June 9, 2026
Mr. Adam Cohen
Senior Deputy Comptroller and Chief Counsel
Chief Counsel’s Office
Attention: Comment Processing
Office of the Comptroller of the Currency
400 7th Street SW, Suite 3E-218
Washington, DC 20219
The Honorable Travis Hill
Chairman
Federal Deposit Insurance Corporation
550 17th Street NW
Washington, DC 20429
The Honorable Kyle S. Hauptman
Chairman
National Credit Union Administration
1775 Duke Street
Alexandria, VA 22314
Re: Response to Notice of Proposed Rulemaking Regarding Anti-Money Laundering and Countering the Financing of Terrorism Programs
To whom it may concern,
On behalf of the American Fintech Council (AFC), I appreciate the opportunity to submit this comment letter in response to the Notice of Proposed Rulemaking issued by the Office of the Comptroller of the Currency (OCC), Federal Deposit Insurance Corporation (FDIC), and National Credit Union Administration (NCUA) regarding Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) Programs (Proposed Rulemaking).
AFC is a standards-based organization and the largest and most diverse trade association representing financial technology companies and innovative banks. On behalf of more than 150 member companies and partners, AFC promotes a transparent, inclusive, and customer-centric financial system by supporting responsible innovation in financial services and encouraging sound public policy. AFC’s membership spans banks, non-bank lenders, payments providers, Earned Wage Access providers, loan servicers, credit bureaus, digital asset firms, and personal financial management companies.
AFC and its members strongly support the objectives underlying the Anti-Money Laundering Act of 2020 and the Agencies’ broader efforts to modernize AML/CFT supervision in a manner that more effectively identifies and mitigates illicit finance risks. Financial institutions play a critical role in protecting the integrity of the U.S. financial system, and effective AML/CFT programs remain foundational to that responsibility. AFC therefore supports regulatory and supervisory frameworks that improve the quality, usefulness, and operational effectiveness of AML/CFT compliance efforts while preserving flexibility for institutions to tailor controls to their unique business models, customer bases, delivery channels, products, and risk profiles.
Modernizing AML/CFT supervision should involve moving beyond rigid and process-oriented compliance frameworks and toward a more effective supervisory model centered on risk prioritization, operational effectiveness, and actionable outcomes. AFC supports that evolution. At the same time, successful implementation of the proposal will depend upon whether institutions retain sufficient flexibility to calibrate compliance programs according to actual risk exposure, whether supervisory expectations remain clear and consistent across agencies, and whether institutions are permitted to leverage existing compliance infrastructure and emerging technologies in a practical and operationally feasible manner.
Accordingly, AFC’s comments focus on the importance of preserving a genuinely risk-based and outcomes-oriented AML/CFT framework, avoiding unnecessarily burdensome or duplicative compliance obligations, supporting the development and deployment of innovative technologies that improve compliance effectiveness, and ensuring that supervisory expectations remain proportionate, transparent, and aligned with the operational realities of modern financial services. AFC further encourages the Agencies to establish a regulatory environment that promotes responsible innovation and provides clear pathways for the adoption of artificial intelligence and other advanced analytical technologies within AML/CFT programs.
I. AFC Supports a Risk-Based AML/CFT Framework that Prioritizes Effective Risk Mitigation and Meaningful Supervisory Outcomes
Promulgating effective AML/CFT supervision should not be reduced to static procedural requirements or formulaic testing expectations that apply uniformly across institutions, products, customers, or transaction activity. Financial institutions operate across highly diverse business models and risk environments, and AML/CFT programs should therefore be designed and evaluated according to the nature, severity, and likelihood of the risks actually presented. As such, AFC strongly supports the Agencies’ movement toward a framework focused on identifying, assessing, and mitigating material illicit finance risks while producing highly useful information for law enforcement and national security agencies. A risk-based approach would adequately allow institutions to direct compliance resources toward activities and relationships that present elevated risk rather than dispersing resources equally across lower-risk areas that may provide limited supervisory or investigative value. Considering that all risks are not alike and may vary broadly in substance, different risks warrant unique and ala carte levels of testing, monitoring, escalation, and procedures of review. Certain customer segments, transaction types, geographic exposures, products, or delivery channels may require more frequent testing or enhanced controls due to evolving typologies, elevated exposure, or demonstrated risk indicators. Similarly, changes affecting one identified risk area should not automatically necessitate broad reassessment or recalibration of unrelated risk categories. Institutions should retain discretion to evaluate whether emerging developments materially affect specific risks without presuming that every change requires wholesale modification of the broader AML/CFT program. Other activities may present comparatively limited risk and therefore warrant a more streamlined level of oversight. Effective risk assessment likewise requires institutions to account for differences in geographic exposure, customer composition, product offerings, delivery channels, and operational structures. Risks that may be significant for one institution or market may be substantially less relevant for another. Supervisory expectations should therefore recognize that effective AML/CFT programs are necessarily tailored to the specific risks presented by an institution's business model and operating environment rather than evaluated against a uniform set of assumptions. A supervisory framework that implicitly assumes all risk categories should be tested with identical frequency or intensity would undermine the flexibility and resource prioritization that a genuinely risk-based framework is intended to achieve.
The Agencies should therefore clarify that institutions retain discretion to calibrate the scope, frequency, and intensity of testing, monitoring, and control functions based on institution-specific risk assessments, provided that such determinations are appropriately documented, periodically reassessed, undergo independent testing, and is reasonably designed to identify and mitigate material illicit finance risks. Such flexibility is essential to ensuring that compliance resources are directed toward areas of highest significance rather than toward procedural exercises that provide limited incremental risk reduction or supervisory value. AFC further encourages the Agencies to recognize good faith compliance efforts when evaluating AML/CFT program effectiveness. Institutions that maintain reasonably designed programs, devote meaningful resources toward compliance, and promptly address identified deficiencies should not face the same supervisory treatment as institutions that exhibit systemic disregard for AML/CFT obligations. Supervisory and enforcement frameworks should distinguish between isolated operational errors and material compliance failures that create meaningful illicit finance risk.
At the same time, AFC encourages the Agencies to recognize that genuinely risk-based supervision should guard against categorical de-risking, in which institutions decline or exit entire customer categories based on classification rather than individualized assessment of activity. Categorical exclusion does not eliminate illicit finance risk; it displaces that risk into channels that are less visible to law enforcement, while disproportionately affecting legitimate consumers and businesses, including money services businesses, remittance providers, and mission-driven nonprofits. A risk-based framework should encourage individualized, evidence-based customer risk assessment, reserve enhanced measures for documented elevated risk, and support supervisory attention to the consumer impact of de-risking as one measure of program effectiveness.
An outcomes-oriented framework should focus on whether institutions are effectively identifying meaningful illicit finance risks and producing useful intelligence outcomes for law enforcement and national security agencies, rather than primarily emphasizing the volume of alerts generated, suspicious activity reports (SAR) filed, or procedural steps completed. As supervisory frameworks increasingly emphasize effectiveness, institutions would benefit from additional guidance regarding how regulators evaluate effective AML/CFT performance in practice. Greater transparency regarding effectiveness standards would improve consistency across examinations, provide clearer implementation expectations, and allow institutions to better align resources with supervisory objectives. Supervisory expectations that place excessive emphasis on quantitative activity metrics may unintentionally encourage institutions to prioritize defensive compliance practices and excessive procedural activity over higher value investigative and analytical efforts. AFC therefore supports continued emphasis on effectiveness, prioritization, and operationally meaningful outcomes rather than rigid procedural formalism.
To give effect to this principle, AFC encourages the Agencies to provide an express supervisory safe harbor for good-faith, well-documented, risk-based judgments. Where an institution reaches a reasonable risk determination that is properly supported and consistent with its risk assessment, that determination should not be subject to supervisory criticism solely because an examiner, applying hindsight or different judgment, would have reached a different conclusion. A clear safe harbor would reinforce the movement toward effectiveness by allowing institutions to direct resources to genuine risk rather than to defensive documentation.
II. AFC Supports AML/CFT Requirements that Are Operationally Practicable and Integrated with Existing Compliance Infrastructure
The proposed rulemaking should be implemented in a manner that avoids imposing duplicative, fragmented, or unnecessarily burdensome operational obligations where existing systems and controls already achieve supervisory objectives. Financial institutions currently operate within mature compliance environments that frequently integrate AML/CFT monitoring, sanctions screening, fraud detection, cybersecurity oversight, customer due diligence, and suspicious activity escalation processes through interconnected governance and operational structures.
Requirements that necessitate the development of entirely new systems, duplicative governance processes, or parallel reporting infrastructure may impose substantial implementation and operational costs without corresponding improvements in risk mitigation outcomes. Institutions should instead be permitted to leverage existing compliance architecture, governance structures, and operational systems where those frameworks already support effective AML/CFT compliance. This consideration is increasingly important given the substantial and growing financial burden associated with AML/CFT compliance obligations across the financial services sector. Recent industry analysis found that 99 percent of U.S. banks experienced increased financial crime compliance costs, with total compliance expenditures across U.S. and Canadian institutions reaching approximately $61 billion. At the same time, escalating compliance expenditures do not necessarily produce proportionate improvements in risk mitigation outcomes where institutions are required to devote substantial resources toward duplicative procedural requirements, fragmented reporting structures, or operational processes that provide limited incremental supervisory or investigative value. AFC therefore supports regulatory approaches that prioritize effectiveness, operational efficiency, and meaningful risk mitigation outcomes over unnecessarily burdensome procedural formalism.
This principle is particularly important in the context of bank-fintech partnerships and technology-enabled financial services models. Modern financial services ecosystems frequently rely upon operational relationships between banks and technology providers that collectively support onboarding, payments processing, fraud monitoring, transaction analysis, customer servicing, identity verification, and data analytics functions. Regulatory expectations should appropriately recognize these operational realities and permit institutions to structure compliance responsibilities in a manner that reflects underlying business and operational models while maintaining clear accountability for AML/CFT compliance.
AFC also encourages the Agencies to continue promoting clear and consistent supervisory expectations across prudential regulators and FinCEN. Additional supervisory guidance regarding AML/CFT governance expectations would likewise assist institutions in designing effective oversight structures, management reporting processes, escalation procedures, and accountability frameworks while preserving flexibility for institutions to tailor governance arrangements to their particular business models and risk profiles. Divergent examination standards, inconsistent supervisory interpretations, or fragmented guidance may increase compliance costs, create operational uncertainty, and undermine institutions’ ability to efficiently calibrate their AML/CFT programs. Regulatory consistency is particularly important for institutions operating across multiple jurisdictions, chartering structures, or partnership arrangements. Congress likewise emphasized improving coordination and information sharing among financial institutions, regulators, and law enforcement agencies in order to strengthen the overall effectiveness of the Bank Secrecy Act framework. International developments likewise demonstrate the increasing importance of centralized coordination structures and integrated intelligence-sharing frameworks in modern AML/CFT supervision. Comparative analysis of AML/CFT modernization efforts in jurisdictions such as the United Kingdom, Singapore, and India reflects a growing emphasis on standing operational coordination centers, structured public-private intelligence collaboration, and unified analytical infrastructure designed to facilitate more continuous and network-oriented risk identification.
To translate the objective of supervisory consistency into practice, AFC encourages the Agencies to pair principles-based supervision with concrete measures that constrain unwarranted examiner variation. Such measures could include documented examination procedures with worked examples illustrating how the principles apply to common fact patterns, supervisory review of examination findings that depart from the treatment of comparable facts at peer institutions, periodic interagency calibration among the Agencies and FinCEN to surface and resolve divergent interpretations, and transparent escalation and appeal pathways for institutions. A principles-based framework delivers its intended benefits only when it is paired with discipline on how those principles are applied across examination teams and agencies.
Additionally, the Agencies should continue expanding public guidance, examiner transparency, and supervisory feedback mechanisms that assist institutions in calibrating compliance programs effectively. Greater transparency regarding supervisory priorities, evolving typologies, and enforcement expectations would allow institutions to allocate resources more strategically and improve overall compliance outcomes. Additional guidance regarding the practical application of national AML/CFT priorities would further assist institutions in directing resources toward areas of greatest regulatory and law enforcement significance. In a similar vein, AFC encourages the Agencies to provide additional guidance regarding risk assessment methodologies and indicators that may assist institutions in determining when particular risks warrant enhanced controls, testing, or monitoring. While institutions should retain discretion to make risk-based determinations, additional supervisory guidance would improve consistency and help institutions more effectively identify areas of heightened significance. Additional supervisory guidance regarding AML/CFT governance expectations would likewise assist institutions in designing effective oversight structures, management reporting processes, escalation procedures, and accountability frameworks while preserving flexibility for institutions to tailor governance arrangements to their particular business models and risk profiles. Clear articulation of supervisory priorities would allow institutions to better align risk assessments, monitoring programs, and governance frameworks with evolving threats and policy objectives.
AFC further encourages the Agencies to support mechanisms that allow financial institutions to proactively identify emerging risks and communicate those concerns to regulators before those risks mature into supervisory or enforcement issues. Effective AML/CFT supervision should encourage ongoing and constructive engagement between institutions and regulators rather than relying predominantly upon retroactive remediation following the identification of deficiencies. Institutions are often well positioned to identify developing typologies, operational vulnerabilities, emerging technological risks, or evolving illicit finance patterns in real time. A supervisory framework that encourages proactive dialogue and information sharing would improve regulatory responsiveness, strengthen overall risk mitigation efforts, and better align supervisory expectations with the dynamic nature of illicit finance risks.
To make supervisory feedback meaningful in practice, AFC encourages the Agencies, in coordination with FinCEN, to establish recurring and structured feedback to filing institutions on the utility of their reporting. Useful mechanisms would include periodic publication of aggregate suspicious activity report utility data by typology and by national priority, and structured feedback on the disposition of referred matters where consistent with law enforcement sensitivities. Institutions cannot calibrate monitoring toward higher-value outcomes without visibility into which reports produced investigative value, and a defined feedback loop would allow institutions to direct detection resources toward the activity of greatest supervisory and national security concern.
III. AFC Supports the Responsible Use of Innovative Technologies to Improve AML/CFT Compliance Effectiveness and Efficiency
Technological innovation has become increasingly important to the effectiveness, scalability, and operational efficiency of modern AML/CFT compliance programs. Advanced analytics, machine learning systems, artificial intelligence tools, network analysis technologies, automated transaction monitoring platforms, and other forms of regulatory technology increasingly allow institutions to identify suspicious activity more accurately, reduce false positives, improve investigative efficiency, and better allocate compliance resources. Due to such technological importance, AFC strongly supports regulatory frameworks that actively encourage responsible adoption of innovative compliance technologies and provide institutions with clear supervisory pathways for deploying artificial intelligence, machine learning, advanced analytics, and other emerging technologies. Regulatory modernization should not merely avoid discouraging innovation. It should affirmatively support the development, testing, and deployment of technologies capable of strengthening AML/CFT effectiveness and improving financial crime detection outcomes.. Novel technologies frequently enhance institutions’ ability to identify and mitigate illicit finance risks in ways that traditional manual review processes cannot efficiently replicate, particularly given the increasing speed, complexity, and scale of modern financial transactions.
AFC further encourages the Agencies to view artificial intelligence as a strategic opportunity to strengthen the effectiveness of the nation's AML/CFT framework. AI-enabled systems can improve suspicious activity detection, reduce false positives, identify complex transactional relationships, and enhance institutions' ability to detect emerging illicit finance typologies. As institutions continue investing in these capabilities, the Agencies should establish clear and predictable supervisory pathways that support responsible experimentation, adoption, and ongoing innovation. Regulatory uncertainty should not become a barrier to the deployment of technologies capable of improving compliance outcomes, strengthening national security objectives, and enhancing the efficiency of AML/CFT programs.
The Agencies should therefore make clear that institutions may appropriately leverage innovative technologies and automated systems as part of their AML/CFT programs, provided that such systems are reasonably designed, appropriately governed, and subject to effective oversight and validation processes. Supervisory expectations should remain technology-neutral and focused on the effectiveness of resulting compliance outcomes rather than prescribing specific operational methodologies or legacy review processes. At the same time, technology neutrality should not be interpreted as regulatory indifference toward innovation. The Agencies should clearly communicate that responsible deployment of artificial intelligence, advanced analytics, and automated monitoring technologies is consistent with strong AML/CFT compliance and represents an important component of ongoing AML/CFT modernization efforts. AFC also encourages continued examiner education regarding emerging compliance technologies and analytical tools. Effective supervision increasingly requires an understanding of how modern AML/CFT systems utilize machine learning, advanced analytics, automated monitoring, and other technological capabilities. Greater familiarity with these tools would promote more consistent examinations and better evaluation of program effectiveness. Importantly, supervisory frameworks should recognize that innovative technologies may produce materially stronger compliance outcomes over antiquated and highly manual review frameworks. Advanced analytical tools often allow institutions to identify complex transactional patterns, anomalous activity, and emerging typologies with greater speed and precision than traditional rules-based monitoring systems alone. In the International financial services ecosystem, AML/CFT frameworks increasingly reflect the integration of machine learning, centralized analytical scoring, and unified intelligence architectures directly within financial intelligence infrastructure itself. AFC believes that continued modernization of the U.S. AML/CFT framework should support exploration of similar analytical enhancements and more integrated intelligence coordination mechanisms where operationally appropriate and consistent with U.S. legal and supervisory structures. Implementation of such technologies should likewise remain proportionate to an institution’s size, complexity, and risk profile.
AFC further encourages the Agencies to align supervisory expectations for these technologies with their own revised interagency guidance on model risk management. The guidance issued in April 2026 superseded the agencies’ prior model risk management guidance and the 2021 interagency statement addressing systems that support Bank Secrecy Act and anti-money laundering compliance, and it adopted a principles-based approach tailored to an institution’s model risk profile. AFC supports this direction and encourages the Agencies to confirm that traditional statistical, quantitative, and non-generative machine learning models used in transaction monitoring may satisfy supervisory expectations when governed consistent with that guidance. AFC further encourages the Agencies to clarify how institutions should govern generative and agentic artificial intelligence tools that the revised guidance places outside its scope. Clear supervisory expectations for these technologies would reduce uncertainty, encourage responsible investment and deployment, and allow institutions to leverage emerging capabilities under a coherent and predictable regulatory framework. The Agencies should establish practical governance principles that support innovation while maintaining appropriate controls, accountability, transparency, and risk management standards.
As a means to bolster the continued evolution and utilization of novel technologies, AFC encourages continued public-private coordination and information sharing among regulators, law enforcement agencies, and industry participants. Greater collaboration regarding emerging risks, evolving typologies, technological developments, and supervisory expectations will improve the overall effectiveness of the AML/CFT framework while helping institutions deploy compliance resources more efficiently and strategically.
As a standards-based organization, AFC and its members are also prepared to support this modernization through industry-led standardization that does not require additional rulemaking. AFC is well positioned to help develop common typology libraries aligned with the national AML/CFT priorities, shared data and reporting conventions that improve the consistency and comparability of suspicious activity reporting, quality benchmarks for report narratives, and common model validation and governance practices for automated monitoring. Industry-led standardization of this kind would complement the Agencies’ framework, improve the usefulness of information provided to law enforcement, and reduce unwarranted variation across institutions without constraining legitimate differences in business model or risk profile.
* * *
AFC appreciates the Agencies’ efforts to modernize AML/CFT supervision in a manner that more effectively aligns regulatory expectations with the evolving risks, operational realities, and technological developments shaping the modern financial services ecosystem. As the Agencies finalize the proposed framework, AFC respectfully encourages continued emphasis on risk-based supervision, operational flexibility, interagency consistency, proactive supervisory engagement, and the responsible integration of innovative technologies that strengthen AML/CFT effectiveness while preserving operational practicability. The Agencies should also establish clear pathways for the adoption of artificial intelligence and other advanced analytical technologies that can improve financial crime detection, enhance compliance effectiveness, and strengthen the overall resilience of the U.S. financial system.
A supervisory framework grounded in effectiveness, proportionality, and meaningful risk mitigation outcomes will better position financial institutions to identify and address illicit finance risks while continuing to support responsible innovation, competition, and access to beneficial financial products and services. AFC appreciates the opportunity to provide comments on the proposed rule and welcomes continued engagement with the Agencies on these important issues.
Sincerely,
Ian P. Moloney
Chief Policy Officer
American Fintech Council
[1] American Fintech Council’s (AFC) membership spans banks, non-bank lenders, payments providers, EWA providers, loan servicers, credit bureaus, and personal financial management companies.
[2] Financial Crimes Enforcement Network, “Anti-Money Laundering and Countering the Financing of Terrorism Programs,” Federal Register 91, no. 69 (April 10, 2026): 18304–18330, https://www.federalregister.gov/documents/2026/04/10/2026-06948/anti-money-laundering-and-countering-the-financing-of-terrorism-programs.
[3] John Cusack and Teodora Mladenova, “The Cost ofAML Compliance,” ResearchGate, July 2025,https://www.researchgate.net/publication/393655422_The_Cost_of_AML_Compliance.
[4]U.S. House ofRepresentatives, Joint Explanatory Statement Accompanying the ConsolidatedAppropriations Act, 2021, H.R. Rep. No. 116-617 (2020), https://docs.house.gov/billsthisweek/20201207/116hrpt617-JointExplanatoryStatement.pdf.
[5] Thread Bank, What Other Jurisdictions HaveBuilt: Centralized Financial Intelligence Architectures in India, the UnitedKingdom, and Singapore, and What They Suggest for the United States (May2026).
[6] Thread Bank, What Other Jurisdictions HaveBuilt.
.svg)
.svg)
About the American Fintech Council: The mission of the American Fintech Council is to promote an innovative, responsible, inclusive, customer-centric financial system. You can learn more at www.fintechcouncil.org.
.webp)