The Federal Reserve Proposes New Anti-Money Laundering Rules for Banks Banner Image

Banking, Title Insurance, and Real Estate Litigation Blog

The Federal Reserve Proposes New Anti-Money Laundering Rules for Banks

July 16, 2026
Authored by Megan B. Kilzy

What You Need to Know

  • On July 7, 2026, the Federal Reserve Board (FRB) issued a proposed rule to modernize Anti-Money Laundering (AML) and Counter Financing of Terrorism (CFT) program requirements for banks under its supervision. Comments are due within 60 days.
  • This proposal follows similar rulemakings by Financial Crimes Enforcement Network’s ("FinCEN")[1] (April 7, 2026) and three other banking agencies - Federal Deposit Insurance Corporation ("FDIC"), National Credit Union Administration ("NCUA"), and Office of the Comptroller of the Currency ("OCC”) (collectively, the “Agencies”)[2] (April 10, 2026).
  • The NPRMs are designed to implement the program regulations of the Anti-Money Laundering Act of 2020 (AMLA) to create a more effective, risk-based regulatory framework.
  • FRB Governor Michael Barr (Barr) issued a public opposition to the proposal stating, “I am concerned that the ‘significant or systemic’ standard may have unknown effects on the Board's ability to effectively substantiate that a supervised institution establishes and maintains AML and CFT programs in compliance with the rule.”

The Bank Secrecy Act & Amendments

The Bank Secrecy Act (BSA), enacted in 1970, authorizes the Treasury Department to impose reporting requirements on financial institutions to detect and prevent money laundering. FinCEN is authorized by Treasury to enforce the BSA. Since 1970, the BSA has underwent numerous amendments. The Anti-Money Laundering Act of 2020 (AMLA) enacted January 1, 2021, substantially overhauled the BSA.  AMLA § 6101 amended 31 U.S.C. § 5318(h) and required:

  • Government-wide AML/CFT Priorities and incorporation into program rules
  • AML/CFT programs to be "risk-based," focusing resources on higher-risk customers and activities rather than lower-risk ones
  • Program duties to be performed by U.S.-based personnel accessible to Treasury and regulators

FinCEN issued the required priorities on June 30, 2021[3], in accordance with AMLA’s 180 days requirement.  FinCEN and a joint NPRM from all four banking agencies issued the first program regulations July 2024. Those proposals resulted in significant comment. FinCEN’s April 7, 2026, NPRM expressly withdrew and superseded the 2024 proposal, reframing implementation around a stated goal of “Fundamental Reform.” OCC, FDIC, and NCUA issued a joint NPRM conforming their own program rules to FinCEN’s. FRB abstained and issued its own proposal on July 7, 2026.

The NPRMs at first appear to be just another step of AMLA implementation, with a few adjustments. Certain elements find direct mapping to AMLA language:

  • Priorities requirement (31 CFR § 5318(h)(4))
  • Risk-based mandate (31 CFR § 5318(h)(2)(B)(iv)
  • S.-based AML/CFT Officer (31 CFR § 5318(h)(5))

However, there are certain adaptations that can be considered more interpretive, and not directly in the initial AMLA legislation:

  • "Establish and Maintain" effectiveness framework defining AMLA's effectiveness standard
  • Enforcement restrictions to "significant or systemic”
  • FinCEN/Agencies’ NPRMs provisions for 30-day notice-and-consultation with FinCEN, and the FinCEN information sharing initiatives

Why Multiple NPRMs?

Banks/credit unions operate under two sets of program rules simultaneously: FinCEN's (covering all financial institutions[4]) and their own specific regulator's rules.[5] AMLA § 6101 was not designed to amend the individual regulatory agency, however they did jointly agree to do so.[6]

Practically, if FinCEN modernized its rule and the banking agencies did not, banks/credit unions would face the issue of competing standards at once. The multiple regulators’ NPRMs exist to prevent incoherence. Why FRB issued its proposal separately from the other three banking agencies, notably omitting certain coordination provisions— is a decision discussed below.

Notable Requirements in FRB’s NPRM[7]

FRB sets forth the following provisions, which are akin to those in FinCEN and the Agencies NPRMs:

  1. Adjusting the Four (4) Pillars of AML Compliance[8] to Account for Risk-Based Processes

Pillar 1: Internal Policies/Procedures/Controls: Now, these must be reasonably designed to identify, assess, and document ML/TF risks through processes that (1) evaluate the institution's business activities — products, services, distribution channels, customers, geographies; (2) review and, as appropriate, incorporate the AML/CFT Priorities; and (3) are promptly updated upon changes the institution knows or has reason to know significantly change its risks.[9]

Customer Due Diligence (CDD) also becomes part of this assessment. While this is typically part of an official AML program, the language now explicitly calls for CDD; (2) independent testing; (3) U.S.-based AML/CFT Officer; (4) ongoing employee training.

Pillar 2: Designation of a Compliance Officer. A compliance officer is now designated an "AML/CFT Officer” who must be in the United States, accessible to and subject to oversight by Treasury/FinCEN and the proper federal regulator. While offshoring personnel would still be permitted to perform certain AML/CFT functions, the actual “officer” must be U.S. based.

Pillar 3: Ongoing employee training. Training is still required, adds language that it must reflect the results of the bank's risk assessment processes.

Pillar 4: Independent Audit Testing. Now, testing must assess the program's effectiveness, including whether resource allocation aligns with the bank's risk assessment. The proposal also requires that outside parties conducting independent testing not be involved in other AML/CFT functions for the same bank, such as providing training or program development services.

  1. The "Establish and Maintain" Assessment for Enforcement. The proposal distinguishes program establishment from maintenance
  • Establish: Create a program with the required risk-based approach
  • Maintain: Implement program in all material respects

Critical enforcement limitation: Only "significant or systemic" implementation failures would warrant enforcement or significant supervisory action.  This limitation does not apply to failures to establish an AML/CFT program

  1. Banks are Directed to Incorporate FinCEN’s AML/CFT Priorities. Banks are required under this amendment to incorporate FinCEN's AML/CFT priorities into their risk assessment processes, as appropriate

What Makes the FRB Proposal Different

FRB’s NPRM Omissions & Governor Barr’s Dissent

Unlike the other three banking agencies, the FRB did not include:

  • A 30-day notice-and-consultation requirement with FinCEN before taking supervisory action
  • Bank-to-FinCEN information sharing provisions

Instead, in Question 23, FRB requests comments on whether it should add them to the final rule. [10]

FRB’s omission may be tied to Governor Barr’s dissent suggesting issues with enforcing the "significant or systemic" standard and a potential for "unknown effects on the Board's ability to effectively substantiate that a supervised institution establishes and maintains AML and CFT programs.”

Also noteworthy, Governor Barr gave a speech on June 6, 2026, at American University, "Deregulating in a Financial Boom: What Could Go Wrong?", [11] where he noted that regulatory actions at large banks have declined significantly, with matters requiring attention (MRAs) falling to roughly half their 2024 levels by end-2025.[12]

While the American Bankers’ Association (ABA) published a letter on June 9, 2026, seeking some additional clarity, it also lauded FinCEN and the Agencies that this new NPRM created a “floor and corresponding safe harbor from significant supervisory and civil enforcement actions, and promot[ion of] greater coordination between FinCEN and the federal banking agencies.”[13]

Taking into consideration FinCEN and Agencies NPRMs in April with the timing of this speech about a month before FRB’s NPRM was introduced, may explain FRB's more independent approach.

Additional Considerations for Community Banks

Risk Assessment Flexibility

FRB acknowledges that community banks with limited business activities, traditional services, narrow geographic footprints, and local customer bases may use more streamlined or qualitative risk assessments. [14] ABA also stated FinCEN and the Agencies acknowledged that certain AML/CFT priorities may not apply to community banks, and they would not be required to allocate resources to risks for which they have no identified exposure.[15]

However, community banks should not mistake this flexibility, for an exemption. Community Banks must still “establish and maintain” compliant AML/CFT programs.

Stablecoin Considerations

Community banks must also continue to keep vigilant about their compliance programs as noted in my prior alert, OCC Proposes Bank Secrecy Act and Sanctions Compliance Standards for Permitted Payment Stablecoin Issuers.

FRB's NPRM is the only NPRM that references the Genius Act, which requires permitted payment stablecoin issuers (PPSIs) to be treated as financial institutions.[16] In Footnote 9, FRB states that the banking agencies are required to issue regulations relating to PPSIs, including BSA and sanctions compliance standards, which would be separate from the NPRM.[17]

FinCEN and its companion agencies publicized their interagency consultation and coordinated supervisory postures on PPSIs. Community banks should still expect stablecoin-related activity to be governed and tested within a financial institution’s existing AML/CFT and sanctions framework.

Key Takeaways for Banks Overall

  1. Consider submitting comments to the FRB:
    • The "significant or systemic" enforcement standard
    • Whether the FRB should include FinCEN coordination provisions (Question 23)
    • How the proposal affects community banks and institutions with limited risk profiles
  2. Assess how the risk-based requirements would affect your current AML/CFT program
  3. Evaluate risk assessment processes to ensure they adequately identify, assess, and document ML/TF risks
  4. Assess your Compliance Officer (AML/CFT Officer) responsibilities and location(s) of person(s)
  5. Monitor developments regarding stablecoin regulations if your institution has any involvement with digital assets

There is no question that the last few months of NPRMs have provided insight into the vision leadership has regarding the regulatory landscape. While the theme of unification is clear, especially in the realm of cryptocurrency, when it comes to the interplay of regulating traditional institutions, we may not have seen the last departures from complete congruency yet.

For questions concerning AML/CFT regulations, compliance obligations, or assistance in designing a compliance program, please contact Megan B. Kilzy of Riker Danzig’s White Collar Criminal DefenseCommercial Litigation, and Digital Assets and Blockchain Technology Groups.

[1] https://www.fincen.gov/system/files/2026-04/Program-NPRM-FactSheet.pdf On April 7, 2026 FinCEN issued their Notice of Proposed Rulemaking ("NPRM") to “Fundamentally Reform Financial Institution AML/CFT Programs” as proscribed by the BSA.  The basis for this change, as stated by FinCEN was to “modernize the U.S. AML/CFT regulatory and supervisory framework to better achieve the purposes of the BSA, and is intended to lead to more effective outcomes for financial institutions as well as law enforcement and national security agencies.”

[2] https://www.federalregister.gov/documents/2026/04/10/2026-06948/anti-money-laundering-and-countering-the-financing-of-terrorism-programs The Agencies/ intended purpose is to “amend their rules concurrently with FinCEN so that their program requirements for banks remain consistent with those imposed by FinCEN.”

[3] https://www.fincen.gov/system/files/shared/AML_CFT%20Priorities%20(June%2030%2C%202021).pdf

[4] “Financial Institutions” - e.g. banks, MSBs, casinos, broker-dealers, mutual funds, insurers.

[5] 31 CFR 1020.210 for FinCEN, 12 CFR 208.63 for the Board, 12 CFR 21.21 for the OCC, 12 CFR 326.8 for the FDIC, 12 CFR 748.2 for NCUA.

[6] Interagency Statement on the Issuance of the Anti-Money Laundering/Countering the Financing of Terrorism National Priorities (June 30, 2021) “As a result of this publication, the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration, and the Office of the Comptroller of the Currency (collectively, the “federal banking agencies” or “FBAs”), State bank and credit union regulators and FinCEN are issuing this statement to provide clarity for banks on these AML/CFT Priorities…[a]lthough not required by the AML Act, the FBAs plan to revise their BSA regulations, as necessary, to address how the AML/CFT Priorities will be incorporated into banks’ BSA requirements” https://www.fincen.gov/system/files/2026-06/statement-for-banks-2021-06-30.pdf

[7] FRB’s proposal reaches only Board-supervised institutions — state member banks under Reg H (§ 208.63), plus the Edge/agreement corporation and foreign bank operation provisions in Regs K and Y.

[8] See, 31 U.S.C. § 5318(h)(1)

[9] It is notable, however, that FRB did address community banks and possible exceptions: “By contrast, many community banks operate with more limited business activities, traditional lending and deposit services, a narrower geographic footprint, and customer bases concentrated within defined local communities. For such banks, risk assessment processes may appropriately be more streamlined or qualitative in nature, and a risk-based set of internal policies, procedures, and controls that is reasonably designed for a large, complex financial organization would not necessarily be required or appropriate for a community bank with a more limited risk profile.” https://www.federalreserve.gov/newsevents/pressreleases/files/bcreg20260707a1.pdf

[10] Q23. The Agencies included two provisions in their proposed rules that are not included in the Board’s proposed rule regarding consultation and information sharing with FinCEN. Should the Board include the same or similar provisions in its rule? https://www.federalreserve.gov/newsevents/pressreleases/files/bcreg20260707a1.pdf

[11] https://www.federalreserve.gov/newsevents/speech/barr20260606a.htm

[12] See, Deregulating in a Financial Boom: What Could Go Wrong?

https://www.federalreserve.gov/newsevents/speech/barr20260606a.htm#fn6 . See also, Supervision and Regulation Report (June 2026) https://www.federalreserve.gov/publications/files/202606-supervision-and-regulation-report.pdf

[13] ABA Letter Re Anti-Money Laundering and Countering the Financing of Terrorism Programs, 91 Fed. Reg. 18704 (April 10, 2026); Docket Number FINCEN2026-0034 and RIN 1506-AB72 (June 9, 2026) https://www.aba.com/-/media/documents/comment-letter/clprogramrule20260609.pdf?rev=7e92819e27de4433b2fbcc0afc150cc9

[14] “By contrast, many community banks operate with more limited business activities, traditional lending and deposit services, a narrower geographic footprint, and customer bases concentrated within defined local communities. For such banks, risk assessment processes may appropriately be more streamlined or qualitative in nature, and a risk-based set of internal policies, procedures, and controls that is reasonably designed for a large, complex financial organization would not necessarily be required or appropriate for a community bank with a more limited risk profile.” https://www.federalreserve.gov/newsevents/pressreleases/files/bcreg20260707a1.pdf

[15] See, https://www.aba.com/-/media/documents/comment-letter/clprogramrule20260609.pdf?rev=7e92819e27de4433b2fbcc0afc150cc9

[16] AMLA § 6101 amendments to 31 U.S.C. § 5318(h) apply to all BSA financial institutions, and the Genius Act requires permitted payment stablecoin issuers (PPSIs) to be treated financial institutions. So, the elements of the three NPRMs that implement § 5318(h) would arguably needs to appear in any PPSI program rule in some form.

[17] https://www.federalreserve.gov/newsevents/pressreleases/files/bcreg20260707a1.pdf

Our Team

Megan B. Kilzy

Megan B. Kilzy
Counsel

Get Our Latest Insights

Subscribe