FinCEN AML/CFT Overhaul: Key Changes for Banks

FinCEN’s April 7 proposed rule overhauling the Bank Secrecy Act and AML/CFT program requirements across all financial institutions — not just banks — continued to generate significant analysis through May. Comments closed June 9. The proposal is the most significant rewrite of AML program standards in years and introduces several changes with direct operational implications. Key changes include: a formalized, continuous risk assessment process (not periodic or static) that must be updated as the institution’s risk profile changes; a requirement that the AML/CFT compliance officer be located in the United States and subject to FinCEN oversight; independent testing that focuses on program effectiveness (not just procedural compliance) and is conducted by truly independent parties free of conflicts; and a new two-prong enforcement framework that distinguishes between failures in program design (“establishment”) versus failures in day-to-day implementation, with significant enforcement action generally reserved for systemic or significant failures. Notably, FinCEN explicitly