What the CLARITY Act means for your fintech's AML program

Most fintechs have been watching the Digital Asset Market Clarity Act through a market structure lens: who regulates what, which assets are commodities, and how the SEC and CFTC divide jurisdiction. That framing misses the more immediate question for compliance teams.

‍

Section 110 of the CLARITY Act designates digital commodity brokers, dealers, and exchanges as "financial institutions" under the Bank Secrecy Act. That single provision doesn't just clarify the regulatory map. It drops a full BSA compliance obligation on a category of companies that have operated in a compliance gray zone for years. The Senate Banking Committee cleared the bill on May 14, 2026, sending it toward a full Senate floor vote, with prediction markets pricing a 2026 signing at 72 to 75%.

‍

If your fintech touches digital assets, whether you operate an exchange, run a brokerage, custody customer funds, or offer trading services, this is not a bill to monitor from a distance. It's a compliance program you need to start building now.

‍

What Section 110 of the CLARITY Act requires from your compliance team

The CLARITY Act is primarily a market structure bill. Title IV establishes new CFTC registration categories, resolves the SEC-CFTC jurisdictional dispute, and sets custody architecture requirements for futures commission merchants. That's the debate most of the industry has been watching.

‍

For AML officers, Section 110 is the operative provision. It does four specific things.

‍

First, it formally classifies digital commodity brokers, dealers, and exchanges as "financial institutions" under the Bank Secrecy Act. This is not a symbolic designation. "Financial institution" under the BSA is a term of art with specific, enforceable legal consequences.

‍

Second, it requires each entity to establish and maintain a written AML/CFT program. A risk-based set of policies, procedures, and internal controls designed to detect and deter money laundering and terrorist financing. This is not a checkbox. The program must be designed around your actual risk profile, documented, and demonstrably effective.

‍

Third, it requires an effective Customer Identification Program. CIP under the BSA means you collect, verify, and maintain records of customer identity at onboarding, and that you screen customers against government watchlists. If you've been running informal KYC flows without formally documented CIP procedures, the CLARITY Act ends that.

‍

Fourth, it requires transaction monitoring and Suspicious Activity Report filing. You are required to monitor customer transactions, identify patterns that suggest money laundering or other financial crimes, and file SARs when the activity crosses the reporting threshold.

‍

Taken together, these four obligations constitute a full BSA compliance program. The same infrastructure that traditional banks and regulated fintechs have spent years building, you now need to build on a legislative timeline.

‍

The SAR volume problem nobody is talking about

Here's the practical consequence that's getting far less attention than the registration requirements: SAR volume under the CLARITY Act is going to be significantly higher than most digital asset companies are currently producing.

‍

The Korean Digital Asset eXchange Alliance, when modeling the legislation's SAR requirements across its 27 member exchanges, estimated a potential SAR volume of up to 5 million reports annually. Their current collective filing rate is approximately 63,000 SARs per year. That is not a rounding error. That is an 80x increase in reporting volume driven by applying standard BSA SAR thresholds to the transaction patterns common in digital asset markets.

‍

The gap exists because digital asset transactions, high frequency, cross-border, pseudonymous counterparties, and 24/7 markets generate suspicious activity signals at a rate that traditional financial transaction monitoring was not designed to handle. If you apply standard SAR triggers to crypto transaction flows without tuning your detection logic specifically for digital asset patterns, you will either dramatically overproduce SARs, overwhelming both your team and FinCEN, or dramatically underproduce them and create regulatory exposure.

‍

Neither outcome is acceptable. Getting to the right SAR volume requires detection rules calibrated to your actual transaction population, investigation workflows that can process alerts at scale, and narrative automation that maintains quality without requiring every SAR to be drafted by hand. That infrastructure takes time to build and tune correctly.

‍

The timeline: where things stand

The legislative calendar matters here because it sets the compliance clock.

‍

The Senate Banking Committee cleared the bill on May 14, 2026, sending it toward a full Senate floor vote. The White House has publicly targeted a July 4, 2026, signing. Assuming the bill advances, with prediction markets pricing a 2026 signing at 72 to 75%, the compliance timeline from enactment runs as follows.

‍

Days 1 to 180: The CFTC has 180 days from enactment to establish an expedited provisional registration process.

‍

Day 90 from when registration opens: Digital commodity exchanges, brokers, and dealers must register with the CFTC within 90 days of the registration window opening. During provisional registration, compliance obligations are live, not deferred. Customer asset protection requirements, books and records obligations, and BSA program requirements apply from the moment you register, not from the moment full registration is complete.

‍

12 to 18 months post-enactment: Final agency rules are expected from the CFTC, SEC, and Treasury. With a best-case presidential signing around July 4, 2026, initial registration pathways could open in late 2026 or early 2027. Binding compliance frameworks and active enforcement are realistically a 2027 to 2028 story, depending on how long rulemaking takes.

‍

That timeline sounds like it leaves room to breathe. It does not, for most organizations. A full BSA/AML program, written policies, risk assessment, CIP procedures, transaction monitoring infrastructure, SAR filing capability, training, and independent testing takes months to design and implement correctly, and then additional months to tune. If you start building when the bill is signed, you are already behind.

‍

On March 11, 2026, the SEC and CFTC signed a Memorandum of Understanding on regulatory harmonization. A week later, they jointly classified 16 digital assets, including Bitcoin, Ethereum, XRP, and Solana, as digital commodities, making the perimeter of CFTC jurisdiction real and immediate. The regulatory infrastructure is moving faster than the legislative timeline alone would suggest.

‍

What to build before the window closes

If your fintech operates in digital assets and doesn't currently have a formal BSA/AML program, here is where to start.

‍

Conduct a formal risk assessment. Before you can build a compliant program, you need to document your risk profile: who your customers are, what products you offer, what geographies you serve, and where your exposure to money laundering and illicit finance is highest. This assessment drives every subsequent decision, including which monitoring rules you deploy, what SAR thresholds you set, and how you structure your CIP procedures. Without it, you're building detection logic with no anchor.

‍

Stand up your CIP infrastructure. Customer Identification Program requirements under the BSA are specific: you must collect and verify customer identity using reliable, independent sources at onboarding, and you must screen against applicable government watchlists. If your current onboarding flow doesn't meet that standard, or can't demonstrate that it does, that's your first priority.

‍

Design transaction monitoring for digital asset patterns. Standard rule sets tuned for ACH and wire transactions will not perform correctly on crypto transaction data. Digital asset monitoring requires rules built around on-chain transaction behavior, cross-border velocity, wallet clustering, and the 24/7 transaction cadence of crypto markets. This is not a lift-and-shift from your existing monitoring stack.

‍

Build SAR filing capacity before you need it. If your program will generate significantly more SARs than you currently file, you need to invest in the infrastructure before volume arrives, not after. That means investigation workflows that can handle alert volume at scale, narrative templates built for digital asset suspicious activity typologies, and quality review processes that hold up under examiner scrutiny.

‍

Don't wait for final rule text to start. The direction of the CLARITY Act is clear. The specific technical requirements will be filled in by CFTC rulemaking, but the core obligations, AML program, CIP, SAR filing, and recordkeeping, are explicit in the statute. Waiting for every implementation detail before beginning to build means starting behind the compliance timeline.

‍

The structural advantage of starting now

There's a meaningful difference between fintechs that build their AML programs before the CLARITY Act's compliance clock starts and those that begin in response to the registration deadline.

‍

The first group gets to design their program thoughtfully: calibrate detection rules against real transaction data, tune thresholds before production pressure hits, and develop the institutional knowledge that comes from running a system before it's under regulatory scrutiny. The second group builds under time pressure, often accepting off-the-shelf configurations that aren't tuned to their actual risk profile, and spends the next 12 months firefighting false positives and operational debt.

‍

Unit21's platform is built for exactly this transition: transaction monitoring, case management, SAR filing, watchlist screening, and AI-powered investigation, all on a single configurable platform. For digital asset companies moving from informal compliance practices to full BSA program requirements, the operational lift is significant. The right infrastructure makes the difference between a program that meets the standard and one that demonstrates it.

‍

If your fintech is moving from informal compliance practices to a full BSA program, Unit21 can help you build the infrastructure before the clock runs out. Request a demo today!

‍

The CLARITY Act is still moving through the Senate. The content of this post reflects the House-passed version (H.R. 3633) and the Senate Banking Committee's May 2026 markup discussions. Specific implementation requirements will be established through CFTC rulemaking following enactment.

‍