The Regulatory Compliance Digest’s Q2 issue provides a summary of the latest updates from FinCEN, CFPB, FDIC, OFAC and federal bank regulatory agencies. This issue also includes hot topics in the regulatory compliance space and guidance on how financial institutions can prepare for upcoming compliance challenges.
The Regulatory Compliance Digest is intended to keep you informed of regulatory changes in advance of their effective date, so your institution can evaluate changes or updates to necessary policies, procedures and processes in place to be compliant at the time of enactment.
Beneficial Ownership Requirements Update
Changes in regulatory compliance dates have caused recent confusion for financial institutions, particularly those regarding the fluid Beneficial Ownership Requirements under the Corporate Transparency Act (CTA).
Current Status
On March 21, 2025, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) adopted an interim final rule to narrow the existing beneficial ownership information (BOI) reporting requirements under the CTA to require only entities previously defined as “foreign reporting companies” to report BOI. Under this interim final rule, entities previously defined as “domestic reporting companies” are exempt from the reporting requirements and do not have to report BOI to FinCEN, nor correct BOI previously reported to FinCEN.
With limited exceptions, the interim final rule does not change the existing requirement for foreign reporting companies to file BOI reports. Instead, it extends the deadline to file initial BOI reports and to correct previously filed BOI reports to 30 days from March 21, giving foreign reporting companies additional time to comply.
However, the interim final rule exempts foreign reporting companies from having to report the BOI of any U.S. persons who are beneficial owners of the foreign reporting company and exempts U.S. persons from having to provide such information to any foreign reporting company for which they are a beneficial owner. FinCEN is accepting comments on this interim final rule and will assess the exemptions, as appropriate, in light of those comments. Cherry Bekaert will continue to provide guidance throughout the year, especially as FinCEN intends to issue a final rule later this year.
Impacts on Financial Institutions
The interim final rule has not changed financial institutions’ Customer Due Diligence (CDD) compliance obligations, including the collection of BOI. Financial institutions still need to collect BOI from their customers, as required by the CDD Final Rule, even with the recent changes to the CTA.
The CDD Final Rule became effective on May 11, 2018, and required financial institutions to identify and verify the identity of any individual who owns 25% or more of a legal entity, or an individual who controls the legal entity. This requirement to collect BOI is separate from the requirements under the CTA.
Federal Trade Commission Finalizes Changes to Children’s Privacy Rule Limiting Companies’ Ability to Monetize Kids’ Data
On January 16, 2025, the Federal Trade Commission (FTC) finalized changes to the Children’s Online Privacy Protection Rule to set new requirements around the collection, use and disclosure of children’s personal information and give parents new tools and protections to help them control what data is provided to third parties about their children.
The final rule requires parents to opt in to third-party advertising and includes other changes to address the emerging ways that consumers’ data is collected and used by companies, and particularly how children’s data is being shared and monetized.
Impact: Changes to privacy opt-in requirement for children
Responsible Department: Compliance, Marketing, E-banking
Action Needed: Understand the impact and make adjustments to applicable policy, procedure and privacy practices
Electronic Fund Transfers FAQs
On January 15, 2025, the Consumer Financial Protection Bureau (CFPB) published updated questions and answers pertaining to compliance with the Electronic Fund Transfer Act (EFTA) and Regulation E. The updated FAQ can be found in section six under “Coverage: Transactions,” which is applicable to tips. The response is as follows:
“The compulsory use provision prohibits a “financial institution or other person” from “requir[ing] a consumer to establish an account,” as defined in 12 CFR § 1005.2(b), “as a condition of employment.” 15 U.S.C. § 1693k(2); see also 12 C.F.R. § 1005.10(e) (2). “Account” is defined in 12 C.F.R. § 1005.2(b)(1) as “a demand deposit (checking), savings, or other consumer asset account (other than an occasional or incidental credit balance in a credit plan) held directly or indirectly by a financial institution and established primarily for personal, family, or household purposes.” Tips can be a significant form of worker compensation, and requirements regarding the method by which workers generally receive their compensation for work constitute “a condition of employment.” Therefore, employers are prohibited by EFTA and Regulation E from requiring workers to establish an account with a particular financial institution to receive tips.”
Impact: Compliance with EFTA and Regulation E on tip disbursement methods
Responsible Department: Compliance, Lending
Action Needed: Determine applicability of the updated provisions to current disbursement practices and ensure alignment with regulatory requirements
Notice of Inflation Adjustments for Civil Money Penalties
On January 15, 2025, the Federal Deposit Insurance Corporation (FDIC) provided notice of its maximum civil money penalties as adjusted for inflation. The adjusted maximum amounts of civil money penalties in this notice are applicable to penalties assessed after January 15, 2025, for conduct occurring on or after November 2, 2015.
Impact: Awareness of inflation-adjusted maximum civil money penalties affecting enforcement actions
Responsible Department: Compliance
Action Needed: Review and revise internal policy and procedures, as applicable, to incorporate the
adjusted penalty amounts
New Protections for Payday and Installment Loans
On January 10, 2025, the CFPB reminds that starting March 30, 2025, payday and installment lenders must begin complying with important new requirements when they try to collect money from borrowers’ accounts.
The CFPB issued a regulation in 2017 adopting a two-strikes-and-you’re-out rule for covered lenders. Under that rule, after two tries to withdraw money from a borrower’s account have failed, covered lenders can’t try again unless the borrower specifically authorizes another attempt. The rule addresses lenders’ unfair and abusive practice of repeatedly trying to withdraw money from an account to pay off the loan, even after the account had been shown to be empty. That practice can trigger a pile of additional fees for the borrower while it rarely benefits lenders.
The regulation was originally set to take effect in 2019 but was delayed by litigation brought to block the rule. The court of appeals hearing the case ultimately rejected the payday lenders’ claims, affirmed the rule, and upheld the CFPB’s finding that the prohibited practice was unfair. More recently, it rejected the payday lenders’ efforts to further delay the rule and confirmed that the rule will finally take effect March 30, as the CFPB previously announced.
Impact: Compliance with new collection protections for fairer payday lending practices
Responsible Department: Compliance, Lending
Action Needed: Determine applicability, update collection procedures accordingly, and train relevant staff to ensure adherence to new requirements if necessary
CFPB Civil Penalty Inflation Adjustments
On January 8, 2025, the CFPB adjusted for inflation the maximum amount of each civil penalty within their jurisdiction. These adjustments are required by the Federal Civil Penalties Inflation Adjustment Act of 1990 (Inflation Adjustment Act), as amended by the Debt Collection Improvement Act of 1996 and further amended by the Federal Civil Penalties Inflation Adjustment Act Improvements Act of 2015. The inflation adjustments mandated by the Inflation Adjustment Act serve to maintain the deterrent effect of civil penalties and to promote compliance with the law. This final rule took effect January 15, 2025.
Impact: Enhanced deterrence and compliance through inflation-adjusted civil penalties
Responsible Department: Compliance
Action Needed: Review and update internal policies and procedures as applicable to reflect revised penalty amounts
CFPB Finalizes Rule To Remove Medical Bills From Credit Reports
On January 7, 2025, the CFPB finalized a rule that will remove an estimated $49 billion in medical bills from the credit reports of about 15 million Americans. The CFPB’s action will ban the inclusion of medical bills on credit reports used by lenders and prohibit lenders from using medical information in their lending decisions. The rule will increase privacy protections and prevent debt collectors from using the credit reporting system to coerce people to pay bills they don’t owe. The CFPB has found that medical debts provide little predictive value to lenders about borrowers’ ability to repay other debts, and consumers frequently report receiving inaccurate bills or being asked to pay bills that should have been covered by insurance or financial assistance programs.
The new rule amends Regulation V, which implements the Fair Credit Reporting Act (FCRA), to end this exception and establish guardrails for credit reporting companies, prohibiting them from including medical bills on credit reports sent to lenders, who are banned from considering them. The final rule, effective 60 days after publication in the Federal Register:
- Prohibits lenders from considering medical information: The rule ends the special regulatory carveout that previously allowed creditors to use certain medical information in making lending decisions. This means lenders will also be barred from using information about medical devices, such as prosthetic limbs, that could be used to require that the devices serve as collateral for a loan for the purposes of repossession.
- Bans medical bills on credit reports: The rule bans consumer reporting agencies from including medical debt information on credit reports and credit scores sent to lenders. This will help end the practice of using the credit reporting system to coerce payment of bills regardless of their accuracy. Lenders will continue to be able to consider medical information to verify medical-based forbearances, verify medical expenses that a consumer needs a loan to pay, consider certain benefits as income when underwriting, and other legitimate uses.
Impact: Elimination of medical debt consideration in credit evaluation processes
Responsible Department: Compliance, Lending
Action Needed: Review current underwriting procedures, make applicable changes to lending guidelines and decision-making protocols, and provide training to the lending department
FinCEN Not Issuing Fines or Penalties in Connection With Beneficial Ownership Information Reporting Deadlines
On February 27, 2025, FinCEN announced that it will not issue any fines or penalties or take any other enforcement actions against any companies based on any failure to file or update beneficial ownership information (BOI) reports pursuant to the Corporate Transparency Act (CTA) by the current deadlines. No fines or penalties will be issued, and no enforcement actions will be taken, until a forthcoming interim final rule becomes effective and the new relevant due dates in the interim final rule have passed. This announcement continues the Treasury’s commitment to reducing regulatory burden on businesses, as well as prioritizing under the CTA reporting of BOI for those entities that pose the most significant law enforcement and national security risks.
On March 21, 2025, FinCEN issued an interim final rule that extended BOI reporting deadlines, recognizing the need to provide new guidance and clarity as quickly as possible, while ensuring that BOI that is highly useful to important national security, intelligence, and law enforcement activities is reported.
FinCEN also intends to solicit public comment on potential revisions to existing BOI reporting requirements. FinCEN will consider those comments as part of a notice of proposed rulemaking anticipated to be issued later this year to minimize burden on small businesses while ensuring that BOI is highly useful to important national security, intelligence, and law enforcement activities, as well to determine what, if any, modifications to the deadlines referenced here should be considered.
Impact: Relief of fines or penalties for companies reporting BOI under the current CTA deadlines until further guidance is issued
Responsible Department: BSA/AML/OFAC, Compliance
Action Needed: Stay informed on interim final rule changes and deadlines for compliance readiness
Financial Action Task Force Identifies Jurisdictions With Anti‑Money Laundering, Combating the Financing of Terrorism, and Counter-Proliferation Finance Deficiencies
On February 26, 2025, FinCEN informed U.S. financial institutions that the Financial Action Task Force (FATF), an intergovernmental body that establishes international standards for anti-money laundering, countering the financing of terrorism, and countering the financing of proliferation of
weapons of mass destruction (AML/CFT/CPF), updated its lists of jurisdictions with strategic AML/CFT/CPF deficiencies at the conclusion of its plenary meeting this month. U.S. financial institutions should consider the FATF’s stance toward these jurisdictions when reviewing their obligations and risk‑based policies, procedures, and practices.
On February 21, 2025, the FATF added Laos and Nepal to its list of Jurisdictions Under Increased Monitoring and removed the Philippines from that list.
The FATF’s list of High-Risk Jurisdictions Subject to a Call for Action remains the same, with Iran, the Democratic People’s Republic of Korea (DPRK), and Burma subject to calls for action. Specifically, the FATF continues to call on jurisdictions to apply countermeasures on Iran and DPRK. Burma remains subject to the application of enhanced due diligence, but not countermeasures.
Impact: Updated risk considerations for jurisdictions with AML/CFT/CPF deficiencies
Responsible Department: BSA/AML/OFAC Compliance
Action Needed: Raise awareness among compliance staff and update international risk assessment protocols and procedures for the identified jurisdictions
FinCEN Reminds Financial Institutions To Remain Vigilant Regarding Potential Relationship Investment Scams
On February 26, 2025, in support of the multiagency #DatingOrDefrauding Campaign, FinCEN reminded financial institutions to remain vigilant regarding suspicious activity that may be indicative of relationship investment scams.
The Commodity Futures Trading Commission launched the #DatingOrDefrauding national awareness effort to alert the public to relationship investment scams targeting Americans through wrong-numbered texts, dating apps and social media. Losses from romance and confidence scams reported to the Federal Bureau of Investigation exceeded $650 million in 2023.
FinCEN has previously published several resources to help stakeholders identify and report illicit financial activity that may be indicative of relationship investment scams and other types of romance and confidence scams:
- Alert on Prevalent Virtual Currency Investment Scam Commonly Referred to as “Pig Butchering” by Perpetrators (September 2023) – This alert describes a prominent relationship investment scam in which scammers leverage fictitious identities, the guise of potential relationships, and elaborate storylines to trick victims into believing they stand to profit from trusted partnerships before defrauding them in virtual currency investment and over-the-counter foreign exchange schemes. These scams are largely perpetrated by criminal enterprises overseas who use victims of labor trafficking to conduct outreach to millions of unsuspecting individuals around the world.
- Advisory on Elder Financial Exploitation (June 2022) – This advisory highlights how romance scams are commonly used to perpetrate elder fraud, or the illegal or improper use of an older adult’s funds, property or assets. Perpetrators of these scams may attempt to establish a close or romantic relationship with older adults to exploit their confidence and trust for financial gain.
- Financial Trend Analysis: Elder Financial Exploitation: Threat Pattern & Trend Information, June 2022 to June 2023 (April 2024) – FinCEN’s analysis found that romance scams, often perpetrated through online dating platforms, were cited frequently among Bank Secrecy Act (BSA) linked to elder financial exploitation. This report describes how romance scams can follow several distinct patterns and can evolve into investment scams once a connection is established.
- Financial Trend Analysis: Mail Theft-Related Check Fraud: Threat Pattern & Trend Information, February to August 2023 (September 2024) – This analysis describes, among other findings, how fraudsters in mail theft-related check fraud schemes convince romance scam victims to negotiate a check and then send the funds elsewhere, using the victims as money mules to move stolen funds.
FinCEN reminds financial institutions to use the specific Suspicious Activity Report (SAR) filing instructions and key terms noted in its alerts and advisory products. SAR filings, along with effective BSA compliance, are crucial to helping law enforcement detect, investigate, and prosecute cases involving relationship investment scams.
Impact: Lessening the financial implications of relationship investment and romance scams
Responsible Department: BSA/AML/OFAC, Compliance
Action Needed: Remind compliance staff to be aware and informed about identifying and reporting potential scam activity using specific SAR filing instructions
Compliance Date Extension: Sections 328.4 and 328.5 Amendments to FDIC Official Signs and Advertising Requirements, False Advertising, Misrepresentation of Insured Status, and Misuse of the FDIC’s Name or Logo Rule
On March 3, 2025, the FDIC postponed the compliance date from May 1, 2025 to March 1, 2026 for the requirements under 12 CFR 328.5 related to the display of the FDIC official digital sign on an insured depository institution’s (IDI’s) digital channels, as well as analogous requirements related to IDI’s automated teller machines (ATMs) and like devices under 12 CFR 328.4. This delay will allow the FDIC to propose changes to the regulation for public comment to address implementation concerns and potential sources of confusion.
Impact: Delayed implementation of FDIC signage requirements for digital channels and ATMs
Responsible Department: Compliance, Marketing, E-Banking, Retail
Action Needed: Adjust, plan, and implement the appropriate policies and procedures to accommodate for the extended timeline of forthcoming regulatory changes to signage
Southwest Border Geographic Targeting Orders
On March 11, 2025, FinCEN issued a Geographic Targeting Order (GTO) to further combat the illicit activities and money laundering of Mexico-based cartels and other criminal actors along the southwest border of the United States. The GTO requires all money services businesses (MSBs)
located in 30 ZIP codes across California and Texas near the southwest border to file Currency Transaction Reports (CTRs) with FinCEN at a $200 threshold, in connection with cash transactions.
Combatting drug cartels and stopping the flow of deadly drugs into the United States is one of the Administration’s highest priorities. In January, President Donald J. Trump issued an Executive Order creating a process by which certain cartels and other organizations would be designated as Foreign Terrorist Organizations (FTOs) and/or Specially Designated Global Terrorists (SDGTs). Accordingly, in February, the U.S. Departments of the Treasury and State designated eight organizations, including six major Mexico-based drug cartels, as FTOs and SDGTs. These designations will allow the United States to take further steps to deny individuals and entities associated with these groups access to the U.S. financial system.
The terms of the GTO are effective beginning 30 days after the date on which the order is published in the Federal Register. The terms are effective for 179 days thereafter.
The order covers the following ZIP codes across seven counties in California and Texas:
- Imperial County, California: 92231, 92249, 92281, 92283
- San Diego County, California: 91910, 92101, 92113, 92117, 92126, 92154, 92173
- Cameron County, Texas: 78520, 78521
- El Paso County, Texas: 79901, 79902, 79903, 79905, 79907, 79935
- Hidalgo County, Texas: 78503, 78557, 78572, 78577, 78596
- Maverick County, Texas: 78852
- Webb County, Texas: 78040, 78041, 78043, 78045, 78046
Impact: Geographic Targeting Orders enhance reporting requirements for specified MSBs to combat money laundering in California and Texas
Responsible Department: Compliance, BSA/CFT
Action Needed: Ensure compliance teams are aware of the new orders for MSBs in the affected zip codes and adjust reporting systems
