FinCEN Proposes Reforms to AML/CFT Program Requirements

The Treasury’s Financial Crimes Enforcement Network is moving to modernize the United States’ anti‑money‑laundering regime after the Anti‑Money Laundering Act of 2020 mandated a more agile, risk‑focused approach. By withdrawing its July 2024 notice and issuing a fresh proposed rule on April 10, 2026, FinCEN seeks to align the Bank Secrecy Act’s program requirements with contemporary threat landscapes and emerging technologies such as AI‑driven analytics and blockchain tracing. The agency emphasizes that effective AML/CFT programs should be judged on outcomes rather than on the mere presence of paperwork, a shift that reflects broader regulatory trends toward results‑based supervision.

The centerpiece of the proposal is a two‑pronged establishment‑versus‑maintenance framework that separates design flaws from operational lapses, giving examiners clearer criteria for assessing program effectiveness. Institutions will be required to embed risk‑based internal policies, conduct truly independent testing, and obtain formal approval from boards or equivalent governing bodies—requirements that now extend to casinos and money‑services businesses previously exempt from such oversight. By codifying continuous risk‑assessment processes and mandating that resources focus on higher‑risk customers, the rule pushes firms to integrate AML priorities into everyday decision‑making rather than treating them as a periodic compliance exercise.

For banks, the rule introduces a formal supervision and enforcement protocol that obliges federal banking agencies to provide FinCEN with at least a 30‑day notice before pursuing significant AML actions. This collaborative review is intended to balance enforcement vigor with an understanding of compliance costs and the need to serve under‑banked markets. Industry groups have welcomed the focus on effectiveness but warn that ambiguous definitions could resurrect a “check‑the‑box” mentality. Stakeholders have until June 9, 2026 to comment, and proactive engagement will be critical to shaping clear, practicable standards that enhance both security and operational efficiency.