On 7 April 2026, the Financial Crimes Enforcement Network (FinCEN) issued a Notice of Proposed Rulemaking that would substantially overhaul anti-money laundering (AML) and counter-financing of terrorism (CFT) programme requirements under the Bank Secrecy Act.
According to AiPrise, with comments due by 9 June 2026, the regulator has been explicit that the proposal is designed to fundamentally reform how financial institutions build and operate these programmes — and buried within it is one of the strongest regulatory signals yet that manual, process-driven compliance is running out of road.
AiPrise recently detailed what FinCEN’s proposed rule really means for AI in the areas of KYB and AML.
For years, the dominant logic in AML and know-your-business (KYB) compliance has been rooted in procedural discipline: collect the correct files, run the prescribed checks, document every step, and ensure nothing conspicuous goes unaddressed. That approach offered a certain comfort. It felt defensible. But it has also generated enormous volumes of manual work, inflated false-positive rates, and — in many cases — poor outcomes. FinCEN’s proposal pushes the conversation in a different direction entirely: whether a programme is genuinely effective, whether resources are concentrated on real risk, and whether institutions are deploying better tools to get there.
Notably, FinCEN’s own fact sheet states the Director would consider whether a bank is using innovative tools such as artificial intelligence that demonstrate AML and CFT programme effectiveness.
The old compliance bargain is breaking down
For much of the past decade, the implicit bargain for compliance teams was straightforward. Follow the process, document the work, keep the machinery turning, and you could at least mount a credible argument that you were acting prudently. But anyone with genuine experience inside a compliance function will recognise how fragile that bargain has become. A process-heavy programme can still drown in false positives. Analysts can spend hours manually aggregating registries, PDFs, sanctions hits, and case notes and still miss the cases that matter most. More controls on paper does not reliably translate to better outcomes in practice.
FinCEN is now forcing that contradiction into the open. By centring effectiveness, risk-based design, and outcomes that are genuinely useful for law enforcement and national security, the proposal makes it considerably harder to defend manual workflow as the cautious default. The economic logic of compliance shifts accordingly: if the standard is effectiveness, then preserving familiar manual processes merely out of institutional inertia is no longer the conservative option. In many instances, it is the weaker one.
FinCEN did not “approve AI” — it did something more consequential
The most important line in FinCEN’s fact sheet is not about process reform. It is the statement that, when deciding whether to pursue an enforcement action or significant supervisory action, the Director would consider whether the bank is employing innovative tools such as artificial intelligence that demonstrate the effectiveness of its AML and CFT programme.
That is a significant regulatory signal. FinCEN is not endorsing every AI product on the market, nor offering innovation a free pass. What it is doing is something more consequential: explicitly stating that if innovative tools improve programme effectiveness, that counts in your favour.
For years, many compliance teams have treated AI adoption as something to defer until they were confident regulators would not view it with suspicion. This proposal inverts that posture. The question is no longer simply whether AI carries regulatory risk. The more pressing question is why, if AI can make a programme more effective, more consistent, and more risk-focused, institutions are still defaulting to slower manual workflows.
This is also a KYB story
Much of the commentary on FinCEN’s proposal will remain at the level of AML programme design. That is understandable but incomplete. There is a more practical dimension that deserves attention: this is equally a KYB story.
Business verification remains one of the most significant drains on compliance resource. Registry data is fragmented across jurisdictions. Beneficial ownership information is inconsistently maintained. Website reviews are conducted manually. Documents travel back and forth between counterparties. Analysts routinely spend the bulk of their time assembling facts before they can begin to assess risk. That is precisely the kind of workflow that an effectiveness-based regulatory regime should force teams to reconsider.
If KYB processes still depend on analysts jumping between vendors, pulling corporate records one at a time, reading documents by hand, and stitching everything together in case notes, the programme is not cautious — it is inefficient, inconsistent, and increasingly difficult to defend. Weak business verification allows risk to enter the system at the earliest stage, leaving downstream AML controls to manage problems at far greater cost. FinCEN’s shift towards risk-based resource allocation and effective outcomes makes that dynamic much harder to ignore.
The real advantage is not AI — it is context
There will be vendors who read this proposal and market it as FinCEN having “blessed AI.” That misreads the signal entirely. What FinCEN is rewarding is effective innovation, and effective innovation in compliance does not come from attaching a chatbot to a brittle workflow.
It comes from systems that genuinely improve decision quality — systems capable of reasoning across registries, documents, websites, ownership structures, sanctions hits, and policy thresholds; systems that distinguish between noise and meaningful risk; and systems that produce a clear record a human analyst can review, understand, and defend. Point solutions that each address a single function while leaving analysts to integrate the results manually have not built an effective programme. They have built expensive workflow fragmentation. The firms best positioned to benefit from this regulatory shift will be those that stop optimising for features and start designing for systemic effectiveness.
A lower political cost for modernisation
There is an additional signal in the proposal that merits attention. FinCEN’s fact sheet states that if a bank has established its AML and CFT programme under the proposed rule, FinCEN generally would not take an enforcement action or significant supervisory action unless the bank has a significant or systemic failure to maintain that programme. The intent is to focus regulatory attention on genuine programme failures rather than isolated or technical deficiencies.
This is not immunity, and it is not an invitation to implement new technology carelessly. But it is a meaningful indicator that FinCEN is working to distinguish between a structurally broken programme and a well-designed one that is not flawless in every minor respect. For compliance leaders, that should meaningfully reduce the fear that adopting new technology automatically creates enforcement exposure. The proposed standard is not perfection. It is effectiveness, sound design, and responsible implementation.
What compliance teams should do now
The practical implications are concrete. First, teams should audit where their current workflows remain manual for the wrong reasons — not where human judgement is genuinely required, but where people are functioning as glue between disconnected systems. Second, existing vendors should be pressure-tested against an outcomes standard: do they enable better, more consistent, more explainable decisions, or do they simply add another review step to an already crowded process?
Third, AI systems should be evaluated by the same criterion FinCEN is applying: effectiveness. Can they reduce false positives? Can they direct analytical effort towards higher-risk activity? Can they improve consistency across cases? Can they produce a clear audit trail of how a decision was reached? If the answer is no, the obstacle is not regulatory unreadiness. The tool is simply not good enough.
The direction of travel is now clear. FinCEN is telling the market that effective, risk-based programmes matter more than box-ticking, that institutions should concentrate resources on higher-risk customers and activities, and that innovative tools — including AI — can strengthen a programme’s regulatory standing when they demonstrably improve effectiveness. Enforcement focus is moving towards significant and systemic failures, not isolated technical shortcomings.
If a compliance programme still relies on analysts manually assembling registries, PDFs, and screening results, that is not a cautious approach. It is a weaker programme built at a higher cost. The future of compliance is not more paperwork. It is better outcomes.
Read the full AiPrise post here.
Copyright © 2026 FinTech Global
