FINCEN Rule Making Proposals on Effectiveness, Risk-Based Programs, and National Priorities: Potential Global Reach and Implications

FINCEN Rule Making Proposals on Effectiveness, Risk-Based Programs, and National Priorities: Potential Global Reach and Implications

In April 2026, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (“FinCEN”) issued a proposed rule that could reshape how anti-money laundering and countering the financing of terrorism (“AML/CFT”) programs are designed, supervised, and evaluated in the United States of America (USA). The proposal marks a shift from process-driven compliance to outcome-driven effectiveness.

For years, financial institutions focused heavily on demonstrating technical compliance with the Bank Secrecy Act (“BSA”). FinCEN now proposes that institutions should instead demonstrate that their AML/CFT programs work in identifying and mitigating illicit finance risks. This proposal has implications beyond the USA.

Foreign financial institutions that depend on USA correspondent banking relationships may face increased scrutiny from USA correspondent banks seeking assurance that their overseas partners operate effective and risk-based AML/CFT programs.

Summary of the Proposed Rule

The proposed rule, published in the Federal Register on April 10, 2026, seeks to modernize AML/CFT obligations under the BSA and implement provisions of the Anti-Money Laundering Act of 2020.

Core Themes

Focus on Effectiveness

FinCEN proposes that AML/CFT programs should be assessed based on outcomes rather than paperwork volume. The proposal recognizes that:

  • No institution can detect every illicit transaction.
  • Filing high volumes of Suspicious Activity Reports (SARs”) does not necessarily equal effectiveness.
  • Institutions should focus resources where risks are highest.

 

Strengthening Risk-Based Compliance

Financial institutions would need to:

  • Identify and document money laundering and terrorist financing risks.
  • Allocate compliance resources according to risk.
  • Reduce unnecessary focus on lower-risk activity.
  • Continuously update risk assessments as risks evolve.

 

Integration of National AML/CFT Priorities

Institutions would need to review and incorporate national AML/CFT priorities into their risk assessment processes. This is one of the most significant aspects of the proposal.

Distinguishing Design Failures from Implementation Failures

FinCEN proposes a distinction between:

  • A poorly designed AML/CFT program.
  • Isolated operational or implementation deficiencies.

The proposal suggests that only significant or systemic implementation failures should trigger major supervisory or enforcement actions once a properly designed program exists.

Increased Supervisory Coordination

The proposal gives FinCEN a larger role in supervisory actions involving banks.

Federal banking agencies would consult with FinCEN before significant AML/CFT supervisory actions are taken.

Proposed Rules and Their Intended Effect

Proposed Rule / Reform

Description

Intended Effect According to FinCEN

Effectiveness Standard

AML/CFT programs evaluated on effectiveness rather than procedural compliance alone

Shift focus toward meaningful detection and mitigation of illicit finance

Risk-Based Resource Allocation

Institutions direct greater resources toward higher-risk customers and activity

Reduce unnecessary burden on low-risk activity and improve risk targeting

Mandatory Risk Assessment Processes

Institutions must identify, assess, and document ML/TF risks

Ensure programs are tailored to actual institutional risk exposure

Incorporation of National AML/CFT Priorities

Institutions must review and incorporate FinCEN AML/CFT priorities into risk assessments

Align private sector controls with national security and law enforcement concerns

Ongoing Program Updating Requirement

Programs must evolve as institutional risks change

Prevent outdated compliance frameworks

Distinction Between Design and Implementation Deficiencies

Enforcement focus shifts toward systemic failures rather than isolated technical deficiencies

Create supervisory consistency and reduce punitive treatment for minor issues

Clarified Independent Testing Expectations

Auditors and examiners should not substitute their judgment for institutional risk decisions

Reinforce institutional ownership of risk-based decision-making

Increased FinCEN Supervisory Role

FinCEN consultation required before significant AML/CFT supervisory actions

Promote consistency in supervisory outcomes

Emphasis on Reasonably Designed Controls

Programs must be reasonably designed based on risk profile

Encourage practical and proportionate compliance frameworks

Source: Federal Register Proposed Rule and FinCEN Fact Sheet.

Implications for Financial Institution Compliance Programs

The proposal could materially alter how institutions structure AML/CFT governance, operations, technology, and oversight.

Risk Assessments Become the Foundation of the AML Program

Historically, many institutions treated the risk assessment as a supporting document.

Under the proposed framework:

  • The risk assessment becomes the driver of the entire AML/CFT program.
  • Monitoring rules, customer due diligence, staffing, alert thresholds, and escalation procedures must align with documented risks.

Institutions may now need to demonstrate:

  • Why certain customers are classified as low risk.
  • Why resources were allocated to one risk area over another.
  • Why certain monitoring thresholds exist.

This creates pressure for:

  • Better data governance.
  • Stronger documentation standards.
  • Greater board oversight.

A key question emerges:

Can the institution clearly explain why its AML resources are deployed the way they are?

Effectiveness Metrics Will Gain Importance

Compliance teams may increasingly need measurable indicators of effectiveness.

Potential metrics include:

  • Alert-to-SAR conversion rates.
  • Investigation timeliness.
  • Backlog levels.
  • SAR usefulness.
  • Repeat suspicious activity trends.
  • False positive ratios.

Institutions may face challenges proving effectiveness where:

  • Legacy monitoring systems generate excessive false positives.
  • Staffing shortages create investigation delays.
  • Risk assessments are outdated.

The proposal implicitly pushes institutions toward:

  • Data analytics.
  • Model optimization.
  • Risk segmentation.
  • Dynamic transaction monitoring.

 

National Priorities Must Be Embedded into Risk Frameworks

This proposal specifically requires institutions to review and incorporate AML/CFT priorities into their risk assessment processes.

This is the proposal that most directly integrates national priorities into the risk-based framework.

Institutions may therefore need to:

  • Map national priorities against products, services, customers, and geographies.
  • Update enterprise-wide risk assessments.
  • Adjust monitoring typologies.
  • Revise training content.
  • Reprioritize investigative resources.

Examples of national priorities may include:

  • Corruption.
  • Cybercrime.
  • Human trafficking.
  • Proliferation financing.
  • Transnational organized crime.

This could increase expectations for strategic intelligence functions within compliance departments.

Governance Expectations Will Increase

Boards and senior management may face greater scrutiny regarding:

  • Risk appetite.
  • Resource allocation.
  • Program effectiveness.
  • Escalation management.

A compliance program that exists on paper but lacks operational effectiveness may no longer satisfy supervisory expectations.

This raises practical questions:

  • Does the board understand the institution’s ML/TF risks?
  • Can management explain residual risk exposure?
  • Are risk decisions documented and defensible?

 

Independent Testing May Change

The proposal discourages examiners and auditors from imposing subjective views over institutional risk judgments.

This may:

  • Increase flexibility for institutions.
  • Increase responsibility for institutions.

Internal audit functions may need:

  • Stronger risk expertise.
  • Better understanding of model governance.
  • Enhanced capability to test effectiveness rather than checklist compliance.

 

Potential Extraterritorial Implications for Foreign Financial Institutions

Although the proposed rules apply to U.S. financial institutions, the practical impact may extend globally.

This is especially relevant for:

  • Foreign banks.
  • Money service businesses.
  • Securities firms.
  • Payment providers.
  • Fintechs maintaining U.S. correspondent banking access.

 

Correspondent Banking Relationships Will Likely Tighten

U.S. correspondent banks operate under their own regulatory obligations. If U.S. institutions must demonstrate effective AML/CFT programs, they may:

  • Increase scrutiny of respondent banks.
  • Demand stronger evidence of AML effectiveness.
  • Reassess relationships with institutions viewed as weak or opaque.

Foreign institutions may therefore encounter:

  • Enhanced due diligence requests.
  • More detailed questionnaires.
  • Requests for effectiveness metrics.
  • Increased onsite reviews.
  • Greater pressure regarding remediation timelines.

The underlying concern for U.S. correspondent banks is straightforward:

Can they demonstrate that their foreign counterparties do not expose them to unacceptable illicit finance risk?

Risk-Based Expectations May Cascade Globally

Many foreign institutions already align with:

  • Financial Action Task Force recommendations.
  • Basel Committee guidance.
  • Wolfsberg principles.

However, the FinCEN proposal sharpens focus on demonstrable effectiveness.

Foreign institutions may increasingly need to show:

  • Evidence-based risk assessments.
  • Outcome-driven monitoring.
  • Effective governance structures.
  • Alignment between risks and controls.

This may affect institutions operating in:

  • Higher-risk jurisdictions.
  • Cash-intensive economies.
  • Weak regulatory environments.
  • Countries with strategic AML deficiencies.

 

De-Risking Pressures Could Increase

Correspondent banks may become more selective.

Foreign institutions unable to demonstrate effective AML/CFT controls may face:

  • Relationship restrictions.
  • Increased compliance costs.
  • Transaction limitations.
  • Account closures.

Smaller institutions may face the greatest challenge.

This is particularly relevant for:

  • Caribbean financial institutions.
  • Remittance-focused entities.
  • Smaller money service businesses.

An important policy question arises:

Could effectiveness-based supervision unintentionally accelerate financial exclusion and correspondent banking withdrawal in smaller markets?

FinCEN itself acknowledged concerns surrounding de-risking and access to financial services in the proposal.

Increased Demand for Documentation and Demonstrable Outcomes

Foreign institutions may increasingly need to provide:

  • Enterprise-wide risk assessments.
  • AML governance frameworks.
  • Audit reports.
  • Independent testing results.
  • SAR quality metrics.
  • Training evidence.
  • Monitoring methodology documentation.

Correspondent banking reviews may evolve from:

  • “Do you have an AML program?”
    to:
  • “Can you prove your AML program works?”

 

Summary Takeaways

The FinCEN proposal represents a major evolution in AML/CFT supervision.

The proposal shifts focus:

  • From process to outcomes.
  • From volume to effectiveness.
  • From generic controls to risk-based allocation.
  • From static compliance to dynamic risk management.

The proposal requiring incorporation of national AML/CFT priorities into institutional risk assessments may become one of the most influential aspects of the framework.

For U.S. institutions:

  • Risk assessments become central.
  • Governance expectations rise.
  • Effectiveness must be demonstrable.

For foreign institutions:

  • Correspondent banking scrutiny may intensify.
  • U.S. banking partners may demand stronger evidence of AML/CFT effectiveness.
  • Global expectations around effectiveness-based compliance may expand beyond U.S. borders.

The broader implication is clear:

AML/CFT compliance may increasingly be judged not by how much activity institutions review, but by how effectively they identify, manage, and mitigate illicit finance risk.

Author: Fabian E. Sanchez, JP | LinkedIn CIPM, Intl. Dip. AML, CAMS, CIRM, MBA, BBA 

fsanchez@fabian-sanchez.com