In a significant regulatory shift aimed at modernizing anti-money laundering (AML) compliance, the Financial Crimes Enforcement Network has issued an “exceptive relief” order that relaxes longstanding customer due diligence (CDD) requirements for financial institutions.
The order, released on February 13, 2026, marks a departure from the rigid framework established under the 2016 CDD Rule. It eliminates the requirement for banks and other covered institutions to repeatedly identify and verify the beneficial owners of legal entity customers each time a new account is opened.
Instead, institutions are now required to collect and verify beneficial ownership information only under specific circumstances: when a customer first establishes a relationship, when there are doubts about previously obtained data, or when required under risk-based monitoring procedures.
A Move Toward Efficiency
Regulators have framed the change as part of a broader effort to streamline compliance processes while maintaining robust safeguards against illicit finance. The previous rule had been widely criticized by the banking industry for creating duplicative and resource-intensive obligations, particularly when dealing with repeat customers whose ownership structures had not changed.
By shifting the focus to a risk-based model, FinCEN aims to reduce unnecessary administrative burden without compromising the integrity of the financial system. Officials emphasized that the revised approach allows institutions to rely on previously collected data, provided customers confirm its accuracy, thereby improving operational efficiency.
Industry observers note that U.S. financial institutions open millions of accounts annually, making the previous requirement to re-verify beneficial ownership at every account opening both costly and, in many cases, redundant.
Core Compliance Obligations Remain
Despite the relaxation, FinCEN has made clear that the foundational principles of the Bank Secrecy Act remain unchanged. Financial institutions must continue to maintain comprehensive AML/CFT programs, conduct ongoing monitoring, and report suspicious activities.
The order explicitly reinforces that institutions are still responsible for updating customer information on a risk-sensitive basis and ensuring that their internal controls are capable of detecting potential financial crimes.
In essence, while the procedural burden of repeated data collection has been reduced, the accountability for identifying and mitigating risk has not.
Regulatory Philosophy Shift
The move signals a broader regulatory pivot toward a more flexible, intelligence-driven approach to compliance. FinCEN acknowledged that the previous rule was increasingly inconsistent with its evolving emphasis on risk-based supervision.
Legal analysts suggest that the order aligns with ongoing efforts to recalibrate the balance between regulatory oversight and operational practicality. By allowing institutions to prioritize high-risk scenarios, regulators hope to improve the quality—rather than the quantity—of compliance activities.
Implications for the Financial Sector
For banks, credit unions, and broker-dealers, the immediate impact is likely to be a reduction in compliance costs and onboarding friction for business clients. Customers, particularly corporate entities, may benefit from faster account opening processes and fewer repetitive documentation requirements.
However, experts caution that institutions must carefully implement the new framework. The reliance on prior data and customer certifications places greater emphasis on internal risk assessment systems and governance structures.
A Step Toward Modernization
The exceptive relief order represents one of the most notable updates to U.S. AML regulations in recent years. While it eases operational demands, it also reinforces the expectation that financial institutions adopt smarter, more targeted approaches to detecting illicit finance.
As global financial crime becomes increasingly complex, regulators appear to be signaling that effective compliance lies not in repeated box-ticking, but in informed, risk-based vigilance.
For more details, refer to the attached PDF.
By FCCT Editorial Team
