Federal Reserve Proposes New Money Laundering Rules for Banks
Washington, Tuesday, 7 July 2026.
On July 7, 2026, the Federal Reserve proposed updating compliance rules, shifting supervisory focus toward major program failures and forcing banks to prioritize high-risk customer activities.
Shifting to a Risk-Based Compliance Model
The Federal Reserve’s July 7, 2026, proposal represents a pivotal modernization of the regulatory framework governing domestic banking organizations [1]. Under the new guidelines, banks will be required to optimize and focus their anti-money laundering (AML) resources based on risk, directing increased supervision toward higher-risk customers and activities [1]. This shifting approach is designed to align seamlessly with separate AML program requirements proposed by four other federal regulatory agencies, fostering a unified supervisory environment across the United States financial sector [1].
Extending Guardrails to the Stablecoin Sector
In tandem with the banking sector reforms, federal regulators are moving swiftly to codify compliance expectations for the digital asset industry. On July 7, 2026, a joint notice of proposed rulemaking was issued by FinCEN, the Office of the Comptroller of the Currency (OCC), the Fed, the Federal Deposit Insurance Corporation (FDIC), and the National Credit Union Administration (NCUA) [2]. This joint initiative aims to establish comprehensive Customer Identification Program (CIP) requirements for Permitted Payment Stablecoin Issuers (PPSIs), following legislative mandates under the GENIUS Act that classify these issuers as “financial institutions” under the Bank Secrecy Act (BSA) [2].
Operational Impact and the Road Ahead
To ensure compliance, PPSIs will be required to implement rigorous screening procedures against federal terrorist and terrorist organization lists designated by the Treasury, although a specific list has not yet been designated [2]. Furthermore, the proposal mandates that stablecoin issuers retain customer identification records for five years following account closure, and keep verification records for five years from the date of their creation [2]. While PPSIs are permitted to contractually delegate CIP performance to other federally regulated financial institutions, the stablecoin issuers themselves retain ultimate legal liability for compliance [2].