Federal Reserve Follows (To a Degree) FinCEN and Other Banking Agencies in Proposing Sweeping AML/CFT Program Reforms

Federal Reserve Follows (To a Degree) FinCEN and Other Banking Agencies in Proposing Sweeping AML/CFT Program Reforms

Client Alert

Authors

 

I. Summary

On July 7, 2026, the Board of Governors of the Federal Reserve System (the Board or Federal Reserve) issued its own Notice of Proposed Rulemaking (NPRM or Proposed Rule) that would substantially revise the anti-money laundering and countering the financing of terrorism (AML/CFT) program requirements applicable to Board-supervised banks under the Bank Secrecy Act.1 The Federal Reserve had been notably absent from the Notice of Proposed Rulemaking issued by the US Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) on April 10, 2026,2 and the corresponding joint Notice of Proposed Rulemaking issued the same day by the Office of the Comptroller of the Currency (OCC), the Federal Deposit Insurance Corporation (FDIC) and the National Credit Union Administration3 (April rulemaking or April rule).4

Although the Board’s announcement stated that the NPRM is intended to align with proposed changes made in the April rulemaking, in now issuing its own NPRM, the Board has made clear that it is taking an independent path by specifically not including a significant provision of the April rulemaking that would see FinCEN as the gatekeeper of AML/CFT enforcement actions or of significant AML/CFT supervisory actions via a notice-and-consultation framework. This reflects a significant departure from the US Department of the Treasury’s goal to create a uniform set of AML/CFT regulations for the banking industry and to empower FinCEN with the authority to ensure that uniformity. It is unclear whether, or how, the Board and FinCEN will continue their current process of informal consultation.

The Board’s NPRM also included a dissenting statement from Governor Michael Barr, who expressed concern that the introduction of a new, undefined standard of “significant or systemic” for issuing matters requiring attention (MRAs) and for enforcement actions may affect the Board’s ability to assess compliance with the new rule.5

II. Key Takeaways

The Board’s Proposed Rule mostly mirrors the aim of the April rulemaking: to reduce unnecessary regulatory burdens and refocus financial institutions’ AML/CFT programs on identifying, preventing and reporting illicit finance activity, rather than mere technical compliance. Under the Board’s proposal, once a bank has established an AML/CFT program, the Federal Reserve would focus its supervision and enforcement activities on “significant or systemic failure” to implement the program.6

Consistent with the April rulemaking, the Board’s Proposed Rule begins with a significant change to the current AML regime: A bank’s AML program will be evaluated based on how well it establishes and maintains a risk-based AML/CFT program that prioritizes higher-risk customers and activities and incorporates the government’s AML/CFT national priorities into its risk assessment processes. As the preamble to the NPRM notes, distinguishing between deficiencies in program design (establishment) and program implementation (maintenance) refocuses supervisory expectations on effectiveness.7 The NPRM provides that an AML/CFT enforcement action or significant supervisory action would be warranted only if there is a significant or systemic failure by a bank to implement in all material respects an established program. The Board’s Proposed Rule would apply to “Board-supervised institutions,”8 defined to include state member banks; Edge and agreement corporations; and branches, agencies or representative offices of a foreign bank operating in the United States (other than such entities that are insured by the FDIC).9 Board-supervised institutions would be required to design and implement a risk-based AML/CFT framework incorporating the four new core pillars that are consistent with and now familiar from the April rulemaking:

  • internal controls, policies and procedures, including risk assessment processes and, when applicable, ongoing customer due diligence (CDD);
  • ongoing independent program testing;
  • designation of a US-based compliance officer; and
  • ongoing employee training.10

A bank’s internal controls framework must be reasonably designed to identify, assess and document AML/CFT risks through risk assessment processes, mitigate those risks and conduct ongoing CDD. While banks have long been expected to perform risk assessments and have been subject to CDD requirements, the proposal formally embeds this within the internal controls AML/CFT pillar.11

The Board’s Proposed Rule does not include a FinCEN notice-and-consultation framework. The Board acknowledges the omission and “invites comment on whether it should consider including the same or similar provisions in its final rule.”12 Under the Proposed Rule, FinCEN would not have a formal gatekeeper role over Federal Reserve AML/CFT enforcement or significant supervisory actions against Board-supervised banks. Whether the Board adds a consultation requirement in the final rule and, if so, whether it would align with the April rulemaking will be important issues to watch.

III. Governor Barr’s Dissent

The Board approved the Proposed Rule with Governor Barr dissenting.13 Governor Barr stated that he could not vote for “the introduction of a new, undefined standard for issuing matters requiring attention and for enforcement actions.” He also expressed concern that the “significant or systemic” standard “may have unknown effects on the Board’s ability to effectively substantiate that a supervised institution establishes and maintains AML and CFT programs in compliance with the rule.”14

The absence of a definition of the “significant or systemic” standard for issuing MRAs and enforcement actions may shape how examiners and enforcement staff apply the new framework. In fact, the NPRM seeks comment on whether “clarification [is] needed for banks to determine what constitutes a ‘significant or systemic failure’ to implement in all material respects a properly established AML/CFT program.”15

IV. Next Steps

The Federal Reserve’s proposal was published in the Federal Register on July 9, 2026, with a 60-day comment period ending on September 7.16 The comment period for the April rulemaking closed on June 9, 2026.

As Board-supervised institutions begin to assess the Proposed Rule, significant questions remain regarding how the Federal Reserve and FinCEN will interpret and apply key concepts such as “significant or systemic” implementation failures, the degree of deference afforded to risk-based judgments, and what constitutes a material AML/CFT risk in practice. These interpretive uncertainties will be critical to program design, examiner expectations and enforcement risk.

WilmerHale regularly advises banks and other financial institutions on implementing complex AML/CFT reforms, engaging with supervisory agencies, and developing effective, outcome-oriented compliance frameworks. We also assist clients in preparing and submitting comment letters aimed at shaping final rules in ways that are practical and risk-sensitive.

Please reach out to us if you would like to discuss the implications of the Proposed Rule for your institution or for assistance with implementation planning or the development of comments during this rulemaking process.

Authors

Notice

Unless you are an existing client, before communicating with WilmerHale by e-mail (or otherwise), please read the Disclaimer referenced by this link. (The Disclaimer is also accessible from the opening of this website). As noted therein, until you have received from us a written statement that we represent you in a particular manner (an "engagement letter") you should not send to us any confidential information about any such matter. After we have undertaken representation of you concerning a matter, you will be our client, and we may thereafter exchange confidential information freely.

Thank you for your interest in WilmerHale.