As part of the U.S. Department of Treasury’s efforts to modernize the U.S. anti-money laundering regulatory and supervisory framework, the Financial Crimes Enforcement Network (FinCEN) has issued a proposed rule that would reform how financial institutions design and operate their anti-money laundering and countering the financing of terrorism (AML/CFT) programs. Though not a wholesale rebuild of the existing framework, FinCEN and the banking regulators are signaling a new emphasis on an approach that prioritizes risk-based effectiveness over process-driven compliance and establish FinCEN’s central role in AML/CFT supervision among the Federal bank regulators.

The Current Regulatory Landscape for AML/CFT Programs

Under the Bank Secrecy Act (BSA), financial institutions are required to establish AML/CFT programs designed to identify, prevent, and report financial crime. FinCEN, as the administrator of the BSA, plays a principal role in setting program standards and coordinating with federal banking supervisors – including the Federal Reserve, the Federal Reposit Insurance Corporation (FDIC), the Office of the Comptroller of Currency (OCC), and the National Credit Union Administration (NCUA) – who examine the institutions they oversee for compliance.

Historically, institutions’ compliance has been measured in part on whether they are adequately managing their AML / CFL responsibilities, with regulators assessing the design and operation of compliance programs. Much of the reform is aimed at moving away from a framework that critics argue encourages “check-the-box” compliance, focusing instead on achieving meaningful results. As Treasury Secretary Scott Bessent put it, “For too long, Washington has asked financial institutions to measure success by the volume of paperwork rather than their ability to stop illicit finance threats.” Bessent added that, “Our proposal restores common sense with a focus on keeping bad actors out of the financial system, not burying America’s banks in more red tape.”

What’s Driving the Rulemaking?

The proposed rule is part of Treasury’s broader effort to modernize the AML/CFT regulatory and supervisory framework. It also implements key provisions of the Anti-Money Laundering Act of 2020 (AML Act), which, among other things, directed FinCEN and federal regulators to consider that compliance programs should be “risk-based, with more financial institution attention and resources directed toward higher-risk customers and activities…rather than toward lower-risk customers and activities.”

Results Over Process

FinCEN’s Fact Sheet accompanying the proposed rule identifies six key reforms that, taken together, signal a regulatory philosophy focused on outcomes rather than procedural box-checking:

  • Refocusing compliance obligations and expectations on effectiveness by distinguishing between deficiencies stemming from program design (“establishment”) and program implementation (“maintenance”);
  • Reinforcing Treasury’s belief that financial institutions are best positioned to identify and evaluate their money laundering, terrorist financing, and illicit finance risks;
  • Empowering financial institutions to direct more attention and resources toward higher-risk customers and activities;
  • Clarifying expectations related to certain program requirements and functions – including independent testing and audit functions – to ensure that examiners and auditors do not substitute their subjective judgment in place of financial institutions’ risk-based and reasonably designed AML/CFT programs;
  • Affirming FinCEN’s central role in AML/CFT supervision, including through the introduction of a notice and consultation framework between Federal banking supervisors and FinCEN with respect to significant AML/CFT supervisory actions;
  • Incorporating the AML/CFT Priorities in both AML/CFT program requirements and considerations involving significant supervisory or enforcement actions.

Three Areas of Significant Impact

Among these reforms, three are likely to have the most immediate impact on day-to-day compliance.

First, the proposed rule would make FinCEN the gatekeeper for significant supervisory and enforcement actions. Under a new notice and consultation framework, federal banking supervisors would be required to give FinCEN’s Director at least 30 days’ advance written notice before initiating a significant AML/CFT supervisory action under delegated authority. For banks, this suggests that FinCEN – not any single prudential regulator – will increasingly set the tone for AML/CFT supervision. Both the American Bankers Association and Bank Policy Institute   welcomed this development citing FinCEN’s “elevated role” as a step towards “ensur[ing] greater alignment and consistency across agencies.”

Second, the rule would establish that only “significant or systemic failures” to maintain a properly established AML/CFT program would warrant enforcement or significant supervisory action. In practice, this could reduce enforcement risk for institutions with sound programs but experience isolated implementation issues.

Third, the rule would include the four “core pillars” that an AML/CFT program must incorporate pursuant to the BSA: (1) internal policies, procedures, and controls, including risk assessment processes; (2) independent program testing; (3) designation of a U.S.-based compliance officer; and (4) ongoing employee training. By standardizing these requirements across institution types, FinCEN aims to promote consistency and reduce the patchwork of obligations that currently exist.

What’s Next?

FinCEN is accepting public comments for 60 days following publication of the Notice of Proposed Rulemaking in the Federal Register. The federal banking supervisors – the Federal Reserve, FDIC, OCC, and the NCUA – are also expected to issue their own proposed rules in substantive alignment with FinCEN’s proposal. Financial institutions should begin evaluating how these changes may affect their programs and whether to weigh in during the comment period.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch. And please click here to find out about Ballard Spahr’s Anti-Money Laundering Team.

The U.S. Department of the Treasury has issued its first proposed rule under the Guiding and Establishing National Innovation for U.S. Stablecoins (GENIUS) Act, marking a key milestone in federal efforts to regulate payment stablecoins. The Notice of Proposed Rulemaking (NPRM) outlines the principles Treasury will use to assess whether a state’s regulatory regime is “substantially similar” to the federal framework, which determines whether certain stablecoin issuers may be supervised by states rather than the OCC or other federal agencies. Comments on the proposal are due by June 2, 2026.

Background: The GENIUS Act’s Federal–State Opt-In Model

Passed in July 2025, the GENIUS Act created the first comprehensive federal framework for stablecoin regulation. (See our blog post, here.) It allows “State qualified payment stablecoin issuers,” defined as issuers with up to $10 billion in outstanding issuance, to elect state-level supervision if their state’s regulatory regime is certified as “substantially similar” to the federal approach. The model is intended to balance innovation, flexibility, and uniformity while reducing opportunities for regulatory arbitrage.

Treasury published an Advance Notice of Proposed Rulemaking (ANPRM) in September 2025 to gather stakeholder feedback. The current NPRM reflects that input and begins the formal rulemaking process.

Scope and Structure of the NPRM

The proposed rule would add a new Subchapter C to Title 12 of the CFR, containing:

  • Part 1520: Authority, purpose, and scope
  • Part 1521: Core principles for determining substantial similarity between state and federal regimes

Part 1521 is the key component of the proposal and sets out how Treasury will evaluate whether a state’s regime meets or exceeds the standards required by section 4(a) of the Act.

Defining the Federal Regulatory Framework

A central question addressed by the NPRM is what constitutes the “Federal regulatory framework.” Treasury proposes a definition that extends beyond the statute and includes:

  1. The GENIUS Act
  1. OCC regulations and formal interpretations published in the Federal Register
  1. Treasury regulations and guidance implementing BSA, sanctions, and technological compliance requirements under sections 4(a)(5) and (6)
  1. Federal Reserve Board rules implementing the Act’s anti-tying provisions under section 4(a)(8)

Treasury explains that relying solely on statutory text would leave significant gaps, particularly in prudential areas such as capital, liquidity, and reserve diversification, where implementing detail resides in agency rules. The OCC’s framework serves as the primary baseline for comparison because most state-qualified issuers are nonbanks that would transition to OCC oversight if they exceed the $10 billion threshold.

Uniform Requirements and State-Calibrated Flexibility

The NPRM distinguishes between two categories of requirements:

  • Uniform requirements: Areas where the Act provides no substantive discretion. State regimes must align with the federal framework. Examples include reserve asset requirements, AML/BSA/sanctions programs, and core disclosure and naming restrictions.
  • State-calibrated requirements: Areas where states may tailor standards if the outcomes are at least as robust as the federal model. These include capital requirements, certain governance provisions, and some risk management practices.

Appendix A maps each statutory requirement to one of these categories and provides a practical guide for state regulators.

Federal Law and State Qualified Issuers

Treasury reiterates that state-supervised issuers remain subject to all applicable federal statutory requirements unless the Act expressly provides otherwise. State regimes cannot authorize activities prohibited under federal law, and federal disclosure and naming restrictions apply universally. The goal is to maintain a consistent baseline of protections regardless of supervisory regime.

Principles, Flexibility, and Ongoing Supervision

States may impose requirements beyond the federal baseline as long as they do not conflict with federal law or undermine substantial similarity. Statutes, regulations, and enforceable guidance may all serve as vehicles for compliance.

The NPRM also addresses how future federal legislation or rule changes could interact with state frameworks and seeks comment on definitional issues, classification of requirements, and whether rules for foreign issuers should be incorporated.

Next Steps in the Rulemaking Process

Treasury is seeking comment on all aspects of the proposal, including the scope of the federal regulatory framework, the division of statutory requirements into uniform and state-calibrated categories, the degree of flexibility states should retain, and the practical criteria for assessing substantial similarity. Comments are due June 2, 2026, according to the Federal Register notice.

Outstanding Issues and Policy Implications

Although the NPRM clarifies core structural elements, several practical questions remain:

  1. Supervision and enforcement: The proposal emphasizes supervisory design but is less specific about how Treasury will evaluate the strength or consistency of state enforcement.
  1. Durability of certification: The NPRM does not detail how Treasury will monitor state regimes over time or under what conditions certifications may be revisited or withdrawn.
  1. Regulatory competition: Allowing state-level supervision may encourage innovation but could also create competitive pressures among states. The rigor with which Treasury applies the “meet or exceed” standard will be central to preventing regulatory arbitrage.
  1. Issuer threshold management: The NPRM explains the $10 billion transition point but does not address how Treasury might respond if issuers structure operations to remain within the state-qualified category.

Conclusion

Treasury’s proposed rule provides the first detailed framework for harmonizing state and federal oversight of stablecoin issuers under the GENIUS Act. Its two-tier structure, which combines uniform requirements with calibrated flexibility, reflects an effort to maintain consistent protections while supporting regulatory innovation. Stakeholders should review the proposal closely and consider submitting comments by the June 2, 2026 deadline.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch. And please click here to find out about Ballard Spahr’s Anti-Money Laundering Team.

Recently, a federal judge in the Eastern District of Texas vacated FinCEN’s residential real estate rule (the “Rule”) finding that the agency exceeded its statutory authority under the Bank Secrecy Act (the “BSA”). Flowers Title Companies, LLC v. Bessent, Case No. 6:25-cv-127 (E.D. Tex. Mar. 19, 2026). Since finalization in 2024, the Rule has been subject to litigation in various jurisdictions. The Rule requires the collection and reporting of information to FinCEN in connection with transfers of residential real estate to entities and certain trusts that do not involve financing by a lender subject to anti-money laundering requirements under the BSA.

FinCEN’s website was subsequently updated with an alert indicating that “[i]n light of a federal court decision, reporting persons are not currently required to file real estate reports with FinCEN and are not subject to liability if they fail to do so while the order remains in force.”

While the decision affords reporting persons a reprieve from filing requirements, this is not likely the end for the real estate sector. FinCEN and the Financial Action Task Force (“FATF”) have long recognized anti-money laundering risks posed by the real estate market. We have previously blogged about FATF’s guidance related to the real estate sector here

Flowers Title Companies, LLC v. Bessent

The Plaintiffs challenged the Rule under the Administrative Procedures Act (“APA”), claiming that the Rule exceeded FinCEN’s statutory authority under the BSA. Plaintiffs alternatively claimed that if the BSA does authorize the Rule, then the BSA violates the “nondelegation doctrine” of the Commerce Clause, exceeds Congress’s enumerated powers, and violates the Fourth Amendment.

FinCEN relied on following two provisions of the BSA as justification of their authority to promulgate the Rule:

31 U.S.C. § 5318(g)(1)

Section 5318(g)(1) of the BSA states that FinCEN “may require financial institution, and any director, officer, employee, or agent of any financial institution, to report any suspicious transaction relevant to a possible violation of law or regulation.” FinCEN argues that non-financed transfers of residential real estate are a type of suspicious transaction that requires reporting.

The Court held that FinCEN failed to show how non-financed residential real estate transactions were categorically suspicious pursuant to 31 U.S.C. § 5319(g)(1). The Court acknowledged that there may be bad actors conducting suspicious non-financed real estate transactions, but that does not make them categorically suspicious, and FinCEN failed to provide sufficient evidence showing otherwise.

31 U.S.C. § 5318(a)(2)

Section 5318(a)(2) of the BSA states that FinCEN may “require a class of domestic financial institutions or nonfinancial trades or businesses to maintain appropriate procedures, including the collection and reporting of certain information[.]” The Court held that 31 USC § 5318(a)(2) does not provide FinCEN with the appropriate authority to adopt the Rule, but instead gives FinCEN the authority to require financial institutions to maintain procedures to comply with the BSA. 

The decision in Flowers differs from a recent Florida case where the Margistrate Judge’s Report and Recommendation concluded that FinCEN’s motion for summary judgment should be granted and that the Rule was statutorily authorized by the BSA. Fid. Nat’l Fin., Inc. v. Bessent, case No. 3:25-cv-554 (M.D. Fla. Dec. 9, 2025). FinCEN relied on similar statutory provisions as justification of the Rule.

At the time of the writing of this blog post, FinCEN had not filed a notice of appeal.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch. And please click here to find out about Ballard Spahr’s Anti-Money Laundering Team.

MBaer Merchant Bank AG (“MBaer”) was recently designated a “primary money laundering concern” by the U.S. Department of the Treasury’s Financing Crimes Enforcement Network (“FinCEN”) pursuant to Section 311 of the PATRIOT Act.  

The Consequences

FinCen detailed its allegations against MBaer on February 26, 2026, in its Notice of Proposed Rulemaking (“NPRM”) where it proposed measures that, if implemented, would effectively ban MBaer from the U.S. financial system.  Specifically, the measures would:

  • Prevent U.S. financial institutions from opening or maintaining correspondent accounts for or on behalf of MBaer,
  • Require U.S. financial institutions to take reasonable steps not to process transactions if the transactions that involve MBaer,
  • Implement due diligence requirements that would guard against accounts being used to process MBaer transactions.  This would require that a covered financial institution notify any foreign correspondent account that MBaer cannot use the correspondent account and take reasonable steps to identify any use of its foreign accounts by MBaer, and
  • Require U.S. financial institutions to document compliance with the notifications requirement.

FinCEN is acting under Section 311 of the PATRIOT Act, which grants the Treasury Secretary the authority to impose “special measures” against a foreign financial institution if the Secretary finds the institution is a “primary money laundering concern.”

FinCEN’s proposal, special measure five, represents the most restrictive action available under Section 311. When imposed, it can effectively bar a foreign financial institution from accessing the U.S. dollar and the broader U.S. financial system. For institutions that depend on these channels, the consequences can be significant.  (See additional posts on FinCEN’s Section 311 actions linked here).

The Justification

FinCEN alleges this extreme measure is warranted here because MBaer has assisted with Venezuelan state-sponsored corruption; assisted with Russian and Iranian money laundering and has facilitated terrorist financing.

Indeed, FinCEN concluded that, “MBaer maintained a higher-risk customer base without implementing sufficiently mitigating controls that would prohibit such customers from engaging in illicit activities, and in some cases, deliberately acted to facilitate those illicit activities.”  For example, a former MBaer Vice Chairperson of the Board was accused of using MBaer to “launder proceeds of Venezuelan corruption[.]”  MBaer also attempted to conceal that it had retained Russian clients, despite Russia related sanctions.  MBaer is also accused of providing access to the U.S. financial system for persons “providing material support to Iran-related money laundering and terrorist financing efforts, including support to Iranian foreign terrorist organizations[.]”

FinCEN believes the fifth special measure will:

  • Close MBaer’s access to the U.S. financial system,
  • Inhibit MBaer’s ability to act as an illicit finance facilitator, and
  • Raise awareness of the ways illicit actors circumvent money laundering controls and international sanctions.

FinCEN considered less extreme measures to impose against MBaer but concluded that anything other than a complete prohibition would be ineffective.

The Impact

FinCEN’s proposed prohibition against MBaer may signal a willingness by the Trump Administration to sanction financial institutions to protect its foreign policy interests. Foreign financial institutions should be aware of President Trump’s regulatory expectations if they want to maintain their ability to access and participate in the U.S. financial system and should be particularly wary of doing business with those that the U.S. deems to be adverse to its national security interests.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch. And please click here to find out about Ballard Spahr’s Anti-Money Laundering Team.

On March 10, 2026, FinCEN issued a renewed and expanded Geographic Targeting Order (GTO) imposing enhanced reporting and recordkeeping requirements on certain money services businesses (MSBs) operating along the Southwest border. According to FinCEN, the action is intended to support law enforcement efforts to disrupt money laundering and bulk‑cash movement tied to Mexico‑based drug cartels and other criminal networks. The new GTO is effective March 7, 2026, through September 2, 2026, and expands the geographic footprint of prior orders issued in March and September 2025.

Access the new GTO here. Read FinCEN’s press release here. This is a topic on which we previously have blogged extensively.

Scope of the Expanded Order

The GTO requires MSBs located in designated counties and ZIP codes in Arizona, California, New Mexico, and Texas to report cash transactions between $1,000 and $10,000. These reports must be filed on a Currency Transaction Report (CTR) within 30 days, an extension from the standard 15‑day CTR deadline. The GTO also requires MSBs to verify customer identity consistent with 31 C.F.R. § 1010.312 and to retain all related records for five years.

The Federal Register notice explains that FinCEN has determined additional reporting and recordkeeping requirements under this GTO are necessary to fulfill the objectives of the Bank Secrecy Act (BSA) and prevent attempts to evade its rules. The GTO also makes clear that it does not alter existing BSA obligations, including CTR and SAR filing requirements, but encourages voluntary SAR filings where activity appears designed to evade the new $1,000 threshold.

Expanded Coverage Area:

  • Arizona: Maricopa, Pima, Santa Cruz, and Yuma Counties
  • California: ZIP codes in Imperial County (92231, 92249, 92281, 92283) and San Diego County (91910, 92101, 92113, 92117, 92126, 92154, 92173)
  • New Mexico: Bernalillo, Doña Ana, and San Juan Counties
  • Texas: Cameron, El Paso, Hidalgo, Maverick, and Webb Counties

As with prior iterations, MSBs subject to ongoing injunctions remain temporarily exempt.

Why This Is Happening

FinCEN’s expanded GTO is part of a broader strategy to disrupt money laundering and other financial crimes tied to drug cartels and criminal organizations operating along the Southwest border. The agency views these enhanced reporting requirements as a practical way to give law enforcement better visibility into cash‑heavy transactions in areas known for elevated risk.

The Treasury Department has emphasized that addressing cartel‑related money flows remains a top priority. According to Treasury Secretary Scott Bessent, these efforts reflect the Administration’s commitment to removing drug‑trafficking profits from the U.S. financial system and equipping law enforcement with more timely information to target those responsible.

FinCEN anticipates that collecting more detailed transaction data through this order will help investigators uncover new leads and strengthen future prosecutions involving suspicious cash movements in vulnerable regions.

How This GTO Differs from Prior Orders

Compared to earlier Southwest border GTOs, the 2026 expansion introduces several notable updates. The most visible change is geographic: by adding Bernalillo, Doña Ana, and San Juan Counties in New Mexico, along with Maricopa and Pima Counties in Arizona, FinCEN has broadened its focus beyond the areas covered in past orders. Expanding the covered region likely reflects evolving patterns in cash movement or emerging law‑enforcement concerns along the border.

FinCEN’s explanation for the update also references cartel‑related financial flows more directly than in some previous orders. The agency links the expansion to risks associated with fentanyl trafficking and criminal organizations based in Mexico, offering a level of specificity that suggests these issues remain central to ongoing investigations.

Operationally, the GTO maintains the core reporting requirements of past iterations but places additional emphasis on communication and oversight. MSBs are now explicitly required to distribute the GTO to all business locations operating within affected counties or ZIP codes and to ensure that senior leadership is informed. This reinforces FinCEN’s continued focus on supervisory responsibility. For businesses with multiple locations or representatives in the covered areas, this may require renewed attention to consistent implementation, comprehensive training, and thorough documentation of compliance across all operations.

Key Requirements for MSBs

The GTO imposes several obligations on covered businesses, including:

  • Filing CTRs within 30 days for cash transactions between $1,000 and $10,000
  • Verifying customer identity in line with 31 C.F.R. § 1010.312
  • Retaining related records for five years after the GTO’s effective period ends
  • Ensuring that all business locations in the covered areas, and senior leadership, are informed about the requirements
  • Overseeing compliance across all levels of staff

FinCEN also advises MSBs to disregard any system warnings about transactions being “below $10,000” when submitting CTRs required under this GTO.

Compliance Period and Enforcement Considerations

MSBs newly captured by the expanded geographic scope have until April 6, 2026, to begin filing reports. All other covered MSBs must comply immediately.

Takeaways for Financial Institutions and Compliance Teams

The expanded GTO reflects FinCEN’s continued focus on Southwest border cash flows and its willingness to use GTO authority to obtain transaction‑level data outside the standard CTR regime. For MSBs, the GTO presents both operational and supervisory challenges:

  • Increased reporting volume for low‑dollar cash transactions
  • Heightened scrutiny of structuring and evasion indicators
  • Expanded agent‑level oversight obligations
  • Potential need to adjust onboarding, training, and monitoring workflows

For financial institutions more broadly, the GTO offers insight into FinCEN’s current risk priorities and may foreshadow future rulemaking or enforcement activity related to cash‑intensive MSB operations.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch. And please click here to find out about Ballard Spahr’s Anti-Money Laundering Team.

At ETHDenver 2026, SEC Chairman Paul S. Atkins and Commissioner Hester M. Peirce outlined the agency’s current thinking on investor protection, innovation, and regulatory adaptation for cryptocurrencies and tokenized assets. Their conversation reflected both ongoing SEC priorities and the broader challenges that financial regulators face as technology continues to reshape capital markets.

Prioritizing Investor Protection

The SEC remains firmly committed to its central mission of investor protection. Atkins and Peirce highlighted that ensuring transparency is paramount—investors must have access to critical information needed for informed decisions. While crypto market volatility often grabs headlines, commissioners clarified that their focus is not on prices but on fair disclosure and empowering investors with reliable data. They emphasized the limits of regulatory intervention in market sentiment or valuations while underscoring the importance of providing fair access to information.

Fostering Innovation through Experimentation

The conversation signaled a growing openness at the SEC toward innovative approaches in finance, especially related to digital assets and tokenization. Commissioners discussed potential mechanisms like an “innovation exemption,” which could allow firms to experiment with novel technologies—including decentralized or automated trading platforms—within clear boundaries for limited periods. Pilot programs under such exemptions would keep risks manageable by imposing controls such as transaction volume limits. This approach allows emerging technologies to be tested safely, potentially informing future regulatory frameworks without compromising investor protection.

As an example, Atkins pointed to tokenization as holding significant promise for modernizing financial markets—potentially streamlining settlement cycles, enhancing collateral management efficiency, improving proxy voting processes, and supporting portfolio management innovations. The SEC appears prepared for these changes if they enhance system resilience or yield better outcomes for investors; however, commissioners stress careful development of new technologies alongside flexible but consistent oversight.

Advancing Regulatory Clarity & Interagency Coordination

To address uncertainties around digital asset regulation, the SEC has issued no-action letters, exemptive orders, guidance documents, and convened industry roundtables covering topics from custody solutions to DeFi protocols and privacy issues. The Commission is also collaborating more closely with other agencies—including joint efforts with the Commodity Futures Trading Commission (CFTC)—to harmonize rulemaking where asset classes straddle traditional finance and new digital ecosystems. These coordinated initiatives are designed to provide clearer guidance as innovation accelerates across market sectors.

Balancing Caution with Opportunity

Pragmatic caution underscores the commission’s optimism regarding financial technology advances; regulators acknowledge risks like disruptive shocks or unforeseen regulatory gaps even as they encourage gradual adoption of new tools. By fostering incremental adoption rather than picking technological winners directly, the agency aims to create an environment where responsible experimentation can thrive while minimizing negative side effects.

Adapting Anti-Money Laundering Oversight

New compliance technologies such as zero-knowledge proofs have potential implications for anti-money laundering (AML) efforts within crypto markets—they may enable firms to meet legal obligations without sacrificing user privacy entirely. The SEC indicated openness toward pilot exemptions that preserve essential controls (e.g., whitelisting), thereby helping reduce compliance costs while maintaining effective oversight over illicit activity risks—a balanced approach between personal privacy rights and robust AML enforcement.

Emerging Signals for the SEC’s Digital‑Asset Rulemaking Agenda

Beyond the broader themes, the ETHDenver remarks also offered a clearer view of the specific regulatory initiatives the SEC is considering. Atkins outlined a prospective set of priorities—including guidance on the lifecycle of token‑based investment contracts, pilot programs for limited on‑chain trading of tokenized securities, and joint SEC–CFTC rulemaking under the expanded “Project Crypto.” Peirce emphasized that any progress will be incremental, likely beginning with targeted relief, no‑action positions, and updates to functions such as transfer‑agent recordkeeping and broker‑dealer custody. For industry participants, the signal is that the SEC is exploring ways to permit controlled experimentation while grounding digital‑asset activity in longstanding securities‑law principles, including disclosure, market integrity, and AML and sanctions compliance. Although none of these items constitute policy, their specificity suggests the Commission is actively shaping a more durable, technology‑neutral framework for tokenized markets.

Conclusion: Responsible Evolution Through Collaboration

As presented by Atkins and Peirce at ETHDenver 2026: The SEC remains dedicated first and foremost to protecting investors but is increasingly coupling this mandate with support for measured experimentation in capital markets innovation. Today’s strategy emphasizes clarity across rulemaking bodies—incremental testing—and robust collaboration among regulators in response to rapid change brought by cryptocurrencies and tokenized assets alike. Ultimately, the commission upholds its dual responsibility: enabling responsible industry progress while safeguarding core principles of market integrity. If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch.  Please click here to find out about Ballard Spahr’s Anti-Money Laundering Team.

On February 13, 2025, FinCEN issued an order granting exceptive relief for covered financial institutions from certain Customer Due Diligence (“CDD”) requirements for new account openings. The exceptive relief is part of deregulation efforts, consistent with Executive Order 14192, “Unleashing Prosperity Through Deregulation,” and Section 6403(d) of the Corporate Transparency Act (the “CTA”).

What’s Covered by the Exceptive Relief?

The CDD rule requires covered financial institutions to identify and verify the beneficial owners of legal entity customers at account opening. Under the exceptive relief, FinCEN will now require covered financial institutions to obtain and verify the beneficial owners of legal entity customers:

  1. When a legal entity customer first opens an account;
  2. Any time the covered financial institution has knowledge that would reasonably call into question the reliability of beneficial ownership information that was previously provided; and
  3. As necessary for on-going CDD compliance. 

Covered financial institutions must still adhere to other Bank Secrecy Act/Anti-Money Laundering requirements, including all other CDD requirements.

Nothing precludes a covered financial institution from continuing the practice of collecting or verifying beneficial ownership at each new account opening or following the institution’s own risk-based policies and procedures. FinCEN highlights that it is “within the discretion of the covered financial institution” whether to avail themselves of this exceptive relief.

FinCEN’s Previous Guidance and Exceptive Relief Efforts

FinCEN noted that the exceptive relief was due, in part, to the industry’s reactions to previous relief efforts. Ultimately leading FinCEN to provide this broader relief.

FinCEN has previously issued guidance, allowing covered financial institutions to utilize previous beneficial ownership forms or information obtained from legal entity customers at new account openings, provided that the customer certified or confirmed that the information was still accurate and the financial institution had no knowledge calling into question the accuracy of the information. In addition, FinCEN previously provided exceptive relief to legal entity customers who open new accounts as a result of: a certificate of deposit rollover; a renewal, modification, or extension of a loan where there was no underwriting requirement or approval; a renewal, modification, or extension of a commercial line of credit or credit card account that does not require underwriting review and approval; or a renewal of a safe deposit box rental. This current exceptive relief supplements FinCEN’s previous guidance and exceptive relief.

Looking Ahead at the CDD Rule

The CTA promised revisions to the CDD rule to account for the changes made by the beneficial ownership information and access rules. FinCEN’s current rulemaking agenda lists a notice of proposed rulemaking slated for this Spring. Given the changes to the scope of the CTA, it is unclear how the CDD rule will be revised.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch.  Please click here to find out about Ballard Spahr’s Anti-Money Laundering Team.

As a reminder, the Financial Crime Enforcement Network’s (FinCEN) Residential Real Estate rule (the “Real Estate Rule”) is effective March 1, 2026. The Real Estate Rule was originally to take effect December 1, 2025, but FinCEN’s subsequently announced a temporary exemptive relief, extending the effective date until March.  We have previously blogged about the Real Estate Rule here and here.  

To recap, the Real Estate Rule institutes a new reporting form, the “Real Estate Report” which imposes a nation-wide reporting requirement for certain non-financed transfers of residential real estate to legal entities or trusts. Beginning March 1st, the “reporting person” must file the Real Estate Report electronically through FinCEN’s BSA E-Filing System. The Real Estate Rule provides a “cascading” reporting structure that requires at least one person involved in the real estate transaction to file the Real Estate Report.  

The Real Estate Rule has been subject to various lawsuits, including one case in Florida that argues the constitutionality of the rulemaking. In that Florida case a recent Magistrate Judge’s Report and Recommendation concluded that the Real Estate Rule was statutorily authorized by the Bank Secrecy Act and recommended summary judgment be granted to the Department of the Treasury. The Plaintiff has objected to the Magistrate Judge’s Report. Despite the pending lawsuits, and as of now, the Real Estate Rule appears to be on track for the March effective date.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch.  Please click here to find out about Ballard Spahr’s Anti-Money Laundering Team.

In response to the continued rise of payment card skimming, the United States Secret Service conducted one of its most expansive enforcement efforts to date, launching a nationwide initiative aimed at identifying and removing illicit skimming devices before stolen data could be used for fraud.

What is Card Skimming and How Does it Work?

The Federal Bureau of Investigation (FBI) describes card skimming as the use of “devices illegally installed on or inside ATMs, point-of-sale (POS) terminals, or fuel pumps [to] capture card data and record cardholders’ PIN entries.” Skimmers may be inserted inside the card reader, placed over the point-of-sale terminal as an overlay, or concealed along internal wiring. Because many of these devices allow the compromised payment terminals to function normally, victims often have no idea that their information has been stolen.

Once obtained, the Secret Service notes that the stolen card data is encoded onto another magnetic-stripe card, enabling unauthorized purchases and withdrawals using the victim’s account information. The FBI estimates that skimming costs U.S. consumers and financial institutions more than $1 billion annually.

EBT Fraud as a Primary Target

Electronic Benefits Transfer (EBT) cards have become a particular focus of skimming operations. Unlike most consumer credit cards, EBT cards generally lack chip technology, making them significantly easier for criminals to compromise. As of early 2024, the FBI reported that no state had implemented chip-enabled EBT cards.

The lack of robust security features and predictable monthly deposit schedules make EBT cards especially vulnerable. According to the FBI, scammers often withdraw EBT cash benefits shortly after funds are loaded, often between midnight and 6 a.m. the day the benefits become available. Low-income households that rely on these benefits are disproportionately affected, and reimbursement for lost funds is often limited.

Inside the Secret Service’s 2025 Nationwide Crackdown

To address the escalating threat, the Secret Service partnered with federal, state and local law enforcement agencies to conduct a series of coordinated enforcement and outreach operations throughout 2025. According to the agency, the initiative resulted in:

  • 22 operations conducted nationwide
  • More than 9,000 businesses visited
  • Nearly 60,000 ATMs, gas pumps, and point-of-sale terminals inspected
  • 411 illegal skimming devices identified and dismantled
  • An estimated $428.1 million in potential fraud losses prevented

Operations spanned major metropolitan areas as well as smaller cities, including: Los Angeles, New York City, Washington, D.C., Anchorage, Boston, Orlando, Charlotte, Buffalo, San Diego, San Antonio, Baltimore, Tampa, Atlanta, Savannah, Memphis, Miami and Pittsburgh. Several cities saw multiple rounds of inspections.

Rather than waiting for fraud reports to surface, this initiative relied on proactive, in-person inspections. Agents frequently uncovered skimming devices even when business owners believed their terminals were secure. 

Investigators noted that skimmers can be installed in seconds, sometimes as a store clerk briefly turns their attention away from payment terminals. The FBI has warned that fraudsters may intentionally divert employees’ attention, such as by requesting items from behind the counter. Much of this activity is linked to transnational criminal groups, and store employees are typically unaware that devices have been installed.

In addition to removing skimmers, agents also educated business owners on identifying signs of tampering. In some cases, scammers returned to reinstall devices within days, or even hours, of an inspection.  Because of the outreach component, however, owners were able to detect and report the new devices quickly.

Consumer Protection: What to Watch For

Both the Secret Service and the FBI emphasize that basic vigilance can significantly reduce the risk of falling victim to a fraudulent skimming scheme. Recommended precautions include:

  • Inspection of card readers for loose, crooked, damaged or scratched components
  • Use tap-to-pay or chip-enabled cards whenever possible
  • When using a debit card, run it as credit to avoid entering a PIN; if a PIN is required, shield the keypad
  • Be especially alert in tourist areas with high transaction volume
  • Prefer indoor, well-lit ATMs, which are less susceptible to tampering

What Comes Next?

The Secret Service made clear that its 2025 initiative represents the beginning of an expanded and ongoing effort. The agency plans to continue enforcement and outreach into 2026 and beyond, working with domestic law enforcement partners to dismantle the criminal networks enabling these schemes.

As Assistant Director of the U.S. Secret Service’s Office of Field Operations, Kyo Dolan, noted, these actions are designed to remove skimmers “before criminals can recover the stolen card numbers they contain,” while also targeting the organizations behind the schemes.

Although skimming fraud remains a pervasive threat, proactive and coordinated enforcement can meaningfully disrupt it. For consumers and businesses alike, awareness, vigilance and early detection remain the first line of defense.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch. And please click here to find out about Ballard Spahr’s Anti-Money Laundering Team.

In December, the Department of Treasury’s Financial Crimes Enforcement Network (FinCEN) announced a $3,500,000 civil penalty against Paxful, Inc. and Paxful USA, Inc. (“Paxful”), pursuant to a consent order.

Paxful is an exchanger of convertible virtual currencies (“CVC”), operating both a CVC wallet service and a marketplace for peer-to-peer (“P2P”) buyers and sellers of CVC. The company describes itself as “the world’s largest P2P marketplace,” enabling users to buy and sell digital currencies across 140 markets with hundreds of payment methods, send cash or cryptocurrency instantly, and “become a peer-to-peer market maker.” According to the consent order, between February 2015 and April 2023, Paxful conducted transactions with over 4 million users, including over 50 million trades valued at a total of several billion dollars. These transactions ranged across products including CVC, prepaid access cards, and fiat currencies. In that time period, Paxful’s customers engaged in over 20 million external crypto transactions worth more than $10 billion.

In the order, Paxful admitted to three types of violations. First, Paxful failed to maintain its registration with FinCen. Second, it failed to implement an effective AML program. Third, it failed to identify and report suspicious activity. Paxful agreed to pay a $3,500,000 civil penalty for these violations, which FinCEN described as “egregious” and having “caused extensive possible harm to the public.”

Failure to Register as a Money Services Business

The Bank Secrecy Act (“BSA”) requires all “money services businesses” to register with FinCEN as an MSB within 180 days of beginning operations, and to renew its registration every two years. Paxful is treated as an MSB because it is a “money transmitter,” one of seven categories of businesses required to register as MSBs. While Paxful initially registered with FinCEN in July 2015, it allowed its registration to lapse. MSBs are required to renew their registrations by the last day of the calendar year before two-year renewal period—here, Paxful was required to re-register by December 31, 2016. It failed to do so until September 3, 2019, and therefore operated as an unregistered MSB for 974 days.

Failure to Develop, Implement, and Maintain an Effective AML Program

Much of the consent order details Paxful’s failure to implement a compliant AML program. At the outset, Paxful did not have any AML program in place for its first four years of operation, only implementing a program for the first time in February 2019. The program Paxful eventually implemented still fell short of FinCEN’s requirements in numerous respects, including:

  • Know your customer protocols. The know your customer (“KYC”) protocols Paxful put in place only applied to users whose activity exceeded $1,500, and Paxful made no effort to prevent users from evading controls by structuring transactions around this minimum.
  • Customers acting as unregistered MSBs. While Paxful identified a risk that smaller P2P exchangers could use Paxful, it did not implement controls to identify unregistered MSBs.
  • Geographic spoofing. Paxful did not assess customers’ locations, or take any action to identify circumstances where users used geographic spoofing to hide their true location—in many cases concealing activity from locaitons the government considers high-risk jurisdictions. 
  • Transaction monitoring. Although Paxful’s products and services could be used for money laundering, its AML program provided no mechanism for the company to identify and report suspicious activity, as required by law.
  • Prepaid access transactions. Paxful operates a prepaid access program, which was a substantial portion of its business. Between May 2015 and December 2019, the top payment methods on the platform were iTunes and Amazon prepaid access cards. Despite knowing that illicit actors were exploiting this market, Paxful prioritized its development, and failed to implement controls to monitor and illicit activity taking place within it.
  • North Korean, Iranian, and terrorist finance transactions. One result of Paxful’s failure to implement sufficient internal controls is that it facilitated transactions with what the consent order describes as hostile nation-states and state-sponsored cybercriminals, including from Iran and North Korea. The Lazarus Group, which is designated a North Korean state-sponsored cyber-criminal group, conducted thousands of trades on Paxful’s platform. Paxful took no steps to address this for several years after receiving law enforcement inquiries about it.
  • Compliance Officer. Although MSBs are required to designate a person ensure compliance with internal compliance programs and the BSA, Paxful operated without any designated compliance officer. When it did begin listing a compliance officer, that individual had never received any BSA or AML training, and during that person’s tenure, Paxful still had what the government describes as “egregious lapses in compliance.”
  • Independent Testing. MSBs must obtain independent reviews of their compliance program, with the scope and frequency depending on the risks associated with the MSB’s services. Paxful only conducted one test in the multi-year period at issue on the consent order, which the government described as “not even remotely commensurate with the volume of transactions processed or risks associated with the products and services offered by Paxful.”

Failure to Report Suspicious Activity

The consent order states that Paxful “facilitated transactions involving over $500 million in suspicious activity[.]” These transactions were associated with ransomware attacks, darknet and other illicit marketplaces, unregistered MSBs, child sexual abuse material, elderly financial exploitation, terrorist financing, high-risk jurisdictions, and stolen funds or other illicit proceeds. Despite this, Paxful did not file a single suspicious activity report before November 2019, and its reporting after that date remained deficient.

BSA Violations and Penalty

The consent order noted that Paxful employees had identified and discussed many of these deficiencies with senior leadership, who in some instances dismissed the concerns, and in other instances claimed that the concerns would be addressed. In some circumstances, the consent order states that Paxful leadership instructed employees not to raise or report issues, and that Paxful employees actively worked to build its relationships with and presence on high-risk platforms. For example, Paxful actively sought to be utilized on Backpage.com, a platform well-known for its role in promoting sex trafficking, including child sexual abuse, even after its widespread illicit activity was made public by a government investigation.

Based on these actions and deficiencies, FinCEN found that Paxful willfully violated the BSA and associated regulations, specifically finding:

  1. Paxful willfully failed to register as an MSB in violation of 51 U.S.C. § 5330 and 31 C.F.R. § 1022.380;
  2. Paxful failed to develop, implement, and maintain an effective AML program reasonably designed to prevent its programs from being used to facilitate money laundering and the financing of terrorist activities in violation of 31 U.S.C. § 5318(h)(1) and 31 C.F.R. § 1022.210; and
  3. Paxful willfully failed to accurately, and timely, report suspicious transactions to FinCEN, in violation of 31 U.S.C. § 5318(g)(1) and 31 C.F.R. § 1022.320.

In discussing its decision to impose a civil money penalty, FinCEN noted the “egregious” nature of the violations, which it determined “caused extensive possible harm to the public.” FinCEN further discussed that it determined there was a “culture of noncompliance throughout” Paxful, whose leadership were aware of their obligations under the BSA and still failed to comply. Based on these, and other factors, FinCEN imposed a $3.5 million civil penalty.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch. And please click here to find out about Ballard Spahr’s Anti-Money Laundering Team.