Top Story Technology Related

The Treasury Department on Tuesday reported OFAC sanctions actions.

• A Russian judge was sanctioned for her role in the arbitrary detention of Moscow city councilor and human rights defender Alexei Gorinov. The judge was designated under the authority of Executive Order 13818, which builds upon and implements the Global Magnitsky Human Rights Accountability Act and targets perpetrators of serious human rights abuse and corruption.
• OFAC also designated a subordinate organization of Iran’s Islamic Revolutionary Guard Corps (IRGC), and a Moscow-based affiliate organization of the Russian Main Intelligence Directorate (GRU) and its director under the authority of Executive Order 13848 (U.S. election interference). As affiliates of the IRGC and GRU, these actors aimed to stoke socio-political tensions and influence the U.S. electorate during the 2024 U.S. election.

For the names and identification information of the designated parties, see Tuesday's BankersOnline OFAC Update.

The Department of the Treasury has released a report following its 2024 Request for Information (RFI) on the Uses, Opportunities, and Risks of Artificial Intelligence (AI) in Financial Services, which summarizes key themes from respondent feedback and recommends several next steps.

The report highlights increasing AI use throughout the financial sector and underscores the potential for AI – including Generative AI – to broaden opportunities while amplifying certain risks, such as risks related to data privacy, bias, and third-party providers. The report builds on Treasury’s work on AI-related cybersecurity risks in the financial sector, including its March 2024 report.

The CFPB has announced it has brought suit against the operator of Zelle and three of the country's largest banks for failing to protect consumers from widespread fraud on America’s most widely available peer-to-peer payment network.

In its Complaint filed with the U.S. District Court for the District of Arizona, the CFPB alleges that Early Warning Services, LLC, which operates Zelle, along with three of its owner banks—Bank of America, JPMorgan Chase, and Wells Fargo—rushed the network to market to compete against growing payment apps such as Venmo and CashApp, without implementing effective consumer safeguards. Customers of the three banks named in today’s lawsuit have lost more than $870 million over the network’s seven-year existence due to these failures. The CFPB’s lawsuit describes how hundreds of thousands of consumers filed fraud complaints and were largely denied assistance, with some being told to contact the fraudsters directly to recover their money. Bank of America, JPMorgan Chase, and Wells Fargo also allegedly failed to properly investigate complaints or provide consumers with legally required reimbursement for fraud and errors. The CFPB is seeking to stop the alleged unlawful practices, secure redress and penalties, and obtain other relief.

Early Warning Services, LLC is a financial technology and consumer reporting company based in Scottsdale, Arizona. Early Warning Services designed and operates the Zelle network. It is co-owned by seven of the largest banks in the United States: Bank of America, Capital One, JPMorgan Chase, PNC Bank, Truist, U.S. Bank, and Wells Fargo.

Zelle allows near-instant electronic money transfers through linked email addresses or U.S.-based mobile phone numbers, known as “tokens.” Users can create multiple tokens across different banks and quickly reassign them between institutions, a feature that the CFPB alleges has left consumers vulnerable to fraud schemes. The CFPB alleges that Bank of America, JPMorgan Chase, Wells Fargo, and Early Warning Services violated federal law through critical failures including leaving the door open to scammers, allowing repeat offenders to hop between banks, ignoring red flags that could prevent fraud, and abandoning consumers after fraud occurred.

• Press Call Remarks of CFPB Director Rohit Chopra

The Office of the Comptroller of the Currency yesterday announced it had issued a comprehensive cease-and-desist order against USAA Federal Savings Bank to require the bank to correct a range of deficiencies. This order replaces prior cease-and-desist orders issued against the bank in 2019 and 2022.

The OCC reported it took this action based on unsafe or unsound practices relating to management, earnings, information technology, consumer compliance, and internal audit and suspicious activity reporting violations. The bank also was not in compliance with OCC’s Heightened Standards requirements for large banks detailed at 12 CFR Part 30, Appendix D.

The order incorporates articles from the 2019 and 2022 orders that remain in noncompliance and requires the bank to take comprehensive corrective actions to enhance its risk governance, compliance risk management, information technology management, fraud risk management, and third-party, affiliate, and shared services risk management. The order also imposes limitations on the bank’s ability to add certain new products and services, as well as expanding its membership criteria.

The Office of the Comptroller of the Currency has reported the key issues facing the federal banking system in its Semiannual Risk Perspective for Fall 2024.

The OCC highlighted credit, operational, compliance, and market risks, as the key risk themes in the report. Highlights from the report include:

• Commercial credit risk remains moderate and shows signs of stabilizing as risks are better identified, monitored, and controlled.
• Overall retail credit risk is stable. Delinquency and loss rates on residential real estate-secured loans held by banks remain historically low but are increasing. Delinquencies in other retail asset classes, namely credit cards and auto loans, reflect an increasing trend.
• Operational risk is elevated. Banks continue to respond to an evolving and increasingly complex operating environment. Evolving cyber threats by sophisticated malicious actors target the financial services industry and their key service providers.
• From a compliance risk perspective, banks continue to operate in a dynamic banking environment as customers’ needs and preferences related to products, services, and delivery channels evolve.
• Community Reinvestment Act (CRA) related risks remain stable as the OCC continues to assess banks’ CRA performance under the 1995/2021 regulatory framework.
• Regarding market risk, banks net interest margin (NIM) performance has varied across bank asset sizes.

A special topic in the report focuses on the increasing trend in external fraud activity targeting consumers and the federal banking system. The frequency of both traditional and novel, more sophisticated fraud activities targeting customers and banks continues to increase. Banks should maintain sound fraud risk management practices through prudent controls and appropriate fraud monitoring capabilities to identify, investigate, mitigate, and report fraudulent activity. Banks can also support their customers by providing educational information about trending fraud activities and ways to protect themselves.

The Treasury Department's Office of Foreign Assets Control (OFAC) has announced a $257,690 settlement with C.H. Robinson International Inc. (CHR). CHR agreed to settle its potential civil liability for 82 apparent violations by five of its non-U.S. subsidiaries, which provided freight brokerage or transportation services for shipments in apparent violation of OFAC sanctions on Cuba and Iran. The settlement amount reflects OFAC's determination that the apparent violations were voluntarily self-disclosed and were not egregious.

CHR is a Minnesota-based global transportation and logistics company. Following a series of overseas acquisitions by CHR of freight and logistics firms, between November 2018 and February 2022 five of CHR’s foreign subsidiaries provided freight brokerage or transportation services for 82 shipments, to or from Iran (in two instances), of Iranian- or Cuban-origin goods, or by dealing with an Iranian airline. The vast majority of the apparent violations appear to have occurred because the subsidiaries’ brokerage management systems had not yet been incorporated into CHR’s system or otherwise updated to include the latest sanctions compliance controls and did not screen for potentially violative transactions.

Further details can be found in OFAC's Enforcement Release.

The Financial Stability Board (FSB) published today its finalized recommendations to promote greater alignment in data frameworks related to cross-border payments and consistency in the regulation and supervision of bank and non-bank payment service providers.

These recommendations advance key actions from the G20 Roadmap to address legal, supervisory, and regulatory issues in cross-border payments. As part of these efforts and to enhance private sector engagement, the FSB is inviting market stakeholders in cross-border payments to join its Taskforce on Legal, Regulatory, and Supervisory matters (LRS Taskforce).

• Press release

The OCC, Federal Reserve Board, and FDIC this morning published [89 FR 99751] a request for comments to inform their review under the Economic Growth and Regulatory Paperwork Reduction Act of 1996 (EGRPRA) of agency regulations to identify outdated or otherwise unnecessary regulatory requirements on insured depository institutions and their holding companies.

This is the third of four such requests for comment on multiple categories of regulations. Today's request seeks comment on regulations in the categories of Rules of Procedure; Safety and Soundness; and Securities. Written comments will be accepted through March 11, 2025.

The Department of the Treasury has reported that the EU-U.S. Joint Financial Regulatory Forum took place December 4–5, 2024, with participants exchanging views on topics of mutual interest as part of their regular financial regulatory dialogue. The dialogue was co-chaired by the U.S. Department of the Treasury and the European Commission.

The Forum emphasized close, ongoing U.S. and EU cooperation in a range of areas and focused on seven themes: (1) market developments and financial stability; (2) operational resilience and digital finance; (3) the sharing and financial reporting of financial data; (4) anti-money laundering and countering the financing of terrorism (AML/CFT); (5) sustainable finance; (6) banking and insurance; and (7) capital markets.

The Treasury Department has reported that OFAC has sanctioned cybersecurity company Sichuan Silence Information Technology Company, Limited, and one of its employees, Guan Tianfeng, both based in the People’s Republic of China, for their roles in the April 2020 compromise of tens of thousands of firewalls worldwide. Many of the victims were U.S. critical infrastructure companies.

For identification information on Sichuan Silence and Guan, see yesterday's BankersOnline OFAC Update.