Skip to content

Exception Tracking Spreadsheet (TicklerTrax™)
Downloaded by more than 1,000 bankers. Free Excel spreadsheet to help you track missing and expiring documents for credit and loans, deposits, trusts, and more. Visualize your exception data in interactive charts and graphs. Provided by bank technology vendor, AccuSystems. Download TicklerTrax for free.

Click Now!

Top Story Compliance Related


Treasury continues to counter ransomware

The Department of the Treasury on Monday announced a set of actions focused on disrupting criminal ransomware actors and virtual currency exchanges that launder the proceeds of ransomware. Treasury’s actions advance the administration’s counter-ransomware efforts to disrupt ransomware infrastructure and actors and address abuse of the virtual currency ecosystem to launder ransom payments.

Monday's actions include the OFAC designation of Chatex, a virtual currency exchange, and its associated support network, for facilitating financial transactions for ransomware actors. OFAC also designated IZIBITS OU, Chatextech SIA, and Hightrade Finance Ltd for providing material support and assistance to Chatex.

Complementing this action, the Department of State announced a Transnational Organized Crime Reward offer of up to $10,000,000 for information leading to the identification or location of any individual(s) who hold a key leadership position in the Sodinokibi/REvil ransomware variant transnational organized crime group. The Department of State also announced a reward offer of up to $5,000,000 for information leading to the arrest and/or conviction in any country of any individual conspiring to participate in or attempting to participate in a Sodinokibi variant ransomware incident.

OFAC also designated Ukrainian Yaroslav Vasinskyi and Russian Yevgeniy Polyanin for their part in perpetuating Sodinokibi/REvil ransomware incidents against the United States. These two individuals are part of a cybercriminal group that has engaged in ransomware activities and received more than $200 million in ransom payments paid in Bitcoin and Monero. OFAC also designated a company owned by Polyanin.

Treasury also reported FinCEN's release of an updated advisory on Ransomware and the Use of the Financial System to Facilitate Ransom Payments (see our related report).

For identification information on the individuals and entities targeted by OFAC, see the November 8, 2021, BankersOnline OFAC Update.


FinCEN updates Advisory on Ransomware

FinCEN has announced its release of an updated advisory, FIN-2021-A004, "Advisory on Ransomware and the Use of the Financial System to Facilitate Ransom Payments." The release was made in connection with a set of actions announced Monday by the Treasury Department and focused on disrupting criminal ransomware actors. Yesterday's Advisory replaces advisory FIN-2020-A006, issued October 1, 2020.

The updated advisory is in response to the increase of ransomware attacks in recent months against critical U.S. infrastructure, such as the May 2021 ransomware attack that disrupted the operations of Colonial Pipeline, the largest pipeline system for refined oil products in the United States. This attack led to widespread gasoline shortages that affected tens of millions of Americans. Other recent targets include entities in the manufacturing, legal services, insurance, financial services, health care, energy, and food production sectors.

This amended advisory reflects information released by FinCEN in its Financial Trend Analysis Report issued on October 15, 2021, and is part of the Department of the Treasury’s broader efforts to combat ransomware. In particular, this updated advisory identifies new trends and typologies of ransomware and associated payments, including the growing proliferation of anonymity-enhanced cryptocurrencies (AECs) and decentralized mixers.

The updated advisory comes with FinCEN's request that financial institutions reference "CYBER FIN-2021-A004" in SAR field 2 and the narrative, and select SAR field 42 when filing suspicious activity reports on suspicious activity that may be related to ransomware attacks.


Quarles to resign from Fed Board at end of December

The Federal Reserve Board has announced that Randal K. Quarles has submitted his resignation from the Board, effective at the end of December. He has been a member of the Board since October 13, 2017.

As Vice Chair for Supervision, Quarles oversaw the supervision and regulation of financial firms in the Board's jurisdiction. He served simultaneously as Chair of the Financial Stability Board, or FSB, an international body established by the G20 to ensure the resilience of the global financial system. His three-year term as FSB Chair ends on December 2.


Reserve Banks release 18 CRA ratings

Our review of the Federal Reserve Board's archives of Community Reinvestment Act evaluation ratings reveals that the Reserve Banks made 18 evaluations public in October.

We congratulate these three banks, whose evaluations received ratings of Outstanding:

The other 15 banks' evaluations were rated Satisfactory.


SEC names chief of whistleblower office

The Securities and Exchange Commission on Friday announced the appointment of Nicole Creola ("Cree") Kelly as chief of the SEC’s Office of the Whistleblower. Ms. Kelly is currently Senior Special Counsel in the Office of the General Counsel and has more than 20 years of experience with the agency. Among her other roles were counsel to former SEC Chair Mary Jo White, counsel to former SEC Commissioner Kara M. Stein, and stints in the Enforcement Division’s Complex Financial Instruments Unit as well as the Whistleblower Office.


Administration COVID vax policies announced

The White House has issued a Fact Sheet with the details of two policies to fight COVID-19, both involving vaccination mandates.

The Department of Labor’s Occupational Safety and Health Administration (OSHA) is announcing the details of a requirement for employers with 100 or more employees to ensure each of their workers is fully vaccinated by January 4, 2022, or tests for COVID-19 on at least a weekly basis. The OSHA rule will also require that these employers provide paid-time for employees to get vaccinated, and ensure all unvaccinated workers wear a face mask in the workplace.

The Centers for Medicare & Medicaid Services (CMS) at the Department of Health and Human Services is announcing the details of its requirement that health care workers at facilities participating in Medicare and Medicaid are fully vaccinated, also by January 4. The rule applies to more than 17 million workers at approximately 76,000 health care facilities, including hospitals and long-term care facilities.


CFPB action to stop false ID name-matching

The CFPB on Thursday announced it has issued an advisory opinion affirming that consumer reporting companies, including tenant and employment screening companies, are violating the law if they engage in shoddy name-matching procedures. Regulators are concerned about the significant harms caused by false identity matching, where an applicant is disqualified from rental housing or a job based on having the same name as another individual with negative information in their credit history.

Specifically, the CFPB affirmed that the practice of matching consumer records solely through the matching of names is illegal under the Fair Credit Reporting Act. The advisory opinion affirms the obligations and requirements of consumer reporting companies, including background screeners, to use reasonable procedures to assure maximum possible accuracy. The agency said it will be working closely with the Federal Trade Commission to root out illegal conduct in the background screening industry. Background screening companies that violate the Fair Credit Reporting Act can be liable for significant civil penalties, restitution for victims, damages, and other relief.

PUBLICATION AND EFFECTIVE DATE UPDATE: Published at 86 FR 62468 on 11/10/2021, and effective upon publication.


401(k) contribution limit increased

The IRS has announced that the amount individuals can contribute to their 401(k) plans in 2022 has increased to $20,500, up from $19,500 for 2021 and 2020. The IRS also issued technical guidance on all of the cost‑of‑living adjustments affecting dollar limitations for pension plans and other retirement-related items for tax year 2022.


Hsu discusses 'regulatory perimeter'

Yesterday, Acting Comptroller of the Currency Michael J. Hsu discussed clarifying and modernizing the bank regulatory perimeter at the American Fintech Council’s Fintech Policy Summit 2021. He described recent trends toward digitalization of banking and financial innovation, which have been accelerated by the COVID-19 pandemic. Several years of projected growth in digitalization took place in a matter of quarters. For instance, digital payments transactions increased by 27 percent, from $4.1 trillion to $5.2 trillion, from 2019 to 2020. Similarly, the total market value of cryptocurrencies has grown to approximately $2.5 trillion from $200 billion in 2019. Consumers and businesses experienced greater convenience, expanded capabilities, and an increase in opportunities, all as a result of financial innovation.

However, said Hsu, "these trends are being driven by firms that are not subject to bank rules and do not have the same controls as banks. In regulatory-speak, they sit outside of the so-called bank regulatory perimeter. The full implications of this will likely only become apparent over time. While the convenience and benefits of rapid innovation can be enjoyed immediately, the risks and harms to consumers and businesses of engaging in financial activities with fewer controls tend to emerge only later. He pointed to the apparent success of fintech companies in facilitating expanded access to PPP loans, and recent evidence of higher rates of customer dissatisfaction and of fraud with fintech-facilitated PPP loans versus those run through traditional banks. He also described the rapid growth in users and total market value in the cryptocurrency space, matched by growth in cryptocurrency scams and consumer complaints. He said "'Move fast and break things' is a common mantra in tech. In the financial services context, it is important to remember that those 'things' are people and their money."

Hsu added, "Increasingly, the three cornerstones of banking—taking deposits, making loans, and facilitating payments—are being reassembled functionally and digitally outside of the bank regulatory perimeter by certain firms... [and] these 'synthetic banking providers' (SBPs) operate out of the reach of bank regulators and free of bank rules, such as capital requirements, bank consumer protection laws, and the Community Reinvestment Act. History and research warn us that unregulated banking ends badly. Indeed, the origins of the OCC, Federal Reserve, and FDIC, as well as of many state banking agencies, can be traced back to financial panics and destabilizing runs resulting from unregulated or poorly regulated banking."

Hsu then suggested "we need to remove the disparity between the rights and responsibilities of banks and those of synthetic banking providers by holding SBPs to banking standards."


FTC publishes policy on negative option marketing

The Federal Trade Commission has published [86 FR 60822] in this morning's Federal Register a policy statement to provide guidance regarding its enforcement of various statutes and FTC regulations addressing negative option marketing and operating. The Statement is intended to assist the business community and practitioners by providing specific guidance on the Commission's interpretation of existing law as it applies to negative option practices. It may also assist the courts in developing an appropriate framework for interpreting and applying the various statutes and regulations addressing negative option marketing.

Negative option offers come in a variety of forms, but all share a central feature: Each contains a term or condition under which the seller may interpret a consumer's silence or failure to take affirmative action to reject a good or service or to cancel the agreement as acceptance or continuing acceptance of the offer. Such offers are often involved in consumer claims of unauthorized credit card or debit card charges.


Training View All

Penalties View All

Search Top Stories