On April 7, 2026, the U.S. Treasury Department’s Financial Crimes Enforcement Network, known as FinCEN, issued a proposed rule designed to reform financial institutions’ anti-money laundering (AML) and countering the financing of terrorism (CFT) programs under the Bank Secrecy Act. The proposed rule is part of the Treasury Department’s efforts to modernize AML/CFT regulation and reduce compliance burdens. The proposal supersedes a previous proposal to revise AML/CFT program requirements published on July 3, 2024.
The proposed rule would require that financial institutions, including banks, mutual funds, broker-dealers, insurance companies and futures commission merchants, implement an AML/CFT framework that incorporates the following four core pillars:
- Internal policies, procedures and controls. A financial institution would be required to adopt and implement policies, procedures and controls reasonably designed to identify, assess and document the institution’s AML/CFT risks. Under this pillar, the financial institution would further be required to mitigate AML/CFT risks in accordance with the institution’s risk assessment process, which would include allocating appropriate attention and resources to “higher-risk” customers and activities. The requirement to conduct ongoing customer due diligence also would fall under this pillar.
- Independent program testing. The proposed rule would clarify that a financial institution must have an independent audit function that assesses whether the institution has effectively established and implemented an AML/CFT program that is consistent with its risk assessment process and has provided adequate resources to that program.
- Designation of a U.S.-based compliance officer. Among other things, the proposed rule would reflect the Bank Secrecy Act’s requirement that financial institutions designate an officer to be responsible for establishing, implementing and overseeing day-to-day compliance with Bank Secrecy Act requirements. The officer would have to be located in the United States and accessible to FinCEN and other federal regulators.
- Ongoing employee training. The proposed rule would adopt a standardized training requirement that implements the Bank Secrecy Act’s statutory language for an ongoing employee training program. The requirement would provide flexibility to allow a financial institution to tailor the training program to its own internal controls, risk assessment results and regulatory requirements.
The proposed rule would require that financial institutions maintain written AML/CFT programs that are available upon request by FinCEN and other federal regulators. The proposal also would require that a financial institution’s AML/CFT program be approved by the institution’s board of directors, an equivalent governing body or appropriate senior management.
Under the proposal, if a financial institution has effectively established a program that conforms to the requirements summarized above, the institution generally would not be subject to an enforcement or a significant supervisory action, absent a significant or systemic failure to maintain the program. As proposed, federal banking supervisors would generally have to give FinCEN’s director 30 days’ advance written notice before initiating a significant supervisory action. When determining whether to pursue an enforcement or supervisory action (including a supervisory action proposed by a federal banking supervisor), FinCEN’s director would consider, among other things, the adequacy of the financial institution’s AML/CFT program, the extent to which the institution advances AML/CFT priorities by sharing information with appropriate authorities and whether the institution employs innovative tools such as artificial intelligence in the implementation of its AML/CFT program.
Comments on the proposed rule must be received by June 9, 2026.
Information about the proposed rule is available here.
