On April 7, 2026, FinCEN released a proposed rule that will eventually lead to a (hopefully) different approach to the way AML compliance programs are critiqued by federal and state regulators.   The comment period on the rule ends in June 2026 and the final rule would take effect 12 months after publication (April 2027).  

A reading of the proposed rule shows that the way AML programs will be evaluated in the future will turn the examination process on its head.  In the past, individual excepto0ns or findings were the focus of examination comments and in many cases, lead to enforcement actions.  While an overall program was considered satisfactory, individual findings, such as failure to file a SAR or inadequate EDD on a high-risk client could result in a C & D.  The new approach will focus on the overall structure and effectiveness of the AML program.  This approach would mean that the previously mentioned findings would still be recorded but based upon the structure and overall effectiveness of the program might be considered observations for management correction.  

The rule establishes two central considerations for evaluation of an AML compliance program.  The first consideration is whether the program is complete “established”.  The second consideration is whether the program is fully implemented “effective”.  In subsequent blogs we will detail the specifics of the definition of established and effective programs.  

There are a few changes that are noteworthy in the proposed rule: 

  1. Risk assessments- under the rule, risk assessments would become a regulatory requirement rather than its status as a custom or a best practice. The risk assessment should be comprehensive and dynamic.  It is the risk assessment that should drive the scope of direction of the AML compliance program  
  2. Expectation that AML programs are risk based- The rule would require that the most attention and resources available  in the program are directed at the highest-risk customers.  This requirement will greatly increase the importance of the risk assessment process. 
  3. FinCEN’s AML/CFT priorities- The rule will require that on a regular basis, the Compliance Officer will review the published priorities of FinCEN and incorporate those priorities into ongoing analysis of the customer base
  4. Scope of independent reviews- The rule establishes that the scope of the independent review should be a determination that the AML program is established and implemented its program in an effective manner.
  5. US Based Compliance Officer – The rule requires that all institutions have a US based- Compliance Officer who is ultimately responsible for administrating the program.  This doesn’t mean that the compliance team has to be in the US, but the Compliance Officer does.
  6. Enforcement actions- The new rule will elevate the use of enforcement actions by FinCEN to cases, where there is systemic failure.  Individual findings and deficiencies will be directed to management for review and correction.  

Ultimately, the goal of the new rule is to let the financial institutions “cook” as long as they can demonstrate that they understand their customers, their markets and the risks inherent in business operations.   This is not to say that all bets are off.  In fact, in many respects, the weight of risks is being shifted onto management of financial firms.  In the event that the examination finds systemic issues, it is Compliance Officer and the management of the institution that will be held accountable.    

In subsequent blogs, we will discuss specific aspects of the new rule as well as focus on best practices to prepare for the changes in focus. 

***For More Information on aligning your Compliance Department with risk, please visit www.VCM4you.com ***