Now 55 years old, the Bank Secrecy Act (BSA) remains the backbone of America’s fight against illicit finance. Yet, despite its enduring purpose, the law’s original framework struggles to keep pace with the rapidly evolving financial system it regulates.

In fact, if they could see it, the BSA’s original sponsors might barely recognize today’s radically transformed global economy. While landmark amendments like the USA PATRIOT Act, the Anti-Money Laundering Act of 2020, and the recent 2024 Notice of Proposed Rulemaking on AML/CFT program effectiveness represent significant modernization efforts, the law’s fundamental structure still grapples with its 70s-era origins.

A constant tug-of-war exists between regulators enforcing BSA compliance and institutions trying to adhere to a law written for a bygone era. Encouragingly, though, there’s a rising consensus from both sides on the need to modernize the BSA.

The Financial Crimes Enforcement Network (FinCEN) published the latest proof of this consensus in a 2024 Notice of Proposed Rulemaking (NPRM) on Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) Program Effectiveness. This NPRM, issued on June 28, 2024, also speaks to a growing partnership between the financial services industry and federal financial regulatory agencies.

Key Elements of FinCEN’s 2024 NPRM

FinCEN published the NPRM on June 28, 2024, with a 60-day open comment period following its publication in the Federal Register. The proposal aims to strengthen and modernize financial institutions’ AML/CFT programs, building on concepts previously discussed in an Advance Notice of Proposed Rulemaking (ANPRM) from September 2020. The 2024 NPRM specifically addresses and would mandate key aspects of AML/CFT programs.

First, the NPRM proposes to explicitly require all covered financial institutions to maintain an AML/CFT program that is “effective, risk-based, and reasonably designed.” To comply with that definition, an institution’s AML/CFT program would need to cover the following bases:

• It “identifies, assesses, and reasonably mitigates the risks resulting from illicit financial activity” based on the institution’s risk assessment and inclusive of national AML/CFT priorities.
• It complies with the recordkeeping and reporting requirements of the BSA.
• It “provides information with a high degree of usefulness to government authorities” based on the institution’s risk assessment and national AML/CFT priorities.

Second, the NPRM would mandate that financial institutions incorporate FinCEN’s national AML/CFT priorities into their programs. FinCEN first issued these priorities on June 30, 2021, and they currently include:

• Corruption
• Cybercrime and cyber-enabled crime
• Domestic and international terrorist financing
• Fraud
• Transnational criminal organizations
• Drug trafficking organizations
• Human trafficking and human smuggling
• Proliferation financing

The AML Act requires FinCEN to revisit its AML/CFT Priorities at least every four years, so a successor list was originally expected in June of 2025. However, a Presidential Memorandum on Regulatory Freeze Pending Review issued in January directed all agencies to pause new guidance until a newly-appointed official signs off. As a result, FinCEN has held off publishing the 2025 list. For now, the June 2021 priorities remain in effect.

The NPRM clarifies that this priority list is not all-inclusive of risks. Institutions would still need to focus on institution-specific risks identified in their risk assessments.

Third, the NPRM would establish an explicit requirement for a mandatory risk assessment process within an AML/CFT program for all covered financial institutions. While previously considered a critical element, it was not a direct requirement for all institutions under the BSA.

Covered Institutions within the NPRM Scope

The proposed rule would be “applicable to all of the industries that have anti-money laundering (AML) program requirements under FinCEN’s regulations.” This includes, but is not limited to, the following:

• Banks, including credit unions and depository institutions
• Casinos and card clubs
• Money service businesses
• Securities brokers or dealers
• Mutual funds
• Insurance companies
• Futures commission merchants and introducing brokers in commodities
• Precious metal, stone or jewel dealers
• Credit card system operators
• Loan or finance companies
• Housing government-sponsored enterprises

FinCEN continues to encourage commenters to speak about industry-specific BSA/AML considerations to help inform their final rulemaking, recognizing the disparity in requirements and business models across these categories.

Positive Signs for BSA/AML Compliance

The financial services industry has advocated for a BSA overhaul for some time. At the core of its argument: the law’s current framework has failed to keep pace with ongoing changes in the industry, global economy and technology, which limits the BSA’s ability to fulfill its original and still very relevant purpose.

All the while, the cost of BSA compliance continues to rise, placing significant and, arguably, disproportionate burdens on financial institutions. While specific, publicly comparable figures for individual institutions remain limited, the trend is clear: Celent estimates that financial institutions spent $155.3 billion on financial crime compliance operations, with an additional US$34.7 billion dedicated to related technology. Many institutions report rising labor costs for compliance staff and increased training expenses, highlighting the growing investment required.

Furthermore, a 2020 Government Accountability Office (GAO) report on Anti-Money Laundering anecdotally found that community banks and credit unions bear the greatest BSA/AML burden. Although the two very largest banks in the study spent more money for BSA/AML compliance, the total represented less than 1 percent of all their operating expenses.

The same was true for only two other banks with fewer assets. By contrast, the rest of the banks in the study used a greater percentage of total operating expense dollars toward BSA/AML compliance, with a small community bank (2.4 percent) and a large credit union (4.9 percent) spending the most in relation to their expense budget.

However, several positive developments from the Anti-Money Laundering Act of 2020 (AML Act) and the recent 2024 NPRM suggest FinCEN is actively responding to industry concerns about the cost and challenges of BSA/AML compliance. Optimistically, FinCEN appears to be moving closer to implementing impactful and long-awaited change.

Acknowledging Significant Innovations

It’s no surprise that the world would evolve over the 55-year existence of the BSA, but the pace of change in banking and technology over the last two decades has been faster and more drastic than the previous 30 years. Consider that in 2001—the year the USA PATRIOT Act was enacted—no one had a smart phone, much less banked or even imagined banking from it.

FinCEN explicitly cites this rapid advancement as a primary driver for its proposed rulemaking: “Over the past several years, there have been significant innovations in the financial sector and the development of new business models, products, and services, fueled in part by rapid technological changes.”

Congress made technology a centerpiece of the AML Act of 2020, directing the Treasury to “encourage technological innovation and the adoption of new technology by financial institutions to more effectively counter money laundering and the financing of terrorism.”

FinCEN’s 2024 NPRM echoes that charge almost verbatim, adding that the rule “would provide financial institutions with the ability to modernize their AML/CFT programs with responsible innovation while still managing illicit-finance risks.”

In plain terms, regulators are signaling that tools such as artificial intelligence, machine-learning models, cloud-scale analytics and real-time payments monitoring are expected as part of a risk-based, “high-usefulness” program.

Recognizing BSA Compliance Challenges

As a direct result of this breakneck innovation, financial institutions can now offer new channels and products to their customers, while financial criminals gain new avenues to potentially exploit. Complying with the static BSA in such a complex environment presents significant financial, operational and even reputational costs for institutions.

The NPRM reiterates FinCEN’s commitment to ensuring the BSA’s AML regime effectively adapts to evolving illicit finance threats. It aims to achieve this while also providing financial institutions with greater flexibility in how they address these risks. This dual objective underscores a dedication to both national security and practical, risk-based compliance.

Clarity for Effective AML Programs

By explicitly defining what constitutes an “effective and reasonably designed” AML program and mandating a risk assessment process, FinCEN provides a clearer roadmap for financial institutions. This approach is intended not merely to add more work to compliance staff, but to enhance the quality and strategic focus of existing compliance efforts, redirecting resources toward the most pressing risks.

More Efficient Use of Resources

Throughout its recent proposals, FinCEN acknowledges the high cost of BSA/AML compliance and the often mixed results of its current structure. To address this disparity, FinCEN specifically aims to grant financial institutions greater flexibility in how they allocate resources. The goal: to foster more effective and efficient anti-money laundering programs, actively encouraging the integration of new technologies like artificial intelligence (AI).

FinCEN’s National AML Priorities

Until recently, financial institutions largely had to guess what specific issues were top priorities on the national radar. This ambiguity could lead to misallocated resources, a lack of focus on areas of greatest national security concern, and potential issues during examinations.

FinCEN anticipates that by publishing and mandating the incorporation of its Strategic AML Priorities, they will:

• Impact and inform an institution’s risk assessment depending on its size, complexity, customers, geographic footprint, products and services
• Enhance the ability of institutions to provide information with a high degree of usefulness to law enforcement and government authorities
• Allow law enforcement to better understand and address risks in specific areas
• Improve information sharing, including public-private forums

Request For Answers

In inviting industry feedback on the proposal, FinCEN encourages comments on all aspects of the proposed rule. This broad call for input underscores FinCEN’s commitment to developing regulations that are both effective in combating illicit finance and practical for the diverse range of financial institutions required to comply.

Next Steps

The Anti-Money Laundering Act of 2020 served as a pivotal legislative catalyst for much of FinCEN’s recent efforts, including this 2024 NPRM. The AML Act not only mandates regular updates to the AML/CFT priorities but also broadly aims to modernize the entire AML regime. This NPRM marks a significant stride, yet FinCEN still anticipates further actions, such as issuing additional guidance where appropriate, as it continues to evaluate the full spectrum of legislative mandates and recommendations, including those from the BSA Advisory Group (BSAAG).

A New Partnership in the Making?

No one on either the industry or regulatory side disputes the fundamental need to protect the financial system from being exploited for financial fraud or other illicit activities, like drug trafficking, human trafficking, terrorism or organized crime through money laundering. Now, there is also growing consensus for updating the AML aspects of the BSA to better align with the realities of today’s evolving world.

This collaborative approach could forge a mutually beneficial partnership, cheered by the industry—and dreaded by criminals.