FinCEN Announces New-and-Improved Onboarding Protocols for Domestic Banks
Since 2025, the Trump administration has focused on reducing regulatory burdens for banks by targeting “debanking” practices, removing subjective “reputational risk” metrics in banking oversight, and even restructuring the very regulatory organizations that govern firms’ compliance with current legislation. Customer Due Diligence (CDD) however remains at the forefront of the United States’ ongoing anti-money laundering (AML) and counter-terrorism financing (CFT) initiatives, with domestic financial service providers still serving as the financial system’s first line of defense against illicit activity. Amidst these developments, the Financial Crimes Enforcement Network (FinCEN) – the bureau of the U.S. Department of the Treasury tasked with collecting and analyzes information about financial transactions to combat domestic and international financial crimes – has progressively reshaped regulatory obligations in response to the ever-evolving financial crime risks seen today, as well as increasing concerns over exhaustive compliance burdens draining the resources at the disposal of the modern financial institution. Last week, FinCEN again announced sweeping policy changes with the potential to provide significant relief to domestic firms, focusing specifically on the client onboarding process. Seeking to streamline CDD obligations at account opening, FinCEN’s Exceptive Relief Order represents the latest phase in a progressive regulatory evolution balancing transparency with operational efficiency.
For the better part of the past five decades, banking onboarding requirements have remained largely harbored within the Bank Secrecy Act (BSA), a measure enacted to prevent criminals from concealing illicit proceeds within U.S. financial institutions. Over time however, regulators recognized that identifying only the named account holder was insufficient when corporations and shell companies could be used to obscure the true individuals controlling funds, allowing for an influx of potentially ill-gotten money into the international financial system. Following terrorist financing concerns highlighted after September 11, 2001, regulators expanded Know-Your-Customer (KYC) expectations through Customer Identification Program (CIP) rules and enhanced AML monitoring obligations. However, a major vulnerability remained: a lack of legal entity transparency. Over the last two decades, criminal actors have increasingly exploited faux-corporations and limited liability companies (LLC’s) in an effort to shroud their ownership structures, making traditional account verification largely ineffective and allowing compromised funds to be laundered through American financial institutions.
Recognizing this growing trend, FinCEN issued the Customer Due Diligence Final Rule in 2016, which fundamentally redefined onboarding expectations for banks and other covered financial institutions. The rule placed a formal definition on a “beneficial owner” – that being any individual who owns 25% or more of a legal entity’s equity or one individual with significant responsibility to control or manage the entity (i.e. the “control prong”). The measure also introduced four core pillars requiring institutions to:
- Identify and verify their customers,
- Identify beneficial owners of legal entity customers,
- Understand the nature and purpose of customer relationships, and
- Conduct ongoing monitoring and risk-based updating.
Most notably, under this legislation financial institutions were immediately tasked with identifying the true natural persons who owned or controlled legal entities opening accounts with their firms, with the goal of increasing financial transparency while preventing the misuse of financial organizations for laundering illicit proceeds. Under this framework, banks were obligated to collect and verify beneficial ownership information every time a legal entity opened a new account, even if their institution had recently verified the same customer.
While effectively closing a major loophole in American AML defenses, the operational consequences for the firms subjected to these new standards became significant. Given that domestic banks collectively open hundreds of millions of accounts annually, the data collection component of this process quickly became both monotonous and costly, specifically when re-examining accounts for established customers whose beneficial ownership structures had not changed. As such, industry participants increasingly argued that this requirement produced duplicative compliance work without proportional AML benefit. These complaints ultimately preceded efforts by the federal government to move AML regulation towards more of a risk-based supervisory model, prioritizing high-value intelligence rather than status-quo compliance procedures.
This shift also coincided with other CDD modernization efforts under the Corporate Transparency Act (CTA). In 2025, FinCEN narrowed Beneficial Ownership Information (BOI) reporting obligations, exempting many domestic U.S. entities from centralized reporting requirements. However, these shifts indirectly increased reliance on financial institutions’ internal due diligence programs rather than government-maintained registries, further increasing pressure on financial institutions and their staff to maintain appropriate standards or risk potential fines and sanctions for compliance shortcomings.
Fast forward to 2026, and FinCEN’s new Exceptive Relief Order to Streamline Customer Due Diligence Requirements immediately becomes one of the most consequential changes to bank onboarding seen over the last two decades. All told, the new order grants relief from the longstanding requirement to verify beneficial ownership information at every new account opening. Under current requirements, financial institutions will now only have to identify and verify beneficial owners under three circumstances, those being initial relationship establishment (i.e. when an account is first opened with the institution), when there are reliability concerns (situations where information arises that questions previously-collected account information), and in cases that are otherwise required based on the institution’s risk-based procedures for ongoing customer due diligence.
FinCEN has stressed however that covered institutions must continue to retain records of customer confirmations and continue all of their other AML obligations. This means that the regulator’s core AML safeguards for American banks remain intact. These priorities include Suspicious Activity Report (SAR) monitoring requirements, maintaining written AML compliance programs, risk-based customer monitoring, and appropriate record-keeping and reporting duties under the BSA. This effectively allows for a reduction in repetitive processes, rather than weakening AML controls as they currently stand.
FinCEN Director Andrea Gacki summed up the measure perfectly as the latest portion of the U.S. policy shift towards creating a risk-sensitive, intelligence-focused compliance model.
Gacki stated that the action “supports a more efficient, risk-based approach to customer due diligence and reduces unnecessary regulatory burden without weakening the foundational requirements that protect the U.S. financial system.”1 Altogether, the measure still recognizes the importance of CDD, but with redefined timing and purpose – that being identifying beneficial owners when it meaningfully enhances financial crime detection, not merely when a customer opens another account.
Citations
- Financial Crimes Enforcement Network. FinCEN Issues Exceptive Relief to Streamline Customer Due Diligence Requirements.S. Department of the Treasury, 13 Feb. 2026.