Executive Update: FinCEN Proposed Rule Amending BSA/AML Program Requirements

FinCEN’s April 7, 2026, proposed rule is best understood as a structural reset of AML/CFT compliance under the Bank Secrecy Act, not just a technical update. FinCEN says the proposal is intended to “fundamentally reform” AML/CFT programs by shifting the regulatory and supervisory framework toward programs that are effective, risk-based, and reasonably designed, while also reducing unnecessary compliance burden.  

The rule would revise FinCEN’s regulations to implement statutory changes from the Anti-Money Laundering Act of 2020, and it fully supersedes FinCEN’s prior July 3, 2024 proposal, which FinCEN is withdrawing. 

The proposal marks a clear shift from check-the-box compliance to AML/CFT programs that are effective, risk-based, and reasonably designed: 

• Effectiveness over paperwork: Programs will be judged on their ability to identify, assess, and mitigate illicit finance risk, not on documentation volume.
• True risk-based compliance: Institutions should focus resources on higher-risk activity, guided by their own risk assessments.
• Less examiner second-guessing: Examiners and auditors should not override a financial institution’s risk-based, reasonably designed program.
• Stronger FinCEN role in supervision: Reinforces FinCEN’s central AML/CFT oversight, including consultation with banking regulators before major supervisory actions. 

The proposal maintains the core AML/CFT program structure while tightening expectations for program design and defense: 

• Standard reset: Programs must be effective, risk-based, and reasonably designed.
• Design vs. implementation: FinCEN distinguishes between flaws in program construction and flaws in execution.
• Updated bank requirements: Core AML pillars remain but now include risk assessments aligned with FinCEN priorities, ongoing customer due diligence, and a U.S.-based AML/CFT officer.
• Clearer governance: Programs must be approved by the board, governing body, or senior management to standardize oversight.
• Targeted supervisory consequences: Only significant or systemic failures in implementation should trigger major supervisory or enforcement actions. 

The proposal signals a shift in expectations for AML/CFT programs, emphasizing effectiveness, risk-based design, and stronger oversight: 

• Early regulatory signal: The proposed rule indicates the direction FinCEN and banking agencies want AML/CFT expectations to take.
• More flexibility, more accountability: Institutions may tailor programs to actual risk but must demonstrate defensible design, governance, and resource allocation.
• Supervisory impact likely largest: If finalized, the rule could significantly change how regulators evaluate programs and escalate deficiencies.
• Prepare now: Senior management should assess whether their current framework is clearly effective, risk-based, and well-governed, even before any redesign.  

The bottom line: FinCEN aims to rebalance the BSA regime—less rote compliance, more focus on risk judgment, governance, outcomes, and alignment with prudential supervisors. If largely adopted, the rule could be a major BSA/AML modernization, reshaping program requirements, examiner assessments, and enforcement timing for banks and other covered institutions.

Financial institutions shouldn’t rush a full redesign but should begin preparing. Senior management should assess if the program is clearly risk-based and effective, if risk assessments guide resources, if governance and testing support decisions, and whether to submit comments before finalization.

Treat this as an important forward-looking regulatory signal: more flexibility in theory, but also more accountability for proving that the AML/CFT program is well-designed, risk-based, and effective.