Top Story Technology Related

FRBServices has announced the expansion of FedDetect Duplicate Notification for Check Services to include commercial checks, alongside its existing Treasury check notification service. Financial institutions can now see deposit information and images of potential duplicate items for commercial checks, supplementing their existing check fraud mitigation tools.

“Commercial checks remain a critically important form of payment, but they’re also vulnerable to fraud,” said Shonda Clay, FRFS executive vice president and chief of product and relationship management. “With the expansion of our FedDetect service, we are providing financial institutions of all sizes another powerful tool in their risk mitigation toolkit. Even better, we are now offering this service at no cost as part of our commitment to supporting depository institutions in the collective, industry-wide mission to combat fraud.”

The FedDetect service helps financial institutions mitigate loss of funds due to fraud or deposit capture errors by sending notices of potential duplicate Treasury or commercial checks across multiple payment channels and financial institutions.

The Financial Stability Board, an international organization that coordinates the work of national financial authorities and international standard-setting bodies and develops and promotes the implementation of effective regulatory, supervisory, and other financial sector policies in the interest of financial stability, has issued a report, "The Financial Stability Implications of Artificial Intelligence," which outlines recent developments in the adoption of artificial intelligence (AI) in finance and their potential implications for financial stability.

The FSB stated that widespread adoption and more diverse use cases of AI have prompted the FSB to revisit its 2017 report on AI and machine learning in financial services. Financial firms currently use AI mainly to enhance internal operations and improve regulatory compliance, but generative AI (GenAI) and large language models have given rise to new use cases, such as document summation, information retrieval, and code generation. While many financial institutions appear to be taking a cautious approach to using GenAI, interest remains high and the technology’s accessibility could facilitate more rapid integration in financial services.

The report notes that—

• The rapid adoption of AI offers several benefits but may also amplify certain financial sector vulnerabilities, such as third-party dependencies, market correlations, cyber risk and model risk, potentially increasing systemic risk.
• While existing financial policy frameworks address many of the vulnerabilities associated with use of AI by financial institutions, more work may be needed to ensure that these frameworks are sufficiently comprehensive.
• Financial authorities should enhance monitoring of AI developments, assess whether financial policy frameworks are adequate, and enhance their regulatory and supervisory capabilities including by using AI-powered tools.

FinCEN has issued FIN-2024-Alert004 to help financial institutions identify fraud schemes associated with the use of deepfake media created with generative artificial intelligence (GenAI) tools. The alert explains typologies associated with these schemes, provides red flag indicators to assist with identifying and reporting related suspicious activity, and reminds financial institutions of their reporting requirements under the Bank Secrecy Act (BSA). This alert is also part of the U.S. Department of the Treasury’s broader effort to provide financial institutions with information on the opportunities and challenges that may arise from the use of AI.

The CFPB has released a report, "State Consumer Privacy Laws and the Monetization of Consumer Financial Data," summarizing state laws that give consumers more control over their data, how these rights complement the protections under federal law, and the gaps in protection that result from state law exemptions for financial institutions subject to the Gramm-Leach-Bliley Act (GLBA) or the Fair Credit Reporting Act (FCRA).

The CFPB suggests that state policymakers should assess gaps in their state data privacy laws, and consider the importance of ensuring that their citizens are protected in instances where federal law currently has gaps or may be ineffective.

The FTC has reported it has charged Sitejabber, a company offering an AI-enabled consumer review platform, deceived consumers by misrepresenting that ratings and reviews it published came from customers who experienced the reviewed product or service, artificially inflating average ratings and review counts.

Under a proposed order settling the agency’s complaint, Sitejabber will be prohibited from making such misrepresentations in the future and from making other misrepresentations about consumer ratings or reviews.

According to the FTC’s complaint, GGL Projects, Inc., which does business as Sitejabber, collected ratings and reviews for its online business clients from consumers at the time of purchase, before they received or had the chance to experience the products or services they bought. For example, after online customers checked out, they were asked to “rate your overall shopping experience so far” on a 5-star scale and then to “type a quick message about your shopping experience so far.” Sitejabber allegedly used these point-of-sale ratings and reviews to deceptively inflate the average ratings and review counts of its clients on the company’s review platform, claiming that the ratings “indicat[e] that most customers are generally satisfied with their purchases.”

1/3/2025 UPDATE: The FTC has reported it has approved a final consent order against Sitejabber. The order prohibits GGL Projects, Inc., d/b/a Sitejabber from making, or assisting anyone else in making, misrepresentations about any ratings, average ratings, or reviews it collects, moderates, or displays.

The FDIC has announced it will introduce a new online tool to help financial institutions, investors, and other interested groups to identify neighborhoods that could benefit from banking services. The FDIC’s new Minority Banking Opportunity Explorer will be presented at a meeting of the agency’s Minority Depository Institutions (MDI) Subcommittee to the Advisory Committee on Community Banking today.

This new tool supports FDIC’s statutory mission to promote and encourage the creation of new minority depository institutions by assisting financial institution organizing groups with exploring potential business opportunities in areas that may meet the "community served" part of an MDI designation. The tool can also support existing MDIs’ growth by identifying new branch locations or advertising opportunities.

The FBI, the Treasury Department, and the Israel National Cyber Directorate have issued a Cybersecurity Advisory (CSA) to warn network defenders of new cyber tradecraft of the Iranian cyber group Emennet Pasargad, which has been operating under the company name Aria Sepehr Ayandehsazan (ASA) and is known by the private sector terms Cotton Sandstorm, Marnanbridge, and Haywire Kitten.

The group exhibited new tradecraft in its efforts to conduct cyberenabled information operations into mid-2024 using a myriad of cover personas, including multiple cyber operations that occurred during and targeting the 2024 Summer Olympics – including the compromise of a French commercial dynamic display provider. ASA has also undertaken a project to harvest content from IP cameras and used online resources related to Artificial Intelligence. Since 2023, the group has exhibited new tradecraft including the use of fictitious hosting resellers to provision operational server infrastructure to its own actors as well as to an actor in Lebanon involved in website hosting. Recently released reporting from Microsoft indicates this group has demonstrated interest in election-related websites and media outlets, suggesting preparations for future influence operations.

The CSA provides the threat group’s tactics, techniques, and procedures (TTPs), including its leveraging of online resources related to Artificial Intelligence, and indicators of compromise (IOCs). The CSA also highlights similar activity from a previous FBI advisory that was published on 20 October 2022. This new advisory’s information and guidance are derived from FBI investigative activity and technical analysis of this group’s intrusion activity against U.S. and foreign organizations and engagements with numerous entities impacted by this malicious activity.

The authoring agencies recommend all organizations follow guidance provided in the Mitigations section to defend against the Iranian cyber group’s activities.

The CFPB yesterday announced action against VyStar Credit Union for harming consumers through its botched rollout of a new online banking system. In May 2022, VyStar transitioned to a new, dysfunctional online banking platform that made it difficult for credit union members to perform basic banking functions for weeks, with some features unavailable for more than six months. Families incurred fees and costs as a result of these problems. The CFPB is ordering VyStar to ensure that all consumers are made whole. VyStar must also pay a $1.5 million civil penalty to the CFPB’s victims relief fund.

VyStar, formerly known as JAX Navy Federal Credit Union, is a Florida state-chartered credit union headquartered in Jacksonville with 70 branches in Florida and 10 branches in Georgia. VyStar is one of the largest credit unions in the country, with approximately $14.75 billion in total assets and over 980,000 members. In May 2022, VyStar attempted to launch a new virtual banking platform. VyStar anticipated banking services would be inaccessible for several days during the transition to the new platform, but it turned out to be much longer. The new system crashed upon launch because VyStar brought it online prematurely and failed to establish or follow critical processes to ensure its success. The platform was taken offline soon after launch. Upon bringing the system back online, the new platform lacked key banking services, some of which were not restored for months.

For further details, see “VyStar CU pays $1.5M for botched systems upgrades” in BankersOnline’s Penalties pages.

• NCUA Chairman Harper and Board Member Otsuka Statements on CFPB's VyStar Credit Union action

The Treasury Department has announced the release of the National Strategy for Financial Inclusion in the United States, which identifies objectives and recommendations for policymakers, industry, employers, and community organizations to advance consumer access to safe financial products and services and strengthen financial security. The Strategy was requested in 2023 by Congress and has been informed by Treasury’s research and engagement with experts, community leaders, industry representatives, and other federal agencies, including public input through a Request for Information.

Objectives and key recommendations of the Strategy include:

• Promote access to transaction accounts that meet consumer needs
• Increase access to safe and affordable credit
• Expand equitable access to savings and investments
• Improve the inclusivity of financial products and services provided or backed by the government
• Foster trust in the financial system by protecting consumers from illegal and predatory practices

Treasury invited all stakeholders to engage with this Strategy, to innovate, and to collaborate in creating a more inclusive financial landscape.

• Fact Sheet on the report and recommendations

The CFPB has issued Consumer Financial Protection Circular 2024-06, "Background Dossiers and Algorithmic Scores for Hiring, Promotion, and Other Employment Decisions," presenting the question: "Can an employer make employment decisions utilizing background dossiers, algorithmic scores, and other third-party consumer reports about workers without adhering to the Fair Credit Reporting Act (FCRA)?"

The guidance warns that companies using third-party consumer reports — including background dossiers and surveillance-based, “black box” AI or algorithmic scores about their workers — must follow FCRA rules. This means employers must obtain worker consent, provide transparency about data used in adverse decisions, and allow workers to dispute inaccurate information.

PUBLICATION INFO: Published 11/12/2024 at 89 FR 88875. The circular was released by the CFPB on its website on 10/24/2024.