Compliance Journal April 2026
Special Focus Agencies Propose Revisions to BSA Rules In January 2021, Congress enacted the William M. (Mac) Thornberry National Defense Authorization Act, of which the Anti-Money Laundering Act (AML Act) was a component. With the passage of the AML Act, Congress stated that it was seeking to modernize and strengthen the AML/CFT regulatory framework, which had not seen comprehensive reform or modernization since the Bank Secrecy Act (BSA) was enacted in 1970. The Federal Deposit Insurance Corporation (FDIC) and Office of the Comptroller of the Currency (OCC) published a proposed rule in the Federal Register this month to amend regulations that prescribe anti-money laundering and countering the financing of terrorism (AML/CFT) program requirements for banks in a way that aligns with the rule concurrently proposed by the Financial Crimes Enforcement Network (FinCEN) under BSA. The agencies have proposed to amend their rules concurrently with FinCEN so that program requirements for banks remain consistent with those imposed by FinCEN. Further, with consistent regulatory text, banks will not be subject to additional burden or confusion from needing to comply with differing standards between FinCEN and the agencies. Through proposed rules, FinCEN and the agencies seek to make the changes intended by Congress. The following in an overview of key components from the proposed rules. FinCEN Proposed Rule The AML Act mandates that FinCEN establish public government-wide AML/CFT priorities and issue regulations incorporating the priorities into revised program requirements. FinCEN’s proposal requires financial institutions to review the AML/CFT Priorities (as that term is defined within the proposal) and, as appropriate, incorporate them into their risk assessment processes. Notably, financial institutions will not be required to incorporate the priorities into their risk-based AML/CFT programs until the final rule comes into effect. Establishing and Maintaining an AML/CFT Program The proposed rule also refocuses supervisory expectations on effectiveness by distinguishing between deficiencies stemming from the program’s design (“establishment”) on the one hand, or failures in the program’s operation (“maintenance”) on the other. Under the proposed rule, establishing a program would require a financial institution to design a risk-based AML/CFT framework incorporating four core required pillars: 1.
Internal policies, procedures, and controls including risk assessment processes and, when applicable, ongoing customer due diligence;
2.
Independent program testing;
3.
Designation of a U.S.-based compliance officer; and
4.
Ongoing employee training.
Establishing an AML/CFT program would also require keeping the program current as a financial institution’s risk profile evolves. Maintaining an AML/CFT program would require an institution to implement its program in all material respects, meaning to execute the program in practice.