintech hires in New York or San Francisco run 10-20% above the ranges above. For a full view of adjacent roles - including fraud analyst, AML analyst, and compliance officer - see our financial crime recruiter page.
- Hiring from a bank without testing for fintech velocity
- Paying below the fintech market because you benchmarked against bank salaries
- Not asking to see a SAR narrative sample (most candidates will share redacted examples if you ask)
- Under-scoping the interview - a 45 minute behavioral is not enough for a BSA hire
- Skipping the reference check with a former direct manager
How long it takes to hire.
For a mid-level fintech BSA analyst, expect 5-8 weeks end to end with an inbound-driven process. The pool of BSA analysts with specific fintech experience is much smaller than the overall BSA pool, so the constraint is not resumes - it is filtering for the right kind of experience fast enough. With a specialist recruiter who has already mapped the market, 3-4 weeks is realistic.
Speed matters here. The candidates who fit this profile are usually also interviewing with one or two other fintechs at the same time. A process that takes six weeks will lose to one that takes three.
Frequently asked questions
At most fintechs, the titles are used interchangeably. Strictly, BSA analyst emphasizes the US statutory framework (Bank Secrecy Act, FinCEN filings, CTRs, 314(a)) while AML analyst is broader and can include non-US work (UK MLRs, EU AMLD, sanctions screening outside OFAC). In a US-only fintech, assume they mean the same role.
Before - ideally 60-90 days before. Sponsor banks typically want to see your AML program staffed before approving your first live transactions. Hiring after go-live puts you in an awkward remediation posture from day one.
Early stage, yes - vendors like Hummingbird, Unit21 services, or specialized BPOs can handle alert triage and SAR filing. Once you are processing meaningful volume or have regulator-facing obligations, you need at least one in-house BSA analyst who owns the program. Outsourcing the program-owner role is a red flag to sponsor banks.
Transaction monitoring (Unit21, Hummingbird, Sardine, Actimize, or internal), sanctions/OFAC screening (ComplyAdvantage, LexisNexis, Refinitiv), case management, and ideally SQL for pulling data when the TM system cannot answer a question. Specific tool experience matters less than the ability to learn a new stack quickly.