On April 7, 2026, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) issued a Notice of Proposed Rulemaking (NPRM) that, if adopted, would significantly reform financial institutions’ anti-money laundering and countering the financing of terrorism (AML/CFT) programs under the Bank Secrecy Act (BSA).FinCEN describes the proposed rule as an effort to shift financial institutions away from technical compliance toward AML/CFT programs that effectively identify, prevent, and report financial crimes.
A Fact Sheet accompanying the proposed rule states that the new rule will refocus compliance expectations on effectiveness by distinguishing between deficiencies that stem from program design—which FinCEN refers to as “establishment”—and program implementation—which FinCEN refers to as “maintenance.” According to FinCEN, establishing an AML/CFT program would require keeping the program current as a financial institution’s risk profile evolves. Maintaining an AML/CFT program would require an institution to implement its program in all material respects—in other words, to execute the program in practice. Notably, the Fact Sheet states that FinCEN and other AML/CFT regulators generally will bring a significant enforcement action only if a financial institution has failed to establish an AML/CFT program, or if there is a significant or systemic failure to maintain the program.
In addition, for the first time, federal banking regulators would be required to notify and consult with FinCEN prior to initiating a significant supervisory or enforcement action related to a financial institution’s AML/CFT program. The proposed rule fully supersedes a prior proposed rule that FinCEN published on July 3, 2024, which FinCEN is withdrawing. Public comments are due 60 days after publication in the Federal Register (Docket No. FINCEN-2026-0034; RIN 1506-AB72) - which will probably be in mid-June. FinCEN has proposed an effective date 12 months after the issuance of a final rule.
Speaking of federal banking regulators, the Federal Deposit Insurance Corporation (FDIC), Office of the Comptroller of the Currency (OCC), and the National Credit Union Administration (NCUA) (“the Agencies”) issued a joint NPRM asking for comments on aligning the existing requirements for supervised institutions with the changes proposed by FinCEN. As described in the related press release, the Agencies’ NPRM is focused on not only ensuring “consistency between FinCEN’s and the Agencies’ separately authorized compliance program requirements,” but also to modernize and strengthen the AML/CFT regulatory framework. The Agencies’ NPRM has the same window for public comment – 60 days after publication in the Federal Register, or approximately mid-June.
Accordingly, the Agencies’ NPRM adds these concepts to how AML/CFT programs should work:
- As with FinCEN’s proposal, a bank’s AML/CFT program should be risk-based with the goal being to direct more attention to higher-risk customers and activities, rather than toward lower-risk customers and activities.
- Explicitly incorporating FinCEN’s existing customer due diligence requirements into the rules enforced by the Agencies and clarifying that a bank’s designated AML/CFT officer must be located in the United States.
- Clarify that banks may share any information with FinCEN, related to certain AML/CFT supervisory and enforcement actions and enhance FinCEN’s role in the Agencies’ supervision and enforcement process by “establishing a new consultation framework for certain actions by the Agencies.”
In effect, the two NPRMs are designed to work together in a manner that signals better coordination among FinCEN and the Agencies when it comes to AML/CFT enforcement, which will be a welcome change for the supervised institutions.