In April 2026, the Treasury Department’s Financial Crimes Enforcement Network (FinCEN) issued a sweeping Notice of Proposed Rulemaking (NPRM) that would fundamentally reshape anti-money laundering (AML) and the countering the financing of terrorism program (CFT) requirements across the Bank Secrecy Act (BSA) regime. Comments on the NPRM are due June 9. FinCEN describes the proposal as a cornerstone of BSA “modernization,” shifting compliance away from technical box‑checking toward demonstrated program “effectiveness” and alignment with national AML/CFT priorities. Whether the proposal instead invites regulatory uncertainty, expanded supervisory discretion, and higher compliance costs is a question that warrants close scrutiny.

From Prescriptive Rules to “Effectiveness”

At the center of the proposal is a new, uniform standard requiring all covered financial institutions to establish and maintain AML/CFT programs that are “effective, risk‑based, and reasonably designed.” While risk‑based compliance has long been encouraged, FinCEN would now codify that concept and make a documented, ongoing risk‑assessment process mandatory across virtually all BSA‑regulated entities, including banks, money services businesses (MSBs), broker‑dealers, casinos, and others. 

FinCEN emphasizes that enforcement should focus on “significant or systemic failures” in program implementation rather than minor or technical deficiencies. On its face, that framing appears industry‑friendly. But it also arguably replaces clearer, rule‑based benchmarks with a more subjective inquiry into whether a program is sufficiently “effective” in producing “useful information” for law enforcement and national‑security agencies. Such standards may broaden regulatory discretion and complicate after‑the‑fact enforcement judgments. 

Expanded FinCEN Role in Supervision and Enforcement

Perhaps the most consequential—and under‑discussed—aspect of the proposal is its restructuring of AML/CFT supervision. Under the NPRM, federal banking agencies would generally be required to notify and consult with FinCEN before taking certain “significant supervisory actions,” except in urgent circumstances. FinCEN characterizes this as a mechanism for consistency and coordination. Critics may see it as a centralization of AML enforcement authority within an agency that does not itself conduct frontline supervision. 

This framework arguably elevates FinCEN from a rulewriter and intelligence hub into a gatekeeper for major supervisory and enforcement decisions. Such a shift raises structural and accountability questions, particularly given FinCEN’s already expansive role in administering the BSA and its limited direct exposure to day‑to‑day supervisory realities.

National Priorities and De Facto Mandates

The proposal would also require financial institutions to review and incorporate government‑wide AML/CFT priorities—issued periodically by FinCEN—into their risk assessments and program design. Although FinCEN insists that priorities are not self‑executing mandates, institutions will face strong incentives to align resources and controls with those priorities to avoid supervisory criticism.

This structure risks transforming high‑level policy statements into de facto regulatory requirements without the procedural safeguards that typically attend notice‑and‑comment rulemaking. For institutions already struggling under layered AML obligations, the result may be further uncertainty about how much is “enough” to satisfy shifting government expectations. 

Technology, Flexibility—and Cost

FinCEN highlights the proposal as supportive of innovation, explicitly acknowledging the use of advanced analytics, artificial intelligence, and other technologies in AML compliance. But encouragement alone does not offset the practical effect of more intensive documentation, ongoing risk reassessments, and expanded governance obligations, particularly for smaller institutions and non‑bank financial firms newly subject to uniform standards.

The NPRM offers little in the way of concrete cost‑benefit analysis or clear safe harbors for institutions that make good‑faith efforts but fall short under a regulator’s retrospective view of “effectiveness.” From a rule‑of‑law perspective, that ambiguity is troubling. 

Implications for Regulated Parties

If finalized largely as proposed, the rule would require substantial reengineering of AML/CFT programs, governance structures, and examination strategies. Institutions will need to document why particular risks were prioritized—or deprioritized—and be prepared to defend those judgments to multiple regulators operating under a more centralized FinCEN framework. 

For the business community, the comment period presents a critical opportunity to press for clearer standards, meaningful limits on supervisory discretion, and robust recognition of compliance costs. Without such guardrails, the NPRM risks replacing rigid technical rules with an even more opaque and unpredictable regulatory regime. 

The bottom line is that while FinCEN’s proposal promises modernization, its emphasis on subjective “effectiveness,” expanded supervisory coordination, and national‑priority integration may ultimately deepen regulatory uncertainty. Whether the final rule advances genuine reform—or simply rebrands expansive discretion—will depend on how Treasury responds to these concerns before finalization.