On April 7, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) issued a Press Release describing a Notice of Proposed Rulemaking that would significantly reshape anti-money laundering and countering the financing of terrorism (AML/CFT) program requirements across a wide range of financial institutions. Comments are due by June 9, 2026. 

The proposal, published in the Federal Register on April 10, is intended to move AML/CFT compliance toward a risk-based framework focused on program effectiveness and the production of useful information for law enforcement and national security agencies. The proposal would considerably enhance FinCEN’s authority over “significant supervisory action[s]” taken by banking regulators.

The proposal is notable both because of its scope and because FinCEN frames it as a foundational part of Treasury’s broader Bank Secrecy Act (BSA) modernization agenda and implementation of the Anti-Money Laundering Act of 2020. In addition to the Press Release, FinCEN issued a Fact Sheet and a document describing key changes.

Proposed Rule Focuses on Specific Reforms

The proposal centers on six fundamental reforms, some related to the operation and approach of AML compliance programs, but some focused on how FinCEN and Treasury administer the BSA.

First, the proposal would strengthen FinCEN’s role in AML/CFT supervision by creating a notice and consultation process requiring federal banking supervisors, except in urgent situations, to notify FinCEN before taking certain significant AML/CFT supervisory actions. FinCEN describes this as a way to improve consistency and better align supervision with FinCEN’s broader focus on program effectiveness. The proposal also suggests that once a bank has established its AML/CFT program, major supervisory or enforcement action should generally be tied to significant or systemic failures in maintaining it.  While it will take time to understand the overall impact of the rulemaking (in whatever final form it takes), this may be one of the most significant ramifications.

Second, FinCEN would refocus AML/CFT compliance obligations on program effectiveness by drawing a clearer distinction between program “establishment” and “maintenance.” Under the proposal, “establishment” refers to the design of a risk-based AML/CFT framework, while “maintenance” refers to whether the institution implements that framework in practice and in all material respects. FinCEN states that this distinction is meant to clarify supervisory expectations.

Third, the proposal reflects Treasury’s view that financial institutions are typically in the best position to understand their own illicit finance risks. Thus, instead of steering institutions toward the same compliance model, the rule leans heavily on institution-specific risk assessments that reflect the business, customer base, products, services, geographies, and delivery channels involved.

Fourth, FinCEN wants institutions to focus time and resources on higher-risk areas. FinCEN presents this as a way to reduce unnecessary burden and move away from a “check-the-box” approach. For institutions, that could mean more room to make risk-based decisions, as long as those decisions are grounded in a solid and well-documented assessment process.

Fifth, the proposal summarizes how certain core program functions should be evaluated, especially independent testing and audit. FinCEN emphasizes that those functions should rely on objective criteria and should measure whether the institution has effectively built, implemented, and resourced its AML/CFT program. Relatedly, FinCEN urges auditors and examiners to not replace an institution’s reasoned, risk-based judgments with their own preferences.

Finally, the proposal would amplify AML/CFT priorities within both program requirements and supervisory decision-making. Financial institutions would need to review those priorities and incorporate them into their risk assessment processes where appropriate. The proposal also signals that a bank’s ability to generate useful information tied to those priorities may matter when supervisory or enforcement decisions are being made.

Taken together, these changes point to a marked shift in how AML/CFT programs are to be evaluated – the most significant shift in a long time. The proposal gives institutions more explicit support for risk-based judgment, but it also makes clear that judgments will need to be well considered and well documented, and effective in practice.

What Institutions Should Be Doing Now

Although the proposal is not yet final, financial institutions should begin assessing whether their current AML/CFT programs are positioned to satisfy a more expressly risk-based, effectiveness-oriented regime. In particular, institutions should review whether:

  • Risk assessments are current
  • Resources are aligned to higher-risk areas
  • Independent testing is appropriately objective and tailored
  • The institution can clearly distinguish between program design and implementation issues

Institutions also should consider whether they want to comment on the proposal, especially on questions involving supervisory expectations, risk management concerns, and the practical implications of tying compliance efforts more directly to program effectiveness.

Proposal is Part of Broader FinCEN and AML/CFT Regulatory Effort

This proposal is one of several recent efforts to recalibrate AML/CFT program expectations across the financial sector. For banks in particular, the proposal also points to a more prominent FinCEN role in supervision and enforcement.

More generally, while much of the rule is framed as clarification and modernization, the practical impact could be substantial. Institutions would receive more explicit flexibility to focus on higher-risk activity, but they also would be expected to show that their AML/CFT programs are effective.

Please contact the authors if you have any questions.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Thad McBride Thad McBride

Thad McBride advises public and private companies on the legal considerations essential to successful business operations in a global marketplace. He focuses his practice on counseling clients on compliance with U.S. export regulations (ITAR and EAR), economic sanctions and embargoes, import controls (CBP)…

Thad McBride advises public and private companies on the legal considerations essential to successful business operations in a global marketplace. He focuses his practice on counseling clients on compliance with U.S. export regulations (ITAR and EAR), economic sanctions and embargoes, import controls (CBP), and the Foreign Corrupt Practices Act (FCPA). He also advises clients on anti-boycott controls, and assists companies with matters involving the Committee on Foreign Investment in the United States (CFIUS). Thad supports international companies across a range of industries, including aviation, automotive, defense, energy, financial services, manufacturing, medical devices, oilfield services, professional services, research and development, retail, and technology. Beyond advising on day-to-day compliance matters, Thad regularly assists clients in investigations and enforcement actions brought by government agencies, including the U.S. Department of Justice (DOJ), the U.S. Treasury Department Office of Foreign Assets Control (OFAC), the U.S. State Department Directorate of Defense Trade Controls (DDTC), Customs and Border Protection (CBP), the U.S. Commerce Department Bureau of Industry & Security (BIS), and the Securities & Exchange Commission.

Read more about Thad McBride
Show more Show less
Photo of James Parkinson James Parkinson

Jamie Parkinson focuses his practice on counseling businesses and individuals in regulatory compliance and government investigations, with an emphasis on multi-jurisdictional and Foreign Corrupt Practices Act (FCPA) matters. A member of the firm’s Compliance & Government Investigations group, Jamie  has significant experience navigating…

Jamie Parkinson focuses his practice on counseling businesses and individuals in regulatory compliance and government investigations, with an emphasis on multi-jurisdictional and Foreign Corrupt Practices Act (FCPA) matters. A member of the firm’s Compliance & Government Investigations group, Jamie  has significant experience navigating cross-border matters and representing clients in criminal and civil enforcement actions involving the FCPA, extradition, securities fraud, insider trading, false statements and environmental issues.

Read more about James Parkinson
Show more Show less
Related Posts
FinCEN Update: Huge Penalty on Broker-Dealer for Willful AML, SAR, and Due Diligence Failures
March 31, 2026
Is the “Pause” Over? DOJ Resumes FCPA Enforcement, Announces Guidelines
June 12, 2025
Anti-Money Laundering Update: California Card Club Clubbed by FinCEN for AML Violations
November 21, 2017

From the Bass, Berry & Sims Blog Network
From the Bass, Berry & Sims Blog Network

Thought Leadership by our Attorneys.