The Regulatory Compliance Digest’s Q4 issue provides a summary of the latest updates from FinCEN, CFPB, FDIC, OFAC and federal bank regulatory agencies. This issue also includes hot topics in the regulatory compliance space and guidance on how financial institutions can prepare for upcoming compliance challenges.
The Regulatory Compliance Digest is intended to keep you informed of regulatory changes in advance of their effective date, so your institution can evaluate changes or updates to necessary policies, procedures and processes in place to be compliant at the time of enactment.
Removal of Disparate Impact From Examination Focus: The Good and The Bad
In July 2025, the federal regulatory agencies announced that they would be removing references to disparate impact liability in the fair lending guidance documents and examination procedures. Specifically, examiners will not request, review, or conclude on or follow up on the following:
- Matters related to a bank’s disparate impact risk
- Internal disparate-impact risk analysis
- Disparate-impact risk assessment processes or procedures
So, what does this mean for financial institutions? The removal of the disparate impact standard for banks primarily affects federal regulatory oversight, reducing compliance burdens and enforcement actions at that level. However, the core legal exposure under the Fair Housing Act (FHA) and Equal Credit Opportunity Act (ECOA) remains in place due to existing court precedents. Therefore, financial institutions must continue to be wary of risks from private lawsuits, state-level enforcement and reputational damage.
Examiners will be solely focused on disparate treatment, likely resulting in fewer enforcement actions and issues based purely on statistical disparities. In addition to reduced regulatory scrutiny, there are several additional key impacts to financial institutions:
- Lower compliance burdens associated with a change in internal control focus and a decrease in the ongoing monitoring of policies and automated underwriting models for potential disparate impacts.
- Increased litigation risk, as this change in enforcement policy will not change. Disparate impact claims can still be brought in federal court based on the FHA and ECOA. Reduction in compliance monitoring will increase vulnerability to private lawsuits.
- Continued state-level enforcement, as states with their own fair lending laws, notably Massachusetts, New York, Vermont and California, may continue to use the disparate impact standard in their enforcement actions. In July 2025, Massachusetts was focusing on the disparate impact in AI lending models.
- Reputational and shareholder risk as statistical disparities in loan approvals or terms could still lead to negative news and shareholder action, regardless of federal regulatory focus.
- Potential regulatory shifts may coincide with changes in administration, so financial institutions that lighten their focus on fair lending through decreased and ongoing monitoring may face significant costs reestablishing a robust program, should future administrations revert their focus.
How Your Financial Institution Can Take Action
Financial institutions should continue to maintain a strong fair lending framework even in light of this change in federal regulatory focus, keeping disparate impact in its crosshairs. The fair lending program should:
- Monitor lending data across prohibited bases groups: Statistical analysis should still be performed to detect and understand disparities associated with application approval rates and pricing.
- Implement parameters to analyze the impact from policies that may disproportionately impact prohibited bases groups: Review the impact of minimum loan amounts, credit score cutoffs and specific marketing strategies for discriminatory impact on these target groups. Make sure that there is a documented business reason if you choose to implement these factors.
- Analyze underlying methodologies: Gain a comprehensive understanding of any AI solutions or models currently in use, as well as those being contemplated.
- Prioritize upskilling staff: Continue to train staff on fair lending principles to stay abreast of changes.
- Educate the board and management: Keep leadership clued in through periodic reporting on the effectiveness of the institution’s fair lending program, industry focus, current litigation and risk considerations.
It is never too early to prepare for your next examination. Cherry Bekaert’s Risk Advisory team is available to help you navigate these areas as well as other regulatory compliance concerns.
Agencies Issue Reminder to Institutions on Lending When the National Flood Insurance Program Is Unavailable
On October 1, 2025, the federal financial institution regulatory agencies reminded lenders that they may continue to make loans that are subject to the federal flood insurance statutes when the National Flood Insurance Program is not available. During this period, lenders are allowed to make these loans without requiring federal flood insurance.
As explained in the Interagency Questions and Answers Regarding Flood Insurance, in Q&A Applicability 12, lenders may continue to make loans without flood insurance coverage during this time but must continue to make flood determinations; provide timely, complete, and accurate notices to borrowers; and comply with other applicable parts of the flood insurance regulations. In addition, lenders should evaluate safety, soundness and legal risks, and should prudently manage those risks during the lapse period. The guidance also addresses the availability and use of private flood insurance.
Impact: Informational
Responsible Department: Compliance, Lending
Action Needed: Understand potential risk to institution. Ensure lenders are advised. Monitor for change once government shutdown ends.
Small Business Lending Under the Equal Credit Opportunity Act (Regulation B); Extension of Compliance Dates
On October 2, 2025, the CFPB finalized its June 18, 2025, interim final rule amending Regulation B to extend the compliance dates set forth in its 2023 small business lending rule, as amended by a 2024 interim final rule, and to make other date-related conforming adjustments.
The CFPB finalizes the compliance dates in the 2025 interim final rule, under which covered financial institutions will begin collecting data as follows:
| Compliance Tier |
Original Compliance Date in the 2023 Final Rule |
Revised Compliance Date in the 2024 Interim Final Rule |
New Compliance Date |
New First Filing Deadline |
| Tier 1: Highest Volume Lenders |
October 1, 2024 |
July 18, 2025 |
July 1, 2026 | June 1, 2027 |
| Tier 2: Moderate Volume Lenders |
April 1, 2025 |
January 16, 2026 |
January 1, 2027 |
June 1, 2028 |
| Tier 3: Smallest Volume Lenders |
January 1, 2026 |
October 18, 2026 |
October 1, 2027 |
June 1, 2028 |
Impact: Awareness
Responsible Department: Compliance, Lending
Action Needed: Ensure training is provided regarding requirements and compliance deadlines. Review and amend policy and procedures to ensure compliance. Review software updates for compliance from third-party vendors.
SBA Releases Compliance Form for Smaller Institutions on Debanking Order
On October 1, 2025, the Small Business Administration (SBA) released a form that smaller financial institutions — those with less than $30 billion in assets — can use to demonstrate compliance with a recent order directing lenders to identify past “debanking” actions.
In August, President Trump issued an executive order directing federal agencies to investigate whether banks and credit unions denied services to customers because of their political or religious beliefs or because they were engaged in certain business activities, such as cryptocurrency.
In response, the SBA ordered 5,000 lenders — those institutions with active SBA accounts — to identify any “debanking” practices and previous or potential clients that were denied access to financial services through a “politicized or unlawful debanking action.” Lenders who fail to comply will “lose their good standing with the SBA and will be subject to additional punitive measures.”
Impact: Requirement to demonstrate compliance with SBA protocol for demonstrating compliance with debanking order.
Responsible Department: Compliance, Lending
Action Needed: Review requirements of the order and implement procedures to comply. Consider conducting internal due diligence.
OCC Announces Updates To Organizational Structure
On September 18, 2025, the Office of the Comptroller of the Currency (OCC) announced a new organizational framework for bank supervision and updates to the structure of its Office of the Chief National Bank Examiner.
Effective October 1, three distinct lines of business will replace the Bank Supervision and Examination group: Large and Global Financial Institutions, Regional and Midsize Financial Institutions and Community Banks. Each unit will be led by a senior deputy comptroller who will report to the Comptroller of the Currency. The lines of business are:
- Large and Global Financial Institutions: This group will include financial institutions with assets of over $500 billion and those institutions that have a foreign parent.
- Regional and Midsize Financial Institutions: This group will supervise institutions between $30 and $500 billion in asset size.
- Community Banks: This group will supervise institutions with up to $30 billion in assets.
Impact: Change in OCC supervision framework
Responsible Department: Compliance, Governance
Action Needed: Awareness
FDIC Updates Its Enforcement Actions Manual Regarding Minimum Standards for Termination of Ceaseand- Desist and Consent Orders
On September 8, 2025, the FDIC updated chapter four of its Formal and Informal Enforcement Actions Manual (manual), entitled Cease-and-Desist Actions, regarding the agency’s minimum standards for terminating cease-and-desist and consent orders issued under Section 8(b) of the Federal Deposit Insurance (FDI) Act.
The manual provides direction for professional staff related to the work necessary to pursue formal and informal enforcement actions. It is also intended to support the work of the field, regional, and Washington offices’ staff involved in supervising and assessing compliance with enforcement actions.
Impact: Changes in FDIC enforcement standards
Responsible Department: Compliance, Governance
Action Needed: Awareness
OCC Announces Actions To Depoliticize the Federal Banking System
On September 8, 2025, the Office of the Comptroller of the Currency (OCC) announced actions to eliminate politicized or unlawful debanking in the federal banking system.
The actions are consistent with the president’s Executive Order (EO) 14331, “Guaranteeing Fair Banking For All Americans,” and affirm that banks should provide access to financial services based on individualized, objective and risk-based analyses.
Impact: Requirement to provide fair access to financial services.
Responsible Department: Compliance, Governance
Action Needed: Awareness
Licensing and Community Reinvestment Act: Consideration of Politicized or Unlawful Debanking
On September 8, 2025, the OCC clarified how it considers politicized or unlawful debanking in licensing filings by banks and banks’ records of performance under the Community Reinvestment Act (CRA), consistent with EO 14331, Guaranteeing Fair Banking for All Americans.
The bulletin clarifies how the OCC considers politicized or unlawful debanking in licensing applications filed by banks and banks’ records of performance under the CRA. The OCC reviews licensing filings for evaluative factors prescribed by statute and regulation. In addition, the CRA requires the OCC to assess insured banks’ records of meeting the credit needs of their entire communities, including low- and moderate-income neighborhoods, consistent with the banks’ safe and sound operations.
Impact: Clarification of CRA consideration for licensing filings for OCC regulated institutions
Responsible Department: Compliance, Governance
Action Needed: Awareness
Executive Order: Guaranteeing Fair Banking for All Americans
On August 7, 2025, an EO was issued concerning fair banking for all Americans. The EO stated the following policy: “It is the policy of the United States that no American should be denied access to financial services because of their constitutionally or statutorily protected beliefs, affiliations, or political views, and to ensure that politicized or unlawful debanking is not used as a tool to inhibit such beliefs, affiliations, or political views. Banking decisions must instead be made on the basis of individualized, objective, and risk-based analyses.”
Impact: Requirement to provide fair access to financial services.
Responsible Department: Compliance, Governance
Action Needed: Awareness
Fair Lending: Removing References To Disparate Impact
On July 14, 2025, the OCC announced that it has removed references to supervising banks for disparate impact liability from the “Fair Lending” booklet of the Comptroller’s Handbook and has commenced removing references in other issuances. Concurrently, the OCC has instructed its examiners that they should no longer examine for disparate impact. Examiners will not request, review, or conclude on or follow up on:
- Matters related to a bank’s disparate impact risk,
- Internal disparate-impact risk analysis, or
- Disparate-impact risk assessment processes or procedures
Impact: Informational
Responsible Department: Compliance, Lending, CRA, Fair Banking
Action Needed: Read our article to understand potential impacts and actions needed.
Agencies Issue Joint Statement on Risk Management Considerations for Crypto-Asset Safekeeping
On July 14, 2025, Federal bank regulatory agencies issued a joint statement in their continued efforts to provide clarity on banks’ engagement in crypto-asset-related activities. The statement highlights potential risk-management considerations for banks related to holding crypto-assets on their customers’ behalf, or crypto-asset safekeeping.
The joint statement discusses existing risk-management principles that apply to crypto-asset safekeeping and reminds banks that provide or are considering providing safekeeping of such assets that they must do so in a safe and sound manner and in compliance with applicable laws and regulations.
The statement does not create any new supervisory expectations. The agencies continue to explore ways to provide additional clarity with respect to banks’ engagement in crypto-asset-related activities.
Impact: Informational
Responsible Department: Compliance
Action Needed: Awareness of evolving cryptocurrency regulation.
BSA/AML OFAC Update
FinCEN Announces Postponement of Residential Real Estate Reporting
On September 30, 2025, to reduce business burden and ensure effective regulation, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) announced that it will postpone reporting requirements of the Anti-Money Laundering (AML) Regulations for Residential Real Estate Transfers Rule (RRE Rule) until March 1, 2026. FinCEN is taking this step to provide the industry with more time to comply — consistent with the administration’s agenda to reduce compliance burden — while still adequately protecting the U.S. financial system from money laundering, terrorist financing and other serious illicit finance threats.
To implement this extension, FinCEN issued a temporary order granting exemptive relief from the reporting requirements. In the interim, any Real Estate Geographic Targeting Orders will remain in effect.
Impact: Informational
Responsible Department: BSA/AML, Compliance
Action Needed: Awareness
Notice of New Report Form for Unblocked or Transferred Property
On September 19, 2025, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) published a new Unblocking/Transfer Report Form TD F 93.10 to support compliance with reporting requirements under 31 C.F.R. § 501.603(b)(3) of the Reporting, Procedures and Penalties Regulations.
This new form offers a simplified way to report property that has been unblocked or transferred, easing the burden on filers and improving OFAC’s processing efficiency.
Impact: Informational
Responsible Department: BSA/AML, Compliance
Action Needed: Update procedures referencing the form.
FinCEN Issues Modified Southwest Border Geographic Targeting Order
On September 8, 2025, FinCEN reissued a modified Geographic Targeting Order (GTO) to combat illicit cartel and other criminal activity, including money laundering, along the southwest border of the United States. As modified, the GTO requires certain money services businesses to file Currency Transaction Reports with FinCEN for cash transactions between $1,000 and $10,000 occurring in specific counties and ZIP codes.
The GTO covers the following geographic locations in Arizona, California and Texas:
- Santa Cruz County, Arizona
- Yuma County, Arizona
- California ZIP Codes (all within Imperial County): 92231, 92249, 92281, 92283
- California ZIP Codes (all within San Diego County): 91910, 92101, 92113, 92117, 92126, 92154, 92173
- Cameron County, Texas
- El Paso County, Texas
- Hidalgo County, Texas
- Maverick County, Texas
- Webb County, Texas
Impact: Informational
Responsible Department: BSA/AML/CFT
Action Needed: Review detection methods to ensure these geographies are flagged.
FinCEN Notice on Financially Motivated Sextortion
On September 8, 2025, FinCEN issued a Notice to financial institutions to assist in identifying and reporting suspicious activity related to financially motivated sextortion, a disturbing and increasingly common typology that can devastate the lives and families of its victims. Financially motivated sextortion occurs when perpetrators, using fake personas, coerce victims to create and send sexually explicit images or videos of themselves, only to threaten to release the compromising material to the victims’ friends and family unless the victims provide payment. The perpetrators of financially motivated sextortion schemes can target anyone, with many victims being over the age of 18, according to law enforcement.
However, minors — especially boys between the ages of 14 and 17 — are a particularly vulnerable population and have been increasingly victimized in these schemes. As such and as highlighted throughout this Notice, many resources to assist victims of these schemes serve minors and their parents and caregivers.
Impact: Informational
Responsible Department: BSA/AML/CFT
Action Needed: Provide training to staff and BSA department. Update policies and procedures to include a suspicious activity red flag.
FinCEN Issues Guidance to Financial Institutions on Cross-border Information Sharing
On September 8, 2025, FinCEN issued guidance to encourage and promote appropriate, voluntary cross-border sharing of information between and among financial institutions, including appropriate foreign financial institutions. The guidance aims to help combat the threats posed by money laundering, terrorist financing and other illicit finance activity, including from drug trafficking organizations, foreign terrorist organizations and fraudsters.
The guidance clarifies that while financial institutions are prohibited from sharing Suspicious Activity Reports (SARs), as well as information that would reveal the existence of a SAR, the Bank Secrecy Act and its implementing regulations generally do not prohibit cross-border information sharing. FinCEN is issuing the guidance in consultation with staff from the OCC, Federal Deposit Insurance Corporation (FDIC) and National Credit Union Administration.
Impact: Informational
Responsible Department: BSA/AML/CFT
Action Needed: Review current sharing practices and update as applicable.
Notice of New Report Form for Unblocked or Transferred Property
On September 19, 2025, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) published a new Unblocking/Transfer Report Form TD F 93.10 to support compliance with reporting requirements under 31 C.F.R. § 501.603(b)(3) of the Reporting, Procedures and Penalties Regulations.
This new form offers a simplified way to report property that has been unblocked or transferred, easing the burden on filers and improving OFAC’s processing efficiency.
Impact: Informational
Responsible Department: Compliance
Action Needed: Utilize new form as appropriate.
Syrian Sanctions Removed
On August 26, 2025, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) removed from the Code of Federal Regulations the Syrian Sanctions Regulations as a result of the termination of the national emergency on which the regulations were based and further changes to the policy of the United States towards Syria.
Impact: Informational
Responsible Department: BSA/AML, Compliance
Action Needed: Awareness
Treasury Extends Effective Dates of Orders Issued Under New Authority To Counter Fentanyl
On August 19, 2025, the U.S. Department of the Treasury’s FinCEN extended the effective dates for orders issued on June 25, 2025, prohibiting certain transmittal of funds involving three Mexico-based financial institutions. Covered financial institutions will now have until October 20, 2025, to implement the orders prohibiting certain transmittal of funds involving CIBanco S.A., Institución de Banca Multiple (CIBanco), Intercam Banco S.A., Institución de Banca Multiple (Intercam), and Vector Casa de Bolsa, S.A. de C.V. (Vector), each of which FinCEN found to be of primary money laundering concern in connection with illicit opioid trafficking pursuant to the Fentanyl Sanctions Act and the FEND Off Fentanyl Act.
This extension reflects continued steps taken by the Government of Mexico to meaningfully address the concerns raised in FinCEN’s orders, including maintaining temporary management of the affected institutions to promote regulatory compliance and the prevention of illicit finance. Treasury will continue to coordinate closely with the Government of Mexico on these matters and will carefully consider all facts and circumstances with respect to the implementation of the orders.
Impact: Informational
Responsible Department: BSA/AML, Compliance
Action Needed: Awareness
FDIC Supervisory Approach Regarding the Use of Pre-populated Information for Purposes of Customer Identification Program Requirements
On August 5, 2025, the FDIC is updating its supervisory approach regarding whether an FDIC-supervised institution can use pre-populated customer information for the purpose of opening an account to satisfy Customer Identification Program (CIP) requirements.
The CIP rule, 31 C.F.R. § 1020.220, implements Section 326 of the USA PATRIOT Act, which, among other things, requires financial institutions to implement reasonable procedures for verifying the identity of a person seeking to open an account, to the extent reasonable and practicable, and maintain records of the information used to verify a person’s identity. The CIP rule requires an institution to collect certain information from a customer opening an account.
It is the FDIC’s position that the requirement to collect identifying information “from the customer” under the CIP rule does not preclude the use of pre-filled information. A commonly encountered example is the opening of an account electronically, where fields in a digital form are automatically pre-populated (or pre-filled) with a customer’s identifying information.
Under the FDIC’s interpretation, a financial institution could use information from current or prior accounts or relationships involving the bank or its agents, or other sources, such as parent organizations, affiliates, vendors and other third parties to pre-fill information that is reviewed and submitted by the customer. The FDIC considers such information from the customer for purposes of the CIP rule. When examining an FDIC-supervised institution that collects identifying information from a customer where some or all of the information was pre-populated, FDIC examiners will consider the pre-filled information as from the customer provided that (1) the customer has opportunity and the ability to review, correct, update and confirm the accuracy of the information, and (2) the institution’s processes for opening an account that involves pre-populated information allow the institution to form a reasonable belief as to the identity of its customer and are based on the institution’s assessment of the relevant risks, including the risk of fraudulent account opening or takeover.
Impact: Informational
Responsible Department: Compliance
Action Needed: Provide training to employees if using prepopulated information for CIP purposes. Update procedures as applicable.
Exemptive Relief Order To Delay the Effective Date of the Investment Adviser Rule
On August 5, 2025, by order, pursuant to the authority set forth in 31 U.S.C. § 5318(a)(7) and 31 C.F.R. § 1010.970(a), the Secretary of the Treasury (Secretary), through FinCEN,1 grants exemptive relief to covered investment advisers from the requirements of the regulation titled Anti-Money Laundering/ Countering the Financing of Terrorism Program and Suspicious Activity Report Filing Requirements for Registered Investment Advisers and Exempt Reporting Advisers (IA AML Rule).
The IA AML Rule is set to become effective January 1, 2026. This order exempts covered investment advisers from all requirements of the IA AML Rule until January 1, 2028. FinCEN intends to issue a notice of proposed rulemaking (NPRM) to propose a new effective date for the IA AML Rule no earlier than January 1, 2028.
Impact: Informational
Responsible Department: BSA/AML, Compliance
Action Needed: Awareness
Have Questions?
If you would like to discuss any compliance matters for your institution, please contact your Cherry Bekaert advisor or reach out to the Firm’s Risk Advisory regulatory compliance team today.
