Issuance of a new Anti-Money Laundering (AML)/Countering the Financing of Terrorism (CFT) Program Requirements Notice of Proposed Rulemaking

Summary:

On April 7, 2026, the FDIC Board of Directors approved the issuance of a new Notice of Proposed Rulemaking (NPR) and request for comment for the AML/CFT Program Requirements to be issued jointly with the Office of the Comptroller of the Currency (OCC) and the National Credit Union Administration (NCUA) (collectively “the Agencies”). The Financial Crimes Enforcement Network (FinCEN) has also issued an NPR on the issuance of its AML/CFT Program Requirements for financial institutions, including banks.

Statement of Applicability: The contents of, and material referenced in, this FIL apply to all FDIC-supervised financial institutions.

Highlights:

• The FDIC, the OCC, and the NCUA are inviting comment on a proposed rule that would revise the AML/CFT program requirements for banks to align with the rule concurrently proposed by FinCEN and in a manner consistent with the Anti-Money Laundering Act of 2020 (AML Act). The proposal aims to ensure that banks establish and maintain effective AML/CFT programs that better achieve the purposes of the Bank Secrecy Act and lead to more effective law enforcement and national security outcomes.
• Key elements of the proposal include:
  • Banks would be required to establish and maintain AML/CFT programs reasonably designed to identify, assess, and mitigate risks of illicit finance through: (1) a risk-based set of policies, procedures, and controls; (2) independent testing; (3) an individual responsible for establishing and implementing the program that must be U.S.-based and accessible to regulators; and (4) an employee training program.
  • A bank’s AML/CFT program would be deemed “effective” for purposes of the proposed rule if it is (1) established in accordance with the proposed rule’s establishment requirements; and (2) maintained, meaning that a properly established program is implemented in all material respects.
  • The establishment requirements under the proposed rule would involve the four existing required BSA components, with certain proposed revisions, including requiring as part of the internal controls requirement risk assessment processes that incorporate the AML/CFT priorities issued pursuant to 31 U.S.C. 5318(h)(4); adding FinCEN’s existing ongoing customer due diligence requirement to the Agencies’ program requirements; and incorporating the AML Act’s requirement that a bank’s designated AML/CFT compliance officer must be located in the U.S. and accessible to regulators.
  • The proposed rule would adopt into regulations the AML Act requirement that a supervised bank’s AML/CFT program should be risk-based, including ensuring that banks direct more attention and resources toward higher-risk customers and activities, consistent with the risk profile of the institution, rather than toward lower-risk customers and activities.
  • The proposed rule would expand the options for the program’s approval requirement to include not just a supervised bank’s board but also an equivalent governing body within the bank or appropriate senior management.
• Other proposed changes revise the AML/CFT supervisory and examination process for supervised banks by enhancing FinCEN’s role in the supervision and enforcement process and clarifying when an Agency can take enforcement or supervisory action regarding a violation of the proposed rule. The draft rule also provides two options for modifying the information sharing process with FinCEN.
• This AML/CFT Program Requirements NPR will be published in the Federal Register in the coming days and open for public comment for 60 days. Comments received will be posted on the FDIC website.