top of page
Search

US Regulators Propose Sweeping AML/CFT Program Overhaul: What Banks Must Know Now

  • Writer: TrustSphere Network
    TrustSphere Network
  • May 12
  • 3 min read

A Landmark Regulatory Moment


On 7 April 2026, the FDIC, OCC, NCUA, and FinCEN jointly approved a Notice of Proposed Rulemaking that could fundamentally reshape how American banks design and operate their anti-money laundering and counter-terrorist financing programmes. The proposed rule aligns bank-level AML/CFT requirements with the Anti-Money Laundering Act of 2020 and represents the most significant structural change to US AML programme expectations in over a decade.

For compliance leaders at tier-1 institutions and fintechs alike, this is not merely a procedural update. It signals a decisive shift toward risk-based programme design, with regulators explicitly requiring that banks direct more resources toward higher-risk customers and activities rather than applying uniform controls across the board.


What the Proposed Rule Requires


Banks would be required to establish and maintain AML/CFT programmes reasonably designed to identify, assess, and mitigate risks of illicit finance. The four pillars of the new framework include a risk-based set of policies, procedures, and controls; independent testing of programme effectiveness; a designated US-based individual responsible for programme implementation who is accessible to regulators; and a comprehensive employee training programme.

The emphasis on risk-based design is significant. Rather than prescribing a one-size-fits-all compliance architecture, regulators are acknowledging that different institutions face different risk profiles and should calibrate their controls accordingly. This is a welcome evolution — but it also demands more sophisticated risk assessment capabilities, better data infrastructure, and more nuanced decision-making from compliance teams.


Implications for Stablecoin Issuers


In a parallel move, the Treasury Department proposed rules requiring permitted payment stablecoin issuers to implement risk-based AML programmes similar to those imposed on traditional banks. This includes secondary market monitoring and independent testing, effectively extending the regulatory perimeter to digital asset issuers who have operated under lighter oversight.

This convergence of traditional banking regulation and digital asset oversight reflects a broader trend: regulators are no longer willing to accept the argument that crypto-native entities occupy a different compliance universe. The message is clear — if you move value, you manage risk.


FCA Findings on Customer Due Diligence


Meanwhile in the UK, the Financial Conduct Authority published findings from its review of customer due diligence practices, identifying significant shortcomings. While many firms had documented CDD procedures, the FCA found that few provided sufficient practical guidance for frontline staff on what to do when customers lack standard identification.

This gap between policy documentation and operational execution is one of the most persistent challenges in financial crime compliance. Firms invest heavily in writing policies that satisfy regulatory checklists but fail to translate those policies into actionable guidance that employees can follow in real-world scenarios.


What Institutions Should Do Now


The NPR comment period runs 60 days from Federal Register publication. Compliance teams should begin reviewing the proposed requirements against their current programme architecture immediately. Key areas to assess include whether existing risk assessments are sufficiently granular to support risk-based resource allocation; whether testing functions are truly independent and adequately resourced; and whether the designated compliance officer role meets the new accessibility requirements.

Institutions that have already invested in modern risk assessment platforms and dynamic customer risk scoring will find the transition more manageable. Those still relying on rules-based, checkbox compliance models face a more significant transformation. The regulatory direction is unmistakable: the era of tick-box AML is ending, and risk-based intelligence is the new standard.

TrustSphere helps financial institutions design and deploy intelligent fraud and financial crime detection solutions. Visit www.trustsphere.ai

 
 
 

Recent Posts

See All

Comments

Recommended by TrustSphere

Atfinity


 

Izengard


 

Trefis


 

Noto360



 

Thetaray


 


Regulation Asia


 


FCC Analytics

 

Futurum



 



Darwinium


 

Arkose Labs


 

SumSub



 

FinanceX



 

FullArmor



 

Clari5



 

© 2024 TrustSphere.ai. All Rights Reserved.

hello@trustsphere.ai

  • LinkedIn

AML Watcher


 

Relevance.ai



 

LevelFive



 

Disclaimer for TRUSTSPHERE.AI

The content provided on the TRUSTSPHEREAI website is intended for informational purposes only. While we strive to provide accurate and up-to-date information, the data and insights presented are generated from a contributory network and consolidated largely through artificial intelligence. As such, the information may not be comprehensive, and we do not guarantee the accuracy, reliability, or completeness of any content.  Users are advised that important decisions should not be made based solely on the information provided on this website. We encourage users to seek professional advice and conduct their own research prior to making any significant decisions.  TruststSphere Partners is a consulting business. For a comprehensive review, analysis, or support on Technology Assessment, Strategy, or go-to-market strategies, please contact us to discuss a customized engagement project.   TRUSTSPHERE.AI, its affiliates, and contributors shall not be liable for any loss or damage arising from the use of or reliance on the information provided on this website. By using this site, you acknowledge and accept these terms.   If you have further questions,  require clarifications, or requests for removal or content or changes please feel free to reach out to us directly.  we can be reached at hello@trustsphere.ai

bottom of page