At AnyAccount, our US team supports FinTech founders, MSBs and scaling payment companies with:

• State and federal regulatory licensing strategy, including MSB and money-transmitter frameworks

• Bank sponsorship readiness and partner-bank compliance alignment

• Technology market launches, including payments infrastructure, AML/KYC controls and onboarding flows

• End-to-end MSB governance frameworks with operational playbooks and audit trails

• Examination preparation across FinCEN, state regulators and sponsor-bank reviews

If you want to avoid surprises when your bank partner or regulator opens the manual and asks “Do you meet these new expectations?”, speak to us. We help firms build compliant, risk-based programmes that align with updated examiner guidance.

What Was Announced

On 2 August 2023, the FFIEC issued a fresh round of updates to the BSA/AML Examination Manual, revising six sections that deal primarily with foreign correspondent banking relationships, private banking risks and information-sharing obligations. The updates cover areas such as information-sharing procedures, due diligence for foreign financial institutions, private banking accounts, foreign shell-bank prohibitions, access to foreign bank records and reporting obligations tied to Iranian-linked financial institutions.

The key point is that none of these updates create new regulations. Instead, they clean up the structure of the manual, reorganise existing requirements and give examiners clearer, more transparent guidance on how to apply the rules already on the books. Several sections were renamed, split out or realigned to match the relevant provisions in 31 CFR, making it easier for both banks and examiners to link supervisory expectations to the underlying regulation.

Five Key Changes and Their Implications

Here are five of the most significant revisions — and what they mean for FinTechs, MSBs and banks.

1. Information-Sharing Section Retitled and Revised
   The “Special Information Sharing Procedures” section now aligns explicitly with 31 CFR 1010.520/1010.540. The revision emphasises that financial institutions must have robust procedures to share relevant information for AML/terrorist-financing deterrence. For MSBs, even when working through banks or sponsor models, the upstream flow of information matters. OCC.gov

2. Correspondent Accounts Due Diligence Consolidated and Enhanced
   The section covering correspondent accounts for foreign financial institutions (FFIs) has been updated and combined. Notably, enhanced due-diligence (EDD) expectations around “nested relationships” (foreign banks serving other foreign banks) are more explicitly flagged. The updates reflect the elevated risk associated with correspondent banking. Perkins Coie+1

3. Private Banking Due Diligence Now a Stand-Alone Section
   Private banking accounts (especially non-US persons) now have their own section aligned to 31 CFR 1010.620. Banks — and therefore sponsor banks partnering FinTechs — must more clearly document risk assessments for these accounts. For FinTechs using private-banking partnerships or ultra-high-net-worth flows, the implication is deeper scrutiny of control frameworks. bsaaml.ffiec.gov

4. Foreign Shell Banks & Ownership Records Elevated
   Correspondent accounts for foreign shell banks and related ownership/agent records are now a dedicated section (31 CFR 1010.630). This elevates the visibility of foreign-shell-bank risk as a specific supervisory focus. For FinTechs dealing with cross-border flows, this means banks will ask more detailed questions and expect more documentation on ownership structures. Federal Reserve

5. Iran-Linked Financial Institutions Reporting Obligations Clarified
   A separate section now addresses relationships with Iranian-linked financial institutions (aligned to 31 CFR 1060.300). While sanctions practitioners are familiar with the risks, banks and FinTechs need to recognise that this is now clearly flagged in the exam manual — meaning any indirect exposure will attract attention. ffiec.gov

What That Means for FinTechs and MSBs

The updates, while not legally novel, are operationally important. Here’s why:

• Banks will ask more detailed vendor/partner questions. Because the exam manual now gives examiners clearer language, banks (and their risk/compliance teams) will treat these sections as bench-marks. FinTechs must be ready with documentation, escalation logs and audit trails.

• Cross-border flows get harder to hide behind. Correspondent banking, shell-bank exposure and sanctions risk are explicitly elevated. If your model includes foreign partner banks, cross-border transfers or non-US counterparties, expect stricter scrutiny.

• Governance and independence matter more than ever. The manual underscores that the distinction between “regulatory requirement” and “guidance” must be clear. Evidence that controls are designed, executed and reviewed is table stakes.

• MSBs and FinTechs embedded in bank programmes are caught in the chain. Even if your firm isn’t a bank, your sponsor bank will be examined using this manual. If your flows or policies trigger one of the flagged sections, the bank will lean on you for proof.

• This is a moment to review your documentation, not delay. Because the manual is now more transparent, firms that audit their policies and control frameworks before an examination will fare better than those trying to adjust mid-cycle.

Takeaways for Businesses

• Review your correspondent-banking exposures, ownership chains and partner relationships now — document them, categorise risk and ensure escalation paths are clear.

• Ensure any private-banking or high-net-worth account flows are controlled, monitored and supported by independent reviews.

• Map any relationships with Iranian-linked or high-risk jurisdiction entities — even indirect ones — and prepare documentation.

• Strengthen your vendor management and information-sharing frameworks — especially if your banking partner uses third-party service providers.

• Recognise that your sponsor bank will reference these manual sections in diligence and examinations. Treat the manual as your target standard, not a nice-to-look-at.