The Bank Secrecy Act compliance landscape shifted meaningfully in 2025 — not through a single landmark rulemaking but through a convergence of FinCEN implementation actions, interagency supervisory expectations, and formal BSA/AML program guidance that landed in overlapping windows between the first and third quarters of the year. For mid-size bank compliance teams managing BSA officer responsibilities alongside other compliance functions, the question is not whether these changes were ultimately detectable — they were all publicly issued through official channels. The question is whether the compliance program's monitoring infrastructure captured them at publication, triaged them correctly, and generated appropriate implementation response before the next examination cycle.
This review covers the principal AML/BSA regulatory actions from 2025 that compliance teams at mid-size depository institutions and non-bank financial institutions should have incorporated into their programs. It is not a comprehensive Federal Register index; it is an assessment of which documents carried the greatest compliance obligation weight and where monitoring gaps are most likely to have occurred.
FinCEN Beneficial Ownership Reporting: Ongoing Implementation and Institutional Scope
The Corporate Transparency Act's beneficial ownership information (BOI) reporting requirements, implemented through FinCEN's final rule at 31 CFR Part 1010, created compliance obligations for covered entities beginning in January 2024. The practical compliance work for depository institutions in 2025 has centered on two dimensions: understanding which legal entities in their own corporate structure are reporting companies under the CTA, and — for institutions with commercial banking relationships — understanding how the CTA interacts with their existing BSA/AML customer due diligence (CDD) program under 31 CFR Part 1010.230.
FinCEN issued multiple FAQs and guidance clarifications through its BOI publication channel in 2025, addressing exemption scope, beneficial ownership calculation methodology, and timing of update obligations when previously reported information changes. These FAQ publications — which appeared on the FinCEN BOI website rather than through Federal Register notice — were among the most frequently missed regulatory actions among institutions that relied on Federal Register-only monitoring. The FAQ clarifications materially affected how compliance teams assessed their reporting obligations for certain complex corporate structures. Institutions that captured only the original final rule and not the subsequent FAQ series operated with an incomplete understanding of their obligations through much of 2025.
Updated FDIC BSA/AML Program Supervisory Expectations
The FDIC updated its BSA/AML examination procedures in 2025 in ways that affected the practical assessment framework examiners apply to state non-member bank BSA programs. The updated procedures — published as a revision to the FDIC's Compliance Examination Manual — reflected the FFIEC's updated BSA/AML Examination Manual (itself the product of the interagency working group's multi-year update process) and incorporated specific examiner expectations around automated transaction monitoring system validation, SAR (Suspicious Activity Report) narrative quality, and currency transaction report (CTR) exemption management.
The SAR narrative quality expectations are worth specific attention. Examiners have increasingly focused on the analytical content of SAR narratives — whether the narrative explains why the activity was suspicious, connects reported transactions to specific typologies (structuring, layering, or other recognized patterns), and documents what additional investigation the institution conducted before filing. An institution whose SAR narrative quality guidance had not been updated since the prior FFIEC manual revision may not have captured this heightened expectation. The compliance response is not complex — it is revising SAR narrative quality guidelines and reviewing recent filings — but it requires awareness of the updated examination expectation in the first place.
A mid-size FDIC-supervised commercial bank in the Midwest with $4 billion in total assets encountered this dynamic during a 2025 compliance examination. The bank's BSA program was substantively sound — its transaction monitoring system was validated, its CDD documentation was complete, and its SAR filing rate was within peer norms. The examination finding, however, cited SAR narrative quality in a subset of complex cases as falling below examiner expectations that reflected the updated FFIEC manual. The bank had received the FFIEC manual update as an undifferentiated "examination procedure update" through its general compliance newsletter and had not elevated it for BSA program review.
Interagency Correspondent Banking Due Diligence Guidance
The federal banking agencies issued updated interagency guidance on correspondent banking due diligence in 2025 — specifically addressing how domestic banks that provide correspondent services to foreign financial institutions should structure their AML risk assessment and monitoring for that portfolio. The guidance referenced prior supervisory principles from FinCEN and addressed how institutions should approach the de-risking tension: the supervisory concern that institutions are exiting legitimate correspondent relationships en masse rather than applying risk-based CDD that would allow them to maintain some relationships with enhanced monitoring.
We are not saying this guidance requires every mid-size bank with correspondent relationships to overhaul its program. For many institutions, the guidance will confirm that existing risk-based approaches are consistent with supervisory expectations. The point is that correspondent banking due diligence is a category where examiner expectations have been in active development — and an institution that missed this guidance and received an examination inquiry about its correspondent portfolio without having reviewed the updated framework is in a weaker defensive position than one that can document its awareness and assessment.
What "Missed" Actually Means in BSA/AML Monitoring
The framing of this article's title deserves precision. When we describe regulatory actions that compliance teams "missed," we do not mean that the documents were unavailable or obscure. Every document referenced here was published through official agency channels — FinCEN's website, the Federal Register, the FDIC's examination manual update notification process. What "missed" means in practice is one of three things: the document was captured in a general awareness channel but not triaged as requiring BSA program response; the document was captured but routed to a compliance team member who lacked the BSA context to recognize its significance; or the document was captured through a channel that did not preserve a record of receipt and assessment, leaving the institution unable to document its monitoring process during examination.
The third failure mode is underappreciated. Many compliance teams are operating with monitoring processes that are functionally adequate — they do see most material regulatory publications — but lack the documentation discipline to demonstrate that awareness to an examiner. A monitoring process that leaves no record of when a document was received, who reviewed it, and what disposition was determined is not a monitoring process in the examination sense. It is informal awareness. Formalizing it requires a combination of structured monitoring infrastructure and a documented triage workflow — which is the integration challenge addressed in our guide to connecting regulatory change feeds to your GRC system. For the full picture of how Ruleward monitors FinCEN, FDIC, and interagency BSA channels, the coverage page lists our active source monitoring with update frequency by channel.