Renovation of AML/CFT Frameworks
Over the past year, anti-money laundering (AML) and countering the financing of terrorism (CFT) programs have entered a period of meaningful transformation.
Two major developments are driving this shift: the European Union’s launch of the Anti-Money Laundering Authority (AMLA) in 2025, and FinCEN’s proposed AML/CFT rule introduced in April 2026.
While both initiatives share common themes such as a renewed emphasis on risk-based approaches and the growing importance of data, they reflect fundamentally different philosophies. The EU is prioritizing consistency and centralized oversight, while the United States is shifting toward measurable effectiveness over procedural compliance.
Although these approaches differ, they are responding to the same reality: financial crime is becoming increasingly sophisticated, increasingly cross-border and increasingly dependent on institutions' ability to identify risk through data, analytics and effective controls.
Together, these developments signal a broader evolution in AML supervision. Regulators are increasingly focused not only on whether institutions have controls in place, but whether those controls effectively identify, assess and mitigate financial crime risk.
For financial institutions (FIs), the implications extend well beyond regulatory compliance. These reforms are reshaping how AML programs are designed, governed, measured and supported by technology.
How FinCEN is Reshaping AML Compliance
FinCEN’s Bank Secrecy Act (BSA) has served as the foundation of the U.S. AML framework since 1970. Over the past five decades, regulatory requirements have expanded significantly, as have the number and types of institutions subject to AML obligations. As the financial crime landscape evolved, FinCEN recognized the need to assess whether the current regulatory framework was achieving its intended objectives and effectively addressing today's risks.
April 2026 Proposed AML/CFT Rule
For decades, FIs focused on ensuring their programs and governance met regulatory expectations to avoid fines and enforcement actions. Overtime, however, AML compliance increasingly became a “check the box” exercise, shifting focus away from whether programs were actually effective at identifying and mitigating financial crime risk.
In April 2026, FinCEN released a Notice of Proposed Rulemaking (NPRM) to modernize AML/CFT program requirements under the BSA . The proposal represents one of the most significant AML regulatory reforms in decades and is intended to implement key provisions of the Anti-Money Laundering Act of 2020.
At its core, the NPRM seeks to address the growing gap between compliance and effectiveness. It establishes a formal expectation that AML/CFT programs be “reasonably designed to prevent money laundering and terrorist financing” and be demonstrably effective, not merely compliant. In doing so, it shifts regulatory focus from documentation and controls to measurable outcomes.
The proposal is taking a two-tier approach:
- Tier 1: Program design
- Tier 2: Implementation
The NPRM also emphasizes the importance of:
- A risk-based approach
- Independent testing and audits
- Enterprise-wide risk assessment (continuous, not annual)
- Accountability on senior management and board members
Additionally, the NPRM introduces stronger coordination expectations between FinCEN and banking supervisors. Supervisory bodies are now expected to communicate with FinCEN before taking significant enforcement actions, reinforcing a structured, tiered oversight model.
Taken together, these changes signal a broader shift in regulatory expectations, placing greater emphasis on accountability, ongoing risk management and demonstrable program effectiveness.
The EU’s Push for Harmonized AML Supervision
While FinCEN's proposal focuses on improving program effectiveness, the European Union is addressing a different challenge: fragmentation across national AML supervisory regimes.
Historically, AML requirements and supervisory expectations across EU member states have not always been applied consistently. The EU's latest AML reforms are designed to reduce that fragmentation by creating a more standardized, coordinated and centralized approach to financial crime supervision.
AMLA and the EU AML Reform Package
The EU finalized an AML package designed to strengthen the fight against financial crime by addressing fragmented AML supervision across EU countries, applying more consistent rules and standardizing supervisory practices.
It is comprised of three parts:
- The creation of a new centralized authority, the AMLA (effective January 2026)
- The Single Rulebook, or AMLR (effective in 2027)
- The updated AMLD6
The purpose of the reform is to standardize the EU’s AML/CFT framework, reduce inconsistencies and ensure more uniform requirements across member states.
AMLA introduces a dual supervisory model. The first is direct supervision of approximately the top 40 highest-risk cross-border institutions. The second is indirect oversight of other institutions through national regulators. It is important to note that AMLA does not replace national FIUs, but is there to support coordination while they remain independent.
AMLA also introduces structured peer reviews to promote consistency in supervision and enforcement. These reviews use standardized assessment criteria and involve both AMLA personnel and representatives from national authorities.
AMLA goes beyond harmonization of policies and procedures by extending into data standardization, making it easier to share, compare and analyze data across the EU. AMLA will set standardized requirements for covered FIs around customer due diligence, beneficial ownership, standardized reporting, and continuous monitoring.
Rather than focusing primarily on how institutions design their AML programs, the EU reforms focus on creating greater consistency in how AML risks are supervised, managed and addressed across jurisdictions.
Where the US and EU Approaches Align
Although FinCEN and AMLA take different regulatory paths, both are moving toward the same broader objective: stronger, more effective financial crime risk management.
Both approaches reinforce the importance of risk-based compliance. FIs are expected to identify and assess customer, product, service and jurisdictional risks, then apply controls proportionate to those risks. This includes not only conducting risk assessments, but also monitoring how risks change over time.
Both frameworks also aim to improve AML program effectiveness, though through different mechanisms. FinCEN is focused on measurable outcomes and the ability to demonstrate whether AML programs are working. AMLA is focused on tighter supervisory coordination, especially among high-risk cross-border institutions, and leveraging cross-EU knowledge to support more consistent decision-making.
Data is another shared priority. FinCEN’s NPRM and the AMLA both stress the increased reliance on connected, accurate and explainable data. FinCEN is encouraging the use of advanced technologies and AI to improve detection and decision-making. The EU is placing greater emphasis on cross-border data sharing, collaboration and standardized information to help identify suspicious patterns more consistently.
For FIs, the message is clear: AML programs must be risk-based, data-driven and able to demonstrate how controls support meaningful financial crime outcomes.
Where the US and EU Approaches Differ
The most important difference between FinCEN's NPRM and AMLA is not the outcome they are trying to achieve, but the regulatory model they are using to get there.
FinCEN gives covered FIs greater flexibility in how they meet regulatory expectations. Institutions can tailor their AML programs to their specific risk profiles, business models, products and customer bases. In return, FinCEN expects accountability and measurable results.
AMLA takes a more centralized approach. As a new EU-level authority, AMLA is designed to establish more standardized requirements and reduce across institutions and jurisdictions. This creates less flexibility, but greater consistency in how AML risks are supervised across member states.
The supervisory models also differ. The US maintains a multi-agency supervisory structure, with FinCEN setting expectations and banking supervisors playing a key role in examination and enforcement. The EU is moving towards a more centralized model in which AMLA directly supervises selected high-risk institutions while coordinating oversight through national regulators.
The distinction ultimately comes down to regulatory philosophy. The United States is moving toward an effectiveness-based model that gives institutions flexibility but requires stronger evidence of results. The EU is moving toward a harmonization-based model that prioritizes consistent rules, consistent supervision and consistent expectations across jurisdictions.
For global institutions, this creates a more complex compliance environment. Organizations may need to satisfy both models at once: demonstrating measurable effectiveness in the United States while aligning to more standardized supervisory expectations in the EU.
Conclusion
FinCEN's NPRM and AMLA represent two different approaches to the next era of AML compliance.
For financial institutions operating across jurisdictions, the challenge is not choosing between these approaches, but building programs capable of satisfying both. Organizations will need to demonstrate effectiveness while maintaining consistency, governance and transparency across increasingly complex regulatory environments.
For FIs, the practical takeaway is clear. AML programs can no longer be viewed only as a set of policies, procedures and controls. They must be dynamic, risk-based and supported by trusted data, strong governance and technology that helps institutions identify, assess and mitigate financial crime risk.
As these regulatory models evolve, institutions operating across jurisdictions will need to balance flexibility with consistency. Those that can demonstrate effective controls, explainable decisions and enterprise-wide visibility into risk will be better positioned to meet rising expectations on both sides of the Atlantic.