What was once a cornerstone of FinCEN’s 2016 CDD framework is now being positioned by that same agency as an “unnecessary burden.” On February 13, 2026, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) issued Order FIN-2026-R001, granting exceptive relief from certain provisions of the 2016 Customer Due Diligence (CDD) Rule. In its release titled “Relief Reduces Burdensome and Duplicative Regulatory Requirement,” FinCEN described the action as eliminating what it characterized as a “duplicative obligation” that required covered financial institutions to identify and verify the beneficial owners of a legal entity customer each time that customer opened a new account.
Under the order, covered financial institutions are no longer required to collect and verify beneficial ownership information at each subsequent account opening for an existing legal entity customer. Instead, institutions must identify and verify beneficial owners only when: (1) a legal entity customer first opens an account; (2) the institution becomes aware of facts that “reasonably call into question the reliability of previously obtained beneficial ownership information;” or (3) such collection is warranted under the institution’s risk-based ongoing customer due diligence procedures. Where reliance is placed on previously obtained information, the institution may rely on that information if the customer certifies or confirms, verbally or in writing, that it remains accurate and up-to-date, and the institution maintains a record of that certification.
Singing a tune it croons often, FinCEN emphasized that the relief does not alter broader BSA / AML obligations; that is, covered financial institutions must still establish and maintain written procedures reasonably designed to identify and verify beneficial owners of legal entity customers; conduct ongoing monitoring to identify and report suspicious activity; and, on a risk basis, maintain and update customer information. The relief is discretionary – meaning that banks / institutions may choose to continue collecting beneficial ownership information at each new account opening and FinCEN retains authority to revoke the exception. The agency framed the action as part of its broader effort to modernize the Bank Secrecy Act framework, align with deregulatory “initiatives,” and inform anticipated revisions to the 2016 CDD Rule under the Corporate Transparency Act (see more on this later, below).
While framed repeatedly as modernization and burden reduction, this shift marks a notable departure from FinCEN’s longstanding interpretation of the 2016 rule. To wit, in its 2018 CDD FAQs (arguably the clearest articulation of its interpretive position on the 2016 CDD Rule), FinCEN repeatedly emphasized that the beneficial ownership requirement was intentionally tied to the account-opening event. FinCEN stated plainly:
“In general, covered financial institutions must identify and verify the identity of the beneficial owner(s) of legal entity customers at the time each new account is opened.”
As you might expect, that tracked to the rule itself. In the 2016 rule’s preamble, FinCEN explained – in one of its more fundamental arguments – that the opening of a new account presents “a relatively convenient and otherwise appropriate occasion to obtain current information regarding a customer’s beneficial owners.”
The FAQ then reinforced that this obligation applied regardless of frequency or timing:
“Generally, covered financial institutions must identify and verify the legal entity customer’s beneficial ownership information for each new account opening, regardless of the number of accounts opened or over a specific period of time.”
Again, that language reflected deliberate policy reasoning. At that time, FinCEN rejected arguments that repeated certifications were unnecessary, noting the (rather obvious) fact that beneficial ownership can change over time and that formation-stage transparency would not eliminate the need to collect information at account opening because the time of account opening may differ from the time of company formation – and ownership may have changed in the interim.
Even where FinCEN allowed reliance on previously collected information, it made a specific point of preserving the account-opening trigger:
“…provided the customer certifies or confirms (verbally or in writing) that such information is up-to-date and accurate at the time each subsequent account is opened…”
That structure mirrored the final rule’s balancing approach – not retroactive collection, not periodic blanket updates – but a defined control point at each new account. FinCEN explicitly declined to require periodic updating at fixed intervals, explaining instead that (in addition to other “event-driven” or “risk-related” triggers) the account-opening event was an appropriate recurring moment for collection.
FinCEN also made clear that the “new account” concept was not incidental, but structural:
“…The beneficial ownership requirement applies to a ‘new account,’ which is defined to mean ‘each account opened … by a legal entity customer’…”
Once again, the 2016 CDD rule’s logic justified that design as part of closing a transparency gap that previously “enable[d] criminals, kleptocrats, and others looking to hide ill-gotten proceeds to access the [U.S.] financial system anonymously.” The repeated account-opening trigger functioned as a foundational guardrail against that risk.
Indeed, the FAQ made that purpose explicit:
“The distinction between such accounts opened by customers and those opened solely by the financial institution is consistent with the Rule’s purpose to mitigate the risks related to the obfuscation of beneficial ownership when a legal entity tries to access the financial system through the opening of a new account.”
Even renewals and rollovers were treated as new formal relationships:
“…each time a loan is renewed or a certificate of deposit is rolled over, the bank establishes another formal banking relationship and a new account is established.”
If you’re beginning to sense a pattern, that interpretation flowed directly from the rule’s incorporation of the CIP framework and the longstanding principle that a renewal establishes a new formal banking relationship (see, also, FinCEN’s 2005 Interpretative Guidance).
Against that luscious backdrop, the 2026 exceptive relief seemingly does a whole lot more than streamline paperwork – in effect, it removes the very recurring control point that the 2016 rule described as “appropriate,” “convenient,” and practically necessary to prevent ownership obfuscation.
It should be reiterated once again that FinCEN states that it “anticipates pursuing further changes to the 2016 CDD Rule through the rulemaking process, and this exceptive relief notice will help inform those efforts.” So, where we go from here is anyone’s guess, but if a control once justified as a deliberate guardrail against ownership opacity can now be labeled “burdensome and duplicative,” it isn’t necessarily unreasonable to wonder whether other AML and fraud safeguards may soon be reexamined through the same lens of “convenience.”
The Exceptive Relief Order can be found here: [FIN-2026-R001] and its accompanying Press Release is here: [FinCEN Issues Exceptive Relief to Streamline Customer Due Diligence Requirements]
The 2016 CDD Rule can be found here: [81 FR 29398] and the 2018 FAQ is here: [FIN-2018-G001]
Written by:
Brett Goodnack, JD, CAMS
Compliance Advisor