.svg)
The new proposed rulemakings aim to force a shift from static policy design to real-time operational maintenance, requiring firms to prove that their compliance frameworks actually stop illicit activity rather than just documenting it.
The US Treasury’s April 2026 announcements of dual-track proposed rulemaking, comprising the FinCEN Bank Secrecy Act (BSA) modernisation (April 7) and FinCEN and the Office of Foreign Assets Control’s (OFAC) GENIUS Act implementation (April 8), represent a refocusing from anti-money laundering and counter-terrorism financing (AML/CTF) programmes’ on-paper compliance to their real-world effectiveness.
The proposed changes are part of Treasury’s broader effort to modernise the US AML/CTF regulatory and supervisory framework.
By moving away from burdensome paperwork, the reforms seek to consolidate the US financial sector into a unified, technology-driven front against illicit activity.
Modernising the BSA
The new BSA framework distinguishes between deficiencies in a programme’s design (its “establishment”) and deficiencies in its day-to-day execution or practical implementation (its “maintenance”).
This decoupling means that having a policy in place is not enough if the underlying technology or staffing levels fail to execute effectively.
Internal audits will need to move from checking that the organisation has a suitable AML/CTF policy to testing whether or not it can prove that the policy works in real time.
In addition, the new framework empowers banks to adopt risk-based approaches, allowing them to concentrate resources on high-threat areas rather than low-risk transactions.
Furthermore, the proposed rulemaking on modernising the BSA highlights the importance of integrating privacy-preserving analytics and automated screening tools to ensure real-time oversight and substantive testing. It also clarifies the central supervisory role of FinCEN.
Risk assessments would need to directly incorporate government-wide AML/CTF priorities, and federal banking regulators would have to provide 30 days’ notice and consult with FinCEN before initiating significant enforcement actions.
This would ensure a more unified federal front, preventing fragmented or contradictory enforcement actions across different agencies – welcome news for banks tired of dealing with multiple conflicting regulators.
However, it could also create a bottleneck, slowing the resolution of enforcement cases as agencies are forced into a consultation phase before acting.
In effect, Treasury is offering the financial sector greater flexibility in how resources are allocated in exchange for the obligation to prove that those resources are actually disrupting illicit finance in real time.
The GENIUS Act and AML
The second area of development moves permitted payment stablecoin issuers (PPSIs) into the core financial oversight structure as financial institutions and requires them to implement rigorous sanctions compliance and suspicious activity reporting.
Stablecoin transactions have been linked to criminal activities such as drug trafficking, digital asset investment scams and terrorist financing, and the proposed regulations aim to establish guardrails to protect the US financial system and national security from these threats.
PPSIs must be able to monitor, block, freeze and reject impermissible transactions (including sanctions violations) on both primary and secondary markets.
Like the wider AML/CTF reforms, the proposed rulemaking on PPSIs is intended to give institutions the flexibility and discretion to use a risk-based approach.
It would allow PPSIs to devote more attention and resources to higher-risk customers and activities, while spending less time on lower-risk areas.
Shared governance and structural pillars
The two tracks meet in a desire to streamline regulation, modernise and prioritise national security.
The rules standardise the requirements for establishing a programme around four core pillars:
- Internal policies, procedures and controls: This includes establishing formal risk assessment processes and moving existing ongoing customer due diligence (CDD) requirements to sit directly under this pillar.
- Independent testing: The rules clarify that independent audits must be based on objective criteria. This change is designed to prevent examiners and auditors from substituting their own subjective judgement for a financial institution’s risk-based decisions.
- A US-based AML/CTF officer: Institutions must designate a compliance officer responsible for day-to-day compliance who is located within the US and is readily accessible to FinCEN and appropriate federal regulators.
- Ongoing employee training: Programmes must establish standardised, ongoing training for employees.
In addition, the proposed rules would require financial institutions’ written AML/CTF programmes to be formally approved by their board of directors, an equivalent governing body or appropriate senior management.
Global AML modernisation
The developments in the US reflect a structural reset of financial crime compliance architectures across multiple jurisdictions, as examined in Vixio’s Outlook report Real-Time Risk, Real-World Liability: The New Global Standard for AML.
Regulators in jurisdictions around the world are grappling with the same convergence of instant finance and fraud.
The EU is transitioning to a centralised supervisory model by establishing the Anti-Money Laundering Authority (AMLA) and implementing a single, directly applicable rulebook to eliminate regulatory arbitrage and uneven enforcement among its member states.
Australia is updating its framework to better handle real-time payments and virtual assets, and South Africa is enacting urgent reforms to maintain its international credibility.
In Latin America, meanwhile, jurisdictions are increasingly integrating their fraud and AML detection mechanisms using artificial intelligence (AI).
Furthermore, because the region heavily depends on US dollar clearing networks and correspondent banking, local supervisors are tightening their cross-border sanctions and AML controls to maintain strict alignment with FinCEN and US enforcement signals.
As the US tightens its grip on stablecoins and instant payments, any region that remains a weak link risks losing access to US dollar clearing, still the lifeblood of international trade.
Priorities for financial institutions
The first step for both banks and PPSIs is to submit public comments to Treasury regarding implementation feasibility by June 9, 2026.
Banks should consider how best to distinguish between the establishment (design) and maintenance (execution) of their compliance programmes.
Compliance teams will need to evidence that their controls are operating correctly, deficiencies are quickly identified and remediated and resources are being directed towards higher-risk customers and activities.
To support stablecoin operations, banks will need to implement robust, technology-enabled internal controls. This includes ensuring the capability to monitor, block, freeze and reject impermissible transactions (including sanctions violations) and to comply with lawful orders.
An additional requirement for PPSIs is that they must monitor and report suspicious transactions occurring on the primary market that involve $5,000 or more. Although there is no mandatory suspicious activity reporting (SAR) requirement for secondary market transfers, PPSIs are protected from liability if they voluntarily report suspicious secondary market activity.
Key impacts
If introduced as proposed, the new frameworks will require significant investments in personnel, data infrastructure, transaction monitoring technology and independent testing.
Banks and PPSIs will need to update their compliance architectures from traditional, static reporting to real-time, technology-driven monitoring.
Firms that lack the scale to do so will face difficult strategic choices, such as slowing their growth, narrowing their product scope or seeking partnerships and acquisitions.
We may see a reshaping of the market to favour larger, better-resourced institutions, with leaner operating models potentially squeezed out.
Despite this, the introduction of a unified, federal framework under the GENIUS Act would eliminate the uneven enforcement and regulatory arbitrage we have seen in the stablecoin space.
By setting clear, industry-specific standards, the rules could significantly reduce information asymmetries between stablecoin issuers and investors.
