Insights

  • Home
  • Insights
  • Modernizing AML/CFT: FinCEN Proposes Fundamental Reforms to Program Requirements

Share

Modernizing AML/CFT: FinCEN Proposes Fundamental Reforms to Program Requirements

May 2026 Commentary

In Short

 

The Situation: On April 7, 2026, the Financial Crimes Enforcement Network ("FinCEN") issued a Notice of Proposed Rulemaking ("NPRM") to fundamentally reform anti-money laundering and countering the financing of terrorism ("AML/CFT") program requirements under the Bank Secrecy Act ("BSA"). The Federal Deposit Insurance Corporation ("FDIC"), National Credit Union Administration ("NCUA"), and Office of the Comptroller of the Currency ("OCC") issued a joint NPRM to implement and remain consistent with FinCEN's proposed changes.

 

The Change: The proposed rules would: (i) establish a two-tiered enforcement framework distinguishing program establishment from implementation; (ii) reorient compliance requirements toward a risk-based approach; (iii) expand FinCEN's oversight role; and (iv) recognize innovative technologies and law enforcement cooperation as mitigating factors when considering enforcement actions.

 

Looking Ahead: Interested parties may submit comments through June 9, 2026. While promising, whether the proposed rules will enhance effectiveness while improving efficiency will depend on implementation.

FinCEN's proposed rule applies to financial institutions, including banks. The agencies' joint NPRM applies only to banks. The Federal Reserve Board did not join the joint NPRM. The proposed rules move regulations toward an effectiveness-oriented approach.

 

Key provisions include:

 

Two-Tiered Framework. The rules would distinguish a bank's AML/CFT program establishment and implementation. A bank would need to first establish an AML/CFT program. That program would incorporate:

  • Risk-based internal policies and controls;
  • Independent testing;
  • Designation of a U.S.-based AML/CFT officer; and
  • An ongoing employee training program.

The bank would then implement that program "in all material respects." Only significant or systemic implementation failures would warrant enforcement or significant supervisory actions.

 

Risk-Based Approach. The proposed rules would require AML/CFT programs to direct greater attention and resources toward higher-risk customers and activities consistent with each institution's risk profile. Banks would be required to establish risk assessment procedures to evaluate their business activities for money laundering and terrorist financing risks. Banks would evaluate products and services, distribution channels, customers, and geographic locations. Banks would also incorporate Treasury Department AML/CFT priorities. While banks would retain significant flexibility in risk identification and resource allocation, they should develop well-documented and analytically rigorous risk assessment processes. This would ensure their determinations are defensible; it is important because risk-based approaches have led to disagreements between regulators and banks in the past.

 

Expanded FinCEN Role. The proposed rules would increase FinCEN's supervisory and enforcement role. Under the joint NPRM, agencies would provide the FinCEN director an opportunity to review before initiating enforcement or significant supervisory actions with at least 30 days' notice. The FinCEN director would consider factors, including:

  • The four statutory factors required by the AML Act;
  • The bank's contributions to AML/CFT priorities;
  • The bank's use of innovative compliance tools; and
  • Any other factors the FinCEN director may deem appropriate.

Additionally, the proposed rules would clarify that banks may share information with the FinCEN director relating to existing or potential actions, including otherwise nonpublic information. FinCEN will need significant additional resources and staff expertise to fulfill this expanded role on a rolling basis across multiple agencies.

 

Mitigating Factors. The proposed rules would recognize two notable mitigating factors in enforcement decisions:

  • Providing highly useful information to law enforcement; and
  • Using innovative technologies, such as artificial intelligence, machine learning, digital identity, blockchain analytics, and application programing interfaces.

Banks responsibly incorporating innovative technologies would not face additional enforcement risk solely for using those tools. However, these factors should be viewed as important considerations that may influence regulator behavior, not as safe harbors. The joint NPRM acknowledges that adopting new technologies may not be suitable for all banks, particularly smaller ones, and does not require the use of any particular technology.

Three Key Takeaways

  1. Banks should evaluate the proposed framework's implications for their existing AML/CFT programs and consider submitting comments before the June 9, 2026, deadline.
  2. The two-tiered enforcement framework may benefit banks, but banks should not become complacent once their program is "established"—the proposed rules would create an ongoing obligation to refresh the program as risks change.
  3. By further emphasizing a risk-based approach, the proposed rules may lead to enhanced scrutiny of risk assessments. Banks should invest in well-documented risks assessments that support reallocation of resources from low to high-risk uses.
Insights by Jones Day should not be construed as legal advice on any specific facts or circumstances. The contents are intended for general information purposes only and may not be quoted or referred to in any other publication or proceeding without the prior written consent of the Firm, to be given or withheld at our discretion. To request permission to reprint or reuse any of our Insights, please use our “Contact Us” form, which can be found on our website at www.jonesday.com. This Insight is not intended to create, and neither publication nor receipt of it constitutes, an attorney-client relationship. The views set forth herein are the personal views of the authors and do not necessarily reflect those of the Firm.
Contributors
You May Also Be Interested In

January 15, 2026 Firm Hosted

2026 Public Company Speaker Series

April 30, 2026 Commentary

Mexico Unlocks Private Investment in Strategic Infrastructure

April 28, 2026 Podcast

JONES DAY TALKS®: A View from the Inside: A Conversation with Koch’s Nick Hoffman on the State of the Venture Market

April 22, 2026 Commentary

U.S. Banking Agencies Propose Sweeping Overhaul of Capital Framework - Part II: Category III and IV Banking Organizations

Before sending, please note:

Information on www.jonesday.com is for general use and is not legal advice. The mailing of this email is not intended to create, and receipt of it does not constitute, an attorney-client relationship. Anything that you send to anyone at our Firm will not be confidential or privileged unless we have agreed to represent you. If you send this email, you confirm that you have read and understand this notice.