The Regulatory Compliance Digest’s Q2 2026 issue summarizes the latest updates from FFIEC, FinCEN, CFPB, FDIC and federal bank regulatory agencies, in addition to hot topics and recent developments in the regulatory environment.
The Regulatory Compliance Digest is intended to keep you informed of regulatory changes in advance of their effective date so your institution can evaluate changes or updates to necessary policies and procedures in place to be compliant at the time of enactment.
Flood Insurance Compliance Violations Rising
The FDIC’s 1Q 2026 Consumer Compliance Outlook identified flood-related violations as among the most frequently cited consumer compliance issues in 2024. As we enter the second quarter of 2026, examinations indicate that this trend is continuing. The FDIC highlighted three recurring flood compliance findings:
- Originating designated loans with an insufficient amount of insurance
- Failing to provide the required notice to borrowers when they apply for a designated loan
- Failing to identify lapses in coverage and force-placed insurance when necessary
Based on our interactions with financial institutions, we have observed increased regulatory scrutiny of continuity of flood insurance coverage during recent examinations. In many cases, noted issues stem from limited or ineffective internal controls for flood compliance. The FDIC has identified the following root causes for failures to detect lapses in coverage:
- Failure to monitor loans in special flood hazard areas (SFHAs) for adequate flood insurance throughout the life of the loan
- Audit gaps that limit the institution’s ability to identify uninsured or underinsured loans
- Insufficient corrective action to prevent identified issues from recurring
How Does Flood Insurance Impact Financial Institutions?
To mitigate risk and support compliance with the Flood Disaster Protection Act, we recommend that financial institutions implement and periodically review the following internal controls:
- Maintain written policies and procedures that address regulatory requirements and clearly assign roles and responsibilities for flood insurance compliance. At a minimum, policies and procedures should cover the following:
- Flood determinations for loans secured by real estate
- Requirements to obtain flood insurance for real estate secured loans in designated flood zones prior to closing
- Borrower notification requirements for new originations, policy expirations and force placement
- Controls to verify adequate flood insurance coverage prior to closing and throughout the life of the loan
- Monitoring processes (internal and/or third-party) to confirm coverage is maintained throughout the life of the loan
- Processes for tracking policy renewals
- Force placement procedures
- Procedures to document proof of coverage and retain required policy information
- Provide ongoing staff training to reinforce regulatory requirements and institutional policies and procedures. Communicate regulatory changes promptly as part of continuing education.
- Conduct periodic monitoring and testing: The compliance function should perform periodic reviews to confirm adherence to flood insurance requirements.
2025 HMDA Data on Mortgage Lending Now Available
On March 31, 2026, the CFPB announced that the Home Mortgage Disclosure Act (HMDA) Modified Loan Application Register (LAR) data for 2025 is now available on the Federal Financial Institutions Examination Council’s (FFIEC) HMDA Platform for approximately 4,768 HMDA filers. The published data contain loan-level information filed by financial institutions and modified to protect consumer privacy.
Impact: Awareness
Responsible Department: Compliance, Lending
FTC Incentivizes the Use of Age Verification Technologies To Protect Children Online
On February 25, 2026, the Federal Trade Commission (FTC) issued a policy statement announcing that the Commission will not bring an enforcement action under the Children’s Online Privacy Protection Rule (COPPA Rule) against certain website and online service operators that collect, use, and disclose personal information for the sole purpose of determining a user’s age via age verification technologies without first obtaining parental consent — as long as operators comply with specific conditions.
The COPPA Rule requires operators of commercial websites or online services directed to children under 13 — and operators with actual knowledge they are collecting personal information from a child — to provide notice of their information practices to parents. It also requires operators to obtain verifiable parental consent before collecting, using or disclosing personal information collected from a child under 13.
Impact: Children’s Online Privacy Protection Act Clarification
Responsible Department: Compliance
FDIC Board Approves Rule To Amend Official Signs and Advertising Requirements
On January 22, 2026, the Federal Deposit Insurance Corporation (FDIC) Board of Directors approved a final rule to amend regulations governing the display of the FDIC official digital sign and non-deposit signage. The rule — which will go into effect 30 days after publication in the Federal Register with an April 1, 2027, compliance date — is intended to simplify compliance for banks’ display of the FDIC official digital sign and non-deposit signage on digital channels, such as bank websites, mobile applications, as well as on ATMs and similar devices.
Impact: Display of FDIC digital and non-deposit signage
Responsible Department: Compliance, Lending
Action Needed: Update current policy and procedures for threshold change
Bank Secrecy Act and Anti-money Laundering OFAC Update
Issuance of a Geographic Targeting Order Imposing Additional Recordkeeping and Reporting Requirements
On March 6, 2026, Financial Crimes Enforcement Network (FinCEN) renewed a geographic targeting order (GTO) requiring certain money services businesses (MSBs) to file additional Currency Transaction Reports (CTRs) with FinCEN. As modified, the GTO requires MSBs located in certain counties and ZIP codes in Arizona, California, New Mexico, and Texas near the southwest border to file CTRs for cash transactions of $1,000 or more.
On March 10, 2026, FinCEN issued a GTO requiring certain money services businesses along the southwest border of the U.S. to report and retain records of transactions of $1,000 or more, but not more than $10,000, and to verify the identity of persons presenting such transactions. This action took effect on March 7, 2026.
On March 19, 2026, FinCEN published frequently asked questions and responses regarding its recently issued GTO, aimed at further combating the illicit activities and money laundering of Mexico-based cartels and other criminal actors along the southwest border of the United States. The GTO subjects certain money services businesses to enhanced reporting requirements with FinCEN.
Impact: Awareness
Responsible Department: BSA/AML, Compliance
Guidance on Sham Transactions and Sanctions Evasion
On March 21, 2026, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued a sanctions advisory to highlight risks arising from sham transactions used to evade sanctions. The advisory also outlined factors to consider when evaluating whether property may be the subject of a sham transaction.
Impact: Awareness
Responsible Department: BSA/AML, Compliance
FinCEN Advisory on Healthcare Fraud Schemes Targeting Benefit Programs
On March 30, 2026, the U.S. Department of the Treasury’s (Treasury) (FinCEN) issued an advisory to urge financial institutions to be vigilant in identifying and reporting suspicious transactions that could be related to healthcare fraud schemes targeting Medicare, Medicaid and other federal and state health care benefit programs. The advisory supports the Treasury’s work to combat the health care and government benefits fraud found in Minnesota and across the country.
Impact: Awareness
Responsible Department: BSA/AML, Compliance
Residential Real Estate Rule
FinCEN has issued a reminder concerning the Residential Real Estate Rule, which requires certain professionals involved in closings and settlements to submit reports to FinCEN regarding certain non-financed transfers of residential real estate to legal entities or trusts. Reporting requirements apply to transfers occurring on or after March 1, 2026.
Impact: Awareness
Responsible Department: BSA/AML, Compliance
Exemptive Relief Order for the GTO Imposing Recordkeeping and Reporting Requirements on Certain Minnesota Financial Institutions
On February 27, 2026, FinCEN granted tailored exemptive relief related to the GTO imposing recordkeeping and reporting requirements on certain financial institutions in Minnesota, which came into effect on February 12, 2026.
This relief is targeted at exempting certain lower-risk categories of funds transfers and allowing banks sufficient time to report certain information required by the GTO.
This order: (1) exempts Covered Businesses that are banks from the GTO’s requirement to report funds transfers where the originator is described in 31 C.F.R. §§ 1010.230(e)(2)(i)- (xvi); and (2) exempts Covered Businesses that are banks from recording or reporting certain information for account holder customers until May 13, 2026.
Impact: Awareness
Responsible Department: BSA/AML, Compliance
FATF Holds Plenary in Mexico, Advancing Key Illicit Finance Initiatives
On February 13, 2026, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued Venezuela-related General License 49, “Authorizing Negotiations of and Entry Into Contingent Contracts for Certain Investment in Venezuela;” and Venezuela-related General License 50, “Authorizing Transactions Related to Oil or Gas Sector Operations in Venezuela of Certain Entities.”
On February 20, 2026, the Financial Action Task Force (FATF), the global standard-setting body for anti-money laundering, countering the financing of terrorism, and countering proliferation financing (AML/CFT/CPF), concluded its fifthPlenary under the Mexican presidency. The FATF agreed to publish two reports on digital assets, imposed additional countermeasures on Iran, and adopted mutual evaluation reports for Austria, Italy, and Singapore.
Impact: Awareness
Responsible Department: BSA/AML, Compliance
FinCEN Issues Exceptive Relief to Streamline Customer Due Diligence Requirements
On February 13, 2026, FinCEN issued an order granting exceptive relief to covered financial institutions from certain requirements under FinCEN’s Customer Due Diligence Requirements for Financial Institutions rule (2016 CDD Rule). The order excepts covered financial institutions from the requirement to identify and verify the beneficial owners of a legal entity customer each time the customer opens a new account.
Under the order, a covered financial institution is required to identify and verify the beneficial owners of a legal entity customer in only the following circumstances:
- When a legal entity customer first opens an account with the institution
- When the institution has knowledge of facts that reasonably call into question the reliability of previously obtained beneficial ownership information
- As otherwise required based on the institution’s risk-based procedures for ongoing customer due diligence
Aside from this exceptive relief, covered financial institutions must comply with all other applicable anti-money laundering and countering the financing of terrorism requirements under the Bank Secrecy Act. This includes the obligation to conduct ongoing monitoring to identify and report suspicious transactions and, on a risk basis, maintain and update customer information.
Impact: Potential updates to procedures, depending on internal requirements
Responsible Department: BSA/AML, Compliance
Action Needed: Review current procedures regarding beneficial ownership requirements and update as applicable
Treasury Accepting Whistleblower Tips on Fraud, Money Laundering and Sanctions Violations
On February 13, 2026, FinCEN launched a new dedicated webpage to confidentially accept whistleblower tips on fraud, money laundering and sanctions violations.
FinCEN’s Office of the Whistleblower is accepting tips involving violations and conspiracies related to the Bank Secrecy Act, U.S. sanctions programs, and several other laws critical to safeguarding the U.S. financial system and national security.
Whistleblowers are encouraged to submit information as soon as possible and to provide detailed, specific documentation to support their claims.
Impact: Awareness
Responsible Department: BSA/AML, Compliance
OFAC Launch of Voluntary Self-disclosure Portal
On February 6, 2026, to further improve customer service, the U.S. Department of the Treasury’s OFAC launched a new online Voluntary Self-Disclosure Portal to provide a streamlined, secure method for submitting voluntary self-disclosures of potential violations of OFAC-administered sanctions programs.
By transitioning to this online system, OFAC aims to increase efficiency and transparency for people submitting information, enabling faster acknowledgment of submissions, clearer communication throughout the review process, and a more user-friendly experience.
OFAC strongly encourages parties to begin submitting voluntary self-disclosures through the new online portal.
Impact: Awareness
Responsible Department: BSA/AML, Compliance
Have Questions?
If you would like to discuss any compliance matters for your institution, please contact your Cherry Bekaert advisor or the Firm’s Risk Advisory regulatory compliance team today.
