FinCEN Moves to Overhaul AML Rules

FinCEN has proposed a sweeping rewrite of anti-money laundering and countering the financing of terrorism programme requirements that could materially reshape how financial institutions design, evidence and defend their compliance frameworks. Announced on 7 April 2026, the proposal is positioned as a fundamental reform of Bank Secrecy Act AML/CFT expectations, with Treasury arguing that firms should be judged less on process-heavy documentation and more on whether their controls are genuinely effective at detecting and disrupting illicit finance.

The central policy message is clear. Treasury and FinCEN want to move away from a regime that has often been criticised for rewarding volume, formality and procedural completeness over measurable outcomes. In practical terms, the proposal seeks to give institutions more latitude to build risk-based, reasonably designed AML/CFT programmes tailored to their own exposure profile, while also narrowing the scope for examiners and auditors to second-guess those judgements through subjective interpretation. That is a notable shift for banks and other covered firms that have long operated under supervisory pressure to over-document lower-risk activity in order to satisfy examination expectations.

A key feature of the proposal is its distinction between weaknesses in programme design and failures in implementation. That matters because it suggests a more calibrated supervisory model, where not every deficiency automatically carries the same weight or consequence. For regulated firms, this could eventually lead to more proportionate findings and a more defensible basis for allocating compliance resources. For supervisors, however, it also raises the bar on consistency, because they will need to show clearly whether a problem lies in the structure of a programme itself or in the way it has been executed.

The proposed rule also reinforces the idea that financial institutions are best placed to identify and assess their own illicit finance risks. That language is important. It signals a stronger expectation that firms will exercise judgement rather than simply follow prescriptive checklists. This could benefit institutions with mature enterprise-wide risk assessment capabilities, particularly those that have invested in customer segmentation, typology analysis, transaction monitoring optimisation and governance frameworks that align controls to specific threat vectors. At the same time, it may create pressure on weaker firms whose AML frameworks remain fragmented, overly manual or insufficiently linked to demonstrable risk rationale.

Another significant element is the attempt to refocus resources on higher-risk activity while reducing unnecessary burden on lower-risk areas. That will be attractive to industry, especially at a time when many institutions are managing rising compliance costs, technology change and supervisory scrutiny across sanctions, fraud and broader financial crime controls. The proposal suggests FinCEN is acknowledging a long-standing industry complaint that institutions are often compelled to spend disproportionate time evidencing compliance in ways that do little to improve threat detection. If finalised in its current direction, the rule could support a more strategic redeployment of compliance staff, analytics and testing capacity towards genuinely material risks.

The proposal also clarifies expectations around independent testing and audit functions, with the stated aim of preventing examiners and auditors from substituting their own judgement for a firm’s risk-based approach. This could prove especially consequential. Internal audit and independent testing have often become de facto channels through which conservative interpretations of regulatory expectations are imposed on the business. A clearer boundary around those functions may reduce defensive overreach, but it will not eliminate the need for strong challenge. Firms will still need robust governance, credible management information and well-supported risk decisions if they want supervisors to accept a more flexible model.

From a governance perspective, the proposal’s affirmation of FinCEN’s central role in AML/CFT supervision is also notable. The introduction of a notice and consultation framework between federal banking supervisors and FinCEN on significant supervisory actions points to a more formalised coordination model. That may help reduce inconsistency across agencies, which has been a recurring issue in US AML supervision. For firms, greater inter-agency alignment could improve predictability, although much will depend on how that framework operates in practice once enforcement and examination decisions are at stake.

The rule would also implement statutory changes introduced by the Anti-Money Laundering Act of 2020, while fully superseding FinCEN’s earlier proposed rule published on 3 July 2024. That reset is significant because it indicates Treasury wants a broader and more assertive policy redesign rather than an incremental update. In effect, FinCEN is trying to redefine what an effective AML/CFT programme looks like in supervisory terms, not merely adjust legacy rule text.

For banks, casinos, insurers, money services businesses, mortgage firms, dealers in precious metals and stones, and securities and futures firms, the proposal should be read as both an opportunity and a challenge. It offers the prospect of lower friction and more proportionate compliance expectations, but it also demands stronger articulation of risk appetite, control design and effectiveness. Institutions that cannot clearly explain why their AML/CFT framework is reasonably designed for their risk profile may find that a principles-based regime is no easier than a rules-based one.

The broader regulatory significance is that FinCEN is attempting to modernise US financial crime compliance at a time when policymakers increasingly want better outcomes from existing obligations rather than simply more reporting. If implemented well, the proposal could support a more intelligent and threat-led AML/CFT model. If implemented inconsistently, it risks creating a new layer of uncertainty around what effectiveness really means. Public comments are due by 9 June 2026, and the industry response is likely to focus heavily on whether the final rule delivers genuine supervisory discipline alongside the promised reduction in compliance burden.

Read the press release here.