Restoring Integrity to America’s Financial System: What the Executive Order and FinCEN’s Proposed Rules Mean for Banks and Money Services Businesses

Key Takeaways

• A recent executive order focuses on national security and public safety risks caused by illicit cross-border financial activity and risks to the financial system posed by the extension of credit or financial services to the “inadmissible and removable alien population” in the United States. 
• The executive order directs the secretary of the Treasury (Treasury) to formally advise on red flags indicating suspicious activity associated with the exploitation of the financial system by non-work-authorized populations and their employers.
• Treasury, in consultation with the federal functional financial regulators, will strengthen customer identification, customer due diligence and beneficial ownership requirements, and the Consumer Financial Protection Bureau (CFPB) will clarify factors affecting borrowers' ability to repay.
• Treasury and the federal functional financial regulators will also address potential risks arising from foreign consular identification cards, shifting away from more permissive standards.
• The EO is expected to supplement FinCEN's AML/CFT priorities, and money services businesses (MSBs) are not directly affected by the customer identification, customer due diligence, and beneficial ownership directives in the EO since they are not “covered financial institutions.”
• Banks and MSBs must plan ahead in accordance with upcoming rule proposals, advisories, and risk assessment requirements to ensure future compliance.

Introduction

On May 19, 2026, President Trump signed an executive order titled “Restoring Integrity to America’s Financial System” (the Order), directing the secretary of the Treasury, federal functional financial regulators, and the CFPB to take a series of actions aimed at combating the exploitation of the U.S. financial system by non-work-authorized populations and their employers. The Order identifies low-dollar cross-border funds transfers as vectors for terrorist financing, narcotics trafficking, and human trafficking and singles out Chinese money laundering networks that used U.S.-based accounts to facilitate the laundering of funds for criminal organizations, as well as financial hubs of fentanyl-related activity tied to Mexico-based cartels. The Order directs the issuance of a formal Treasury advisory (Advisory) identifying red-flag typologies, proposes to strengthen customer due diligence (CDD) and customer identification program (CIP) requirements for “covered financial institutions,” and calls for regulators to account for the risks that foreign consular identification cards—most notably the Matricula Consular—pose to the integrity of the financial system. 

The Order does not arrive in a regulatory vacuum. Just 39 days earlier, on April 10, 2026, FinCEN issued a proposed anti-money laundering and countering the financing of terrorism (AML/CFT) program rule (91 FR 18704-01) that would reform program requirements under 31 U.S.C. § 5318(h) for all Bank Secrecy Act (BSA)-regulated financial institutions, including both banks and MSBs, and that interacts directly with the Order’s directives. Read together, these developments affect banks and MSBs differently but consequentially, and both institutions should treat them as important signals of evolving regulatory expectations while recognizing that any final rule will include measured adoption timelines.

This Update focuses primarily on the Order, while identifying how the FinCEN proposed rule amplifies or interacts with its directives. It addresses the distinct implications for banks, which are “covered financial institutions” squarely within scope of the Order’s CIP and CDD directives, and MSBs, which are not covered financial institutions for those purposes but are directly subject to the proposed AML/CFT program rule and the broadly directed Treasury Advisory. 

The Executive Order’s Principal Directives

The Order articulates four principal directives, each operating on a specified timeline. 

• Formal Treasury Advisory on suspicious activity. Within 60 days, Treasury must issue an Advisory applicable to all BSA-regulated entities that describes specific red flags and typologies associated with six categories of suspicious activity: evidentiary patterns of payroll tax evasion by employers or labor brokers; utilization of foreign-identity documents, nominee accounts, shell companies, or “funnel” structures to obscure beneficial ownership; strategic use of unregistered MSBs, third-party payment processors, or peer-to-peer platforms to facilitate off-the-books wage payments intended to bypass BSA reporting thresholds; patterns of structuring and microstructuring correlated with payroll cycles; financial activity indicative of labor trafficking or forced labor where proceeds are commingled with legitimate business revenue or transferred to foreign jurisdictions; and the use of individual taxpayer identification numbers (ITINs) to obtain credit products or open accounts where the applicant lacks verified lawful immigration status. 
• Update CDD regulations. Within 90 days, Treasury, in consultation with the regulators will propose changes to BSA implementing regulations to strengthen risk-based  CDD requirements. The proposed changes should ensure that institutions collect and verify sufficient customer identity information to reasonably identify the nominal and beneficial owners of accounts in order to assess risks related to illicit finance, sanctions evasion, fraud, or other unlawful activity. The Order asserts that covered institutions should maintain the authority, where warranted by risk indicators or supervisory concerns, to obtain additional information necessary to resolve material compliance concerns, “including information relevant to whether account holders possess lawful immigration status and employment authorization in the United States when such information is relevant to assessing risks associated with fraud, identity misrepresentation, sanctions evasion, or other illicit financial activity, as part of a risk-based customer due diligence program.”
• Update CIP regulations. Within 180 days, Treasury and the federal functional financial regulators must consider changes to BSA regulations applicable to banks to strengthen risk-based CIP requirements (currently codified at 31 CFR § 1020.220 for banks) for covered financial institutions, with any changes accounting for “the risks foreign consular identification cards pose to the integrity of the United States financial system.” 
• Ability-to-repay and credit risk clarifications. Within 60 days, the CFPB will consider clarifying that potential deportation and loss of wages are factors that could adversely affect a non-work-authorized borrower’s ability to repay an extension of credit under the “ability-to-repay” standards in 12 CFR Part 1026, and the federal functional financial regulators must issue guidance regarding the management of the potential credit risks posed by these borrowers. 

Existing FinCEN Advisories: Building on Established Typologies

The typologies referenced in the Order restate some of the typologies in FinCEN’s existing alert program. The forthcoming Treasury Advisory should be understood as elevating and consolidating these warnings—with a national-security framing—rather than inventing new ones. This is significant because financial institutions need not wait for the Treasury Advisory to begin operationalizing the Order’s priorities, as some of the underlying typologies and red flags are already described in published FinCEN materials.

The forthcoming Advisory will carry heightened supervisory significance—particularly in light of the proposed AML/CFT program rule’s requirement to incorporate AML/CFT priorities into institutional risk assessments—but financial institutions that have already integrated these existing FinCEN advisories into their compliance frameworks should be better prepared for the new Advisory’s requirements.

The following table identifies the overlaps between the Order’s typologies and earlier FinCEN notices.

The Matricula Consular: Historical Context and Shifting Regulatory Posture

The Order’s directive to account for the risks posed by foreign consular identification cards marks a significant shift from Treasury’s historical posture on the Matricula Consular. In 2003, amid congressional and public pressure, Treasury took the unusual step of effectively reopening the final CIP rule to solicit additional comment on whether regulations should preclude reliance on certain foreign government-issued identification documents, including the Matricula Consular (68 FR 39039-01). Despite that extraordinary process, Treasury ultimately declined to prescribe a uniform federal standard and instead left to each financial institution the discretion to determine whether to accept consular identification documents as part of its CIP (68 FR 55336). 

The new Order represents a departure from this permissive stance. By directing regulators to “account for the risks” posed by consular identification cards, the Order signals that forthcoming CIP rulemaking may impose additional conditions on the use of such documents—whether through supplemental verification requirements, limitations on circumstances of acceptance, or mandated enhanced monitoring when such documents are the primary identification presented. The precise form of any change remains to be determined through the rulemaking process, and the Order directs regulators only to “consider” changes within 180 days rather than mandating immediate prohibition. Both banks and MSBs should use this period to evaluate their current practices. Banks should ensure they can articulate a risk-based rationale for their current CIP policies under 31 CFR 1020.220. MSBs, which are not subject to a formal CIP rule, should nonetheless review whether their identification practices are consistent with a defensible, risk-based approach, particularly in light of the forthcoming Treasury Advisory, which may identify reliance on consular cards as a risk factor applicable to all financial institutions. 

FinCEN’s Proposed AML/CFT Program Rule: Amplifying the Executive Order

FinCEN’s proposed AML/CFT program rule (91 FR 18704-01) applies to both banks (proposed 31 CFR § 1020.210) and MSBs (proposed 31 CFR § 1022.210) and would require each to establish a risk-based set of internal policies, procedures, and controls reasonably designed to ensure BSA compliance. The key connection to the Order is the proposed rule’s requirement that institutional risk assessments “review and, as appropriate, incorporate the AML/CFT priorities” issued by FinCEN, and they must be updated promptly upon any change that the institution knows or has reason to know significantly changes its risk profile. Once the Treasury Advisory is published, its typologies will likely become AML/CFT priorities that both banks and MSBs must incorporate into their risk assessments. The proposed rule also requires that institutions direct more attention and resources toward higher-risk customers and activities rather than lower-risk ones—a requirement that will take on concrete meaning as the Order’s priority areas are formalized. 

FinCEN proposes an effective date of 12 months from final rule issuance; the comment period closes June 9, 2026.

The Bank-Specific Supervision and Enforcement Framework

The proposed AML/CFT program rule also introduces a new supervision and enforcement framework (proposed 31 CFR § 1020.221) that applies exclusively to banks. See 91 FR at 18723. Its core features are: (1) Once a bank has properly established an AML/CFT program, only “significant or systemic failures” to implement would warrant enforcement or significant supervisory action—isolated, technical, or immaterial deficiencies would not; (2) federal banking agencies must consult with FinCEN (providing 30 days’ written notice) before initiating significant AML/CFT supervisory actions; and (3) the FinCEN director will consider whether the bank has advanced AML/CFT priorities through high-quality information sharing with law enforcement or innovative compliance tools. This framework does not currently apply to MSBs.

In the context of the Order, this framework has dual significance. A bank that incorporates Treasury Advisory typologies into its monitoring and files high-quality suspicious activity reports (SARs) in the Order’s priority areas could point to those efforts as evidence of program effectiveness. Conversely, a program that fails to respond to known risk-profile changes—such as those set forth in the Treasury Advisory—may no longer be deemed “reasonably designed” and could be treated as a failure to properly establish a program, which would not benefit from the heightened enforcement threshold.

The Executive Order’s Impact on MSBs: The Regulatory Gap and Supervisory Reality

The critical regulatory distinction for MSBs is that they fall outside the “covered financial institution” perimeter for both CIP and CDD purposes. The existing CIP rules apply only to four categories of financial institutions: banks (31 CFR § 1020.220), broker-dealers (31 CFR § 1023.220), mutual funds (31 CFR § 1024.220), and futures commission merchants and introducing brokers in commodities (31 CFR § 1026.220). Similarly, the CDD rule—including its beneficial ownership requirements codified at 31 CFR § 1010.230—applies exclusively to these same four categories as defined in 31 CFR § 1010.605(e)(1). MSBs are not among them. The Order’s CDD and CIP directives do not directly apply to MSBs, and the proposed AML/CFT program rule does not change this.

However, the gap between formal rule applicability and supervisory reality is narrower than it may appear. Account-based MSBs face a practical supervisory expectation that they will implement bank-like customer identification and due diligence practices. This expectation has developed as examiners have argued that an MSB cannot maintain an effective AML program without verifying its customers’ identities and, where applicable, checking beneficial ownership. While it was once commonplace for MSBs to forgo identity verification below certain activity thresholds, that approach is generally no longer viable with regulators. The practical consequence is that even if FinCEN does not formally extend the CIP and CDD rules to MSBs, the increased supervisory expectations created for banks and other covered financial institutions by the Order will flow down to MSBs through examination practices and banking-partner requirements.

MSBs should also be attentive to the pressure the Order will place on their banking relationships. Banks that maintain accounts for MSBs will face strengthened CDD requirements, including the Section 3(b)(ii) authority to request immigration-status information where risk indicators warrant it. As a result, banks may increase their account opening and other due diligence demands on their MSB customers. MSBs that are able to proactively share AML program documentation with their banking partners—demonstrating a forward-looking compliance posture—may be better positioned to maintain those relationships during a period of heightened regulatory focus.

Structural Credit Risk Provisions: The Ability-to-Repay Standard and Supervisory Guidance

Section 4 of the Order addresses “structural credit risks” arising from the extension of mortgage and auto loans, credit cards, and other consumer credit to the non-work-authorized population. The Order observes that many such borrowers “face the possibility of the loss of wages due to removal or their employers’ decisions to comply with immigration law,” and that lending to individuals without legal work authorization or who face a substantial loss-of-wage risk “creates a structural ‘ability to repay’ deficiency that undermines the safety and soundness of the national banking system.” See Order, Sec. 1. 

Section 4(a) directs the CFPB to consider clarifying that potential deportation and loss of wages are factors that could adversely affect a non-work-authorized borrower’s ability to repay under the standards codified in 12 CFR Part 1026 and that lenders may consider such factors as part of a reasonable and good-faith underwriting determination. See Order, Sec. 4(a). The ability-to-repay (ATR) standard under Regulation Z (12 CFR § 1026.43) requires creditors, before making a mortgage loan secured by a dwelling, to make a reasonable and good-faith determination that the consumer has a reasonable ability to repay the loan according to its terms. For qualified mortgage (QM) loans meeting the criteria of 12 CFR § 1026.43(e)(1), lenders benefit from a safe harbor or rebuttable presumption of compliance with the ATR requirement. For non-QM loans, the creditor must conduct a full ATR analysis considering the borrower’s income, assets, employment status, debt obligations, and other relevant factors. The Order’s directive would, if implemented by the CFPB, clarify that immigration-related removal risk and associated wage-loss risk are permissible considerations within this framework—not that they are mandatory disqualifying factors.

Section 4(b) separately directs each federal functional financial regulator —the Office of the Comptroller of the Currency (OCC), Federal Reserve Board (FRB), Federal Deposit Insurance Corporation (FDIC), and National Credit Union Administration (NCUA)—to issue guidance within 60 days regarding the management of credit risks posed by the non-work-authorized population. See Order, Sec. 4(b). The Order also notes that employers who violate immigration law may underreport wages, use mismatched or invalid Social Security numbers and taxpayer identification numbers, or fail to properly withhold or remit payroll taxes, creating vulnerabilities that “obscur[e] income sources, distor[t] credit underwriting, and facilitat[e] underground economic activity.” Id. at Sec. 1.

For banks, these provisions have direct implications for consumer lending operations, particularly mortgage and auto lending. The CFPB clarification, if issued, would provide significant regulatory support for banks that choose to consider deportation risk as an underwriting factor. This is consequential because the consideration of immigration status in lending decisions has historically occupied uncertain terrain under the Equal Credit Opportunity Act (ECOA), 15 U.S.C. § 1691 et seq., and its implementing regulation, Regulation B (12 CFR Part 1002). ECOA prohibits discrimination in credit transactions on the basis of race, color, religion, national origin, sex, marital status, age, receipt of public assistance, or the good-faith exercise of rights under the Consumer Credit Protection Act. See 15 U.S.C. § 1691(a). While immigration status is not itself a protected category under ECOA, lenders have been cautious about using it as an underwriting criterion because of the concern that immigration-status inquiries could serve as a proxy for national-origin discrimination, potentially triggering disparate-impact liability or supervisory criticism. The CFPB and its predecessor agencies have historically scrutinized lending practices that correlate with protected characteristics, even where the criterion used is facially neutral, although the CFPB finalized a rule in April 2026 that eliminated consideration of disparate impact liability under ECOA.

The Order’s Section 4(a) directive addresses this concern head-on by framing deportation risk and loss-of-wage risk as legitimate safety-and-soundness considerations within the ATR framework—not as discriminatory screening criteria. The Order states that “lenders may consider such factors as part of a reasonable and good-faith underwriting determination.” See Order, Sec. 4(a). If the CFPB issues a clarification consistent with this directive, it would effectively establish that considering deportation-related repayment risk does not, standing alone, constitute unlawful discrimination under ECOA, provided the consideration is applied as part of a bona fide creditworthiness assessment and is not used as a pretext for national-origin discrimination. This would give banks a regulatory safe harbor of sorts—not a statutory exemption from ECOA but an authoritative agency interpretation that the consideration of immigration-related wage-loss risk is a permissible underwriting factor when grounded in the ATR analysis.

Section 4(b)’s directive to the federal functional financial regulators to issue credit-risk guidance within 60 days further reinforces this framework. The forthcoming guidance may establish supervisory expectations regarding how banks assess and manage concentration risk in portfolios with significant exposure to non-work-authorized borrowers and may provide additional clarity on the interplay between immigration-related underwriting considerations and fair-lending obligations. Banks should monitor these developments and evaluate whether their current underwriting criteria and portfolio risk management practices adequately address the risks the Order identifies.

For MSBs, these credit-risk provisions are less directly relevant, as MSBs generally do not engage in consumer lending. However, MSBs that operate as loan or finance companies—a separate category of BSA-regulated financial institution under 31 CFR § 1029.210—should pay close attention to the ATR clarification and the forthcoming supervisory guidance.

Implications for Banks

Banks are at the center of the regulatory changes contemplated by the Order and the proposed rules. As covered financial institutions, they are directly subject to the forthcoming CDD and CIP rule proposals, the Treasury Advisory, and the proposed AML/CFT program rule’s enhanced risk assessment and resource allocation requirements.

The Order’s Section 3(b)(ii) immigration-status authority warrants careful consideration. The provision confirms that banks may obtain information about account holders’ immigration status and employment authorization if warranted by risk indicators and relevant to assessing specific illicit-finance risks. It is framed as confirming existing authority within a risk-based framework rather than creating a new affirmative obligation. Banks should assess how this authority integrates with their existing CDD practices and under what circumstances they might exercise it—bearing in mind that the provision is permissive, not mandatory, and that any exercise of this authority should be grounded in documented risk indicators rather than applied categorically.

With respect to the Matricula Consular, banks that currently accept consular identification cards should review their CIP policies and document their risk-based rationale. The existing CIP rule provides banks with discretion, but the Order’s directive to regulators to “account for the risks” of such documents suggests that this discretion may be narrowed or conditioned in forthcoming rulemaking. See Order, Sec. 3(c). Banks should evaluate whether supplemental verification measures are warranted and should monitor the 180-day rulemaking timeline for proposed changes.

The proposed supervision and enforcement framework offers banks both protection and accountability. A bank that demonstrates thoughtful, risk-based responsiveness to these developments—incorporating Treasury Advisory typologies into its monitoring program, filing high-quality SARs in the Order’s priority areas, and maintaining a current risk assessment—will be well-positioned under the proposed framework’s emphasis on program effectiveness and its heightened threshold for enforcement based on implementation deficiencies. A bank that fails to update its program to reflect significant risk-profile changes risks being deemed to have failed to establish an effective program, which would not benefit from the heightened enforcement threshold.

Implications for MSBs

MSBs occupy a distinct regulatory position. They are not covered financial institutions for CIP or CDD purposes (as defined in 31 CFR § 1010.605(e)(1)) and are not directly subject to the Order’s CIP and CDD directives. However, they are fully subject to the proposed AML/CFT program rule (proposed 31 CFR § 1022.210), which once finalized will require enhanced risk assessments, incorporation of AML/CFT priorities, and risk-based resource allocation with a 12-month implementation period. They are also within scope of the Treasury Advisory, which is directed to all “financial institutions” and will establish red-flag typologies that examiners will expect MSBs to monitor. 

The third category of advisory red flags—targeting “unregistered money services businesses, third-party payment processors, or peer-to-peer platforms” as channels for off-the-books wage payments—is of particular concern to MSBs. See Order, Sec. 3(a)(iii). While this language targets unregistered MSBs, a registered money transmitter or other MSB must be attentive to the possibility that its network could be used as a conduit for such activities. The Advisory’s typologies regarding structuring, ITIN usage, and labor trafficking proceeds are similarly relevant to MSBs operating in the cross-border remittance corridor.

Perhaps the most immediate practical concern for MSBs is the pressure that these developments will place on banking relationships. Banks that serve as banking partners to MSBs will face strengthened CDD requirements—including the Section 3(b)(ii) authority to request immigration-status information—and may intensify their due diligence demands on MSB customers. MSBs that proactively share revised and updated AML program documentation with their banking partners, demonstrating responsiveness to the Order’s priorities and the proposed rule’s requirements, may be better positioned to maintain those relationships.

Key Deadlines

The following deadlines frame the regulatory timeline for both banks and MSBs:

• June 9, 2026: Comment period closes for FinCEN’s proposed AML/CFT program rule (91 FR 18704-01).
• Mid-July 2026 (60 days from May 19): Treasury Advisory on red-flag typologies due; CFPB clarification on ability-to-repay standards due; federal functional financial regulators’ credit-risk guidance due.
• Mid-August 2026 (90 days from May 19): Treasury’s proposed CDD rule changes for covered financial institutions due.
• Mid-November 2026 (180 days from May 19): Treasury and regulators’ consideration of CIP rule changes (including Matricula Consular) due.
• 12 months after final AML/CFT program rule issuance: Compliance date for banks and MSBs under the reformed AML/CFT program requirements.

Planning Considerations

Both banks and MSBs should recognize that the proposed AML/CFT program rule contemplates a 12-month implementation period after finalization, and the Order’s CDD and CIP changes will themselves require further notice-and-comment rulemaking before creating binding compliance obligations. The Treasury Advisory, expected by approximately mid-July 2026, will provide the most immediate guidance on red-flag typologies and expectations. Both institution types should use this intervening period to evaluate their risk assessment methodologies against the proposed rule’s anticipated standards, review identification practices regarding consular cards and ITINs, and consider submitting comments on the proposed rule before the June 9, 2026, deadline to shape the final regulatory framework. 

Critically, institutions need not wait for the Treasury Advisory to begin preparing. As discussed above, some of the Order’s Section 3 typologies are consistent with existing FinCEN alerts and guidance. Institutions can act now by formally mapping each EO typology to the corresponding FinCEN alert.

For banks, the proposed supervision and enforcement framework provides a clear incentive to demonstrate thoughtful, risk-based responsiveness. Banks should consider commenting on the framework’s specific provisions, including questions such as what constitutes a “significant or systemic failure,” whether asset thresholds should govern the FinCEN consultation requirement and enforcement considerations set forth in 31 U.S.C. 5318(h)(2) and mitigants, and whether the 30-day notice period is workable in practice.

For MSBs, the emphasis should be on planning forward-looking program enhancements, maintaining banking relationships through demonstrated compliance readiness, and monitoring the regulatory trajectory for potential future CDD and CIP extension—recognizing that any such extension would require separate rulemaking with its own adoption timeline. Both institution types are well-served by using this period for deliberate planning rather than reactive implementation.

The regulatory developments described in this Update touch virtually every participant in the financial services ecosystem—banks, broker-dealers, MSBs, stablecoin issuers, payroll providers, auto lenders, mortgage companies, and fintech platforms alike. The interplay between the Order and the proposed AML/CFT Program Rule creates a complex compliance landscape that will evolve rapidly as Treasury publishes its Advisory, the CFPB and federal functional financial regulators issue guidance, and FinCEN moves toward final rules. Institutions across these sectors should engage proactively with these developments, including through the comment process, to ensure that the final regulatory framework is workable and appropriately calibrated to the institution-specific risks.