Our Take: financial services regulatory update – April 3, 2026

April 03, 2026

Change remains a constant in financial services regulation

Read "our take" on the latest developments and what they mean.

DOL opens the door to including alternative investments in 401(k) plans

What happened? On March 30^th, the Department of Labor (DOL) proposed a rule to clarify how fiduciaries may select investment options in defined contribution plans, following an August 7^th 2025 Executive Order (EO) directing the agency to expand access to alternative investments in 401(k) plans.

What is the scope of the proposal? The proposed rule applies to fiduciaries responsible for selecting and overseeing investment options in participant-directed defined contribution plans, including employer-sponsored 401(k) plans.¹ It also applies to advisors, asset managers, broker-dealers, and other service providers involved in the selection, structuring, or administration of these investment options within defined contribution plans.

Both the proposal and the EO define alternative investments as those outside traditional public markets, including private market investments, real estate, commodities, infrastructure, digital assets, and certain lifetime income strategies.

What are key elements of the proposal? The proposal establishes a structured, process-based safe harbor under which fiduciaries selecting investment options in defined contribution plans would be treated as having satisfied ERISA’s prudence requirement if they evaluate investments across six specified factors:

Performance. Fiduciaries must consider a reasonable number of similar alternatives and determine that the investment’s risk-adjusted expected returns, over an appropriate time horizon and net of fees and expenses, further the purposes of the plan by enabling participants to maximize risk-adjusted returns.
Fees. When considering alternatives, fiduciaries need to determine that the investment’s fees and expenses are appropriate, taking into account its risk-adjusted expected returns and any other value the investment provides. The rule does not require selecting the lowest-cost option.
Liquidity. Fiduciaries must determine that the investment has sufficient liquidity to meet anticipated needs at both the participant and plan level, including withdrawals, reallocations, and broader plan-level liquidity events.
Valuation. Fiduciaries must determine that the investment can be valued accurately and on a timely basis, including assessing whether valuation methods are reliable and, where applicable, independent and conflict-free.
Benchmark. Fiduciaries must identify a meaningful benchmark (i.e., an investment, index, strategy, or composite with similar mandates, objectives, and risks) and compare the investment’s risk-adjusted expected returns, net of fees, against that benchmark.
Complexity. Fiduciaries must assess the complexity of the investment and determine whether they have the skills, knowledge, and experience to understand it, or whether they need to rely on qualified advisors.

What’s next? Comments on the proposal are due by June 1^st, 2026. The DOL requests feedback on whether the final rule should address participant characteristics as a stand-alone factor, particularly for target date funds and managed accounts, as well as best practices for monitoring investments and the prudent curation of the plan’s overall investment menu. It also indicates that it expects to issue separate interpretive guidance on the ongoing duty to monitor designated investment alternatives after selection.

Our Take

Clearing the path for alternatives in defined contribution plans

This proposal is a watershed moment for the inclusion of alternative assets in retirement plans. For a sector that has historically exercised caution around including these assets due to perceived litigation risk, the proposal provides long-awaited clarity on how such decisions can be evaluated and defended under ERISA. Although it can be read simply as a set of technical guardrails for defending investment decisions, the proposal’s real significance is as a first step in moving alternative assets from the margins toward the mainstream of defined contribution investing. However, it comes at a time in which the performance and transparency of private market investments have increasingly come under scrutiny. As a result, the challenge of this proposal remains how consistently and credibly these risks can be evaluated.

The safe harbor introduces a more explicit link between process and legal protection, but substantial subjectivity remains. Terms like “reasonable number of alternatives” and “meaningful benchmark” leave room for interpretation, and those areas are likely to draw attention during the comment period. Proposed criteria, such as those for timely and accurate valuations, are both technically complex and dependent on prevailing market conditions, requiring a level of subject matter expertise that most fiduciaries are unlikely to possess in-house. To prepare for a final rule, fiduciaries need to assess whether existing governance and investment selection processes align with the safe harbor outlined in the proposal. For many, the challenge will not be in identifying the relevant factors, but rather in demonstrating that they are applied consistently and supported by sufficient analysis to withstand scrutiny.

FinCEN releases fraud advisory and proposes whistleblower payment rule

What happened? On March 30^th, Treasury’s Financial Crimes Enforcement Network (FinCEN) released the following documents:

An advisory on healthcare fraud schemes targeting Medicare, Medicaid and other federal and state healthcare benefit programs. In the advisory, FinCEN explains that domestic organized crime groups and transnational criminal organizations are increasingly perpetuating healthcare fraud schemes. It describes common typologies – such as shell companies used to establish provider entities and submit fraudulent claims – and provides red flag indicators across areas such as onboarding, account access and transaction patterns. The advisory requests that financial institutions tag Suspicious Activity Reports (SARs) with a unique identifier provided in the advisory and encourages information sharing among financial institutions.
A notice of proposed rulemaking to implement a whistleblower program for AML and sanctions violations. The proposal would establish processes for tip submissions and award applications, define eligibility and adjudication procedures and set out whistleblower protections. FinCEN proposes awards of 10-30% of collected monetary penalties when a whistleblower’s tip leads to a successful action by Treasury or the DOJ.

What’s next? Comments on the whistleblower program proposal are due by June 1^st.

Our Take

FinCEN continues focus on fraud and improving the usefulness of reporting

Together, these actions underscore FinCEN’s continued focus on the interconnections between fraud and money laundering – and the need for improved reporting and information sharing to detect and prevent these crimes. The health care fraud advisory is explicit that this risk demands the attention of AML programs as it is tied to organized crime schemes and includes practical indicators that should translate directly into monitoring, investigations and SAR narratives.

What anti-financial crime teams should do now:

Operationalize the advisory’s SAR instructions immediately (e.g., keywording, checkbox conventions and narrative expectations) so SARs are consistently searchable and aligned to FinCEN’s advisory.
Refresh typology coverage for healthcare benefit fraud, including monitoring for newly-formed or recently-acquired providers; potential straw ownership and shell company signals; reimbursement-driven cash-out patterns; and rapid movement into layering mechanisms.
Treat healthcare fraud as a “linked” risk with other areas of crime such as fraud, AML, sanctions and cyber, and enhance anti-financial crimes programs to include end-to-end signal correlation instead of siloed alerts. In practice, this means connecting onboarding and know-your-customer data with transaction and payment signals. For example, indicators of suspicious cyber-related activity such as login anomalies will often connect to fraud and/or money laundering activity.
Pressure-test internal escalation and documentation standards (e.g., hotline intake, case management, consistent outcomes, non-retaliation controls), anticipating increased incentives for external reporting once the whistleblower rule is finalized.
Revisit information-sharing posture to improve cross-institutional visibility into mule networks, related entities, and cross-border elements of fraud schemes.

Enhanced oversight of captive insurers and risk retention groups enacted

What happened? On March 24^th, Vermont Governor Phil Scott signed into law a bill (H.649) amending the rules governing captive insurance companies, risk retention groups (RRGs), and sponsored captive insurance companies, a significant number of which are domiciled in the state.

What does the law do? H.649 aims to address concerns around solvency, operational controls, and consistency in compliance standards while simultaneously ensuring that captives continue to serve as effective risk management tools for parent organizations. It does so through updates in three key areas:

Restrictions on RRG loans and investments. Risk retention groups are prohibited from making loans to, or investments in, their members or affiliates of members. Any such arrangements in effect prior to January 1, 2026 are permitted to continue under a grandfathering provision, but no new transactions of this type are allowed.
Expanded reporting requirements for RRGs. Risk retention groups are required to file both annual and quarterly financial statements with the National Association of Insurance Commissioners (NAIC). Annual filings include the NAIC annual statement convention blank, signed jurat page, actuarial certification, and any additional materials required by the Commissioner. Quarterly statements must report the group’s financial condition and operations for each reporting period and be filed electronically with the NAIC on a set schedule.
New certification requirement for protected cells. Each protected cell – an individually segregated unit within a sponsored captive insurer with its own assets and liabilities – must file a sworn statement within 30 days after commencing business certifying that required funding, including any collateral, was in place prior to operations.

What’s next? The law takes effect on July 1^st. The next key reporting milestones under the updated requirements will be the Q3 2026 quarterly statement due November 15^th, 2026 and the 2026 annual statement filing due March 1^st, 2027.

Our Take

Vermont is raising the bar for captive insurance regulation, and the industry should take note

Vermont’s position as a leading captive insurance domicile has long been underpinned by a regulatory framework that balances flexibility with rigor. H.649 reflects the state’s continued commitment to strengthening that framework through targeted measures that elevate expectations around financial discipline, reporting transparency, and operational excellence. The most consequential change is the prohibition on loans and investments between RRGs and their members or affiliates. This provision establishes a clear boundary around transactions that have historically operated with greater flexibility, signalling a concern for the heightened governance and solvency risks such arrangements have posed. In parallel, the introduction of quarterly NAIC filing requirements aligns RRG regulatory reporting obligations more closely with those applied to traditional insurers and likely will necessitate investments in timely, electronic reporting capabilities where reporters do not currently possess them. Taken together, these changes underscore Vermont’s intent to continue setting the standard for captive insurance regulation. Given the state’s outsized influence on industry norms, legal and compliance teams should view H.649 not solely as a jurisdictional compliance matter, but as an indicator of the direction in which broader regulatory expectations applicable to captive insurers are likely to evolve.

On our radar

OCC rescinds recovery planning guidelines for large banking organizations. On April 1^st, the OCC issued a final rule rescinding its guidelines establishing recovery planning standards for certain large insured national banks, federal savings associations, and federal branches. The action removes requirements to develop and maintain formal recovery plans and is intended to reduce regulatory burden while maintaining existing supervisory expectations for risk management. The rule is effective May 1^st.

Treasury proposes framework for assessing state-level stablecoin regulatory regimes under the GENIUS Act. On April 1, 2026, the U.S. Department of the Treasury issued a notice of proposed rulemaking to establish principles for determining whether state-level regulatory regimes for payment stablecoin issuers are substantially similar to the federal framework. The proposal outlines criteria for assessing areas such as prudential standards, supervision, and consumer protections and would allow certain issuers below a $10 billion issuance threshold to opt into state regulation if approved. Comments are due within 60 days of Federal Register publication.

FDIC releases 2026 Consumer Compliance Supervisory Highlights. On March 31^st, the FDIC published its annual Consumer Compliance Supervisory Highlights summarizing consumer compliance trends identified in 2025 through its supervision of state non-member banks and thrifts. The report outlines overall compliance performance, frequently cited violations, and consumer complaint trends, with most institutions rated satisfactory or better and common violations involving TILA, EFTA, and flood insurance requirements.

California opens digital assets licensing applications. California’s digital asset licensing regime opened for applications on March 9^th, and the California Department of Financial Protection and Innovation (DFPI) released FAQs and guidance around application preparation. The guidance highlights aspects of an effective AML program, cyber and operational security, digital asset-specific safeguards, capital and liquidity, consumer protection and more. Senior Deputy Commissioner for Consumer Financial Protection Armen Meyer explained that the licensing requirement will help the agency “further understand the space’s players in order to protect consumers through efficient licensure and supervision.”

_{¹Under the Employee Retirement Income Security Act of 1974 (ERISA), a person is a fiduciary to the extent they exercise discretionary authority over plan assets or provide investment advice for a fee, and must act prudently and solely in the interest of plan participants and beneficiaries. Although the framework governing fiduciary advice has been revised multiple times over the past decade, it has now returned to DOL’s original 1975 five-part test. Compensation that creates a conflict of interest is permitted only if the fiduciary complies with Prohibited Transaction Exemption 2020-02, which requires adherence to impartial conduct standards and specified disclosure, documentation, and compliance obligations.}