Regulatory Roundup - February 2026: Tighter Enforcement, Delayed Rules, and New Risks Across AML, Sanctions, and Digital Innovation
- Steve Marshall
- 2 days ago
- 5 min read
The regulatory landscape over the last month or so is a study in contrasts: tougher enforcement and sharper scrutiny from agencies like FinCEN, FINRA, and the UK’s OFSI alongside rule delays and new access pathways designed to foster innovation from the Federal Reserve and FDIC. From data-driven AML investigations and insider risk cases to evolving sanctions controls, crypto enforcement, AI governance expectations, and emerging stablecoin frameworks, regulators are sending a clear message: whether you’re modernizing or expanding, compliance fundamentals still matter.
ANTI-MONEY LAUNDERING (AML)
FinCEN’s new data-driven border operation signals heightened AML scrutiny for financial institutions
FinCEN has launched a sweeping data-driven operation targeting money laundering risks tied to cross-border activity, resulting in investigations, IRS referrals, and compliance outreach based on analytics of millions of SARs and CTRs. All impacted financial institutions should take note: if this approach yields enforcement actions, regulators will be asking pointed questions about why suspicious activity wasn’t flagged or reported, placing the robustness of underlying AML programs squarely under scrutiny.
Deregulation push delays AML/CFT rule for RIAs and ERAs
The White House has doubled down on a deregulatory agenda aimed at cutting regulatory costs and requiring agencies to offset new rules with retirements of older ones, even as FinCEN finalizes a two-year postponement of the Investment Adviser AML/CFT Program Rule to January 1, 2028. While registered investment advisers (RIAs) and exempt reporting advisers (ERAs) now have extra time before the rule takes effect, firms should use this hiatus strategically by identifying program requirements now and begin implementation planning rather than defer readiness.
Insider AML breach at TD Bank underscores need for ongoing employee monitoring
A former TD Bank employee recently pleaded guilty to accepting bribes and facilitating the laundering of $5.5 million dollars to Colombia by abusing his internal access and circumventing controls. While insider threats remain rare in the AML space, this case illustrates how front-line staff can be targeted — underscoring the importance of ongoing employee behavior monitoring and robust channels for colleagues or whistleblowers to report unusual activity.
FINRA sanctions Osaic Institutions over AML program failures
FINRA censured and fined Osaic Institutions $650,000 after finding its AML program was not reasonably designed to spot and report suspicious activity or conduct risk-based ongoing customer due diligence, with inconsistent surveillance and review of red flags. This penalty underscores the critical need for all entities subject to 31 CFR Chapter X to maintain robust, risk-based AML compliance programs — complete with effective policies and procedures, customer due diligence and monitoring, reporting, training, and a designated AML officer.
SANCTIONS
U.S. declares national emergency on Cuba and threatens tariffs on oil-supplier countries
The U.S. has issued an executive order declaring a national emergency with respect to Cuba and establishing a framework to impose tariffs on imports from countries that directly or indirectly supply oil to the island, representing an escalation of trade and sanctions policy under this authority. Companies will need to closely monitor developments under this order and implement controls that consider direct sanctions risks as well as detect sanctions and tariff evasions, with tailored compliance measures to address potential vulnerabilities.
UK’s OFSI finalizes tougher sanctions enforcement framework
The UK’s Office of Financial Sanctions Implementation (OFSI) has published its consultation response and will soon update its enforcement and monetary penalties guidance to introduce a settlement scheme, an Early Account Scheme, fixed penalties for reporting or licensing offences, and plans to increase statutory maximum penalties for sanctions breaches. Entities subject to the UK enforcement regime should closely review these changes, with particular attention to the settlement and Early Account schemes and the heightened statutory penalty exposure.
UK sanctions authorities go after crypto asset abuse
The OFSI, alongside law enforcement and regulatory partners, has ramped up coordinated efforts to identify and disrupt the abuse of crypto assets in connection with sanctions evasion and illicit finance, treating digital asset misuse on par with traditional currency exploitation. Players in the crypto space must ensure their sanctions compliance programs, including customer due diligence, risk assessment, and screening controls, are updated to effectively address crypto asset risks and vulnerabilities.
ARTIFICIAL INTELLIGENCE & DIGITAL ASSETS
Insurers urged to build dynamic AI governance programs as use of AI surges
Insurers embracing artificial intelligence must go beyond basic documentation and embed robust, dynamic governance and risk management frameworks that continually evaluate and test AI systems to mitigate the risk of adverse consumer outcomes, as outlined in recent guidance by the National Association of Insurance Commissioners (NAIC). A key takeaway from this cautionary perspective is the importance of ongoing, rigorous model risk management: insurers should ensure their AI governance programs evolve with emerging risks and include frequent testing, oversight, and accountability mechanisms rather than one-time implementation.
New AI companion chatbot laws highlight risks of treating AI as a human stand-in
Recent companion chatbot statutes in California and New York impose legal obligations on operators of AI designed for social interaction, reflecting growing scrutiny over the technology’s emotional and psychological impact — especially on teens, with roughly one in three report discomfort with something these bots have said or done. The key premise is that AI is a tool, not a substitute for human connection, and responsible AI use must be grounded in that reality with safeguards and governance that prioritize human well-being.
Federal Reserve’s “skinny master account” proposal advances payments access
The Federal Reserve has put forward a proposal for so-called “skinny master accounts” — streamlined payment accounts that would allow eligible institutions to clear and settle payments on Fed rails without the full privileges of traditional master accounts, such as interest-bearing balances or access to credit. Striking this balance between incumbent banks and new payments innovators is a step in the right direction. However, payment providers should remember that with expanded access comes the cost of compliance.
FDIC’s GENIUS Act stablecoin application procedures move forward
The Federal Deposit Insurance Corporation (FDIC) has approved a proposed rule to establish the application procedures under the Guiding and Establishing National Innovation for U.S. Stablecoins (GENIUS) Act, setting out how FDIC-supervised insured institutions can seek approval for subsidiaries to issue payment stablecoins and detailing filing requirements, evaluation criteria, and timelines. As with anything new, success comes with requirements: insured depository institutions and payments innovators alike will need to embed effective risk management principles into their stablecoin-related activities as these new money rails are brought to market broadly.
Strengthening Compliance in a Changing Risk Landscape
As regulatory demands grow more complex and risk exposure continues to shift, FinScan’s Advisory Services deliver the strategic insight and hands-on support organizations need to stay ahead. From strengthening model governance and improving data integrity to managing sanctions and AI-related risks, our specialists help design more resilient, future-ready compliance programs — so you can operate with clarity and confidence