On April 7, FinCEN announced a proposed rule that would significantly revise anti-money laundering and countering the financing of terrorism (AML/CFT) program requirements for financial institutions under the Bank Secrecy Act.
The proposal is framed as a broader effort to modernize AML/CFT compliance and supervision, reduce unnecessary compliance burden, and shift attention away from technical process issues and toward program effectiveness. FinCEN also states that the rule would supersede its July 2024 AML/CFT program proposal. Specifically, the proposal would:
- Require “effective” AML/CFT programs. FinCEN would formally distinguish between establishing an AML/CFT program and maintaining it through implementation in all material respects, with that distinction carrying particular significance for bank supervision and enforcement.
- Emphasize risk-based resource allocation. Financial institutions would be expected to direct more attention and resources to higher-risk customers and activities, consistent with their risk profiles, rather than devoting the same level of effort to lower-risk areas.
- Require documented risk-assessment processes. As part of their internal policies, procedures, and controls, institutions would need processes to assess money-laundering and terrorist-financing risks, review and appropriately incorporate AML/CFT priorities, and update those processes when risk profiles materially change.
- Expand FinCEN’s role in bank supervision. For banks, the proposal would require federal banking agencies to provide FinCEN notice and an opportunity to consult before taking certain significant AML/CFT supervisory actions.
Putting It Into Practice: This proposal continues a broader trend of federal agencies revisiting supervisory frameworks and recalibrating how compliance obligations are evaluated (previously discussed here and here). If adopted, the rule could affect how banks, fintechs, money services businesses, broker-dealers, and other covered entities design AML/CFT programs, allocate compliance resources, document risk judgments, and respond to supervisory findings. Institutions should consider reviewing current AML/CFT program governance, risk-assessment processes, and escalation frameworks now so they are better positioned to evaluate the proposal and prepare comments or implementation updates as necessary.
