Top Story Operations Related

The FDIC has issued Financial Institution Letter FIL-1-2025 with guidance to help financial institutions and facilitate recovery in areas of California affect by wildfires and straight-line winds. The area affected is Los Angeles County.

The Consumer Financial Protection Bureau on Friday announced it is seeking public input on strengthening privacy protections and preventing harmful surveillance in digital payments, particularly those offered through large technology platforms. The agency is requesting comment on implementing existing financial privacy law and how to address intrusive data collection and personalized pricing. Comments will be accepted through April 11, 2025.

Additionally, the CFPB requested comments by March 31, 2025, on a proposed interpretive rule outlining how the Electronic Fund Transfer Act, which provides consumers with protections against errors and fraud, applies to new types of digital payment mechanisms, such as those currently offered through large technology companies and video gaming platforms, as well as stablecoins and other digital currencies that are not widely used today in consumer transactions. The Bureau also posted a Blog article requesting emailed comments by March 31, 2025, from electronic gamers and the general public on their experiences with video game currencies.

PUBLICATION UPDATES:

• The proposed Regulation E interpretive rule was published at 90 FR 3723 in the 1/15/2025 Federal Register.
• The request for information regarding collection, use, and monetization of consumer payment and other personal financial data was published at 90 FR 3804 on 1/15/2025.

On Friday, the Treasury Department reported actions to fulfill the G7 commitment to reduce Russian revenues from energy, including blocking two major Russian oil producers. These actions also impose sanctions on an unprecedented number of oil-carrying vessels, many of which are part of the “shadow fleet,” opaque traders of Russian oil, Russia-based oilfield service providers, and Russian energy officials. The actions are underpinned by the issuance of a new determination that authorizes sanctions pursuant to Executive Order 14024 against persons operating or having operated in the energy sector of the Russian Federation economy. The Department of State also took steps to reduce Russia’s energy revenues by blocking two active liquefied natural gas projects, a large Russian oil project, and third-country entities supporting Russia’s energy exports. State also designated numerous Russia-based oilfield service providers and senior officials of State Atomic Energy Corporation Rosatom.

Treasury also reported that OFAC has sanctioned eight Venezuelan officials who lead key economic and security agencies enabling Nicolas Maduro’s repression and subversion of democracy in Venezuela. In addition, OFAC sanctioned high-level Venezuelan officials in the military and police who lead entities with roles in carrying out Maduro’s repression and human rights abuses against democratic actors.

For the names and identification information of the designated individuals, entities, and vessels, see this BankersOnline OFAC Update.

The CFPB has announced its recognition of Financial Data Exchange, Inc. (FDX) as a standard-setting body under the CFPB’s Personal Financial Data Rights rule. The order of recognition is the first to be issued under the rule. The Personal Financial Data Rights rule, which was released in October 2024, requires financial institutions, credit card issuers, and other financial providers to unlock an individual’s personal financial data and transfer it to another provider at the consumer’s request for free. The CFPB established a formal application process outlining the qualifications to become a recognized industry standard setting body, which can issue standards that companies can use to help them comply with the CFPB’s rule.

The CFPB's order of recognition, valid for five years, includes conditions, such as:

• A ban on "pay-to-play" and other conflicts of interest
• Mandatory reporting on market adoption
• Transparency and availability of standards

The CFPB also issued updated procedures for how companies can request special regulatory treatment, such as a no-action letter. The procedures seek to increase transparency and reduce favoritism for individual companies.

• Updated Policy Statement on No-Action Letters
• Updated Policy Statement on Compliance Assistance Sandbox Approvals

The OCC has issued a proclamation allowing national banks, federal savings associations, and federal branches and agencies of foreign banks to close offices in areas of California affected by wildfires.

In issuing the proclamation, the OCC expects that only those bank offices directly affected by potentially unsafe conditions will close. Those offices should make every effort to reopen as quickly as possible to address the banking needs of their customers.

• OCC news release, 1/8/2025

The Treasury Department yesterday issued two announcements of actions taken by its Office of Foreign Assets Control (OFAC):

• The sanctioning of Mohammad Hamdan Daglo Mousa (Hemedti), the leader of Sudan’s Rapid Support Forces (RSF), and seven companies and one individual linked to the RSF.
• The sanctioning of Antal Rogan, a senior Hungarian government official, for his involvement in corruption in Hungary. He was designated under the authority of Executive Order 13818, which builds upon and implements the Global Magnitsky Human Rights Accountability Act.

For more information on the designated individuals and entities, see yesterday's BankersOnline OFAC Update.

The CFPB has published a final rule making inflation adjustments to civil money penalty limits within its jurisdiction at 90 CFR 1355 in this morning's Federal Register. The rule, which will become effective January 15, 2025, amends the CFPB's regulation at 12 C.F.R. part 1083.

The multiplier for the 2025 annual adjustment is 1.02598, as determined by the Office of Management and Budget. For example, the maximum Consumer Financial Protection Act Tier 3 penalty for knowingly violating a federal consumer financial law will increase to $1,443,275 for each day the violation continues.

Yesterday, OFAC issued Syria General License 24 to expand authorizations for activities and transactions in Syria following the end of Bashar al-Assad's oppressive regime on December 8, 2024. This action underscores the United States’ commitment to ensuring that U.S. sanctions do not impede activities to meet basic human needs, including the provision of public services or humanitarian assistance. This authorization is for six months, as the U.S. government continues to monitor the evolving situation on the ground.

For a link to the new General License and related new and revised FAQs, see yesterday's BankersOnline OFAC Update.

• U.S. Treasury Department press release

The Federal Trade Commission has reported it will require software provider accessiBe to pay $1 million to settle allegations that it misrepresented the ability of its AI-powered web accessibility tool to make any website compliant with the Web Content Accessibility Guidelines (WCAG) for people with disabilities.

New York-based accessiBe Inc. and accessiBe Ltd. (accessiBe) market and sell a web accessibility software plug-in called accessWidget that the company has said can make any website compliant with WCAG, a comprehensive set of technical criteria used to assess website accessibility. The company made the claims on its website, on social media, and in articles on third-party websites formatted to look like impartial and objective reviews.

According to the FTC's complaint, despite the company’s claims, accessWidget did not make all user websites WCAG-compliant and these claims were therefore false, misleading, or unsubstantiated, in violation of the FTC Act. In addition, the complaint alleges that accessiBe deceptively formatted third-party articles and reviews to appear as if they were independent opinions by impartial authors and failed to disclose the company’s material connections to the supposedly objective reviewers.

• Proposed consent order
• Request for public comment on proposed consent order (published today)

The Treasury Department has reported that OFAC has sanctioned Integrity Technology Group, Incorporated, a Beijing-based cybersecurity company, for its role in multiple computer intrusion incidents against U.S. victims. These incidents have been publicly attributed to Flax Typhoon, a Chinese malicious state-sponsored cyber group that has been active since at least 2021, often targeting organizations within U.S. critical infrastructure sectors.

Chinese malicious cyber actors continue to be one of the most active and most persistent threats to U.S. national security, as highlighted in the most recent Office of the Director of National Intelligence Annual Threat Assessment. These actors continue to target U.S. government systems as part of their efforts, including the recent targeting of Treasury’s own IT infrastructure.

For identification information on Integrity Technology, see the January 3, 2025, BankersOnline OFAC Update.