Hro Banner
April 10, 2026

Federal Regulators Propose Sweeping Overhaul of AML/CFT Program Requirements

Executive Summary

  • On April 7, 2026, the Federal Deposit Insurance Corporation (FDIC), the Office of the Comptroller of the Currency (OCC), and the National Credit Union Administration (NCUA) jointly invited public comment on a proposed rule to amend requirements for their supervised institutions to establish and maintain effective risk-based anti-money laundering and countering the financing of terrorism (AML/CFT) programs designed to identify, assess, and mitigate risks of illicit finance.[1]
  • The amendments are intended to align each agency’s AML/CFT rules with changes concurrently proposed by the U.S. Department of Treasury’s Financial Crimes Enforcement Network (FinCEN).[2]
  • The proposed rulemakings are part of a broader U.S. Treasury Department effort to modernize the AML/CFT regulatory and supervisory framework to better achieve the purposes of the Bank Secrecy Act (BSA) by moving towards greater effectiveness in identifying and reporting illicit finance risks (versus overly focusing on process).[3]
  • The amendments constitute the most consequential AML reform in decades, with both compliance burdens and enforcement implications. If adopted, the amendments would require covered institutions (national banks and federal savings associations, including community banks, FDIC-supervised institutions, and federally insured credit unions) to modify their AML/CFT programs to integrate the new priorities into their risk assessment processes and enforcement framework.
  • Comments are due 60 days after publication in the Federal Register.[4]

 

I.              Scope of the Proposal

The proposals call for significant changes to the regulatory framework governing how financial institutions design and implement their AML/CFT programs, moving away from a process-heavy focus to one prioritizing strengthening the effectiveness and efficiency of compliance programs.  Treasury Secretary Scott Bessent framed the motivation: “For too long, Washington has asked financial institutions to measure success by the volume of paperwork rather than their ability to stop illicit finance threats.”[5]  The proposed rulemaking would encourage banks to allocate resources to higher-risk activities instead of minor ones, as Trump-era regulators shift supervision toward “core financial risks” rather than process-related items and promote greater consistency in how financial institutions are evaluated for effectiveness.[6]

Under the proposed rule, covered institutions would be required to establish and maintain AML/CFT programs reasonably designed to identify, assess, and mitigate risks of illicit finance through: (1) a risk-based set of policies, procedures, and controls; (2) independent testing; (3) the appointment of an individual responsible for establishing and implementing the AML/CFT programs who must be U.S.-based and accessible to regulators; and (4) an employee training program.[7]  A bank’s AML/CFT program would be deemed “effective” if it is: (1) established in accordance with the proposed rule’s requirements and (2) implemented in all material respects.[8]

The proposed amendments would apply to all national banks and all federal savings associations, including community banks as well as FDIC-supervised institutions and federally insured credit unions.[9]

II.             Key Changes to AML/CFT Program Requirements

A.            Revised Enforcement Standard — A Significant Shift

Perhaps most significantly, banking regulators would be limited in their enforcement powers and restricted to bringing certain supervisory and enforcement actions “only for the most serious deficiencies in the bank’s implementation of its program.”[10]  Under the new rules, only “significant or systemic failures” by a financial institution to implement a properly established AML/CFT program would warrant an enforcement action or a significant supervisory action.[11] https://bankingjournal.aba.com/2026/04/fincen-banking-agencies-propose-to-overhaul-bank-secrecy-act-compliance/ This is a notable departure from prior practice, which offered little relief from enforcement actions based on technical or isolated deficiencies.

B.            Codified Risk-Based Approach and Mandatory Risk Assessment Process

The proposed changes require banks to have a “risk-based” AML/CFT program, allowing banks to direct more attention and resources toward higher-risk customers and activities, consistent with the risk profile of the institution.[12]

Moreover, the proposed rules use consistent language to require risk assessment processes as part of a financial institution’s internal policies, procedures, and controls.  These risk assessment processes have to: (1) evaluate the money laundering and terrorist financing (ML/TF) risks of the financial institution’s business activities, including products, services, distribution channels, customers, and geographic locations; (2) review and, as appropriate, incorporate the AML/CFT priorities; and (3) be updated promptly upon any change that the financial institution knows or has reason to know significantly changes the institution’s ML/TF risks.[13]

C.            Enhanced FinCEN Role in Supervision

The proposed rules affirm FinCEN’s central role in AML/CFT supervision by establishing a new notice and consultation framework for the initiation of an AML/CFT enforcement action or a significant AML/CFT supervisory action.[14]  For the first time, federal banking regulators would be required to consult with FinCEN prior to taking certain types of supervisory or enforcement actions related to AML/CFT bank programs and to provide the Director of FinCEN with an opportunity to review the action and consider any input offered.[15]  Once a bank has properly established an AML/CFT program, bank regulators would be able to bring certain supervisory or enforcement actions only for the “most serious” deficiencies in the bank’s implementation of its program.[16]  The rules also clarify that banks may share any information with FinCEN related to certain AML/CFT supervisory and enforcement actions.[17]

D.            Explicit CDD Integration

The proposed rules explicitly incorporate customer due diligence (CDD) requirements that are currently set forth in FinCEN’s parallel regulations, harmonizing the requirements between the regulations.[18]

E.            Compliance Officer Requirements

The rules would clarify that a bank’s designated AML/CFT officer must be located in the U.S. and accessible to regulators.[19]  Options for the program’s approval requirement would be expanded to include not just a supervised bank’s board but also an equivalent governing body within the bank or appropriate senior management.[20]

F.            Independent Testing

The proposed rules retain the BSA requirement that financial institutions have an independent audit function to test their AML/CFT programs.[21]  Independent testing would be based on objective criteria designed to assess whether a financial institution has effectively established, implemented, and resourced an AML/CFT program consistent with its risk assessment processes.  The testing would be required to assess compliance, focus on program effectiveness, be conducted by individuals or parties who are truly independent of the AML/CFT program, and avoid conflicts of interest.[22]  Financial institutions would retain flexibility in how they meet this requirement.[23]

III.           How Financial Institutions Should Best Prepare

  • Assess your current risk assessment framework: Evaluate whether existing policies and processes adequately incorporate FinCEN’s national AML/CFT priorities and are documented in a manner that will satisfy new requirements.
  • Review resource allocation: Review whether compliance resources are appropriately weighted toward higher-risk customers and activities, with the shift to a risk-based model creating both an opportunity and an obligation to restructure programs.
  • Revisit CDD policies and procedures: Confirm that CDD protocols align with the new standard, and identify any gaps between current practices and the proposed harmonized requirements.
  • Evaluate your compliance officer structure: Confirm U.S. location and regulator accessibility and consider whether board-level program approval remains the appropriate governance model or whether senior management approval better fits your institution.
  • Understand the new enforcement threshold: The “significant or systemic failure” standard may reduce certain enforcement risks, but institutions should be cautious not to interpret this as reduced compliance expectations—robust programs remain essential.
  • Engage in the comment process: The 60-day comment window is an important opportunity; institutions with views on ambiguous definitions (e.g., “significant or systemic failure”), the scope of FinCEN’s expanded supervisory role, or the risk-tiering framework should consider submitting comments.
  • Monitor FinCEN’s AML/CFT priorities: As these priorities are now embedded in program establishment requirements, staying current on any updates will be operationally critical.
  • Consider cross-agency implications: Institutions supervised by multiple agencies should assess whether the joint rule creates any inconsistencies or coordination challenges in their compliance programs.

 

Conclusion

The proposed rule changes, if enacted, will represent a meaningful practical and philosophical shift in AML/CFT regulation, moving enforcement priorities and, in turn, compliance programs from process-driven to outcome-focused compliance.  Early preparation is advisable for covered institutions even while the rule remains in proposed form given the significance of the structural changes involved.  As the enforcement landscape continues to evolve and we continue monitoring these proposed rule updates and reactions, please reach out to the contacts below with any questions or for assistance in submitting comments.

Click here to download this article.

[1]       Press Release, National Credit Union Administration, Agencies Request Comment on Anti-Money Laundering / Countering the Financing of Terrorism Proposed Rule (April 7, 2026), https://ncua.gov/newsroom/press-release/2026/agencies-request-comment-anti-money-laundering-countering-financing-terrorism-proposed-rule.

[2]       FinCEN’s Notice of Proposed Rulemaking is available here: https://www.govinfo.gov/content/pkg/FR-2026-04-10/pdf/2026-07033.pdf.

[3]       American Bankers Association, FinCEN, Banking Agencies Propose to Overhaul Bank Secrecy Act Compliance, ABA Banking Journal (April 7, 2026), https://bankingjournal.aba.com/2026/04/fincen-banking-agencies-propose-to-overhaul-bank-secrecy-act-compliance/.

[4]       Docket No. FINCEN-2026-0034; RIN 1506-AB72; see fn. 1.

[5]       See fn. 3.

[6]       Megan Howard and Katanga Johnson, US Regulators Propose Overhaul for Anti-Money Laundering Rules, Bloomberg (April 7, 2026), https://www.bloomberg.com/news/articles/2026-04-07/us-regulators-propose-overhaul-for-anti-money-laundering-rules.

[7]       FDIC, Issuance of a New Anti-Money Laundering (AML)/Countering the Financing of Terrorism (CFT) Program Requirements Notice of Proposed Rulemaking (April 7, 2026), https://www.occ.gov/news-issuances/bulletins/2026/bulletin-2026-11.html.

[8]       Id.; see also FinCEN, Fact Sheet: Proposed Rule to Fundamentally Reform Financial Institution AML/CFT Programs (April 7, 2026), https://www.fincen.gov/system/files/2026-04/Program-NPRM-FactSheet.pdf.

[9]       OCC Bulletin 2026-11, Anti-Money Laundering and Countering the Financing of Terrorism Program Requirements: Notice of Proposed Rulemaking (April 7, 2026), https://www.occ.gov/news-issuances/bulletins/2026/bulletin-2026-11.html.

[10]     FinCEN, Key Changes in FinCEN’s Proposed Rule to Refocus AML/CFT Programs on Higher-Risk Activity While Reducing Unnecessary Burden (April 7, 2026), https://www.fincen.gov/system/files/2026-04/Key-Changes-Program-NPRM.pdf.

[11]     American Bankers Association, FinCEN, Banking Agencies Propose to Overhaul Bank Secrecy Act Compliance, ABA Banking Journal (April 7, 2026), https://bankingjournal.aba.com/2026/04/fincen-banking-agencies-propose-to-overhaul-bank-secrecy-act-compliance/.

[12]     Press Release, National Credit Union Administration (NCUA), Agencies Request Comment on Anti-Money Laundering / Countering the Financing of Terrorism Proposed Rule (April 7, 2026), https://ncua.gov/newsroom/press-release/2026/agencies-request-comment-anti-money-laundering-countering-financing-terrorism-proposed-rule.

[13]     FinCEN, Fact Sheet: Proposed Rule to Fundamentally Reform Financial Institution AML/CTF Programs (April 7, 2026), https://www.fincen.gov/system/files/2026-04/Program-NPRM-FactSheet.pdf.

[14]     See fn. 9.

[15]     See fn. 9.

[16]     See fn. 10.

[17]     See fn. 7.

[18]     See fn. 9.

[19]     See fn. 7.

[20]     Id.

[21]     See fn. 13.

[22]     Id.

[23]     Id.

 

Contributors

Marina Torres
Marina Torres Partner Los Angeles
Patrick Hanchey
Patrick Hanchey Partner Dallas
Nan I Chen
Nan-I Chen Partner New York
Jason Linder
Jason Linder Partner Los Angeles, Washington
Juliet Gunev
Juliet Gunev Partner Los Angeles
Sonali Patel
Sonali Patel Partner Washington

Related By Contributors

New Post

SEC Enforcement | Enforcement Manual Update

March 25, 2026 Insight

One Size Fits All: DOJ’s First Department-Wide Corporate Enforcement Policy

March 13, 2026 Insight

White House Announces New Fraud Division at DOJ

January 9, 2026 Insight

Related by Topic

New Post

FINRA fines investment app operator for AML and identity theft failures

March 27, 2026 News Alert
New Post

SEC Enforcement | Enforcement Manual Update

March 25, 2026 Insight
New Post

Update: Texas Federal Court Vacates FinCEN’s Real Estate Disclosure Rule

March 24, 2026 Insight