What the CLARITY Act means for your bank's AML program

For years, banks that wanted to engage with digital assets faced the same structural problem: the regulatory permission wasn't there. Unclear jurisdiction between the SEC and CFTC. No formal legal framework for custody. Supervisory guidance that varied depending on your primary regulator and the day you asked.

‍

The Digital Asset Market Clarity Act changes that. The CLARITY Act explicitly authorizes banks and financial holding companies to engage in a wide range of digital asset activities, including custody, trading, lending, payment processing, node operation, brokerage, and derivatives services, all subject to existing banking laws. The Senate Banking Committee cleared the bill on May 14, 2026, sending it toward a full Senate floor vote. Prediction markets are pricing a 2026 signing at 72 to 75%, with the White House targeting a July 4 signing.

‍

The market structure clarity is real. So is the compliance work it creates.

‍

Banks have spent decades building the BSA/AML programs that the CLARITY Act now requires crypto-native firms to replicate. That's a genuine competitive advantage, but only if you understand what the legislation actually changes for your program, what new risk it introduces, and what your examiners will expect when digital asset activity starts flowing through your institution.

‍

The authorization banks have been waiting for

Let's start with what the CLARITY Act does for banks before getting to what it demands.

‍

The bill expressly permits banks and financial holding companies to engage in digital asset activities as part of their normal business operations. That's a significant shift from the environment of the past several years, where banks wanting to offer crypto custody or participate in digital asset markets had to navigate a patchwork of guidance, no-action letters, and supervisory uncertainty.

‍

Under the legislation, that uncertainty resolves. Banks can offer digital asset custody, participate in trading and lending, and process payments involving digital assets. Critically, they can do all of this under their existing banking regulatory framework, without seeking separate licensing from the CFTC or building a parallel compliance structure.

‍

On March 11, 2026, the SEC and CFTC signed a Memorandum of Understanding on regulatory harmonization. Within a week, both agencies jointly classified 16 digital assets, including Bitcoin, Ethereum, XRP, and Solana, as digital commodities. The scope of "digital asset business" is now something banks can plan around with precision.

‍

Whether your institution chooses to move quickly into digital asset services or adopt a wait-and-see posture, your AML program needs to be ready either way. The regulatory environment has changed, and so has the risk landscape around you.

‍

Why your BSA program is a competitive advantage

Here's the dynamic that's easy to underestimate: crypto-native firms are starting from essentially zero on BSA compliance, and they're doing it on a compressed timeline.

‍

Section 110 of the CLARITY Act formally establishes digital commodity brokers, dealers, and exchanges as distinct categories of BSA "financial institutions" under a federal CFTC registration framework. This obligation didn't exist in statute before. That means building a full AML/CFT program, a Customer Identification Program, transaction monitoring, SAR filing capability, recordkeeping, and independent testing from scratch, under regulatory scrutiny, in a market where enforcement is already aggressive.

‍

Banks with mature BSA programs already know how to document policies, tune detection rules, conduct independent testing, and produce audit-ready SAR narratives. That institutional knowledge has real value in the digital asset market, specifically because so many new market participants lack it.

‍

If your bank is considering entering digital asset custody, trading, or payment services, the compliance advantage is genuine. You can move with credibility that crypto-native firms are still building.

‍

The strategic question is whether your program is actually ready to handle what digital asset activity introduces.

‍

What the CLARITY Act changes in your AML program

Adding digital asset services to your institution isn't additive to your existing AML program. It's transformative. Digital assets introduce risk typologies, transaction patterns, and counterparty profiles that standard bank transaction monitoring rules were not designed to detect.

‍

Transaction monitoring rules need recalibration. Your existing rule set is tuned to the behavior patterns of your current customer base and product mix. Digital asset transactions operate differently: 24/7 markets without settlement windows, cross-border flows at high velocity, pseudonymous counterparties, and on-chain transaction histories that require different analytical tools than traditional payment rails. Rules optimized for ACH and wire fraud will generate different false positive rates and different detection gaps when applied to crypto transaction patterns. Before digital asset activity starts flowing through your institution, your detection logic needs to be evaluated and tuned for it.

‍

Customer risk rating models need new inputs. When your customers begin holding or transacting in digital assets, their risk profiles change. A customer who historically conducted modest USD wire activity and now begins moving significant value into crypto wallets may warrant a different risk tier than their historical behavior would suggest. Your CRR methodology needs to accommodate digital asset activity as a risk signal, not just as a product category.

‍

Counterparty due diligence requires new standards. When your bank transacts with registered digital commodity exchanges, brokers, or dealers, those entities are now formally classified as financial institutions under the BSA. That means they carry their own compliance obligations, but those obligations are brand new. The institutions carrying them range from well-resourced firms with serious compliance investments to newly registered entities that built their BSA programs on a tight deadline. Not all CFTC-registered entities are equal. Your due diligence framework for digital asset counterparties needs to go beyond verifying registration status.

‍

Beneficial ownership and wallet attribution become more complex. CIP in a digital asset context involves questions that don't arise in traditional banking: who controls the wallet, what's the on-chain history of the address, is this a self-custodied wallet or an exchange-held address? The Travel Rule applies to digital asset transfers above $3,000, requiring the transmission of originator and beneficiary information, and not all counterparty institutions will have that information in a format that integrates cleanly with your recordkeeping systems.

‍

The counterparty risk your examiners will focus on

Here's the examination question that BSA officers at banks should be thinking about now: when you transact with a CFTC-registered digital asset firm, how do you know their AML program is adequate?

‍

The answer matters because your institution can inherit risk from counterparties with weak compliance programs. If a digital commodity exchange you're banking or settling transactions for has inadequate transaction monitoring, or a CIP that doesn't actually verify customer identity, the suspicious activity that flows through them can reach your institution without being properly flagged.

‍

Under FinCEN's current examination philosophy, which is moving toward demonstrated effectiveness and outcome-based assessment, examiners are going to look at the quality of the counterparties your institution engages with in the digital asset space, not just whether those counterparties are registered.

‍

That means your due diligence on digital asset counterparties should go deeper than a CFTC registration check. It should include a review of their AML program documentation, an understanding of their CIP and transaction monitoring approach, and an assessment of whether their SAR filing history is plausible given their transaction volumes and customer base. An exchange processing billions in digital asset transactions and filing 200 SARs a year should raise more questions than one filing 5,000.

‍

What to do before digital asset activity reaches your institution

Whether your bank intends to offer digital asset services in 2026 or is simply preparing for the changing counterparty landscape, here's what to address in your AML program now.

‍

Map your exposure to CLARITY Act-covered entities. Start by identifying where your institution already intersects with digital asset businesses: existing banking relationships, payment processing clients, and counterparties in settlement networks. Many banks are already banking crypto-adjacent firms. The CLARITY Act formalizes those firms' compliance obligations, which change both your due diligence baseline and your SAR referral obligations when you detect unusual activity.

‍

Update your risk assessment for digital asset activity. Your institutional risk assessment should reflect whether your bank offers or plans to offer digital asset services, and if so, at what scale. If you're banking digital asset firms as customers, the risk assessment should document your analysis of their compliance programs and your rationale for accepting the relationship. A risk assessment that doesn't reference digital assets in 2026 is going to look incomplete.

‍

Evaluate your transaction monitoring for digital asset patterns. Even if your bank doesn't directly offer digital asset products, if your customers are transacting with crypto platforms, those transaction flows are already visible in your data. Understanding whether your existing rules are correctly calibrated to identify high-risk patterns in that activity is a baseline hygiene question.

‍

Develop a counterparty AML due diligence standard for digital asset firms. As digital commodity exchanges and brokers come under CFTC registration, your institution needs a clear framework for assessing their compliance programs. What documentation do you request? What thresholds would cause you to decline or exit a relationship? That standard should be written down before you need it.

‍

Talk to your examiner before they talk to you. If your bank is planning to launch digital asset services, an early conversation with your primary regulator about your program design is far better than a post-launch examination finding. The CLARITY Act gives banks regulatory permission. It doesn't reduce examiner expectations. Coming in with a well-documented program and a proactive disclosure posture is a different examination experience than getting there reactively.

‍

The banks that move thoughtfully will win

The CLARITY Act creates a genuine opportunity for banks that have built a strong compliance infrastructure. The competitive advantage is real: you have mature BSA programs, established examiner relationships, and institutional compliance knowledge that crypto-native firms are still acquiring.

‍

But the opportunity is only realizable if your program is actually ready for digital assets: calibrated detection logic, updated risk models, defensible counterparty due diligence, and examiners who've already seen your approach before you need to defend it.

‍

Unit21's platform was built to unify fraud and AML across complex, high-volume transaction environments, exactly the kind of infrastructure that makes digital asset program expansion manageable rather than operationally overwhelming. Transaction monitoring, case management, SAR filing, watchlist screening, and AI-powered investigation, all on a single configurable platform. 

‍

If you're thinking through what your AML program needs to look like when digital assets come in, start with a demo: https://www.unit21.ai/schedule-demo

‍

The CLARITY Act is still moving through the Senate. The content of this post reflects the House-passed version (H.R. 3633) and the Senate Banking Committee's May 2026 markup discussions. Specific implementation requirements, including examination standards for digital asset compliance programs, will be established through CFTC and FinCEN rulemaking following enactment.

‍