Regulatory Roundup - April 2026: Enforcement Escalates, Crypto Rules Tighten, and AI Governance Takes Shape
- Steve Marshall
- 13 hours ago
- 4 min read
The last month or so delivered a clear message to financial institutions: regulators are moving faster, coordinating more closely, and expecting firms to keep pace—especially across digital assets, sanctions exposure, and AI-driven compliance.
From an $80 million enforcement action in the US to tightening UK crypto rules and growing EU supervisory alignment, the direction is consistent. Compliance is becoming more data-driven, more real-time, and less forgiving of gaps in governance. Below, we break down the most important developments and what they mean for compliance teams now.
ANTI-MONEY LAUNDERING
$80M Wake-Up Call: FinCEN Targets BSA Failures in Fraud Overlap
FinCEN assessed an $80 million civil money penalty against Canaccord Genuity LLC for willful BSA violations tied to securities-fraud-related activity (March 6). Broker-dealers and affiliated financial groups should expect heavier scrutiny of surveillance, escalation, SAR decisioning, and governance where fraud typologies overlap with BSA obligations.
FinCEN Tightens the Net: Southwest Border Controls Expand for MSBs
FinCEN renewed and modified its Southwest Border Geographic Targeting Order for certain MSBs, with FAQs issued March 19. Covered MSBs in specified counties need to retune transaction monitoring, CTR workflows, staffing, and location-level controls. It also signals continued willingness to use targeted reporting tools for higher-risk corridors.
Healthcare Fraud Surges 330%: AML Programs Must Catch Up Fast
FinCEN issued a healthcare fraud advisory in late March, noting a 330% increase in BSA reporting on healthcare fraud from 2020-2025. Banks, payment firms, and fintechs serving providers, labs, billing firms, or government-benefit flows should update fraud/AML typologies, alert scenarios, and SAR narratives for healthcare- and benefits-fraud indicators.
Treasury’s 2026 Risk Assessment: Digital Assets Move to the Top of the List
The US Treasury published the 2026 National Money Laundering Risk Assessment on March 1, highlighting digital-asset-related risks. Financial institutions should treat this as a priority-setting document for 2026 exams and risk assessments, especially for digital assets, sanctions evasion, cyber-enabled crime, and cross-border typologies.
GENIUS Act Signals Shift: AML Modernization Meets Digital Asset Scrutiny
The US Treasury delivered its GENIUS Act report to Congress on innovative technologies to counter illicit finance involving digital assets. Banks, stablecoin issuers, VASPs/CASPs, and RegTech providers get a strong policy signal that US authorities favor technology-enabled AML modernization while signaling possible future tightening around DeFi and digital-asset intermediaries.
NY DFS Warning: Cyber, Sanctions, and AML Risks Are Now One Problem
New York DFS issued a March 3 cybersecurity advisory tied to heightened global conflict and specifically told firms to monitor transactions, including virtual-currency activity, for sanctions and AML compliance. New York-regulated banks, insurers, and virtual-currency firms should treat cyber, sanctions, and AML as converged risk-management issues, with heightened expectations around incident response, monitoring, and governance.
FCA Enforcement Reminder: Weak Surveillance Still Comes at a Cost
The FCA fined Dinosaur Merchant Bank £338,000 on March 27 for failures in systems and controls to detect and report suspicious trading. UK firms should read this as a reminder that market-abuse surveillance and suspicious transaction/order reporting remain core control expectations.
UK AML Rules Tighten: Crypto, Correspondent Banking, and Control Under the Microscope
The UK’s Money Laundering and Terrorist Financing (Amendment) Regulations 2026 were laid in late March, with analyses noting tighter AML controls for crypto firms, correspondent relationships, and changes in control. UK banks, EMIs, payments firms, and FCA-registered crypto businesses should prepare for more intensive due diligence, ownership/control scrutiny, and earlier supervisory engagement.
AMLA Data Push Begins: Standardized AML Oversight Takes Shape
The Anti-Money Laundering Authority (AMLA) launched a March 16 data-collection exercise to test its risk-assessment models for selecting up to 40 entities for direct supervision from 2028. EU credit and financial institutions should expect more standardized AML data demands and more comparable risk scoring across member states.
EU AML Rulebook Advances: From Fragmentation to Formalization
The AMLA held its first public hearing on draft Regulatory Technical Standards (RTS) on March 24, announced March 26, drawing broad stakeholder participation. This indicates the EU AML single rulebook is becoming more operational, with progressively less national divergence and more detailed EU-level standards over time.
SANCTIONS
DPRK Typologies Evolve: Treasury Targets Crypto-Enabled IT Worker Schemes
The US Treasury sanctioned facilitators of DPRK IT-worker fraud on March 12, including crypto conversion activity. Sanctions screening, customer due diligence, and crypto tracing programs should account for DPRK-linked IT-worker typologies, labor-front companies, and fiat-to-crypto conversion patterns.
UK Signals Harder Line: Sanctions Enforcement Set to Get More Punitive
The UK published a cross-government sanctions enforcement strategy on March 10 and said OFSI intends to seek legislation to raise the maximum civil penalty for financial sanctions breaches. UK financial institutions, payment firms, and multinationals should assume tougher sanctions enforcement and a more punitive posture, making governance and voluntary disclosure decisions more important.
Sanctions Risk Expands: OFSI Penalty Shows Corporates Are in Scope
The OFSI imposed a £390,000 penalty on Apple Distribution International March 19. The action reinforces that sanctions enforcement risk extends beyond banks and reaches large corporates and technology groups, underscoring the need for robust controls across treasury, payments, trade, and distribution flows.
AI & TECHNOLOGY
Treasury Backs AI—with Guardrails: Innovation Meets Governance Expectations
The US Treasury launched an AI Innovation Series on March 23 to convene financial institutions, tech firms, regulators, and experts on high-value AI use cases and safe scaling. This is not binding, but it signals that AI adoption in financial services is being encouraged subject to strong governance, safety, and soundness controls.
SEC & CFTC Clarify Crypto Rules: Jurisdiction Lines Start to Sharpen
The SEC and the CFTC jointly clarified the application of federal securities and commodities laws to crypto assets on March 17. US crypto firms, broker-dealers, exchanges, and banks exploring digital-asset services will get more clarity on product classification and jurisdictional boundaries, affecting product design, disclosures, and licensing analysis.
Regulators Align: SEC and CFTC Move Toward Unified Crypto Oversight
SEC and CFTC announced an interagency MOU on March 11 to coordinate and harmonize policies and practices in areas of shared interest, including digital markets. Firms operating across securities/commodities lines should expect more coordinated supervision and enforcement, reducing some gaps but increasing the coherence of oversight.
Strengthening Compliance in a Changing Risk Landscape
As regulatory demands grow more complex and risk exposure continues to shift, FinScan’s Advisory Services deliver the strategic insight and hands-on support organizations need to stay ahead. From strengthening model governance and improving data integrity to managing sanctions and AI-related risks, our specialists help design more resilient, future-ready compliance programs — so you can operate with clarity and confidence.