FinCEN's 2026 AML/CFT Reform: Why the National Priorities Are About to Get Teeth

On April 7, 2026, the Financial Crimes Enforcement Network (FinCEN) issued a Notice of Proposed Rulemaking that would, in the agency's words, "fundamentally reform" AML/CFT program requirements under the Bank Secrecy Act. This is the most consequential rewrite of U.S. AML/CFT program rules in a generation — and the moment the 2021 FinCEN national priorities shift from background guidance to examinable obligations.

The headline is not that FinCEN updated the priorities. It did not. The same eight categories — corruption, cybercrime, terrorist financing, fraud, transnational criminal organizations, drug trafficking, human trafficking, and proliferation financing — remain unchanged.

What changed is their legal posture. If finalized, integrating those priorities into an institution's risk assessment will no longer be optional — it will be required, documented, and tested.

Public comments are due June 9, 2026.

General information only — not legal advice. For institution-specific design decisions, consult counsel.

What the April 2026 NPRM does

The proposed FinCEN AML/CFT program rule (91 FR 18304; Docket No. FINCEN-2026-0034; RIN 1506-AB72) replaces FinCEN's July 2024 proposal and signals a clear shift toward enforceable, risk-based program design.

Four changes matter in practice:

1. Mandatory integration of national priorities. Every covered institution must incorporate the FinCEN national priorities into its risk assessment. Institutions can conclude a priority is not material, but that conclusion must be documented, supported, and tied to actual business lines, customers, geographies, and products. A generic "not applicable" will not withstand examination.

2. Effectiveness as the core standard. FinCEN formalizes an effectiveness-focused framework by separating whether a program is reasonably designed from how effectively it is implemented. Minor implementation gaps may receive less scrutiny, but the design standard is higher. In effect, weak risk assessments will matter more than isolated execution errors.

3. Defensible resource allocation. Institutions must be able to show that compliance resources follow risk. This does not require a specific methodology, but it does require a clear record of why higher-risk areas receive more attention and lower-risk areas less. Budgeting, staffing, and monitoring intensity become part of the audit trail for risk-based AML compliance.

4. U.S.-based AML/CFT officer. The designated U.S.-based AML/CFT officer must be available to regulators. Broader teams may sit offshore, but SAR access and information-sharing constraints remain.

A notable gap: no Federal Reserve proposal

The parallel interagency NPRM, issued by the OCC, FDIC, and NCUA, did not include the Federal Reserve.

That absence is unusual and creates a real possibility of supervisory divergence, particularly for state member banks and Fed-supervised holding companies. Absent further guidance, institutions subject to multiple regulators should plan for inconsistent expectations in the near term.

The priorities: unchanged, but now enforceable

The eight 2021 priorities remain the operative framework under the AML Act 2020 review cycle. What changes is that institutions must now affirmatively map them to their risk profiles and explain the outcome.

In practice, that means:

• Corruption and fraud should be explicitly assessed against customer types, payment flows, and jurisdictional exposure.
• Cybercrime and virtual asset exposure should be tied to actual product usage and transaction monitoring scenarios.
• Transnational criminal organization activity, drug trafficking, and human trafficking risks should be evaluated through typologies relevant to the institution's footprint — not generic narratives.

FinCEN has not yet refreshed the priorities under the AML Act's four-year cycle. Until it does, recent advisories — particularly on fraud — are the clearest signal of current supervisory focus.

What institutions should do now

The comment window is short and worth using. Comments close June 9, 2026, and the proposal has uneven implications across banks, fintechs, and MSBs. Institutions should at minimum benchmark their current programs against the FinCEN 2026 NPRM and consider contributing to industry comment letters.

The implementation period is also shorter than it appears. A 12-month runway requires not just policy updates, but demonstrable changes to risk assessments, documentation standards, governance, and resourcing. Programs built around informal or undocumented priority consideration will require structural revision to support risk-based AML compliance.

Most importantly, the effectiveness standard rewards contemporaneous documentation. Institutions should begin now to:

• Document why each priority is or is not material to their risk profile.
• Link those conclusions to data such as customers, products, geographies, and transaction volumes.
• Align monitoring, staffing, and escalation protocols to those conclusions.
• Preserve that logic in a way that can be tested and reproduced during examination.

Frequently asked questions

Did FinCEN issue new AML/CFT priorities in 2026? No. The eight 2021 priorities remain unchanged. The FinCEN 2026 NPRM would make their integration mandatory.

When are comments due? June 9, 2026, under Docket FINCEN-2026-0034.

Did the Federal Reserve join the proposal? No. The OCC, FDIC, and NCUA issued a joint proposal; the Federal Reserve did not join.

When would the rule take effect? FinCEN proposes a 12-month implementation period after a final rule is issued.

What is the effectiveness standard? A framework that evaluates whether a program is well-designed separately from how it performs, with greater emphasis on risk-based design and less on minor technical deficiencies.

What does the proposed rule mean for risk assessments? It means the FinCEN national priorities must be explicitly incorporated, documented, and supported by a reasoned analysis.

Key takeaways

• FinCEN's April 7, 2026 NPRM (91 FR 18304) would fundamentally reform U.S. AML/CFT program requirements under the Bank Secrecy Act.
• The eight 2021 national priorities are unchanged but would become mandatory inputs to every covered institution's risk assessment.
• OCC, FDIC, and NCUA proposed conforming amendments. The Federal Reserve did not join.
• Comments are due June 9, 2026. The proposed effective date is 12 months after a final rule.
• The effectiveness standard rewards contemporaneous documentation linking national priorities to data, resourcing, and monitoring.

The bottom line

FinCEN is not changing what the national priorities are. It is changing what institutions must do with them. For five years, the priorities have functioned as guidance. Under the proposed rule, they become auditable components of a firm's risk assessment and resource allocation framework. The practical shift is simple but significant: institutions will need to show their work under the FinCEN AML/CFT program rule. This guide is written for compliance officers, MLROs, in-house counsel, and operations leaders; application to any specific institution should be reviewed with counsel.

Sources and authorities

The article's analysis is grounded in the following primary sources. Practitioners should verify current versions before relying on any specific provision; FinCEN and the federal banking agencies update guidance regularly.

FinCEN — April 2026 AML/CFT Program NPRM

• FinCEN news release, FinCEN Proposes Rule to Fundamentally Reform Financial Institution AML/CFT Programs (April 7, 2026): fincen.gov news release
• FinCEN Fact Sheet — Program NPRM (PDF): Program-NPRM-FactSheet.pdf
• Federal Register notice — Anti-Money Laundering and Countering the Financing of Terrorism Programs, 91 FR 18304 (April 10, 2026): Federal Register – 91 FR 18304
• Regulations.gov docket for public comment — FINCEN-2026-0034: regulations.gov docket

FinCEN — 2021 AML/CFT National Priorities

• FinCEN, Anti-Money Laundering and Countering the Financing of Terrorism National Priorities (June 30, 2021) (PDF): 2021 AML/CFT Priorities

Banking-agency interagency NPRM (OCC / FDIC / NCUA)

• Conforming Amendments to Anti-Money Laundering and Countering the Financing of Terrorism Programs — interagency NPRM (April 2026): Federal Register search

Statutory framework and BSA implementing regulations

• Anti-Money Laundering Act of 2020 — Title LXIII of the William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021 (Public Law 116-283): Congress.gov – Public Law 116-283
• 31 CFR Chapter X — Financial Crimes Enforcement Network, Department of the Treasury: eCFR – 31 CFR Chapter X
• 31 USC § 5318 — Compliance, exemptions, and summons authority: Cornell LII – 31 USC § 5318

FinCEN operational resources

• FinCEN — homepage: fincen.gov
• FinCEN advisories, alerts, notices, and fact sheets: fincen.gov/resources/advisoriesbulletinsfact-sheets

---

Sanctionfy helps compliance teams document risk-based AML compliance decisions in a way that aligns with this shift — linking national priorities to risk assessments, resource allocation, and examiner-ready documentation. Get in touch for a walkthrough.