.svg)
After years of industry advocacy and growing acknowledgment from regulators that the current anti-money laundering (AML) framework is not operating as effectively as it should, two significant proposals signal where the future of AML compliance may be headed in the United States.
On April 7, 2026, FinCEN released a proposed rule to update the Bank Secrecy Act (BSA) and implement provisions of the Anti-Money Laundering Act of 2020, setting more explicit expectations for how institutions must design and demonstrate their programs. They also issued a proposed rule to implement provisions of the Guiding and Establishing National Innovation for U.S. Stablecoins Act (GENIUS Act), both with the intention of modernising the AML framework.
The Federal Deposit Insurance Corporation (FDIC), Office of the Comptroller of the Currency (OCC), and National Credit Union Administration (NCUA) issued a joint request for comment to update AML/CTF program requirements on the same day. Their focus is to align with risk-based supervision and reduce regulatory burden.
Although both efforts share a common goal of modernizing AML compliance, they take notably different approaches to achieving it. FinCEN’s proposal creates more structured expectations that will shape examinations, whereas the prudential regulators seek to simplify requirements and emphasize effectiveness.
The real question is not whether AML needs to be modernized, but whether these proposals will modernize the law and deliver meaningful relief, or simply shift the burden from one place to another, trading a principles-based framework for a prescriptive, exam-driven model that adds to regulatory burden.
The bigger picture
There has been a wave of reforms around the world to modernize AML laws, as outlined in Vixio’s AMLOutlook published in March 2026. The US is finally joining that wave after growing consensus across the industry that BSA compliance has become little more than a check-the-box exercise, costly and time-consuming yet often falling short of producing real results.
Trade groups and industry associations have been vocal about the need for reform for years, arguing that the current framework places disproportionate demands on institutions without a commensurate improvement in outcomes.
As deregulation moved to the top of the administration’s agenda in 2025, regulators began acknowledging what community banks had been saying for years: that the industry had been measuring success by the volume of paperwork produced rather than by its ability to detect and stop illicit financial threats. Both proposals reflect those calls for reform, but they arrive at very different conclusions about what reform should actually look like in practice.
FinCEN’s proposal does not introduce new AML program pillars or reporting requirements, but it fundamentally changes how existing programs must be structured and demonstrated. Where the 2024 rule gave institutions flexibility to consider Treasury’s National AML/CTF Priorities, this proposal makes that consideration mandatory, requiring institutions to formally incorporate those priorities into their risk assessments, controls, and governance frameworks. In practice, this means national priorities shift from informational guidance to a required component of program design.
The proposal is clear that institutions will need to show how those priorities are reflected across risk identification, control design, and ongoing monitoring and testing. It will no longer be enough to have controls in place. Examiners will expect institutions to demonstrate that those controls directly map to identified risks, including the national priorities FinCEN has designated.
While the proposal is framed as a clarification of existing expectations, the operational reality for many institutions is that it will increase the burden. Not because the rules themselves are new, but because there is now a prescriptive requirement to incorporate national priorities, a clear expectation of documentation and traceability, and a greater need to evidence how risk assessments actually drive control design.
For institutions that already run tightly aligned programs, the impact may be manageable. For others, this will mean reworking risk assessments, enhancing control mapping, and strengthening documentation and testing frameworks to withstand examiner scrutiny. The new requirement that AML/CTF officers must be US based could also result in companies that have moved compliance offshore now facing unexpected challenges and costs.
The prudential regulators' request for comment is coming from an entirely different direction. Where FinCEN is focused on how programs are built and evidenced, the prudential regulators are questioning whether the current model is working at all. Rather than prescribing change, they step back and challenge the effectiveness of the current system at a more fundamental level.
Their document asks whether AML programs are actually producing meaningful outcomes, whether the sheer volume of reporting is generating actionable intelligence for law enforcement, and whether the industry has drifted too far into process-driven compliance at the expense of genuine risk-based decision-making.
It also raises a pointed question about whether current regulatory expectations are inadvertently holding back innovation, particularly in areas such as data analytics and AI, where many institutions see genuine potential to build more effective programs.
What emerges from these two documents is a regulatory environment pulling in two directions at once, rooted in the core industry frustration that significant resources have been poured into AML compliance for years with growing doubt about its ultimate effectiveness. Regulators are simultaneously asking institutions to build more structured, demonstrable programs and challenging the current model's fundamental efficacy.
That tension raises the central question running through both proposals: are these changes a real step toward modernization that reduces the compliance burden on banks and credit unions, or are they simply repackaged reform that shifts the weight around without making the system meaningfully better?
For institutions that have spent years investing in AML compliance, the answer to that question matters more than most realize.
Why should you care?
The FinCEN proposal significantly raises the bar on recordkeeping and expects institutions to clearly link risks to controls. In short, institutions will need to show their work in a way that many have not had to before.
The practical consequence is that exam conversations will change. Examiners will no longer be satisfied with evidence that a program exists. They will want to understand the reasoning behind it, how risks were identified, why certain controls were chosen, and how the institution determined that those controls are adequate given the national priorities FinCEN has laid out. For many institutions, that is a fundamentally different kind of examination, and preparing for it will require more than updating a policy document. Potentially, institutions may need to invest in new transaction monitoring tools that can demonstrate they are effective in identifying suspicious activity. It will not be enough to have the tool, they will have to convince regulators that it works and they are using it right.
Should prudential regulators move forward with a more streamlined final rule, institutions could find themselves navigating a genuine tension between two sets of expectations: one pushing toward simplification and practical effectiveness, the other demanding a more explicit, structured approach to program design and documentation.
For institutions watching both proposals closely, the immediate priority should be taking stock of where their programs stand today. Those that have already built risk assessments that map clearly to controls and can articulate how national priorities factor into their program design are in a stronger position than most. For those that have not, waiting for a final rule before making changes is a risk in itself. The direction of travel is clear enough that institutions would be better served starting that work now rather than scrambling to catch up once the rules are finalized.
Beyond preparing internally, institutions should consider submitting comment letters on both proposals by June 2026. Comment letters that speak plainly to the practical realities of running an AML program, what relief would genuinely help, what requirements add cost without adding value, and where additional clarity is needed, can directly shape what ends up in the final rule. Whether these proposals ultimately deliver true modernization or simply redistribute the compliance burden will depend on the decisions regulators make in the final rule.
