Finovifi

BSA Modernization Is Coming: What FinCEN’s AML/CFT Proposal Means for Community Financial Institutions

Written by Karly Field | May 29, 2026 1:23:04 PM

 

BSA Modernization Is Coming: What FinCEN’s AML/CFT Proposal Means for Community Financial Institutions

The session covered FinCEN’s proposed AML/CFT modernization rule and what it could mean for community banks. Leah Hamilton walked through a compare-and-contrast between the current BSA program structure and the proposed rule, emphasizing that the shift is not about eliminating current requirements. It is more about moving from a checklist-driven compliance model to an effectiveness-driven, risk-based model.

Key points included:

1. The proposed rule shifts the focus from technical compliance to program effectiveness.
Banks would still need written policies, procedures, controls, training, testing, and customer due diligence, but examiners may increasingly ask whether those elements are producing meaningful results. The emphasis is on whether the program is reasonably designed around the institution’s actual risk profile.

2. Risk assessments become central.
The proposed rule would make the BSA/AML risk assessment a required part of the program, not just a supervisory expectation. Banks would need to evaluate risks across products, services, customers, geographies, delivery channels, and FinCEN priorities, then show how those findings drive policies, controls, staffing, monitoring, and board reporting.

3. CDD moves from a separate pillar into the broader internal controls framework.
The session stressed that customer due diligence should be treated as an ongoing process, not a one-time onboarding step. This is especially important as fraud, synthetic identity theft, online account opening, and AI-enabled schemes continue to evolve.

4. FinCEN priorities will need to be incorporated into the program.
The speaker noted that FinCEN’s national AML/CFT priorities are expected to become more directly tied to risk assessments and program updates. When priorities are updated, that should trigger a review of the bank’s own risk assessment and controls.

5. The BSA/AML officer role receives more scrutiny.
The proposed rule emphasizes that the designated AML/CFT officer must be qualified, U.S.-based, accessible to FinCEN and regulators, and not overburdened with unrelated responsibilities. This could be a pressure point for smaller institutions where compliance officers already wear seventeen hats and a fire helmet.

6. Resources matter — people, technology, training, and systems.
The session repeatedly came back to whether institutions have sufficient resources to manage higher-risk customers and activities. That includes staffing, training, vendor capabilities, monitoring tools, and the ability to reduce manual work without losing oversight.

7. Independent testing would need to assess effectiveness, not just existence.
Testing should evaluate whether the program, risk assessment, and controls are actually working based on the bank’s risk profile. Independence was also stressed: the person reviewing the program should not be reviewing their own work.

8. Training should be more practical and risk-specific.
Rather than simply repeating the five pillars every year, training should increasingly focus on emerging risks, internal policies, recent findings, fraud trends, regulatory changes, and what employees should actually watch for in their roles.

9. Technology is encouraged, but banks still need human oversight.
The proposed rule supports innovation, automation, analytics, AI, and machine learning, but the session warned that banks need to understand their systems, validate effectiveness, avoid blind reliance on defaults, and keep human decision-making in the process.

10. Immediate next steps for banks:
Review policies, procedures, controls, risk assessments, FinCEN priority coverage, vendor capabilities, training content, board reporting, independent testing, and documentation standards. The message was clear: do not wait for the final rule to start identifying gaps.

View The Recording