FinCEN Proposes Results-Focused AML Reform for Banks Under BSA

April 17, 2026

FinCEN’s Proposed AML Regime Changes Focus on Results Not Paper

Orga Cadet, Patrick Campbell, Jonathan Forman, Alexandra Karambelas, Jonathan New BakerHostetler + Follow Contact LinkedIn Facebook X ;) Embed

Key Takeaways

• On April 7, the Financial Crimes Enforcement Network (FinCEN) issued a Notice of Proposed Rulemaking (NPRM) that would fundamentally reform how banks design, implement, and are supervised on anti‑money laundering and countering the financing of terrorism (AML/CFT) programs under the Bank Secrecy Act (BSA).
• Guidance released by FinCEN indicates that the agency sees the proposed rule as a shift away from “check‑the‑box” compliance and toward measuring program effectiveness, expressly distinguishing between failures relating to establishing an AML/CFT program and failures relating to maintaining such a program.
• FinCEN proposes to narrow enforcement exposure by signaling that supervisory or enforcement actions will generally be reserved for systemic or material program failures, not isolated or technical deficiencies.
• The NPRM adopts a deliberately pragmatic view of “effectiveness,” acknowledging that institutions cannot detect and report all potentially illicit transactions and that an AML/CFT program can remain effective without preventing every minor instance of misuse.
• The proposal would enhance FinCEN’s supervisory role, particularly with respect to enforcing AML/CFT regulations against banks, requiring federal banking regulators to notify and consult with FinCEN before initiating significant AML/CFT supervisory or enforcement actions.
• Public comments to the proposal and its 27 questions are due by June 9, 2026, and FinCEN has proposed an implementation target of 12 months following issuance of a final rule.

Background

On April 7, FinCEN announced a proposed rule that it described as a “fundamental reform” of AML/CFT program requirements applicable to banks and other financial institutions. The proposal was published in the Federal Register on April 10, 2026.

According to FinCEN, the proposed rule is intended to modernize the U.S. AML/CFT regulatory and supervisory framework and to implement key provisions of the Anti‑Money Laundering Act of 2020 (AML Act). Treasury officials emphasized that existing AML frameworks too often measure success by the volume of policies, procedures, and reports, rather than by an institution’s actual ability to identify, mitigate, and report meaningful illicit finance risks. To that end, the proposal recognizes that financial institutions “are spending private compliance funds for a public and private benefit, including protecting the United States financial system from illicit financial risks” and, as a result, seeks to focus “on higher value activities” to “better serve … law enforcement and national security objectives.”

The new proposal fully withdraws and replaces FinCEN’s July 3, 2024 proposed rule on AML program requirements.

Following FinCEN’s announcement, the Federal Deposit Insurance Corporation, the Office of the Comptroller of the Currency, and the National Credit Union Administration issued a joint press release announcing a proposed rule to amend their respective AML/CFT program requirements to conform to FinCEN’s proposed rule.

Core Structural Changes Proposed by FinCEN

The centerpiece of FinCEN’s proposal is its express effort to refocus supervisory expectations on effectiveness of AML/CFT programs by drawing a clear distinction between:

1. Program “Establishment” – whether a financial institution has designed a reasonable, risk‑based AML/CFT program consistent with statutory and regulatory requirements; and
2. Program “Maintenance” – whether that program is implemented and operates in all material respects in practice. In a fact sheet accompanying the release of the NPRM, FinCEN stated that the two-pronged framework is intended to “help promote consistent articulation of supervisory expectations and prevent conflating criticisms of program design with criticisms of day-to-day implementation.”

To that end, the proposed rule includes a formal definition of an “effective” AML/CFT program, under which a program is “effective” if it “(1) is established in accordance with the proposed rule's establishment requirements; and (2) is maintained, meaning that a properly established program is implemented in all material respects.”

Notably, the NPRM indicates that the proposed rule would not limit enforcement or supervisory actions against banks that fail to establish an AML/CFT program. However, once a program is established, significant action would generally be reserved only for “significant or systemic failures” to implement or maintain the program, thereby raising the threshold for actions based on implementation deficiencies.

In keeping with FinCEN’s focus on real-world effectiveness and risk mitigation, the NPRM also expressly acknowledges that “it is not possible for a financial institution to detect and report all potentially illicit transactions that flow through the institution” and that an AML/CFT program “can be effective without preventing every minor instance of a financial institution falling prey to illicit finance misuse.”

As quoted in the NPRM, Treasury Secretary Scott Bessent has explicitly criticized a “zero-tolerance focus on process and documentation” and supervisory expectations that are not consistently anchored to law or national security priorities. FinCEN’s proposed establishment/maintenance construct operationalizes that critique by adopting a pragmatic definition of effectiveness that acknowledges institutions cannot catch and report everything, and that an AML/CFT program may still be effective even if it does not prevent every minor instance of illicit finance misuse.

The Core Pillars

Although FinCEN’s proposal is framed as a fundamental reform, it does not discard the familiar architecture of AML/CFT programs. Instead, the NPRM reaffirms the four long‑standing program pillars while clarifying how regulators will evaluate each one and emphasizing that these elements must operate effectively in practice, not merely exist on paper.

1. Internal Policies, Procedures, and Controls, Grounded in Risk Assessment

Under the proposed rule, financial institutions would be required to maintain risk‑based internal policies, procedures, and controls that are reasonably designed to identify, assess, and mitigate illicit finance risks. FinCEN makes clear that a meaningful risk assessment process sits at the center of this pillar and must inform how a financial institution designs – and continually updates – its AML/CFT program.

Importantly, the proposal emphasizes that financial institutions should use their risk assessments to direct greater attention and resources toward higher‑risk customers, products, services, and geographic exposures, rather than applying uniform controls across lower‑risk activity. Although this reflects long‑standing best practice and regulatory expectation, the NPRM signals that risk assessment will become a core, examinable foundation for program design, enforcement decisions, and supervisory judgments.

FinCEN also proposes to formally incorporate existing customer due diligence requirements into this pillar, reinforcing expectations that customer risk profiles must be part of a risk-based set of written policies, procedures, and controls.

2. Independent Program Testing

The proposed rule preserves the requirement for independent AML/CFT program testing, but it clarifies and refines regulators’ expectations regarding the purpose and scope of that testing. Specifically, FinCEN emphasizes that independent testing should assess not only technical compliance with regulatory requirements, but also whether the AML/CFT program is effective in identifying and addressing illicit finance risks.

To that end, the NPRM stresses that testing must be conducted by individuals who are truly independent from the AML/CFT function and sufficiently knowledgeable to evaluate whether controls work as intended in practice. FinCEN’s commentary reflects a concern that audits and testing activities may at times be overly formulaic and checklist‑driven by, for example, failing to meaningfully assess alert backlogs, escalation practices, or the real‑world operation of transaction monitoring systems.

This reframing suggests that superficial or narrowly scoped testing may draw regulatory criticism even if it technically satisfies independence requirements. Having said that, the proposal notes that “Treasury and FinCEN do not believe that an auditor should substitute his or her own subjective judgment in place of the financial institution.”

3. Designation of a U.S.-Based AML/CFT Compliance Officer

The proposal explicitly requires the designation of an AML/CFT compliance officer who is based in the United States and accessible to regulators. While this requirement reflects statutory changes introduced by the AML Act, the NPRM highlights the compliance officer’s role as a central point of accountability for program establishment and maintenance.

FinCEN’s discussion suggests that regulators will focus not only on the formal designation of a compliance officer, but also on whether that individual is empowered with sufficient authority, resources, and visibility to oversee the AML/CFT program effectively. Other personnel supporting AML/CFT functions may be located outside the United States, but the compliance officer must be positioned to engage substantively with regulators during examinations, supervisory discussions, and enforcement inquiries.

4. Ongoing, Risk‑Tailored Employee Training

The fourth pillar, ongoing employee training, is retained and clarified, with FinCEN emphasizing that training programs should be risk‑based, role‑specific, and aligned with the financial institution’s internal controls and risk assessment results. Training must evolve as products, services, and risk profiles change, and should reflect new regulatory requirements or emerging illicit finance typologies.

FinCEN’s proposal underscores that training should not be treated as a formalistic exercise. Regulators are expected to assess whether personnel responsible for AML/CFT functions, alert review, and escalation decisions are adequately trained to recognize and respond to higher‑risk activity, particularly in complex or fast‑moving business lines.

A Holistic, Integrated Framework

Viewed together, FinCEN’s treatment of the pillars makes clear that regulators will evaluate AML/CFT programs holistically, focusing on whether they work in practice over whether they are flawlessly documented. In other words, FinCEN is signaling a shift from technical ‘check-the-box’ compliance to overall program effectiveness and real-world risk mitigation.

The theme of effectiveness over technical perfection appears throughout the proposed rule. The NPRM repeatedly signals that the mere existence of policies, audits, or training modules will not insulate financial institutions from supervisory or enforcement risk if programs fail to function credibly in practice – particularly where higher‑risk activity is involved. For example, on April 1, FinCEN published a separate proposed rule to establish a new whistleblower program that would offer potentially millions of dollars as an award for reporting violations of AML/CFT laws and regulations.

FinCEN as the Gatekeeper in AML/CFT Enforcement Actions Against Banks

One of the most consequential features of FinCEN’s proposal is its effort to redefine FinCEN’s role as a central gatekeeper for AML/CFT enforcement and supervisory actions involving banks. The proposed rule would formalize FinCEN’s position as the statutory administrator of the BSA by ensuring that significant AML/CFT actions taken by federal banking agencies are subject to advance notice, review, and coordination with FinCEN.

Under the proposed framework, federal banking agencies acting pursuant to authority delegated by FinCEN would generally be required to provide FinCEN’s Director with at least 30 days’ written notice before initiating a “significant AML/CFT supervisory action,” absent exigent circumstances. This notice requirement would apply broadly to actions involving alleged AML/CFT deficiencies, weaknesses, violations of law, or unsafe or unsound practices, including written supervisory communications or determinations identifying such issues.

In evaluating whether to pursue or support a significant AML/CFT action, FinCEN’s Director would consider the statutory factors set forth in the AML Act, including whether the bank’s AML/CFT program is reasonably designed and effective, how the bank allocates resources based on risk, and the extent to which the bank advances the AML/CFT priorities by providing information that is highly useful to government authorities. Notably, the NPRM also signals that FinCEN will consider whether a bank is deploying innovative and effective compliance tools, including advanced data analytics, artificial intelligence, or other emerging technologies, reflecting an explicit shift toward evaluating outcomes, effectiveness, and responsible innovation, rather than documentation volume or technical perfection.

During this notice period, FinCEN would have the opportunity to review the proposed action and the underlying supervisory record, and to provide input before action is taken. FinCEN emphasizes that this consultation mechanism is designed to promote greater consistency, proportionality, and risk‑focused decision‑making across the AML/CFT supervisory landscape, while improving outcomes for law enforcement and national security agencies that rely on high‑quality BSA reporting.

Importantly, this enhanced consultation requirement is limited to banks. The proposed rule does not establish a comparable FinCEN gatekeeping mechanism for AML/CFT supervisory or enforcement actions involving other non-bank financial institutions (e.g., broker‑dealers, and mutual funds).

Practical Considerations for Financial Institutions

Given the scope of the proposed reforms, banks, casinos, money services businesses, insurance companies, dealers in precious metals, precious stones, and jewels, operators of credit card systems, broker-dealers, mutual funds, futures commission merchants, and other financial institutions subject to the BSA should consider:

• Reviewing AML/CFT risk assessments to ensure they meaningfully drive program design, resource allocation, and escalation decisions.
• Evaluating governance, staffing, and escalation frameworks to confirm that higher‑risk activity receives commensurate attention and expertise.
• Preparing for revised examination dynamics, including increased focus on outcomes and potentially less tolerance for chronic backlogs, alert fatigue, or under‑resourced compliance functions.
• Engaging in the public comment process, particularly where aspects of the proposal could materially affect supervisory expectations or enforcement exposure. Taken together, these steps can help financial institutions demonstrate AML/CFT effectiveness while using the comment and implementation periods to close key governance, documentation, and resourcing gaps.

[View source.]

;) ;) Report

Related Posts

• Treasury Revisits Past Rulemaking to Bring Investment Advisers Under AML Oversight
• Warning: SEC Exams and Enforcement Targeting Broker-Dealer AML Compliance

Latest Posts

• FTC v. StubHub: $10 Million Settlement Signals Aggressive Enforcement of New Fees Rule
• FinCEN’s Proposed AML Regime Changes Focus on Results Not Paper
• Certified to Influence: A New Self‑Regulatory Lever in Influencer Compliance See more »

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.
Attorney Advertising.

©
BakerHostetler

Written by:

BakerHostetler Contact + Follow Orga Cadet + Follow Patrick Campbell + Follow Jonathan Forman + Follow Alexandra Karambelas + Follow Jonathan New + Follow more less

PUBLISH YOUR CONTENT ON JD SUPRA

• ✔ Increased readership
• ✔ Actionable analytics
• ✔ Ongoing writing guidance Join more than 70,000 authors publishing their insights on JD Supra

Start Publishing »

Published In:

AML/CFT + Follow Anti-Money Laundering + Follow Bank Secrecy Act + Follow Banking Sector + Follow Banks + Follow Financial Institutions + Follow FinCEN + Follow Proposed Rules + Follow Regulatory Oversight + Follow Regulatory Reform + Follow Risk Management + Follow Administrative Agency + Follow Finance & Banking + Follow more less

BakerHostetler on:

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra: Sign Up Log in ** By using the service, you signify your acceptance of JD Supra's Privacy Policy.* - hide - hide