On May 19, 2026, President Trump signed two executive orders that create the most consequential shift in compliance obligations since FinCEN’s proposed effectiveness rule earlier this year. The first expands screening and due diligence requirements. The second directs regulators to dismantle barriers preventing fintechs from entering the regulated financial system. One tightens. The other opens. Both create urgent infrastructure demands for the same compliance teams.
EO 1: Restoring Integrity to America’s Financial System
The first executive order launches four parallel regulatory clocks targeting different components of the compliance framework.
60-day Treasury red-flag advisory. The Treasury Secretary must issue a formal advisory identifying suspicious activity patterns tied to payroll tax evasion, concealment of true account ownership, off-the-books wage payments, structuring schemes, and labor trafficking. Expect it by mid-July 2026.
90-day BSA/CDD rule change proposal. Treasury must propose changes to BSA regulations strengthening customer due diligence requirements. This triggers the NPRM process — realistically placing enforcement 12–18 months out.
180-day CIP revision for foreign consular identification. Regulators must evaluate whether foreign consular identification documents pose risks to the integrity of the CIP.
60-day CFPB underwriting clarification. The CFPB is directed to clarify that potential deportation and loss of wages are factors lenders may consider under ability-to-repay standards.
Four parallel clocks. Four agencies. Four rulemaking processes. The compliance teams responsible for implementing these changes are the same teams already preparing for FinCEN’s effectiveness standard. The workload is compounding.
Who Is Most Exposed
RIAs and exempt reporting advisers. This community just stood up its first AML programs for the January 2026 BSA rule. The executive order represents a second wave on a tired team. The gap between what the January rule required and what the EO demands requires material program changes.
Mid-market consumer lenders and fintech lenders. Caught between Treasury and CFPB simultaneously. The compliance infrastructure at most mid-market lenders was not designed for concurrent regulatory mandates from multiple agencies on overlapping timelines.
EO 2: Integrating Financial Technology Innovation
The second executive order moves in the opposite direction — directing regulators to remove barriers preventing fintech firms from partnering with banks, obtaining charters, and accessing federal payments infrastructure.
90-day regulatory review. Every federal financial regulator must inventory rules and practices that “unduly impede” fintech firms. This is a deregulatory exercise — regulators are being asked to identify rules to roll back.
180-day action requirement. Each agency must “take steps to encourage innovation” — rewriting rules, issuing guidance, and streamlining charter applications.
120-day Federal Reserve review. The Fed must evaluate extending master-account and payment-system access to uninsured depositories and non-bank financial companies, including digital asset firms. The Fed has already proposed a new “Payment Account” for eligible institutions.
The Paradox: Both Demand the Same Infrastructure
Both orders converge on a single operational reality: the screening infrastructure required to meet the first order’s expanded mandates is the same infrastructure required to responsibly bring the second order’s new entrants into the regulated system. Comprehensive screening data. Real-time processing. Investigation tools that scale. Audit trails that prove effectiveness.
The paradox is only a paradox if you think about compliance as a collection of discrete obligations. If you think about it as an architecture, both orders are asking for the same thing.
What Compliance Teams Should Do Now
Before mid-July (60-day advisory). Review transaction monitoring rules for labor trafficking, payroll fraud, structuring, and hidden ownership. Ensure adverse media monitoring covers ICE enforcement, employer prosecutions, and labor trafficking cases now.
Before mid-August (90-day BSA/CDD). Evaluate whether your CDD program can accommodate additional identifying information requirements without system redesign.
Before mid-November (180-day CIP). Audit CIP acceptance criteria for foreign consular IDs. Prepare risk assessment documentation and compensating controls.
For fintech firms and bank partners. Monitor the 90-day regulatory review. The rules identified for rollback signal which partnership models become viable. Start the compliance infrastructure conversation now.
A Note on Litigation Risk
Legal challenges are expected on ECOA, civil rights, and APA grounds. Effective dates could push to 18–24 months. But the Treasury red-flag advisory arrives in 60 days regardless of litigation. The infrastructure required to act on it has value independent of any single regulatory mandate.
Conclusion
Two executive orders. Four parallel rulemaking clocks. A deregulatory push opening the system to new entrants who need compliance infrastructure from day one. And all of it landing on teams already preparing for FinCEN’s effectiveness standard.
The institutions that recognize the common thread — every new obligation and every new entrant requires the same architecture — will build it once and serve every mandate. The first deadline is 60 days away.