Anti-Money Laundering and Countering the Financing of Terrorism, Digital Assets, and Artificial Intelligence

This article is part of Looking Back and Moving Forward: Top Issues Shaping White Collar Law in 2026. Click here to read the full newsletter.

In 2025, the U.S. anti-money laundering (AML) and countering the financing of terrorism (CFT) landscape evolved with growing technological risks and federal policy increasingly focused on national security. Regulators are prioritizing threats of cybercrime, misuse of digital assets, and transnational criminal organizations, and emphasizing the value of AML tools in protecting national security. Financial institutions faced increased expectations for risk-based program design, data quality, and governance, amid a more complex supervisory landscape. Key developments in 2025—including new rules under the AML Act of 2020, expanded sanctions against cartels, digital asset regulation, and a focus on artificial intelligence fraud—signal continuing reliance on financial institutions to assist in guarding against threats to national security and exploitation of the U.S. financial system by a growing variety of criminal actors and methods into 2026.

AML/CFT

AML Developments: Heightened Focus on National Security and Centralized Enforcement

Key threats to the U.S. financial system that the Treasury identified in 2024—cybercrime, fraud, corruption, drug trafficking, and exploitation by foreign adversaries like North Korea—grew in priority in 2025. Federal agencies have increasingly applied this national-security lens to AML enforcement, with particular attention to cartels, transnational criminal organizations, Chinese money laundering networks (CMLNs), and sanctions-evasion schemes like Iranian shadow networks. Enforcement activity reflected a focus on targeted, intelligence-driven interventions.

In December, news outlets reported that Treasury will propose to significantly expand FinCEN’s Bank Secrecy Act (BSA) and AML enforcement authority in 2026, which would make FinCEN the central decisionmaker in enforcement actions and give it the ability to override decisions by banking regulators. The proposal also envisions more intelligence-driven, risk-based enforcement that would prioritize actionable threats over technical compliance issues. Adoption would mean a significant change in AML enforcement, reshaping expectations for governance, escalation, and regulatory engagement.

Implementation of the AML Act. FinCEN advanced implementation of the AML Act of 2020, including a proposed rule that would require AML/CFT programs to be “effective, risk-based, and reasonably designed.” The proposal would formalize expectations for enterprise-wide risk assessments, documented program-design decisions, and alignment of controls to identified risks.

Corporate Transparency Act (CTA). 2025 was the first full year of beneficial-ownership reporting under the CTA, during which Treasury and FinCEN continued to emphasize the importance of accurate and complete filings. The court in National Small Business Association v. Yellen held the CTA unconstitutional as applied to the plaintiffs, prompting FinCEN to pause enforcement only for those litigants and leaving reporting obligations unchanged for all other entities. However, the legal landscape shifted in December 2025, when the 11th Circuit upheld the constitutionality of the CTA, reducing the uncertainty created by earlier district court rulings. FinCEN’s March 2025 interim final rule exempting most domestic U.S. entities from beneficial ownership reporting remained in effect, while foreign reporting companies continued to have BOI obligations.

Sector-specific rulemaking. FinCEN’s long-pending AML program rule for investment advisers took a step forward on December 31, when FinCEN issued a final rule postponing the effective date of the investment adviser AML/CFT program and suspicious activity reporting requirements until January 1, 2028, confirming that the agency intended to revisit the rule’s scope. Other rulemakings, relating to real estate, digital assets, and cross-border payments, remain under review.

Enforcement Reflects Policy of ‘Total Elimination’ of Cartels and TCOs That Threaten the U.S.

In January 2025, the president declared a federal policy of “total elimination” of cartels and transnational criminal organizations in Executive Order 14157 “Designating Cartels and Other Organizations as Foreign Terrorist Organizations and Specially Designated Global Terrorists.”

In February, the State Department designated several cartels—primarily based in South or Central America—including the Sinaloa Cartel and Cartel de Jalisco Nueva Generacion (CJNG) as Foreign Terrorist Organizations (FTOs) and Specially Designated Global Terrorists (SDGTs).

In May, the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned two Mexico-based entities linked to the CJNG, associated with supporting a network generating millions for the cartel not only through drug trafficking, but also fuel theft and smuggling stolen crude oil into the U.S. Additional CJNG affiliates, including 13 Mexico-based companies, were sanctioned in August based on their links to CJNG timeshare fraud schemes that target U.S. tourists to generate revenue for the cartel.

In addition to tourism and oil, the directive to eliminate cartels threatening the U.S. led to sanctions touching other areas of legitimate commerce like agriculture. In August, OFAC sanctioned Carteles Unidos and Los Viagras, based in part on extortion in the agriculture industry.

FinCEN issued orders in June identifying three financial institutions based in Mexico—CIBanco S.A., Institución de Banca Multiple (CIBanco), Intercam Banco S.A., Institución de Banca Multiple (Intercam), and Vector Casa de Bolsa, S.A. de C.V. (Vector)—as “primary money laundering concerns” and prohibiting certain transmittals of funds involving them. These were FinCEN’s first actions under the Fentanyl Sanctions Act and the Fentanyl Eradication and Narcotics Deterrence (FEND) Off Fentanyl Act, passed in 2024 to strengthen U.S. agencies’ powers to target money laundering associated with narcotics trafficking.

FinCEN has also raised the alarm on the threat CMLNs pose to the U.S. financial system, urging particular vigilance by financial institutions to detect use of CMLNs by Mexico-based cartels, including those designated as FTOs. The agency highlighted the speed and effectiveness of CMLN operations, and the various methods CMLNs use to launder proceeds for cartels, including through shell companies investing in the U.S. real estate market.

While sanctions primarily serve as a tool to influence behavior rather than to punish— such as disrupting money laundering networks and transnational criminal activities—Treasury has warned it will use its powers to impose secondary sanctions on financial institutions facilitating transactions with designated entities, imposing civil or criminal penalties on U.S. and foreign persons, and restricting or prohibiting U.S. correspondent accounts.

Conducting business internationally and particularly in Mexico and South America, for financial institutions as well as any companies involved in oil, agriculture, tourism, or other industries, will require sharpened vigilance through 2026. This will mean heightened diligence and review of compliance programs, as well as staying abreast of a rapidly evolving federal landscape of AML/CFT enforcement and as digital assets regulations are rolled out under the Guiding and Establishing National Innovation for US Stablecoins Act (GENIUS Act). 

Digital Assets

Regulatory Focus: Protect Investors, Make U.S. ‘Crypto Capital of the Planet’

In January 2025, President Trump signed Executive Order 14178 “Strengthening American Leadership in Digital Financial Technology,” signaling a shift away from regulation toward growth of digital financial technology in the U.S. According to President Trump, Executive Order 14178 is a step in fulfilling his promise to make the U.S. “the crypto capital of the planet.” The executive order creates a Presidential Working Group on Digital Asset Markets to develop a federal regulatory framework for digital assets, prohibits agency efforts to establish central bank digital currencies, and revoked Executive Order 14067 “Ensuring Responsible Development of Digital Assets” (March 9, 2022) and the U.S. Treasury’s

Framework for International Engagement on Digital Assets (July 7, 2022).

The most significant congressional act in 2025 impacting digital assets was the passage of the GENIUS Act in July. The first-ever U.S. digital assets law creates a regulatory framework for dollar-backed stablecoins, with requirements for issuer permitting, reserves, and AML controls, and will go into effect in 2027.

At DOJ, the focus shifted sharply away from “regulating by prosecution” to targeting conduct that victimizes U.S. investors or supports cartels based in South America and Mexico. In an April 7 Memo “Ending Regulation by Prosecution,” DOJ announced it would shift enforcement to focus on prosecuting conduct victimizing investors, consistent with Executive Order 14178, and use of digital assets to further unlawful conduct by cartels, TCOs, FTOs, and Specially Designated Global Terrorists, in line with the “total elimination” policy laid out in Executive Order 14157. DOJ indicated it would pursue illicit financing of fentanyl and human trafficking, terrorism, cartels, and smuggling, including through use of digital assets, but it would not take action against platforms used for these activities.

For example, DOJ’s Criminal Division launched the Scam Center Strike Force, partnering with the D.C. U.S. Attorney’s Office, the FBI, and the Secret Service, to investigate “scam compounds” in Southeast Asia through which Chinese transnational criminal organizations defraud Americans of billions annually through cryptocurrency investment scams and related fraud schemes. OFAC and FinCEN have supported this effort as well, in collaboration with international allies like the U.K. OFAC designated several companies in Cambodia and Burma in May and September for involvement in operating scam compounds targeting Americans through cyber scams, and in a sweeping action in October, coordinated with the U.K. to sanction the Cambodia-based Prince Group for online investment scams targeting Americans and others. FinCEN imposed a special measure in October prohibiting U.S. financial institutions from opening or maintaining correspondent accounts for Cambodia-based financial institution Huione Group, deemed a primary money laundering concern under § 311 of the Patriot Act, and requiring special due diligence on foreign correspondent accounts to guard against the threat.

OFAC actions in 2025 more broadly reflect alignment with the policy to protect investors and disrupt cybercrime networks that fund actors considered a threat to U.S. national security. In March, OFAC removed economic sanctions from the digital assets intermediary and cryptocurrency mixer Tornado Cash, in response to the Fifth Circuit’s 2024 ruling in Van Loon v. Department of the Treasury that OFAC lacked IEEPA authority to sanction open-source code. The agency made clear it remains focused on those considered a threat to security and U.S. leadership in the digital asset industry, a reference to its rationale for the sanctions: that Tornado Cash aided criminal actors, including North Korea’s state-funded hacking organization the Lazarus Group, in laundering billions. In November, OFAC imposed sanctions specifically targeting cybercrime and money laundering activities funding North Korea’s nuclear weapons program, on two entities and eight individuals linked to cybercrime and IT worker fraud schemes supporting North Korea.

DOJ saw its prosecution of Tornado Cash co-founder Roman Storm through in 2025, securing his conviction in August of knowingly transmitting criminal proceeds over the platform. In another digital assets case, the founders of cryptocurrency mixing service Samourai Wallet were sentenced to four and five years in prison for knowingly transmitting $237 million in criminal proceeds. The two cases signal DOJ’s continued focus on willful actions and individual actors, and a shift away from ‘regulating’ technology and services through prosecution.

OFAC also increased pressure on the Iranian shadow fleet and laundering network, used to evade sanctions and finance Iran’s nuclear program, imposing new sanctions on 29 fleet vessels and their management firms in December. FinCEN’s October analysis identifying approximately $9 billion in Iranian shadow banking activity occurring through U.S. correspondent accounts highlighted particular vulnerabilities to the network and need for heightened diligence.

At the Securities and Exchange Commission (SEC), the 2025 trend has also been one of deregulation. In January, SEC formed a Crypto Task Force to help develop a clear regulatory framework for crypto assets and increase transparency and public engagement in developing crypto policy. In February, SEC cited its focal shift to reform in dismissing its enforcement action against Coinbase Inc., which had alleged the company operated as an unregistered securities exchange, broker, and clearing agency by listing

and facilitating trade of certain crypto tokens. SEC explained the dismissal was based on policy and not reflective of its view of the merits. This is a clear shift from last year’s SEC, which pursued Terraform Labs and founder Do Kwon to verdict for selling the TerraUSD stablecoin and LUNA token without registration in violation of U.S. securities laws.

Artificial Intelligence

Regulators in 2025 also intensified focus on AI as a technological force reshaping the AML landscape, building on the uses, opportunities, and risks the Treasury highlighted in December 2024, including that AI and generative tools can strengthen risk management but also present risks of data quality, bias, explainability, and third-party dependencies. Regulators focused on AI-enabled illicit finance and the need for controls to reflect evolving typologies, model governance and explainability, data quality and lineage, operational resilience and bias mitigation, and use of AI to detect complex illicit activity. AI is also a resource to enhance AML/CFT programs, provided institutions apply disciplined governance and align AI use with risk-based program design.

AI Deepfakes and Fraud. FinCEN also warned of a rise in deepfake-enabled fraud heading into 2025, including synthetic voices, fabricated identities, manipulated documents, and realistic video impersonations used to bypass identity verification and authentication controls. These techniques facilitate account takeovers, social engineering schemes, and large-scale financial fraud. Enforcement agencies also note increasing use of deepfakes to impersonate both customers and employees, warning that these schemes have become more scalable and difficult to detect.

Given the unique risks posed by AI, FinCEN calls for strengthening controls across onboarding, authentication, and monitoring. Specifically, through enhanced identity-verification measures, monitoring for synthetic identities, integration of deepfake typologies into risk assessments, and rigorous testing and governance of AI-based detection tools. Institutions are also encouraged to participate in public-private information-sharing to support early detection.

Looking Ahead to 2026 and Beyond

The past year highlighted the growing use of AML and sanctions tools for national security interests, and an overarching policy in combating financial crime that harms U.S. investors, exploits the U.S. financial system, or supports cartels, transnational criminal organizations, and other actors adverse to the U.S., like North Korea and Iran. While deregulation is a trend in this area, financial institutions should remain vigilant and abreast of compliance requirements in a quickly evolving technological and regulatory space. In 2026, institutions should anticipate:

• Expanded involvement of FinCEN in AML enforcement: Treasury’s proposal to expand FinCEN’s authority may reshape interagency roles, leading to faster intervention in high-risk matters, and heightened scrutiny of governance and escalation practices.
• Increased focus of AML and sanctions enforcement on national security: Agencies will continue prioritizing threats tied to cartels, CMLNs, foreign adversaries, and cyber-enabled activity. Institutions with cross-border exposure—particularly in Mexico, South America, and other high-risk sectors—should anticipate expanded due diligence expectations and increased use of secondary sanctions and § 311-style measures.
• Total elimination of cartels and TCOs means staying abreast of trends in cartel revenue streams and terrorist financing: The growing variety of cartel revenue sources will demand greater due diligence and monitoring relating to legitimate commerce—agriculture, tourism, real estate, weapons, and oil, particularly in high-risk areas.
• Stricter requirements for AI governance and deepfakes resilience: Regulators will intensify focus on AI governance, data quality, explainability, and controls to detect AI-enabled fraud, synthetic identities, and deepfake-driven account takeovers.
• Digital assets regulation: Institutions should stay tuned for the roll out of regulations under the GENIUS Act, as regulators prepare to implement the law when it takes effect in 2027.

Financial institutions that invest in robust controls and readily adapt to evolving regulations (investment adviser rules, real estate transparency, cross-border transactions, and digital assets), sanctions, and geopolitical trends will best navigate the quickly shifting federal AML/CFT environment in 2026.

Copyright © 2026 by Ballard Spahr LLP.
www.ballardspahr.com
(No claim to original U.S. government material.)

All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, including electronic, mechanical, photocopying, recording, or otherwise, without prior written permission of the author and publisher.

This alert is a periodic publication of Ballard Spahr LLP and is intended to notify recipients of new developments in the law. It should not be construed as legal advice or legal opinion on any specific facts or circumstances. The contents are intended for general informational purposes only, and you are urged to consult your own attorney concerning your situation and specific legal questions you have.