The Executive Order is titled “Restoring Integrity to America’s Financial System.”
“Restoring Integrity.” Well, that’s one way of putting it. On May 19th, the current President issued Executive Order 14406. Like so many of the other recent edicts coming out of the Executive, it is framed as an anti-fraud, anti-abuse, and safety-and-soundness measure. It directs Treasury, federal financial regulators, NCUA, and the CFPB to examine risks allegedly posed by extending financial services and credit to “non-work-authorized individuals” and to what the order refers to as an “inadmissible and removable alien population.”
And, almost as if to lull the banking industry into a false sense of comfort, the order uses plenty of familiar compliance language: BSA, CDD, CIP, beneficial ownership, suspicious activity, ability to repay, safety and soundness. It even begins where a financial-crime order would be expected to start – pointing to payroll-tax evasion, nominee accounts, shell companies, funnel structures, unregistered MSBs, third-party processors, peer-to-peer platforms, structuring, labor trafficking, ITIN use, and foreign identity documents. But it then also expressly ties these issues to mortgage loans, auto loans, credit cards, and other consumer credit, asserting that lending to individuals without legal work authorization or with substantial wage-loss risk creates a structural “ability to repay” deficiency.
The problem, of course, isn’t that the order mentions financial crime. Banks already monitor for suspicious activity, verify customers, assess creditworthiness, and manage fraud risk – not merely because federal regulation tells them to, but because these are table-stakes functions for running a safe and sound financial institution. No, the problem is that the order takes seemingly legitimate compliance concepts and re-aims them toward a much broader – and far more fraught – proposition: that immigration status and work authorization should become embedded risk signals throughout the financial system.
Now, like every other Executive Order – this is not a final rule, and does not (nor cannot) immediately require every bank to collect proof of citizenship or immigration status from every customer. But it is, effectively, a set of marching orders to the agencies – one with a very quick turnaround time.
Within 60 days, Treasury is directed to issue a formal advisory to financial institutions identifying specific red flags and typologies associated with suspicious activity involving non-work-authorized populations and their employers. That advisory must address, among other things, payroll-tax evasion by employers or labor brokers; foreign identity documents, nominee accounts, shell companies, and funnel structures; unregistered MSBs, third-party processors, and peer-to-peer platforms used for off-the-books wage payments; sub-threshold cash activity tied to payroll cycles; labor trafficking and forced labor; and ITIN use to obtain credit products or open deposit accounts where the applicant lacks verified lawful immigration status.
Within 90 days, Treasury, in consultation with the federal financial regulators, is directed to propose changes to Bank Secrecy Act regulations to strengthen risk-based customer due diligence requirements. Those changes are supposed to ensure that institutions collect and verify sufficient customer identity information to identify nominal and beneficial owners and assess risks related to illicit finance, sanctions evasion, fraud, or other unlawful activity. But the order goes further – it says institutions should maintain authority, where warranted by risk indicators or supervisory concerns, to “obtain additional information […] relevant to whether account holders possess lawful immigration status and employment authorization” when that information is relevant to fraud, identity misrepresentation, sanctions evasion, or other illicit financial activity.
Within 180 days, Treasury and the federal financial regulators are directed to consider changes to BSA customer identification program requirements, including changes that account for the risks the order says are posed by foreign consular identification cards. And within 60 days, the CFPB is directed to consider clarifying that potential deportation and wage loss are factors that could adversely affect a non-work-authorized borrower’s ability to repay under Regulation Z’s ability-to-repay standards in 12 CFR Part 1026, while the federal financial regulators are separately directed to issue guidance on managing potential credit risks posed by the non-work-authorized population.
So, no, the Order may not change the federal rulebook today. But it tells the agencies what pages to start writing tomorrow – and it tells banks what kinds of customers, documents, transactions, and credit files may soon draw heightened scrutiny. Naturally, that leaves a few rather large problems standing in the middle of the room.
The first – and arguably largest – problem is that the order risks turning banks into quasi-immigration screeners – a role they are neither designed nor patently authorized to play. Banks are built to verify identity, monitor transactions, identify unusual patterns, assess creditworthiness, and file SARs when appropriate. However, notably: they are not immigration agencies. They aren’t trained to adjudicate lawful presence or work authorization. And they don’t really have some unchecked, freestanding legal authority to decide, as a general banking function, whether a customer’s immigration status creates a legally meaningful reason to limit account access, credit availability, or ordinary financial services.
Now, while existing customer identification rules require banks to form a reasonable belief that they know the true identity of the customer, they do not generally require banks to verify citizenship, lawful immigration status, or work authorization as a condition of ordinary account access. Knowing who a customer “is” is not the same as determining whether that customer is lawfully present, lawfully employed, or removable under federal immigration law.
If the agencies blur that line, banks may be left in an impossible position – expected to ask immigration-adjacent questions they are not equipped to evaluate, collect documents they may not know how to interpret, and make risk judgments that belong more naturally to immigration authorities than financial institutions. Worse, they may be second-guessed from both directions – criticized by examiners if they do too little, and exposed to fair lending, UDAP/UDAAP, privacy, and related risk if they do too much.
The second problem is that this could become a “debanking machine,” even if nobody calls it that. As has been well publicized, the administration has separately criticized politically motivated or categorical “debanking.” But this order could push banks toward a different form of categorical caution – heightened scrutiny of ITIN users, consular ID users, foreign-born customers, cash-heavy workers, remittance senders, immigrant-owned businesses, or borrowers whose documentation doesn’t fit neatly into a conventional SSN-and-W-2 underwriting file.
That doesn’t necessarily mean every one of those customers will be denied. But for all intents and purposes – in banking, “friction” such as this is often the first draft of exclusion. Throw in a few vague red flags, a few uncertain regulatory expectations, a few new documentation questions, and a few frontline employees who have not been trained to distinguish immigration law from identity verification, and the practical message eventually becomes “some customers may become more trouble than they are worth.”
That’s likely why much of the early backlash has centered on financial exclusion. Industry and consumer advocates alike have warned that the Order could push immigrants and ITIN users out of the mainstream financial system, restrict access to credit, limit the practical use of consular identification cards, increase the unbanked population, and create major operational burdens for financial institutions.
If a customer is inside a regulated institution, the institution can verify identity, monitor transactions, detect suspicious patterns, and escalate where appropriate; but if that customer is pushed into cash, informal remittance networks, prepaid workarounds, or unregulated intermediaries, the system may have less visibility, not more. Regulated accounts create records – but cash economies do not. Bank monitoring creates reporting channels – but informal workarounds do not. Ultimately, the order may create more of the very opacity it says it is purporting to fight.
A third problem is that the order treats ITINs and consular IDs as if they are inherently suspect, rather than as tools that often help bring people into the regulated financial system. Of course, any document can be misused. And, of course, banks should have risk-based controls. But treating ITIN use or foreign consular identification as a built-in warning sign risks sweeping legitimate customers into suspicion simply because their documentation is administratively inconvenient or politically disfavored.
That is especially troubling because ITINs exist, in part, so individuals without Social Security numbers can comply with tax obligations. Even putting aside the obvious UDAAP hallmarks – treating ITIN use as a quasi-red flag essentially inverts the policy logic, insofar as the person trying to operate within a documented system now suddenly becomes more suspicious precisely because they used the documentation available to them.
Another problem is the order’s credit-risk theory. To be sure, there’s a legitimate underwriting point buried in here, because if income is unstable, unverifiable, unlawful, or likely to end, repayment capacity matters. But the order goes further by suggesting that potential deportation and wage loss may be relevant to ability-to-repay analysis. Handled with the utmost care, that could potentially remain an individualized underwriting issue. Handled even slightly clumsily, and it could become a status-based presumption. It doesn’t take a law degree to see that this potentially has fair lending, UDAAP, and/or privacy considerations written all over it. A lender that treats two similarly situated applicants differently because one uses an ITIN, relies on a consular ID, sends remittances, has a foreign-sounding name, or is perceived as more likely to be non-work-authorized may not be making a careful credit decision; rather, it may be running a status-based assumption through the language of credit risk.
Threaded through all of this is the same compliance trap. If banks do too little, they may later be criticized for ignoring immigration-related BSA or credit-risk signals. If they do too much, they may exclude legitimate customers, invite fair lending scrutiny, create privacy problems, burden frontline staff, and contradict the broader anti-debanking message.
No one is likely to have “fun” complying with the reality this order might create, but arguably, larger institutions can throw lawyers, consultants, and centralized operations teams at the ambiguity. But smaller institutions cannot simply “flip a switch” and begin evaluating immigration-related documentation, retraining staff, reprogramming account-opening systems, revising policies, and adjusting monitoring rules without real (possibly back-breaking) cost.
To be clear, the issues the Order invokes are real, and serious – fraud, BSA compliance, identity verification, human trafficking, tax evasion, shell companies, and suspicious payment flows all deserve careful attention. But the integrity of the financial system is unlikely to be restored by making banks guess who is removable, and it is unlikely to be strengthened by forcing financial institutions into an immigration-screening role they were never designed, trained, or authorized to perform.
The EO can be found here: [91 FR 30479]
Its related Fact Sheet can be found here: [Fact Sheet]
The related EO, titled “Integrating Financial Technology Innovation Into Regulatory Frameworks,” can be found here: [91 FR 30475] and its fact sheet is here: [Fact Sheet]
Brett Goodnack, JD, CAMS
Compliance Advisor