FinCEN Proposes Major Overhaul of AML/CFT Program Requirements for MSBs
Comment Period Open
Public comments on this proposed rule are due June 9, 2026. Submit comments at regulations.gov under Docket FINCEN-2026-0034.
What Is Being Proposed
On April 10, 2026, the Financial Crimes Enforcement Network (FinCEN) published a proposed rule that would replace the entire text of 31 CFR 1022.210 — the regulation that defines what an MSB's AML/CFT compliance program must include. The proposal appears in the Federal Register at 91 FR 18704, under Docket FINCEN-2026-0034 (RIN 1506-AB72).
If adopted as proposed, the new framework would shift BSA compliance from a process-based checklist approach to an effectiveness-based standard that prioritizes risk intelligence and measurable results. The final rule would take effect twelve months after publication.
Key Changes for MSBs
1. Two-Prong Effectiveness Test
The proposal replaces the current single standard with a two-part test. MSBs must (1) establish a properly designed program with all required components, and (2) maintain it by implementing it in all material respects. This distinction means a well-designed program with an isolated execution lapse would be treated differently from a program that was never properly designed.
2. Explicit Risk Assessment Requirement
Risk assessment becomes a documented, mandatory obligation. The current rule implies the need for risk assessment but never uses the term. The proposed rule requires MSBs to evaluate money laundering and terrorist financing risks across five dimensions: products and services, distribution channels, customers, geographic locations, and business activities.
3. National Priorities Integration
MSBs must review FinCEN's national AML/CFT Priorities and incorporate them into their risk assessment where appropriate. The rule uses the phrase "as appropriate," recognizing that not all priorities apply to every MSB type.
4. Elevated Compliance Officer Role
The compliance officer's mandate expands from "assuring day-to-day compliance" to establishing, implementing, coordinating, and monitoring the entire AML/CFT program. The specific duty list is removed. The officer must be located in the United States and accessible to FinCEN and its designees.
5. Risk-Based Resource Allocation
The proposal explicitly instructs MSBs to direct more attention and resources toward higher-risk customers and activities, and fewer resources toward lower-risk ones. Controls must be "reasonably designed" — proportionate to the MSB's risk profile, size, and operational complexity.
6. Tightened Testing Independence
Independent program testing remains required, but the proposal tightens what "independent" means: anyone reporting directly or indirectly to the compliance officer is generally too close to test the program. Outside firms that also provide AML training or policy development may have disqualifying conflicts.
7. Technology Provisions
The current rule's automated data processing provision is removed. In its place, the preamble explicitly names AI, machine learning, blockchain analytics, and digital identity tools as appropriate compliance technologies. Technology decisions fall under the same "reasonably designed" standard.
Regulatory Timeline
| Milestone | Date | Notes |
|---|---|---|
| Proposed rule published | April 10, 2026 | 91 FR 18704 |
| Comment period closes | June 9, 2026 | Submit at regulations.gov, Docket FINCEN-2026-0034 |
| Final rule expected | TBD | FinCEN will review comments and may modify the proposal |
| Compliance deadline | TBD + 12 months | Twelve months after final rule publication |
What MSBs Should Do Now
- 1. Audit your risk assessment. Verify it exists in writing and covers all five required dimensions: products/services, distribution channels, customers, geography, and business activities.
- 2. Review resource allocation. Assess whether you're applying uniform controls regardless of risk level, or appropriately differentiating based on risk.
- 3. Evaluate your compliance officer structure. Confirm the designated individual has authority, resources, and bandwidth to own the entire program.
- 4. Check testing independence. Verify your independent tester does not report to the compliance officer and does not also provide training or policy development.
- 5. Review the AML/CFT Priorities. Document which national priorities apply to your business and which do not, with reasoning.
Citation: 91 FR 18704, Docket FINCEN-2026-0034, RIN 1506-AB72. Published April 10, 2026. This summary is provided for informational purposes and does not constitute legal advice. MSBs should consult qualified legal counsel regarding the impact of the proposed rule on their specific operations.