Federal: AFC Response to FinCEN AML CFT Rulemaking

The Honorable Andrea M. Gacki
Director
Financial Crimes Enforcement Network
United States Department of the Treasury
P.O. Box 39
Vienna, VA 22183

Re: Response to Notice of Proposed Rulemaking on Anti-Money Laundering and Countering the Financing of Terrorism Programs

Dear Director Gacki,

On behalf of the American Fintech Council (AFC),  the largest and most diverse trade association representing financial technology companies and innovative banks, I appreciate the opportunity to submit this comment letter in response to the Financial Crimes Enforcement Network’s (FinCEN) proposed rulemaking regarding Anti-Money Laundering and Countering the Financing of Terrorism Programs (Proposed Rulemaking).

On behalf of more than 150 member companies and partners, AFC supports regulatory frameworks that promote responsible innovation, effective risk management, and operationally practicable compliance obligations while preserving the integrity and resiliency of the United States financial system. AFC’s membership spans banks, payments companies, fintech firms, money services businesses, lending platforms, infrastructure providers, and other participants operating across the modern financial services ecosystem. As a result, AFC members possess substantial operational experience implementing Bank Secrecy Act (BSA) and Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) compliance programs across diverse institutional models, risk profiles, and technological architectures.

AFC supports Treasury and FinCEN’s broader effort to modernize AML/CFT supervision and align regulatory expectations with the reforms contemplated by the Anti-Money Laundering Act of 2020. The proposed shift toward outcome-based and risk-oriented compliance represents an important opportunity to recalibrate supervisory expectations away from procedural formalism and toward meaningful illicit finance mitigation outcomes. At the same time, implementation of these reforms should avoid imposing duplicative, inflexible, or unnecessarily burdensome obligations that may impede innovation, reduce operational efficiency, or divert resources away from higher-value risk mitigation activities.

The comments below are intended to support a supervisory and regulatory framework that appropriately balances national security objectives, consumer protection, operational feasibility, and continued financial innovation.

I. AFC Supports a Risk-Based and Outcomes-Oriented AML/CFT Framework that Prioritizes Effectiveness Over Procedural Formalism

An effective AML/CFT framework should be measured by the quality and usefulness of its outcomes rather than by the volume of procedural documentation or rigid adherence to prescriptive compliance processes. FinCEN’s proposed movement toward effectiveness-based supervision appropriately recognizes that financial institutions should retain flexibility to allocate compliance resources in a manner proportionate to their individualized risk profiles and operational structures.

Illicit finance risks are not uniform across financial institutions, customer segments, products, services, geographic exposure, or transactional activity. Accordingly, regulatory expectations should not assume that all categories of risk warrant identical levels of monitoring, testing, escalation, or review frequency. Certain higher-risk activities may reasonably require more intensive controls, enhanced monitoring, and more frequent testing, while lower-risk activities may warrant comparatively streamlined oversight measures. A supervisory framework that fails to differentiate among materially different risk categories may encourage inefficient resource allocation and diluting institutional focus away from genuinely significant illicit finance threats. This principle should also extend to differences in institutional size, business model, customer composition, geographic footprint, and delivery channels. Risks associated with particular products, customer segments, or jurisdictions may vary considerably among institutions, and supervisory expectations should recognize that risk assessments and mitigation strategies may appropriately differ based upon those circumstances.

At the same time, AFC encourages FinCEN to recognize that genuinely risk-based supervision should guard against categorical de-risking, in which institutions decline or exit entire customer categories based on classification rather than individualized assessment of activity. Categorical exclusion does not eliminate illicit finance risk; it displaces that risk into channels that are less visible to law enforcement, while disproportionately affecting legitimate consumers and businesses, including money services businesses, remittance providers, and mission-driven nonprofits. A genuinely risk-based framework should encourage individualized, evidence-based customer risk assessment, reserve enhanced measures for documented elevated risk, and support supervisory attention to the consumer impact of de-risking as one measure of program effectiveness.

AFC therefore supports an approach that permits institutions to calibrate testing frequencies, monitoring intensity, and internal control structures according to the relative nature, severity, and evolution of identified risks. Such an approach is more consistent with both the text and underlying policy objectives of the Anti-Money Laundering Act of 2020, which emphasized modernization, prioritization, and more efficient allocation of compliance resources.

The proposed rule should also expressly clarify that an “effective, risk-based, and reasonably designed” AML/CFT program does not require the elimination of all financial crime risk or the prevention of every instance of illicit activity. Financial institutions operate within dynamic and evolving financial ecosystems, and no compliance framework can reasonably guarantee perfect interdiction outcomes. Supervisory expectations should therefore remain grounded in reasonable design, proportionality, and demonstrable good-faith risk mitigation efforts rather than hindsight-based evaluations of isolated compliance outcomes. Consistent with this principle, FinCEN should clarify that supervisory assessments appropriately account for good-faith compliance efforts undertaken by financial institutions. Institutions that maintain reasonably designed controls, promptly address identified deficiencies, and demonstrate a genuine commitment to AML/CFT compliance should not face the same supervisory treatment as institutions that exhibit systemic control failures, willful disregard of regulatory obligations, or persistent noncompliance. A framework that recognizes good-faith compliance efforts will encourage proactive risk management and continuous improvement while preserving enforcement resources for genuinely significant violations and illicit finance risks.

To give effect to this principle, AFC encourages FinCEN to provide an express supervisory safe harbor for good-faith, well-documented, risk-based judgments. Where an institution reaches a reasonable risk determination that is properly supported and consistent with its risk assessment, that determination should not be subject to supervisory criticism solely because an examiner, applying hindsight or different judgment, would have reached a different conclusion. A clear safe harbor would reinforce the movement toward effectiveness by giving institutions the confidence to allocate resources to genuine risk rather than to defensive documentation.

II. AFC Supports Regulatory Flexibility that Allows Institutions to Integrate AML/CFT Obligations within Existing Compliance Infrastructure

Financial institutions currently maintain extensive compliance, governance, fraud prevention, cybersecurity, sanctions screening, and risk management systems that already support significant portions of AML/CFT compliance activity. Regulatory modernization efforts should therefore prioritize integration with existing operational frameworks rather than requiring institutions to construct entirely new systems, reporting architectures, or duplicative compliance processes absent a clearly demonstrated supervisory necessity.

Requirements that unnecessarily mandate new documentation structures, standalone testing processes, or duplicative governance layers may impose substantial operational costs without producing corresponding improvements in illicit finance detection or reporting utility.  Regulation should instead remain appropriately calibrated to balance supervisory benefits against both the direct and indirect operational burdens imposed on financial institutions, including the potential for unintended consequences that may divert resources away from higher-value compliance and risk mitigation activities. This concern is particularly acute for smaller institutions, emerging financial technology firms, and institutions operating under bank-fintech partnership models where compliance responsibilities are often operationally distributed across multiple entities.

AFC further encourages FinCEN to provide institutions with meaningful implementation flexibility regarding how national AML/CFT priorities are operationalized within institutional compliance programs. Financial institutions should be permitted to incorporate these priorities according to their individualized risk profiles, customer bases, products, and operational structures rather than through rigid or formulaic implementation mandates. At the same time, continued clarity regarding the scope, objectives, and practical implications of the national AML/CFT priorities would assist institutions in directing compliance resources toward the areas of greatest regulatory and national security significance.

Similarly, supervisory expectations regarding risk assessment processes should recognize that institutions often engage in continuous and overlapping forms of risk analysis rather than a single static or annualized risk assessment exercise. The proposed framework should avoid unintentionally converting dynamic institutional risk management practices into inflexible “check-the-box” exercises that prioritize documentation production over substantive risk mitigation. Additional guidance regarding the circumstances that should trigger reassessment of particular risks would also be beneficial. Changes affecting one risk category, product line, customer segment, or geographic exposure do not necessarily imply corresponding changes throughout an institution’s entire risk profile. Accordingly, institutions should retain flexibility to update and recalibrate specific risk assessments where warranted by material developments rather than being expected to undertake unnecessarily broad reassessments in response to isolated changes. Further guidance regarding effective risk assessment methodologies would also assist institutions in identifying where particular risks are most significant to their operations. While institutions should retain discretion to design risk assessment processes appropriate to their business models, additional supervisory guidance regarding risk identification, risk weighting, materiality determinations, and resource allocation would promote greater consistency while preserving flexibility.

The framework should also continue to account for the operational realities of bank-fintech partnerships. Modern financial services delivery frequently involves shared technological infrastructure, third-party service providers, embedded finance arrangements, and distributed compliance operations. Regulatory expectations should therefore remain sufficiently flexible to accommodate differing operational models while maintaining clear accountability and strong compliance controls.

III. AFC Supports Technology Neutral and Risk Based Compliance Standards that Encourage Continued Innovation in AML/CFT Capabilities

Technological innovation plays an increasingly important role in strengthening AML/CFT compliance capabilities across the financial services ecosystem. Advanced analytics, machine learning systems, artificial intelligence tools, automated monitoring technologies, and other forms of regulatory technology frequently enable institutions to identify suspicious activity patterns more efficiently, reduce false positives, enhance investigative precision, and allocate compliance resources more effectively.

In constructive fashion, novel technologies often strengthen rather than weaken AML/CFT compliance outcomes. Automated monitoring systems and advanced analytical tools may significantly improve institutions’ ability to identify suspicious transactional patterns, detect anomalous behavior, and prioritize higher-risk activity for investigation. A modernized AML/CFT framework should therefore encourage innovation that enhances compliance capabilities rather than indirectly reinforcing outdated manual processes that may be less effective and more resource-intensive.

Accordingly, the final rule and associated supervisory guidance should expressly encourage and facilitate the responsible adoption of innovative technologies within AML/CFT compliance programs, including artificial intelligence, machine learning, advanced analytics, and automated monitoring systems. FinCEN should make clear that the responsible deployment of these technologies is consistent with effective AML/CFT compliance and should establish a supervisory environment that provides institutions with confidence to invest in and deploy innovative compliance capabilities. Institutions should not face implicit or explicit supervisory barriers when adopting technologies that improve effectiveness, scalability, accuracy, or operational efficiency. Rather, regulatory modernization should actively support technological innovation that strengthens the ability of financial institutions to detect, investigate, and mitigate illicit finance risks. Regulatory modernization should also include greater transparency regarding supervisory expectations applicable to automated compliance systems, artificial intelligence deployment, model governance, and advanced analytics tools. Clear supervisory guidance can accelerate responsible adoption of innovative compliance technologies by reducing uncertainty surrounding implementation, governance, validation, and examiner expectations. Establishing clear pathways for the deployment of artificial intelligence and advanced analytical tools would allow institutions to pursue innovation with greater confidence while maintaining appropriate controls, governance standards, and auditability. As institutions increasingly deploy advanced compliance technologies, regulators and examiners should likewise continue developing familiarity with the capabilities, limitations, and governance structures associated with these tools. A shared understanding of emerging compliance technologies will support more informed supervisory evaluations and reduce the likelihood that innovative solutions are assessed through frameworks designed for legacy manual processes.

In providing such guidance, AFC encourages FinCEN to coordinate with the prudential regulators so that supervisory expectations for automated monitoring align with the agencies’ revised interagency guidance on model risk management issued in April 2026, which superseded prior guidance and adopted a principles-based approach tailored to an institution’s model risk profile. Consistent treatment of model governance across FinCEN and the prudential regulators would give institutions a single, coherent standard for deploying analytics, machine learning, and artificial intelligence within AML/CFT compliance programs. Regulatory consistency would reduce implementation uncertainty, promote greater investment in innovative compliance technologies, and accelerate the adoption of tools capable of improving financial crime detection and risk mitigation outcomes.

AFC further encourages FinCEN to view artificial intelligence and advanced analytical technologies as important tools for strengthening the effectiveness of the nation's AML/CFT framework. When deployed responsibly and supported by appropriate governance controls, these technologies can enhance suspicious activity detection, reduce false positives, identify complex transactional patterns that may be difficult to detect through traditional methods, and enable compliance personnel to focus resources on higher-risk activities. As financial institutions continue investing in these capabilities, FinCEN should establish clear supervisory pathways that support responsible experimentation, adoption, and ongoing innovation. Regulatory modernization should not merely accommodate the use of artificial intelligence within AML/CFT programs but should actively encourage the development and deployment of technologies that improve compliance effectiveness, strengthen illicit finance detection, and advance national security objectives.

AFC additionally supports greater information sharing, transparency, and feedback between regulators and industry participants regarding typologies, emerging threats, suspicious activity reporting trends, and supervisory expectations. More consistent communication between government agencies and financial institutions would materially improve institutions’ ability to calibrate compliance systems toward higher-value risk mitigation objectives and produce information that is more useful to law enforcement and national security agencies.

To make this feedback meaningful in practice, AFC encourages FinCEN to establish recurring, structured feedback to filing institutions on the utility of their reporting. Useful mechanisms would include periodic publication of aggregate suspicious activity report utility data by typology and by national priority, and structured feedback on the disposition of referred matters where consistent with law enforcement sensitivities. Institutions cannot easily calibrate monitoring toward higher-value outcomes without visibility into which reports produced investigative value, and a defined feedback loop would allow institutions to tune detection toward the activity that matters most.

Financial institutions should also have meaningful mechanisms to proactively identify emerging risks, operational vulnerabilities, and evolving illicit finance typologies and communicate those concerns to regulators before those risks materialize into supervisory findings or enforcement matters. A more collaborative and forward-looking supervisory framework would improve the government’s visibility into emerging threats while encouraging earlier risk mitigation, more efficient allocation of compliance resources, and stronger alignment between regulatory expectations and real-time operational developments across the financial services ecosystem.

AFC and its members are also prepared to support this modernization through industry-led standardization that does not require additional rulemaking. As a standards-based organization, AFC is well positioned to help develop common typology libraries aligned with the national AML/CFT priorities, shared data and reporting conventions that improve the consistency and comparability of suspicious activity reporting, quality benchmarks for report narratives, and common model validation and governance practices for automated monitoring. Industry-led standardization of this kind would complement the proposed rule, improve the usefulness of information provided to law enforcement, and reduce unwarranted variation across institutions without constraining legitimate differences in business model or risk profile.

IV. AFC Supports Clear and Consistent Supervisory Expectations that Reduce Fragmentation and Promote Efficient Compliance

AFC strongly supports efforts to improve consistency among supervisory expectations across FinCEN, prudential regulators, and other federal agencies responsible for AML/CFT oversight. Consistency will also require greater transparency regarding how examiners evaluate AML/CFT program effectiveness in practice. Additional guidance concerning the indicators, outcomes, and supervisory considerations that demonstrate an effective program would help institutions calibrate compliance efforts more efficiently and reduce uncertainty arising from differing examination interpretations. Divergent examination expectations, inconsistent interpretive standards, and fragmented supervisory approaches create operational uncertainty and frequently result in duplicative compliance expenditures that do not materially improve illicit finance mitigation outcomes. Consistency is particularly important as financial institutions increasingly operate across multiple chartering structures, product categories, and technological environments. Institutions should not face materially different supervisory interpretations regarding substantially similar compliance obligations based solely upon differing examination teams or regulatory jurisdictions.

To translate this objective into consistent supervisory practice, AFC encourages FinCEN and the prudential regulators to pair principles-based supervision with concrete measures that constrain unwarranted examiner variation. Such measures could include documented examination procedures with worked examples illustrating how the principles apply to common fact patterns, supervisory review of examination findings that depart from the treatment of comparable facts at peer institutions, periodic interagency calibration to surface and resolve divergent interpretations, and transparent escalation and appeal pathways for institutions. Principles-based supervision delivers its intended benefits only when it is paired with discipline on how those principles are applied across examination teams.

The final regulatory framework should therefore reinforce that supervisory evaluations remain focused on the effectiveness, reasonableness, and proportionality of institutional AML/CFT programs in light of each institution’s individualized risk profile. Examination processes should avoid elevating immaterial technical deficiencies or isolated documentation issues above broader assessments regarding whether an institution’s compliance program is effectively identifying, managing, and mitigating material illicit finance risks. Similarly, supervisory and enforcement actions should remain focused on material deficiencies that meaningfully impair an institution’s ability to identify, monitor, and mitigate illicit finance risks. Minor procedural errors, isolated documentation shortcomings, or technical compliance lapses that do not undermine overall program effectiveness should not receive disproportionate supervisory weight relative to more significant control failures. Maintaining this distinction will better align supervisory outcomes with the objectives of risk-based regulation and effective AML/CFT oversight.

AFC also encourages FinCEN to provide sufficient implementation timelines and phased supervisory expectations following finalization of the rule. Institutions will require adequate time to review final requirements, calibrate governance structures, update internal procedures, conduct training, coordinate with third-party vendors and technology providers, and integrate revised expectations into existing compliance operations in an orderly and operationally sound manner.

* * *

AFC appreciates FinCEN’s broader effort to modernize the United States AML/CFT supervisory framework and its recognition that effective compliance should be grounded in risk-based prioritization, operational practicability, and meaningful illicit finance mitigation outcomes. A properly calibrated framework has the potential to strengthen national security objectives while simultaneously promoting innovation, improving supervisory efficiency, and enabling financial institutions to allocate compliance resources toward the areas of greatest risk and regulatory value.

As FinCEN proceeds with this rulemaking, AFC encourages the agency to preserve sufficient flexibility for differing institutional models, establish clear pathways for the responsible adoption of artificial intelligence and other innovative compliance technologies, and ensure that supervisory expectations remain proportionate, transparent, and aligned with the operational realities of the modern financial services ecosystem. Regulatory modernization should not merely accommodate technological innovation but should actively support the development and deployment of technologies capable of strengthening AML/CFT effectiveness and improving risk management outcomes across the financial sector. Continued coordination among regulators and constructive engagement with industry participants will be critical to ensuring that the final framework advances both effective illicit finance prevention and continued responsible innovation across the financial sector.

AFC appreciates FinCEN’s consideration of these comments and welcomes continued dialogue regarding the modernization of the United States AML/CFT supervisory framework.

Sincerely,

Ian P. Moloney
Chief Policy Officer
American Fintech Council

[1] American Fintech Council’s (AFC) membership spans banks, non-bank lenders, payments providers, EWA providers, loan servicers, credit bureaus, and personal financial management companies.
[2] Financial Crimes Enforcement Network, “Anti-Money Laundering and Countering the Financing of Terrorism Programs,” Federal Register 91, no. 69 (April 10, 2026): 18331–18428, https://www.federalregister.gov/documents/2026/04/10/2026-07033/anti-money-laundering-and-countering-the-financing-of-terrorism-programs.
[3] U.S. House of Representatives,Joint Explanatory Statement Accompanying the Consolidated Appropriations Act,2021, H.R. Rep. No. 116-617 (2020),https://docs.house.gov/billsthisweek/20201207/116hrpt617-JointExplanatoryStatement.pdf.
[4] U.S. Department of the Treasury, “DeputySecretary Faulkender Lays Out Guiding Principles for Bank Secrecy ActModernization,” June 18, 2025,https://home.treasury.gov/news/press-releases/sb0173.
‍

‍