Money Services Businesses (MSBs) are entering 2026 under continued regulatory pressure, from federal expectations around anti-money laundering/countering the financing of terrorism (AML/CFT) effectiveness and sanctions compliance to increasingly detailed state licensing, cybersecurity, and consumer protection requirements. 

Use this ten-step roadmap to prioritize renewals, updates, and internal reviews before regulators or your bank.

1. Core Business Registrations, Permits & Licensing

These foundational items remain the first things regulators and banking partners verify. Lapses here can cascade into account closures or enforcement actions.

• FinCEN MSB Registration – Confirm registration is current, accurate, and reflects all money services offered.
• Check Casher Permit – Renew timely and ensure fee schedules align with approved filings.
• State Money Transmission Licenses (if applicable) – Verify renewal dates, surety bond amounts, and net worth requirements.
• Business License(s) – Local and state business licenses must remain active for each operating location.
• Fictitious Business Name (DBA) Statements – Ensure DBAs used in marketing, signage, and banking match filed statements.
• State-Required Annual Reports – File all annual, quarterly, or event-driven reports required by licensing authorities.

2. AML/CFT Program Effectiveness

Regulators continue to emphasize effectiveness over form. An AML/CFT program that exists on paper but is not followed in practice will not pass scrutiny.

• Written AML/CFT Program – Updated, approved by senior management, and tailored to current operations.
• Risk Assessment – Reflects products, services, customers, geographies, delivery channels, and transaction volumes.
• Third Party Independent Review – Conducted annually with documented scope and testing.
• Gap Analysis – Demonstrates how identified weaknesses are tracked, prioritized, and remediated.
• Transaction Monitoring Program – Manual and/or automated systems documented, calibrated, and supported by alert review logs.
• Monitoring Logs & Case Management – Clear evidence of CTRs, SARs, monetary instrument logs, and funds transfer records.
• Recordkeeping Requirements – Monitoring logs and pertinent documentation records are retained appropriately.
• OFAC Screening – Customers, transactions, and counterparties screened against current sanctions lists.

3. Training & Governance

Training and governance demonstrate that compliance is embedded across the organization.

• Annual Employee Training (AML/CFT) – Role-based for employees, Compliance Managers, Compliance Officers, and the Board of Directors, which is documented and updated for regulatory changes.
• New Hire & Refresher Training – Every employee whose role includes money services must be trained upon hiring and annually.
• Compliance Committee or Management Oversight – Meeting minutes and reporting to senior leadership.
• Annual Lender-Specific Training (if applicable) – Covers UDAAP, fair lending, and state lending requirements.

4. Change Management & Ongoing Updates

Any change to your business can materially impact risk. Regulators expect proactive, not reactive, updates.

• New or Discontinued Money Services – Risk assessment updates and program revisions completed before launch or exit.
• Changes in Ownership or Management Structure – Timely notifications to regulators and banks.
• Changes in Check Cashing Fees or Pricing Models – Proper disclosures, filings, and policy updates.
• Additional or Closed Business Locations – Licensing updates, training, and monitoring adjustments.
• Changes to Service Providers or Vendors – Due diligence completed and contracts reviewed.
• Updated Agent Verification Letters – Reflect current relationships and oversight.
• Policy & Procedure Updates – Especially where transaction monitoring or onboarding processes change.

5. Customer Due Diligence (CDD) & Transparency

CDD expectations remain central to MSB compliance and bank relationships.

• Compliance with FinCEN’s CDD Rule – Customer identification, beneficial ownership (where applicable), and ongoing monitoring.
• Customer Risk Rating Methodology – Applied consistently and supported by documentation.
• Enhanced Due Diligence (EDD) – For higher-risk customers, products, or corridors.

6. Issue Management & Regulatory Follow-Up

Unresolved findings are one of the fastest ways to escalate regulatory risk.

• Addressing Prior Independent Review Findings – Including lingering issues from 2023–2025 reviews.
• Corrective Action Tracking – Clear ownership, timelines, and evidence of completion.
• Regulatory Exam Responses – Timely, complete, and consistent.
• Supplying Banks with Requested Documentation – Programs, reports, and updates provided promptly.

7. Geographic Targeting Order & State-Specific Reporting Requirements

State and regional obligations continue to expand and evolve.

• Southwest Border GTO MSB CTR Reporting – Enhanced CTR obligations for covered locations.
• Minnesota GTO Financial Transactions Reporting – State-specific reporting thresholds, timelines, and updated transaction information requirements.
• New York Department of Financial Services (NYDFS) – Oversight expectations for covered entities.

8. CFPB & Consumer Protection Readiness

Consumer-facing MSBs should be prepared for CFPB-style examinations, even if not directly supervised.

• Compliance Management System (CMS) – Policies, training, monitoring, and complaint response.
• CMS Independent Review – Validates consumer compliance controls.
• Complaint Management Process – Intake, tracking, response, and trend analysis.
• Updated Collection Practices – Aligned with federal and state consumer protection laws.

9. Cybersecurity, IT & Operational Resilience

Technology and data security are now inseparable from compliance risk.

• NYDFS Cybersecurity Regulation (23 NYCRR Part 500) – Gap analysis and ongoing compliance.
• Cybersecurity Program – Risk-based, documented, and tested.
• Part 504 Rule (where applicable) – Transaction monitoring and filtering program certifications.
• North Carolina Office of the Commissioner of Banks (NCCOB) IT Package:
  • Information Security Program
  • IT Risk Assessment
  • ITQ completion support
• Incident Response Plan – Defined escalation and notification procedures.
• Disaster Recovery & Business Continuity Plan – Tested and updated.

10. Third-Party & Vendor Risk Management

Outsourced functions do not outsource accountability.

• Vendor Management Policy – Risk-based approach to onboarding and oversight.
• Vendor Risk Assessment Templates – Applied consistently.
• Contract Review Checklist – Compliance, data protection, and audit rights.
• Ongoing Vendor Monitoring – Performance, incidents, and renewals documented.

Looking Ahead: Turning Compliance into a Strategic Advantage

In 2026, MSB compliance is no longer just about meeting minimum requirements. Strong programs support bank relationships, enable product growth, and reduce the likelihood of disruptive enforcement actions. The most successful MSBs treat compliance as a living system; regularly tested, updated, and aligned with business strategy.

If you would like support in developing a compliance roadmap tailored to your business, our experts are here to help. 

Tags: AML, Anti Money Laundering, Automated Transaction Monitoring, Bank Secrecy Act, BSA, BSA/AML Programs, CAMS, Capital Compliance Experts, CMS, Compliance Employee Training, Compliance Management System, Custom Anti-Money Laundering Programs, Cybersecurity, Money Service Business, Money Services Business, Monitoring logs, Online Employee Training, Risk Assessment, Third Party Independent Reviews