Blog

Measuring What Matters

What FinCEN’s Proposed Rule Means for the Fight Against Financial Crime

July 10, 2026 by Cheryl Friedenbach

In my previous post, I explored how FinCEN’s Notice of Proposed Rulemaking (NPRM) from April, 2026 signals a shift toward outcome-focused, risk-based AML/CFT program design. The potential for change is significant, but it raises a more important question: what does effectiveness actually look like in practice?

For too long, effectiveness has been defined as technical compliance and procedural accuracy. But the true measure of an AML/CFT program is not what appears in an exam report — it is whether institutions are generating actionable intelligence that helps law enforcement identify and disrupt financial crime networks.

That is the lens through which this proposed rule should be understood and the opportunity it creates for the financial industry.

Why Current Frameworks Dilute Impact

The existing regulatory framework was built with the right intentions, and financial institutions have responded by building programs of scale and sophistication. But a framework that prioritizes procedural consistency creates pressure to distribute effort broadly, making it difficult to apply truly risk-based approaches in practice.

The financial industry is using private resources for public good, but when these resources are spread broadly across all levels of risk, focus on priority threats is diluted. As a result, effort shifts from the criminal ecosystems that cause the most harm, including drug trafficking networks, human trafficking operations, organized crime syndicates, sanctions evasion rings, and large-scale fraud enterprises.

An effectiveness-focused framework changes that dynamic. By focusing sophisticated capabilities on priority threats, rather than broad compliance categories, institutions can better detect and disrupt the networks that pose the greatest threats to the communities they serve.

What Risk-Based Allocation Means for Investigators

FinCEN’s proposed rule enables institutions to direct resources toward higher-risk customers, products, geographies, and behaviors. For financial crime teams, this creates an opportunity to focus efforts where criminal activity generates the strongest financial signals.

In practice, this is a shift that moves institutions away from traditional compliance approaches and single red-flag detection, toward advanced analytics and AI trained on priority typologies within the National AML/CFT priorities.

Leading financial crime teams are already shifting, spending more time on high-value analysis of priority threats and actively disrupting criminal networks.

After years working alongside financial crime professionals, one point I hear consistently is the greatest frustration is not complexity—it’s knowing where the real risk is but having to spend valuable time clearing lower-value work. Directing resources to priority typologies creates the space for investigators to focus on high priority threats.

Measuring Intelligence Value

One of the most important implications of the Notice is that it challenges institutions to define and demonstrate effectiveness in measurable terms. The rule “refocuses compliance obligations and expectations on effectiveness by distinguishing between deficiencies stemming from program design and implementation.” Historically, success has framed compliance metrics: alerts reviewed, SARs filed, deadlines met.

There is a direct line between risk-based allocation and the intelligence that reaches law enforcement, and that line runs through the Suspicious Activity Report. Law enforcement consistently emphasizes the value of intelligence and context. When investigators provide context on how customer activity aligns with National AML/CFT priority typologies, they enable law enforcement to connect the dots across the financial system.

But effectiveness does not stop at better narratives—it extends to outcomes.

Leading institutions are asking:

  1. How often do SARs incorporate FinCEN Advisory key terms?
  2. How many SARs result in law enforcement follow-up or requests for additional information?
  3. How many SARs tie to National AML/CFT priorities and which typologies generate the strongest response?
  4. What percentage of peer-shared intelligence leads to SARs that generate law enforcement action?
  5. What advanced technologies result in SARs that generate meaningful engagement?
  6. How do these outcomes change over time?

These metrics answer a fundamental question: are AML/CFT programs generating actionable intelligence that law enforcement can act on, or simply processing compliance requirements?

Answering these questions allows institutions to tell a fundamentally different story—one grounded in real impact, not process. Without it, assessments will continue to default to what is easiest to measure: compliance output.

The Financial Crime Team as a Strategic Asset

At its core, the NPRM reinforces something financial crime professionals have long understood: expertise drives effectiveness.

When programs are aligned to real risk, investigators can develop deeper specialization in the typologies and geographies that matter most. Specialized investigators recognize patterns faster, connect signals more effectively, and build knowledge that compounds over time.

An outcome-driven framework does more than improve efficiency—it elevates the investigator from processing alerts to driving impact.

The Industry’s Moment to Define Effectiveness

The NPRM leaves institutions to define effectiveness in practice. That is both an opportunity and a responsibility.

The challenge to define effectiveness by what matters to law enforcement pursuing cases, prosecutors building evidence, and victims of financial crime is clear. It requires the ability to surface meaningful risk, connect signals, and equip investigators with the context to act decisively.

At Nasdaq Verafin, this is the problem we’ve focused on solving by consolidating financial crime intelligence, reducing low-value noise through automation, and enabling institutions to pursue the highest-risk threats with precision.

This is the moment to move beyond measuring compliance and start measuring real impact.

 

Subscribe for curated expert perspectives and industry insights, sent directly to you.