The BSA, implemented in 1970, sets forth a system of reporting and recordkeeping requirements designed to help track large or unusual financial transactions. It consists of two titles. Title I contains provisions requiring that financial institutions and securities brokers and dealers keep extensive records of the transactions and accounts of their customers. The records that must be retained include signature cards, statements, both sides of customers’ checks, identity of each purchaser of a certificate of deposit, and each deposit slip reflecting a transaction in excess of $100. Banks must retain, for 2 years, all records necessary to reconstruct a customer’ checking account. The penalties for failure to comply with these recordkeeping requirements are severe. Title II requires certain reports or records to be filed or kept by financial institutions. Financial institutions are defined very broadly to include not only banks, but also securities brokers, currency exchange houses, insurance companies, loan companies, travel agencies, and telegraph companies. Financial institutions are required to report any suspicious transaction relevant to a possible violation of law or regulation. In 2000, the report form was modified to also require financial institutions to report incidents of computer intrusion. Computer intrusion is defined as gaining access to the computer system to remove, steal, or procure customers’ funds or other account information, or to access the institution’s computer system with the intention of damaging or disabling any critical computer systems. Currency exchanges and securities brokers-dealers are also required to file Suspicious Activity Reports (SARs). As part of the USA Patriot Act, mutual funds are required to establish anti-money laundering programs, as well as insurance companies.