FinCEN AML Overhaul Redefines Examination Standards for Transaction Monitoring and Internal Testing

FinCEN’s April 7 NPRM carries specific implications for transaction monitoring (TM) and independent testing functions that deserve separate analysis. The proposal explicitly recalibrates the role of internal audit and external testing within AML programmes — a shift that will require compliance functions to revisit how they scope, conduct, and document their testing activities.

Under the proposed rule, independent testing would assess whether the AML/CFT programme is ‘established and maintained’ using objective criteria, rather than challenging the institution’s underlying risk decisions or programme design choices. The proposal makes clear that auditors ‘should not substitute their subjective judgment in place of the financial institution.’ This is a material change: in the current environment, many audit functions have grown accustomed to questioning risk appetite and design choices — a role that FinCEN is now explicitly circumscribing.

For transaction monitoring specifically, the shift to effectiveness-based assessment means institutions must build documented evidence that their TM systems identify and escalate meaningful suspicious activity — not simply that they are calibrated to industry thresholds. The NPRM also signals a new emphasis on AI-enabled TM: FinCEN’s director would consider whether an institution employs ‘innovative tools such as artificial intelligence’ as a positive factor in enforcement decisions. This creates a de facto incentive structure for institutions to modernise legacy rules-based TM systems.

The enforcement standard tied to ‘material’ or ‘systemic’ failures — rather than isolated technical gaps — also alters the risk calculus for institutions with known but minor TM deficiencies. Boards and senior management should take the opportunity, before final rule publication, to assess which existing gaps would cross the new materiality threshold and prioritise remediation accordingly.