Top Story Security Related

On Friday, the Treasury Department reported actions to fulfill the G7 commitment to reduce Russian revenues from energy, including blocking two major Russian oil producers. These actions also impose sanctions on an unprecedented number of oil-carrying vessels, many of which are part of the “shadow fleet,” opaque traders of Russian oil, Russia-based oilfield service providers, and Russian energy officials. The actions are underpinned by the issuance of a new determination that authorizes sanctions pursuant to Executive Order 14024 against persons operating or having operated in the energy sector of the Russian Federation economy. The Department of State also took steps to reduce Russia’s energy revenues by blocking two active liquefied natural gas projects, a large Russian oil project, and third-country entities supporting Russia’s energy exports. State also designated numerous Russia-based oilfield service providers and senior officials of State Atomic Energy Corporation Rosatom.

Treasury also reported that OFAC has sanctioned eight Venezuelan officials who lead key economic and security agencies enabling Nicolas Maduro’s repression and subversion of democracy in Venezuela. In addition, OFAC sanctioned high-level Venezuelan officials in the military and police who lead entities with roles in carrying out Maduro’s repression and human rights abuses against democratic actors.

For the names and identification information of the designated individuals, entities, and vessels, see this BankersOnline OFAC Update.

The CFPB has announced its recognition of Financial Data Exchange, Inc. (FDX) as a standard-setting body under the CFPB’s Personal Financial Data Rights rule. The order of recognition is the first to be issued under the rule. The Personal Financial Data Rights rule, which was released in October 2024, requires financial institutions, credit card issuers, and other financial providers to unlock an individual’s personal financial data and transfer it to another provider at the consumer’s request for free. The CFPB established a formal application process outlining the qualifications to become a recognized industry standard setting body, which can issue standards that companies can use to help them comply with the CFPB’s rule.

The CFPB's order of recognition, valid for five years, includes conditions, such as:

• A ban on "pay-to-play" and other conflicts of interest
• Mandatory reporting on market adoption
• Transparency and availability of standards

The CFPB also issued updated procedures for how companies can request special regulatory treatment, such as a no-action letter. The procedures seek to increase transparency and reduce favoritism for individual companies.

• Updated Policy Statement on No-Action Letters
• Updated Policy Statement on Compliance Assistance Sandbox Approvals

The OCC has issued a proclamation allowing national banks, federal savings associations, and federal branches and agencies of foreign banks to close offices in areas of California affected by wildfires.

In issuing the proclamation, the OCC expects that only those bank offices directly affected by potentially unsafe conditions will close. Those offices should make every effort to reopen as quickly as possible to address the banking needs of their customers.

• OCC news release, 1/8/2025

The Treasury Department yesterday issued two announcements of actions taken by its Office of Foreign Assets Control (OFAC):

• The sanctioning of Mohammad Hamdan Daglo Mousa (Hemedti), the leader of Sudan’s Rapid Support Forces (RSF), and seven companies and one individual linked to the RSF.
• The sanctioning of Antal Rogan, a senior Hungarian government official, for his involvement in corruption in Hungary. He was designated under the authority of Executive Order 13818, which builds upon and implements the Global Magnitsky Human Rights Accountability Act.

For more information on the designated individuals and entities, see yesterday's BankersOnline OFAC Update.

The CFPB yesterday sent an email reminder that the filing period fro HMDA data collected in 2024 opened on January 1, 2025, and submissions will be considered timely if received on or before Monday, March 3, 2025.

As of January 1, 2025, users logging into the HMDA Platform will need to login via Login.gov, which utilizes multifactor authentication (MFA). Users will no longer have the option to sign in using the existing process. To facilitate this change, a Quick Reference Guide and Frequently Asked Questions have been created to help users establish a Login.gov account. Users may only use business email addresses; accounts associated with a personal email domain will not be accepted.

Yesterday, OFAC issued Syria General License 24 to expand authorizations for activities and transactions in Syria following the end of Bashar al-Assad's oppressive regime on December 8, 2024. This action underscores the United States’ commitment to ensuring that U.S. sanctions do not impede activities to meet basic human needs, including the provision of public services or humanitarian assistance. This authorization is for six months, as the U.S. government continues to monitor the evolving situation on the ground.

For a link to the new General License and related new and revised FAQs, see yesterday's BankersOnline OFAC Update.

• U.S. Treasury Department press release

The Treasury Department has reported that OFAC has sanctioned Integrity Technology Group, Incorporated, a Beijing-based cybersecurity company, for its role in multiple computer intrusion incidents against U.S. victims. These incidents have been publicly attributed to Flax Typhoon, a Chinese malicious state-sponsored cyber group that has been active since at least 2021, often targeting organizations within U.S. critical infrastructure sectors.

Chinese malicious cyber actors continue to be one of the most active and most persistent threats to U.S. national security, as highlighted in the most recent Office of the Director of National Intelligence Annual Threat Assessment. These actors continue to target U.S. government systems as part of their efforts, including the recent targeting of Treasury’s own IT infrastructure.

For identification information on Integrity Technology, see the January 3, 2025, BankersOnline OFAC Update.

The National Credit Union Administration has announced it has permanently prohibited two individuals from participating in the affairs of any federally insured depository institution.

• Demetria Baker, former chief executive officer at Lynchberg Municipal Federal Employees Credit Union (LMFECU), Lynchburg, Virginia, was issued a prohibition order after a finding that she made a series of loans to herself and her son that were in violation of LMEFCU policies for approval, documentation, or underwriting, and that a significant amount of cash was removed from a cash drawer that was only accessible to her.
• Teresa Paulo, a former employee at Southern Pine Credit Union, Valdosta, Georgia, received a notice of prohibition after she was convicted and sentenced for aggravated identity theft and bank fraud resulting from her misconduct at the credit union

OFAC has announced a $22,172 settlement with SkyGeek Logistics, Inc. SkyGeek agreed to settle its potential civil liability for six apparent violations of OFAC sanctions related to Russia’s aerospace and technology sectors.

In 2024, SkyGeek attempted two refunds and sent four shipments to two Specially Designated Nationals in the United Arab Emirates sanctioned in connection with these sectors. The settlement amount reflects OFAC's determination that the apparent violations were non-egregious and that certain of its conduct was voluntarily self-disclosed.

Additional details are available in OFAC's enforcement release, which indicates that two of SkyGeek's apparent transaction violations were blocked and reported to OFAC by a financial institution.

The Treasury Department on Tuesday reported OFAC sanctions actions.

• A Russian judge was sanctioned for her role in the arbitrary detention of Moscow city councilor and human rights defender Alexei Gorinov. The judge was designated under the authority of Executive Order 13818, which builds upon and implements the Global Magnitsky Human Rights Accountability Act and targets perpetrators of serious human rights abuse and corruption.
• OFAC also designated a subordinate organization of Iran’s Islamic Revolutionary Guard Corps (IRGC), and a Moscow-based affiliate organization of the Russian Main Intelligence Directorate (GRU) and its director under the authority of Executive Order 13848 (U.S. election interference). As affiliates of the IRGC and GRU, these actors aimed to stoke socio-political tensions and influence the U.S. electorate during the 2024 U.S. election.

For the names and identification information of the designated parties, see Tuesday's BankersOnline OFAC Update.