The US Treasury's Financial Crimes Enforcement Network, FinCEN, has issued an advisory directing banks to watch for indicators that a customer may lack legal immigration status, expanding the information banks can share and sharpening compliance expectations across the sector. The advisory, published on 12 June 2026, sets out 18 red-flag indicators tied to fraud schemes involving the unlawful employment of unauthorised workers, and asks institutions to reference it in Suspicious Activity Reports under a designated key term.
The advisory follows a May 2026 executive order that directed banks to scrutinise customer citizenship more closely. That order stopped short of mandating the collection of citizenship data — a requirement the banking industry had lobbied against for months — but it instructed bank regulators to look for signs that people without legal status were opening accounts or obtaining credit. The new guidance widens an information-sharing system that banks have long used under the Patriot Act to flag money laundering and fraud, and points to indicators such as the use of an Individual Taxpayer Identification Number in place of a Social Security number when opening an account or seeking credit.
Treasury Secretary Scott Bessent framed the measure as routine financial-crime practice rather than immigration enforcement, telling bankers the advisory does not ask them to act as immigration officers but to know their customers, identify risk and report suspicious activity. The distinction matters less in practice than in principle. As American Banker reported, the FDIC and the Office of the Comptroller of the Currency are the prudential regulators whose examiners will interpret the guidance, and once specific red flags and SAR-filing instructions are published, those materials can become reference points in examinations, enforcement reviews and internal audits.
That is where the compliance exposure rests. An advisory carries no explicit mandate, so on paper nothing is required. In supervision, however, examiners can treat published red flags as a benchmark against which a bank's monitoring is judged, which converts guidance into a de facto expectation. Smaller institutions, with leaner compliance functions, face the sharpest version of this problem, lacking the resources to build and document the screening that examiners may come to expect.
The practical risk is over-compliance. Faced with ambiguous guidance and the prospect of examiner scrutiny, banks may choose to drop customers who merely look risky rather than carry the monitoring burden — the same de-risking dynamic seen in earlier sanctions and anti-money-laundering waves. Compliance and finance teams will need to assess the cost of building screening against these 18 indicators, weigh it against the reputational and conduct risk of de-banking legitimate customers, and document their reasoning. How examiners at the FDIC and OCC apply the advisory in coming cycles will determine whether it remains guidance or hardens into an enforcement standard.
More From Finance Monthly: Treasury Crackdown Tightens Banking Rules as Customer Scrutiny Spreads
