FinCEN’s Notice of Proposed Rulemaking published 7 April is the biggest rewrite of US AML/CFT rules in roughly 25 years, and buried in the fact sheet is a line that changes the math for every covered bank: the Director will evaluate “whether the bank is employing innovative tools such as artificial intelligence that demonstrate the effectiveness of the bank’s AML/CFT program” when weighing enforcement or supervisory action.
That’s the first time a US financial regulator has openly priced AI adoption into how it decides fines.
The rule also kills the old process-based standard. Programs won’t be judged on whether the policies, training logs, and SAR templates exist. They’ll be judged on whether the program actually detects financial crime and produces useful suspicious activity reports. FinCEN tells banks to push resources at higher-risk customers and pull back from the low-risk ones.
So what does this do to the AML vendor stack? Unit21, ComplyAdvantage, Hawk AI and the rest just got a regulator-issued tailwind. A bank that can show its model caught a typology its old rules engine missed now has something to wave at the examiner. A bank still running 2008-era transaction monitoring has a harder conversation.
AI isn’t mandated. FinCEN was explicit that a low-risk institution can run an effective program without it. The catch is who decides what counts as effective.
Two open questions hang over the comment window. Does this split US banks into AI-haves and AI-have-nots? And what happens to FinCEN’s intake queue if every Tier 1 bank ships an AI model tuned to file more SARs to prove effectiveness?
Comment period closes 9 June 2026. The effective-date delay for registered investment advisers, set 2 January, is still in force.
— Diana Kowalski