Top Story Technology Related

The Securities and Exchange Commission reports it is providing extensive guidance and resources to assist filers with upcoming access and account management enhancements to the security of the agency’s Electronic Data Gathering, Analysis, and Retrieval (EDGAR) system. On March 24, a new EDGAR Filer Management dashboard will go live on the SEC’s website, and filers can begin enrolling in “EDGAR Next” by submitting an amended Form ID, which is the application that individuals or companies complete to obtain EDGAR access credentials.

More information about enrollment is available on the EDGAR Next webpage.

On December 13, 2024, the Consumer Financial Protection Bureau (CFPB) published at 89 FR 101402 in the Federal Register a notice of proposed rulemaking (NPRM) requesting comment on the CFPB's "Protecting Americans from Harmful Data Broker Practices" proposal to amend Regulation V, which implements the Fair Credit Reporting Act (FCRA). The proposed rule would implement the FCRA's definitions of consumer report and consumer reporting agency as well as certain of the FCRA's provisions governing when consumer reporting agencies may furnish, and users may obtain, consumer reports. The NPRM provided a comment period that was set to close on March 3, 2025.

The CFPB has this morning published a Federal Register notice [90 FR 11236] extending the comment period to end on April 2, 2025.

The OCC has opened registrations for its upcoming virtual and in-person workshops for board directors and senior management of national community banks and federal savings associations.

The OCC examiner-led workshops provide practical training and guidance to directors and senior management of national community banks and federal savings associations to support the safe and sound operation of community-based financial institutions.

Six workshops are listed. Two virtual sessions are scheduled in March. In-person and virtual sessions are scheduled in cities across the country between April 8 and October 16, 2025.

The Securities and Exchange Commission has announced it has filed a joint stipulation with Coinbase Inc. and Coinbase Global Inc. to dismiss the ongoing civil enforcement action against the two entities.

On January 21, 2025, the Commission announced the formation of the Crypto Task Force, which is dedicated to helping develop a comprehensive and clear regulatory framework for crypto assets. Given the pending work of the Crypto Task Force, the Commission is dismissing this matter.

FinCEN has reported that the Financial Action Task Force (FATF), an intergovernmental body that establishes international standards for anti-money laundering, countering the financing of terrorism, and countering the financing of proliferation of weapons of mass destruction (AML/CFT/CPF), updated its lists of jurisdictions with strategic AML/CFT/CPF deficiencies at the conclusion of its plenary meeting this month. U.S. financial institutions should consider the FATF’s stance toward these jurisdictions when reviewing their obligations and risk-based policies, procedures, and practices.

On February 21, 2025, the FATF added Laos and Nepal to its list of Jurisdictions Under Increased Monitoring and removed the Philippines from that list.

The FATF’s list of High-Risk Jurisdictions Subject to a Call for Action remains the same, with Iran, the Democratic People’s Republic of Korea (DPRK), and Burma subject to calls for action. Specifically, the FATF continues to call on jurisdictions to apply countermeasures on Iran and DPRK. Burma remains subject to the application of enhanced due diligence, but not countermeasures.

The OCC has reported it has identified, isolated, and resolved a security incident involving an administrative account in the OCC email system. A limited number of affected email accounts have been disabled.

The OCC reported the incident to the Cybersecurity and Infrastructure Security Agency, as required. There is no indication of any impact to the financial sector at this time.

The Securities and Exchange Commission has announced its creation of the Cyber and Emerging Technologies Unit (CETU) to focus on combating cyber-related misconduct and to protect retail investors from bad actors in the emerging technologies space. The CETU, led by Laura D’Allaird, replaces the Crypto Assets and Cyber Unit and is comprised of approximately 30 fraud specialists and attorneys across multiple SEC offices.

The CETU will utilize its staff’s substantial fintech and cyber-related experience to combat misconduct as it relates to securities transactions in these priority areas:

• Fraud committed using emerging technologies, such as artificial intelligence and machine learning
• Use of social media, the dark web, or false websites to perpetrate fraud
• Hacking to obtain material nonpublic information
• Takeovers of retail brokerage accounts
• Fraud involving blockchain technology and crypto assets
• Regulated entities’ compliance with cybersecurity rules and regulations
• Public issuer fraudulent disclosure relating to cybersecurity

The fourth 2024 issue of the Federal Reserve's Consumer Compliance Outlook (CCO) is now available on the CCO website. This issue includes articles on:

• The Federal Reserve System’s Top-Issued Fair Lending Matters Requiring Immediate Attention and Matters Requiring Attention
• Top Federal Reserve System Compliance Violations in 2023 Under the Equal Credit Opportunity Act
• Top-Cited Federal Reserve System Compliance Violations in 2023 Under the Truth in Lending Act for the TILA RESPA Integrated Disclosure
• Complex Bank-Fintech Partnerships
• Interagency Statement on Elder Financial Exploitation

The Treasury Department this morning reported that OFAC, Australia’s Department of Foreign Affairs and Trade, and the United Kingdom’s Foreign Commonwealth and Development Office are jointly designating Zservers, a Russia-based bulletproof hosting (BPH) services provider, for its role in supporting LockBit ransomware attacks. LockBit, a Russia-based ransomware group best known for its ransomware variant of the same name, is one of the most deployed ransomware variants and was responsible for the November 2023 attack against the Industrial Commercial Bank of China U.S. broker-dealer. BPH service providers sell access to specialized servers and other computer infrastructure designed to evade detection and defy law enforcement attempts to disrupt these malicious activities. OFAC is also designating two Russian nationals — Alexander Igorevich Mishin and Aleksandr Sergeyevich Bolshakov — who are key administrators of Zservers and have enabled ransomware attacks and other criminal activity.

Click here for more information on the individuals and entities designated or otherwise blocked today.

The Treasury Department has released a letter sent by the Department to members of Congress in response to concerns surrounding the ongoing "DOGE" review of operations of the Bureau of the Fiscal Service by Tom Krause, a "special government employee" of the Treasury Department.