Whistleblowing | Workplace Compliance
U.S. FinCEN Whistleblower Program
The FinCEN Whistleblower Program rewards individuals who report Bank Secrecy Act and sanctions violations, while protecting eligible whistleblowers from employer retaliation under a framework established by the Anti-Money Laundering Act of 2020.
Table of contents
What Is the FinCEN Whistleblower Program?
The FinCEN Whistleblower Program rewards individuals who report violations of anti-money laundering and sanctions laws to the Financial Crimes Enforcement Network (FinCEN), a bureau of the U.S. Department of the Treasury.
Originally created by Section 6314 of the Anti-Money Laundering Act of 2020 (AMLA), it was later amended by the Anti-Money Laundering Whistleblower Improvement Act of 2022, which expanded its scope and removed the previous cap on individual awards.
FinCEN has accepted whistleblower tips since January 1, 2021, and published a proposed rule to fully operationalize the award process on April 1, 2026.
Organizations subject to the program include roughly 1.8 million entities across approximately 20 industries that carry Bank Secrecy Act (BSA) compliance obligations, as well as any company or individual with exposure to U.S. sanctions programs administered by the Treasury's Office of Foreign Assets Control, regardless of sector.
Individuals protected under the program are whistleblowers, defined broadly under the proposed rule as any U.S. or non-U.S. person who voluntarily provides original information about a covered violation to FinCEN, the Treasury, the Department of Justice (DOJ), or, in some cases, their employer.
Whistleblowers need not be current employees of the organization they report to, and the underlying conduct need not have occurred in the United States, provided that U.S. regulators have jurisdiction.
Covered Statutes by the FinCEN Whistleblower Program | |
Bank Secrecy Act (BSA) | Anti-money laundering recordkeeping and reporting obligations for financial institutions. |
International Emergency Economic Powers Act (IEEPA) | Economic sanctions imposed during a declared national emergency. |
Trading with the Enemy Act (TWEA) | Sanctions and trade restrictions tied to designated adversary nations. |
Foreign Narcotics Kingpin Designation Act | Sanctions against significant foreign narcotics traffickers. |
Who Is Responsible for the FinCEN Whistleblower Program?
The Financial Crimes Enforcement Network (FinCEN) administers the award program and refers enforcement matters to the U.S. Department of the Treasury and the Department of Justice (DOJ), which bring the underlying judicial or administrative actions that trigger an award.
Retaliation complaints are investigated by the Occupational Safety and Health Administration (OSHA) within the Department of Labor (DOL), which administers anti-retaliation provisions. A whistleblower who disagrees with an award determination, or an OSHA retaliation ruling, can seek judicial review in the applicable U.S. Court of Appeals or federal district court.
What Are the Possible Pay-Outs Under the FinCEN Whistleblower Program?
The program pays out whistleblower awards from monetary sanctions collected in the underlying BSA or sanctions enforcement action, including civil and criminal penalties, disgorgement, and settlement payments. Notably, forfeiture, blocked property, restitution, and victim compensation funds are excluded from the award calculation.
Once a covered action results in monetary sanctions exceeding $1 million, an eligible whistleblower is entitled to between 10% and 30% of the amount collected. This award is mandatory once eligibility requirements are met.
Separately, an employer found to have retaliated against a whistleblower may face make-whole remedies, including reinstatement, back pay, and compensatory damages, ordered through the OSHA and judicial review process.
What Does the FinCEN Whistleblower Program Require?
Individuals do not need to be current employees of an accused organization to qualify for the FinCEN whistleblower award program. To be award-eligible, a whistleblower must submit original information, meaning information derived from independent knowledge or analysis that is not already known to the Treasury or DOJ from another source.
The claim must generally be filed within 90 days of FinCEN publishing notice of a covered action, or within 180 days for a related action. Under the proposed rule, whistleblowers who work in compliance, audit, or similar internal-control roles and learn of a violation through those responsibilities must generally wait 120 days before reporting to FinCEN, giving their employer an opportunity to investigate and remediate the issue internally.
Organizations are generally prohibited from retaliating against an employee for providing information to FinCEN, participating in an investigation, or engaging in other protected whistleblowing activity, whether the information is reported to the government or internally to someone with authority to address the misconduct.
This protection does not extend to employers subject to Section 33 of the Federal Deposit Insurance Act or Sections 213 and 214 of the Federal Credit Union Act. Employees of FDIC-insured banks and federally insured credit unions instead rely on the older, narrower protections available under those statutes. This creates a meaningful gap for some of the sectors most likely to generate BSA-related reports.
Because eligibility depends on being the original source of information that the government does not already possess, organizations should treat potential BSA, sanctions, or related national security compliance gaps as time-sensitive. Employees who see a credible internal escalation and remediation process are less likely to bypass it and report directly to regulators.
Why Is the FinCEN Whistleblower Program Important?
FinCEN estimates that whistleblower submissions could increase from roughly 87 per year historically to approximately 250 original tips and 150 supplemental submissions annually within three years of the rule becoming operational.
Combined with a mandatory award structure and a broad definition of who qualifies as a whistleblower, this materially increases the likelihood that BSA or sanctions compliance gaps will surface through external reports rather than internal channels.
For compliance and risk teams, the 120-day internal reporting window for certain insiders is a narrow but real opportunity. An organization with credible and responsive internal reporting channels is better positioned to investigate, remediate, and potentially self-disclose issues to the Treasury or DOJ before employees report externally.
How FaceUp Helps Comply with the FinCEN Whistleblower Program
While the Act itself does not require a specific internal reporting channel, providing employees and associated persons with an accessible and reliable way to raise concerns is essential for organizations seeking to identify and address misconduct before regulators become involved.
FaceUp helps businesses capture reports within the initial 120-day window through a platform that can be deployed in as little as two hours, with multiple intake channels, including easy-to-use web forms, 24/7 hotlines, and iOS/Android mobile apps in 113 languages.
Centralized case management with automatic activity logging helps compliance and legal teams document that reports were received, investigated, and resolved promptly and thoroughly. This creates a record of effective internal processes that can support anti-retaliation compliance and voluntary self-disclosure to the Treasury or DOJ when appropriate.
Quick Facts
Full legislation
Applies to
BSA-obligated entities and any person or company with exposure to U.S. sanctions.
Penalties
Whistleblower awards of 10 to 30% of monetary sanctions exceeding $1,000,000;
reinstatement, back pay, and compensatory damages for retaliation.
The FaceUp Solution
FaceUp is an anonymous reporting and compliance platform designed to help businesses meet whistleblowing regulations worldwide, including those in the US, EU, UK, and UAE.

Fully Anonymous Reporting
Give staff multiple secure channels to report their concerns, complete with an anonymous two-way chat.
Mobile-First Accessibility
No IP storage, no device IDs, encrypted submissions
Customizable forms, categories, routing rules, and more

Customizable Case Management
Create an easily verifiable audit trail through a customizable case management system with automatic routing.
Supports multiple locations, subsidiaries, or units
Entity-specific routing and access permissions
Optional notifications via email, Teams, or Slack

Real-Time Data Analytics
Identify trends, repeated issues, and escalation risks early with customizable visual real-time dashboards.
Filter by category, region, channel, and more
Share without revealing sensitive information
ISO 27001 and SOC 2-certified local servers