Top Story Security Related

The U.S. Treasury Department has reported that OFAC has taken action against seven high-ranking members of Ansarallah, commonly known as the Houthis. These individuals have smuggled military-grade items and weapon systems into Houthi-controlled areas of Yemen and also negotiated Houthi weapons procurements from Russia. OFAC is also designating one Houthi-affiliated operative and his company that have recruited Yemeni civilians to fight on behalf of Russia in Ukraine and generated revenue to support the Houthis’ militant operations.

Treasury also reported that OFAC has designated Zhou Shuai, a Shanghai-based malicious cyber actor and data broker, and his company, Shanghai Heiying Information Technology Company, Limited. In collaboration with another malicious cyber actor, U.S.-sanctioned Yin Kecheng, Zhou Shuai illegally acquired, brokered, and sold data from highly sensitive U.S. critical infrastructure networks.

For a link to identification information on the designated parties, see yesterday's BankersOnline OFAC Update.

Yesterday, OFAC reported it has issued Venezuela General License 41A, "Authorizing the Wind Down of Certain Transactions Related to Chevron Corporation's Joint Ventures in Venezuela."

Additionally, OFAC has updated its Specially Designated Nationals and Blocked Persons (SDN) List, designating an Iranian national under its Counter-narcotics sanctions program.

For a link to the Venezuela General License and to information on the Iranian national, see this BankersOnline OFAC update.

The Treasury Department has announced that, with respect to the Corporate Transparency Act, not only will it not enforce any penalties or fines associated with the beneficial ownership information reporting rule under the existing regulatory deadlines, but it will further not enforce any penalties or fines against U.S. citizens or domestic reporting companies or their beneficial owners after the forthcoming rule changes take effect either. The Treasury Department will further be issuing a proposed rulemaking that will narrow the scope of the rule to foreign reporting companies only.

The NCUA has reported that it issued a Consent Order of Prohibition in February 2025 to Kelly Jo Muzzana, a former employee of Altana Federal Credit Union, Billings, Montana, after a finding that she engaged in a prolonged scheme to defraud Altana’s member funds, causing Altana significant financial loss.

The OCC has opened registrations for its upcoming virtual and in-person workshops for board directors and senior management of national community banks and federal savings associations.

The OCC examiner-led workshops provide practical training and guidance to directors and senior management of national community banks and federal savings associations to support the safe and sound operation of community-based financial institutions.

Six workshops are listed. Two virtual sessions are scheduled in March. In-person and virtual sessions are scheduled in cities across the country between April 8 and October 16, 2025.

FinCEN yesterday sent an email to FinCEN Update subscribers providing additional information on its plan for the Corporate Transparency Act Beneficial Ownership Information (BOI) Reporting Rule. [Related press release]

• FinCEN assured businesses subject to the rule that there will be no fines or penalties issued, and no enforcement actions taken against any companies based on any failure to file or update BOI reports by the current deadlines.
• No fines or penalties will be issued, and no enforcement actions will be taken, until a forthcoming interim final rule becomes effective and the new relevant due dates in the interim final rule have passed.
• No later than March 21, 2025, FinCEN intends to issue an interim final rule that extends BOI reporting deadlines, recognizing the need to provide new guidance and clarity as quickly as possible, while ensuring that BOI that is highly useful to important national security, intelligence, and law enforcement activities is reported.
• FinCEN also intends to solicit public comment on potential revisions to existing BOI reporting requirements. FinCEN will consider those comments as part of a notice of proposed rulemaking anticipated to be issued later this year to minimize burden on small businesses while ensuring that BOI is highly useful to important national security, intelligence, and law enforcement activities, as well to determine what, if any, modifications to the deadlines referenced here should be considered.

FinCEN has reported that the Financial Action Task Force (FATF), an intergovernmental body that establishes international standards for anti-money laundering, countering the financing of terrorism, and countering the financing of proliferation of weapons of mass destruction (AML/CFT/CPF), updated its lists of jurisdictions with strategic AML/CFT/CPF deficiencies at the conclusion of its plenary meeting this month. U.S. financial institutions should consider the FATF’s stance toward these jurisdictions when reviewing their obligations and risk-based policies, procedures, and practices.

On February 21, 2025, the FATF added Laos and Nepal to its list of Jurisdictions Under Increased Monitoring and removed the Philippines from that list.

The FATF’s list of High-Risk Jurisdictions Subject to a Call for Action remains the same, with Iran, the Democratic People’s Republic of Korea (DPRK), and Burma subject to calls for action. Specifically, the FATF continues to call on jurisdictions to apply countermeasures on Iran and DPRK. Burma remains subject to the application of enhanced due diligence, but not countermeasures.

The FDIC has issued FIL-2-2025 with steps intended to provide regulatory relief to financial institutions and facilitate recovery in areas of Kentucky affected by severe storms, straight-line winds, flooding, landslides, and mudslides. The affected areas include Breathitt, Clay, Floyd, Harlan, Knott, Lee, Letcher, Martin, Owsley, Perry, and Pike Counties. Additional areas may be added. A current list of designated areas is available at https://www.fema.gov.

The OCC has reported it has identified, isolated, and resolved a security incident involving an administrative account in the OCC email system. A limited number of affected email accounts have been disabled.

The OCC reported the incident to the Cybersecurity and Infrastructure Security Agency, as required. There is no indication of any impact to the financial sector at this time.

Yesterday, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) targeted six entities based in Hong Kong and the People’s Republic of China (PRC) engaged in the procurement of unmanned aerial vehicle (UAV) components on behalf of OFAC-designated Iranian firm Pishtazan Kavosh Gostar Boshra (PKGB) and its subsidiary Narin Sepehr Mobin Isatis (NSMI). These entities operate as front companies and facilitate the purchase and shipment of key components for the benefit of PKGB and NSMI, which serve as key suppliers for Iran’s UAV and ballistic missile programs.

For a link to the names and identification information of the designated parties, see yesterday's BankersOnline OFAC Update.