FinCEN Launches New Whistleblower Webpage

Enforcement Edge: Shining Light on Government Enforcement

By Paul Lim Michael A. Mancusi Kathleen Reilly Kevin M. Toomey Tal R. Machnes Erik Walsh

On February 13, 2026, the U.S. Department of the Treasury (Treasury)’s Financial Crimes Enforcement Network (FinCEN) launched a webpage to accept whistleblower tips on money laundering, sanctions violations, and fraud (the Whistleblower Webpage). The Whistleblower Webpage, which has a user-friendly reporting feature and information regarding the possible monetary awards for providing information that leads to a successful enforcement action by Treasury or the U.S. Department of Justice (DOJ), is likely to increase the number of tips reported to FinCEN.

We provide below a brief background of the current whistleblowing regime and considerations for financial institutions and other companies with Bank Secrecy Act (BSA) requirements or potential exposure to sanctioned entities, regions, or related activity.

Background

In January 2021, Congress enacted the Anti-Money Laundering Act of 2020 (AMLA), which significantly revised the BSA’s existing whistleblower provisions, creating a new regime modeled on the highly successful whistleblower program of the U.S. Securities and Exchange Commission. AMLA increased the amount of potential awards for individuals whose reports lead to successful BSA/AML-related enforcement actions. Whistleblowers who voluntarily provide original information to their employer, Treasury, or DOJ could recover a maximum award of 30% of monetary sanctions collected in excess of $1 million, a substantial increase from the prior maximum of $150,000. In December 2022, Congress enacted the Anti-Money Laundering Whistleblower Improvement Act, which established a minimum award for a qualifying whistleblower report of 10% of the monetary sanctions collected in excess of $1 million, and expanded the reportable activity qualifying for an award to include violations of U.S. sanctions administered by Treasury’s Office of Foreign Assets Control (OFAC).

In passing AMLA, Congress authorized Treasury to issue rules and regulations to fully implement the enhanced whistleblower program, yet did not set a deadline to do so. Since AMLA was enacted in 2021, neither Treasury nor FinCEN has implemented such rulemaking and, until last week, had not established a public webpage for submitting whistleblower reports.

FinCEN’s Whistleblower Webpage

The Whistleblower Webpage formalizes the enhanced whistleblower program by providing a centralized, user-friendly interface for individuals to confidentially submit detailed tips concerning potential violations of the BSA, U.S. sanctions programs, and related laws and regulations that threaten the integrity of the U.S. financial system. FinCEN emphasized in a bulletin accompanying the launch of the Whistleblower Webpage that it is particularly interested in information involving fraud schemes (such as misappropriating funds from government benefit programs), the use of “deepfake” identities, and “pig butchering” schemes. The Whistleblower Webpage provides guidance on eligibility criteria, submission requirements, and procedures for maintaining anonymity where desired, as well as a structured process for uploading supporting documentation to accompany whistleblower reports.

The Whistleblower Webpage notes that FinCEN will publish a regulation and, once finalized, begin processing and paying whistleblower awards, although it provides no timeline.

Considerations for Financial Institutions and Other Companies with BSA Requirements or Sanctions-Related Exposure

Reported BSA violations that may result in a whistleblower award include a financial institution’s failure to maintain an effective BSA compliance program. Further, FinCEN’s bulletin includes a list of example violations that the public is encouraged to report. The list primarily features examples of financial institution BSA/AML program deficiencies—for example, poor customer due diligence and the lack of controls to detect structuring and virtual currency investment schemes.

The launch of the Whistleblower Webpage therefore provides a good reminder for financial institutions—and other entities with BSA obligations and/or potential exposure to sanctioned parties, regions, or related conduct—to review their internal reporting policies and procedures.

For example, financial institutions and other entities should:

Review compliance culture from the top down. A compliance program and internal reporting mechanisms are only as good as the culture of the institution, starting from the C-suite. This tone at the top should set the standard that excellent compliance is expected, internal reports are welcome, and retaliation is not tolerated.
Review, audit, and update policies and procedures for internal whistleblowers. It is important to ensure that employees who report internally are adequately heard. This can lead to prompt remediation of outstanding issues and reduce the likelihood of external reporting. Companies should clearly communicate to employees the company’s reporting policy and procedures, protections for whistleblowers (including strong anti-retaliation provisions), and the channels for reporting. Companies also should test to make sure any webpages used for anonymous reporting work as designed, including to make sure that reports are adequately captured and sent to the correct individuals in line with the company’s policies and procedures. Consider reviewing internal reporting structures to ensure all reports—not just those going to an internal hotline—are captured, triaged, and investigated if appropriate.
Appropriately respond to whistleblower reports. Ensure that procedures for triaging whistleblower reports are working properly, including conducting internal reviews of such procedures where appropriate. This will help mitigate confidentiality concerns and retaliation risks and ensure that tips are being handled appropriately.
Make training a priority. Employees should participate in annual trainings tailored to specific jobs to keep them abreast of how to deal with whistleblowers and what retaliation protections employees have if they do report internally. Consider training both legal and human resources departments on the ambiguities in the new regulations and how to avoid pitfalls that can be costly to the company. That training should also be provided to a company’s AML department, who may not have been sensitive to these issues historically. This may also include training at the middle management level to ensure that managers, who are often the recipients of whistleblower tips via their direct reports, can identify an internal report when they get it and know what to do with that report so it is captured by the company and acted upon.
Consider Voluntary Self-Disclosures of Potential Violations. Companies should consider the anticipated increase in whistleblower reports resulting from the Whistleblowers Webpage when deciding whether to self-disclose potential violations. This is especially important in the context of potential sanctions violations, as conduct that is voluntarily self-disclosed to OFAC may be eligible for a 50% reduction of any civil monetary penalty. OFAC is unlikely to credit a disclosure if the agency had previously learned of the potential violation from a whistleblower.

For questions about this post or the whistleblower program more generally, contact the authors or any of their colleagues in Arnold & Porter’s Financial Services, White Collar Defense & Investigations, or Export Control & Sanctions practice groups.

© Arnold & Porter Kaye Scholer LLP 2026 All Rights Reserved. This Blog post is intended to be a general summary of the law and does not constitute legal advice. You should consult with counsel to determine applicable legal requirements in a specific fact situation.