FinCEN’s Proposed New AML Rules: What You Need to Know

In April, FinCEN issued a notice of proposed rulemaking (NPRM) introducing reforms aiming at modernization of the existing anti-money laundering and countering the financing of terrorism (AML/CFT) framework under the Bank Secrecy Act (BSA).

The proposed rule aims to shift the focus of AML programs from procedural compliance to operational effectiveness, closely aligning with AML Act 2020 and AML national priorities.

While the NPRM is open to industry for consultation, with a deadline of June 9, it is important for institutions to view this rule in conjunction with a series of events and recent regulatory developments. This will help institutions prepare for changes.

Recent themes

The current proposed rule is a culmination of regulatory events and changes over the past few years, providing a clear perspective of FinCEN’s overarching objectives of modernizing, standardizing and simplifying AML/CFT programs across financial institutions.

Since 2020, FinCEN, Congress and the Treasury Department have set the stage for the critical changes proposed this year, including passing the 2020 AML Act, issuing, updating and aligning national AML priorities, modernizing BSA regulations and reporting requirements as well as streamlining banks’ customer due-diligence mandates.

The 2026 proposed rule aims to create uniform and simplified guidelines for establishing and maintaining AML programs across financial institutions focusing on relevance, efficiency and transparency aligned with institutions dynamics and risk factors.

Enhancing AML/CFT programs

The rule proposal would create the following:

• Distinct guidelines for establishing and maintaining AML/CFT programs through encouraging institutions to establish robust AML/CFT frameworks along with effective implementation and ongoing maintenance aligned with the institutions’ size, structure, risk profile and complexity.
• Outlines for minimum components of establishing compliant AML /CFT programs entailing risk integrated internal policies, procedures, relevant controls and employee training with independent program testing and a designated US-based AML officer.
• Comprehensively designed, implemented and maintained risk assessment processes evaluating institutions’ money-laundering and terrorism financing risks corresponding to their business activities, including products, services, distribution channels, customers, geographic locations and enforcement feedback. The proposed rule emphasizes moving from periodic review of risk assessment processes to ongoing review of processes triggered by material changes in institutions’ money laundering/terrorism financing risks.
• Alignment and focus on national security priorities and high-risk areas by directing more attention and resources toward higher-risk customers and activities consistent with the risk profile of the financial institution.
• Integration of risk assessment, enabling mitigation of the identified gaps with updated policies, procedures, training and controls.
• Reinforcement of independent program testing and customer due diligence (CDD) requirements and its integration with new risk assessment processes, outcomes and risk-based policies, procedures and controls.
• Continuous, effective employee training aligned with individual roles, responsibilities and risk exposures corresponding with institution’s risk assessment processes, AML/CFT regulatory requirements and other relevant factors.
• Qualified designated AML/CFT officers based in the US with required access and independence not overburdened with other responsibilities. There are no explicit restrictions on use of AML support outside the US with restricted access to suspicious activity report (SAR) details and data.
• Additional focus on AML/CFT program implementation, maintenance and testing that pertains to non-performance of internal policies, procedures, gaps in risk assessment process and  implementation failures.

Enhanced flexibility & discretion

FinCEN believes that financial institutions know their customer base, businesses and risks better than regulators. Thus, financial institutions are best positioned to identify and evaluate their money laundering/terrorism financing risks and are provided with flexibilities and discretion to:

• Make decisions and determinations related to risk identification and resource allocation.
• Serve more customers by avoiding “one size fits all approaches to customer risk.”
• Direct more resources to high-risk areas than low risk customers and activities to generate highly useful information for law enforcement and national security agencies in defined priority areas.
• Design governance and oversight mechanisms aligned with institutions’ risk acceptance and business dynamics including approval of AML/CFT programs by senior management.

Encourage innovation & adoption of new technologies

FinCEN recognizes that fostering the use of innovative technologies is vital to improve financial crime compliance and fight illicit finance and therefore strongly encourages financial institutions to:

• Evaluate innovative approaches like machine learning, generative AI, digital identity, blockchain monitoring and analytics and APIs, which are especially useful in countering illicit finance activity involving digital assets.
• Responsibly innovate and adopt technologies to strengthen AML/CFT framework and operations by detecting, optimizing and deriving valuable insights for law enforcement and national security agencies in fighting financial crimes.

Consistency & consultation

The proposed rule not only focuses on establishing and maintaining effective AML/CFT programs by financial institutions, it also enhances the supervisory and enforcement approach by FinCEN through:

• Ongoing coordination with examiner authorities, ideally ensuring uniform, consistent assessment and evaluation practices with a risk-driven approach and focus on material gaps with relaxation on immaterial implementation deficiencies.
• FinCEN supervision and consultation review and feedback mechanism with agencies aiming to promote consistent approaches to AML/ CFT supervision and better outcomes for banks, law enforcement and national security agencies.

Financial Services

Banks Are Joining the Race to Issue Stablecoins; Can Their Compliance Teams Keep Up With the Risks?

by David Soiles and Manish Chopra

March 13, 2026

Controls and infrastructure banks have built over decades were designed for a different speed of money

Read moreDetails

Preparing for changes

FinCEN has determined the proposed rule to be a ‘‘significant regulatory action’’ under section 3(f)(1) of E.O. 12866, as it may have an annual effect on the economy of $100 million or more, pointing to the need for changes in existing AML/CFT program and framework. 

Institutions, as part of their readiness planning, may consider:

• Reviewing their current risk assessment framework.
• Reviewing and aligning with national AML priorities. 
• Reviewing customer risk assessment framework and detection tools. 
• Testing technologies and responsible adoption. 
• Reviewing controls and training programs. 
• Planning and estimating resources. 

The proposed rule reinforces the shift from technical compliance to outcome-based program effectiveness supported by technology-enabled AML programs. As we near the end of the consultation period, it will be interesting to see the industry’s acceptance of the proposed changes and FinCEN’s eventual final rule. While FinCEN may append some proposed provisions, financial institutions can assess their current state to ascertain level of readiness considering the overarching objectives enlisted by FinCEN in historic and current NPRMs.