On May 21, 2026, Open Frontier Board Member Carole House testified before the U.S. House Financial Services Committee’s Subcommittee on National Security, Illicit Finance, and International Financial Institutions at a hearing titled, “Modernizing the BSA for Financial Crime in the 21st Century.” Below, you can see her opening remarks and a key exchange with Ranking Member Joyce Beatty, followed by the written introduction to her testimony. The full testimony is available here.
Thank you Chairman, Ranking Member, and distinguished Members of the Subcommittee, for holding this hearing and the honor of the invitation to testify on modernizing critical illicit finance frameworks in the face of an ever-dynamic threat, technology, and policy landscape. I applaud your leadership in convening the Subcommittee on this important issue. I have spent my career at the intersection of national security, emerging technology, and economic statecraft, including through service in three tours at the White House, at the U.S. Treasury Department, U.S. Senate Homeland Security Committee, chairing and advising three regulatory agency committees on emerging tech, and as a U.S. Army Captain. I hope my testimony will be helpful in considering some of the most important aspects of anti-money laundering and countering financing of terrorism (AML/CFT) reform, as you navigate the incredibly complex issues at play here relating to security, innovation, and personal liberty.
The financial integrity architecture the United States built over the past five decades is not, at its core, a compliance structure. It is the infrastructure through which this country defends its citizens, projects economic power, and holds adversaries accountable. It is what enables us to freeze the assets of a sanctions evader, trace the proceeds of a fentanyl network back to its source, recover funds stolen from fraud victims, and deny revenue to the state actors funding weapons of mass destruction (WMD) proliferation programs with stolen funds. Every major threat identified in Treasury’s National Money Laundering Risk Assessment, in the ODNI’s annual threat assessment, and in the bipartisan work of the House Select Committee on China runs, at some point, through the financial system. The architecture we built to track and disrupt the activity of these threats – whether Chinese infiltration of AI supply chains, narco- and human-trafficking networks, arms control circumvention – runs in mutual support of rule-of-law systems with benefits that extend well beyond national security. Sanctions enforcement, civil fraud recovery, credit decisions, tax administration, and counter-fraud programs all depend on a common underlying principle: that certain financial activity is documented and available to those with lawful authority to access it, under conditions appropriate to the purpose. Remove that principle and you do not just weaken AML enforcement. You weaken every accountability system built on top of it.
These frameworks also implicate genuine democratic values that demand honest engagement: privacy, personal liberty, and the burden that compliance obligations place on individuals and institutions. Getting modernization right means taking those values seriously, not treating them as obstacles to security but recognizing that well-calibrated financial integrity frameworks advance all of them simultaneously. Privacy protection in this context means ensuring sensitive financial information reaches only those with lawful authority to access it and defining what those conditions should be, not that records cease to exist. Liberty protection means ensuring the system targets wrongdoing rather than imposing indiscriminate burdens on law-abiding Americans. And burden reduction done right (e.g., through better infrastructure, smarter data architecture, and clearer regulatory standards) can improve both outcomes and access at the same time. The tensions here are real but narrower than the current debate suggests, and the connective tissue between security, accountability, and financial inclusion is stronger than is often recognized.
A few key messages I hope to underscore with my testimony:
- The risk environment (across every component of risk – threat, vulnerability, and mitigations) has genuinely changed, and demands frameworks accounting for these evolutions. Transnational criminal organizations, state actors, and professional enablers are more sophisticated, better resourced, and more technologically capable than at any prior point. Generative artificial intelligence (AI), digital assets, and agentic financial systems are present operational realities being exploited now, and quantum moment (whether in super-charging compute capability or threatening cryptographic security) is fast approaching. If we invest in the right infrastructure and policy levers, they also create genuine opportunities for more effective detection and disruption. Ongoing policymaker interest in focusing on leveraging emerging technologies for benefit and desire to drive greater prioritization for more targeted use of limited resources in high-impact ways can be important steps in addressing this dynamic risk environment.
- Our adversaries are actively exploiting the seams in our visibility into corporate ownership, commercial relationships, and financial system coverage at growing scale and sophistication. Congress recognized this trajectory and acted by building authorities and tools specifically designed to gain visibility at the critical junctures adversaries exploit. Those tools remain unfinished five years on, and in some areas are being actively reversed. The result is a growing gap between the sophistication of the threats Americans face and the capability of the frameworks designed to address them; a gap that is widening precisely as the window to close it narrows.
- Genuine modernization requires an honest evaluation of the existing system’s strengths and challenges and the nature of shifts driven in capacity and threat by an evolving technology landscape – though conflating burden reduction with modernization, without meaningful steps toward efficacy, does not benefit Americans or national security. Reducing compliance friction by building better infrastructure (i.e., authoritative identity verification, machine-readable and structured intelligence sharing, risk-based examination methodology, etc.) improves outcomes while reducing burden. This is a noble aspiration and precisely how we should be thinking about illicit finance framework modernization. However, reducing visibility and dismantling the accountability apparatus without improving underlying infrastructure and without understanding and improving efficacy isn’t modernization; it’s effect will be a reduction in capability and opening the door to adversaries seeking to harm Americans and U.S. national security interests.
- To meet the dynamic and sophisticated threats facing our financial system, the United States must pivot from a model of retrospective compliance to one of proactive, operational disruption. Achieving this requires a synchronized effort to eliminate structural blind spots, dismantle artificial data silos, and deploy modern digital identity infrastructure. The following targeted recommendations provide Congress and regulatory agencies with a strategic roadmap to deliver on the promise of the AML Act (AMLA), restore accountability, and safeguard American national security:
- Restore accountability where adversaries exploit opacity: Corporate and supply chain transparency – restore and implement the Corporate Transparency Act (CTA) and beneficial ownership transparency as envisioned by Congress and with a framework that benefits financial institutions and the national security ecosystem; Enabler coverage – finalize investment adviser obligations; finalize the real estate AML rule and extend targeted AML obligations to professional enablers.
- Modernize financial intelligence sharing: SAR and cross-institution sharing – finalize the SAR sharing pilot established under the AMLA; expand 314(b) protections in the statute to explicitly cover information related to underlying predicate offenses for money laundering to include fraud, cybercrime, and sanctions violations; broaden information-sharing liability coverage beyond financial institutions to include financial service providers and other entities for purposes of combating financial crime and fraud (i.e., resembling Cybersecurity Information Sharing Act coverage); Data standards and architecture – develop structured machine-readable financial crime data standards and feedback loops to integrate into domestic and international reporting and information sharing channels.
- Build digital-era identity and compliance infrastructure: Identity pilots and infrastructure – direct FinCEN to establish clear pathways for exceptive relief pilots and measurements of efficacy with roadmaps to approval; launch pilots and public-private partnership initiatives for digital identity services and reliance, privacy-enhancing technology (PET)-enabled information sharing and AI-training, typology- and threat-specific SAR attachment data structures, and for programmable compliance features using existing FinCEN authorities like exceptive relief; modernize customer verification and beneficial ownership infrastructure, ensuring value for national security/law enforcement community and industry stakeholders.
- Shift from retrospective compliance to operational disruption: Supervision and enforcement – define measurable outcomes-oriented supervision standards tied to specific operational results rather than procedural proxies; direct strategic enforcement alignment that improves FinCEN’s access to critical information as well as enforcement action timeliness and calibration based on risk tiers, extent of violations, and sector-shaping objectives; prioritize and scale FinCEN’s Rapid Response Program for automation, expansion to fintech and crypto, and real-time coordination to boost interdiction of fraud proceeds.