Top Regulatory Issues
Against a competitive field, only 8% selected regulatory change as the issue most likely to affect the financial industry. Nevertheless, 2024 is poised to be a hot regulatory year, with more than eight in 10 bankers concerned about all regulatory issues evaluated.
Consistent with reported interest in AI and Fraud, financial crimes compliance took the largest share of the votes as either concerning or very concerning. It was followed closely by building a financial services ecosystem, including open banking and third-party risk management. Cybersecurity compliance, though not the highest cybersecurity concern, took third highest regulatory concern.
Financial Crimes Compliance
Building a Financial Services Ecosystem
Cybersecurity Compliance
Monetizing Data
Cloud-Based Banking Technologies
Community Reinvestment Act (CRA)
Cryptocurrencies
UDAAP
Financial Crimes Compliance
(AI, Analytics, Fraud Detection, BSA/AML Modernization)
Concerned or Very Concerned
Intensified focus on financial crimes compliance stems in part from new FinCEN rules and regulations. This is especially evident with the implementation of Geographic Targeting Orders (GTOs), representing a more targeted approach to combating financial crimes in regions experiencing human rights violations.24 Navigating these complex waters for fraud detection has become increasingly challenging.
The adoption of P2P and instant payment transactions compounds the challenge, as it increases potential for abuse. Fraud prevention is crucial in this context, as fraud often serves as the precursor to AML activities. To that end, there is a growing focus on developing and deploying new anti-fraud and AML software, with expectations from regulatory authorities.
Additionally, the rollout of Beneficial Ownership Information (BOI) from FinCEN, a BSA/AML Modernization component, is ongoing, with expectations of additional rules emerging in the coming year. These reporting requirements include identifying information for individuals who directly or indirectly own or control a company, making it more difficult for bad actors.
Very Concerned
Somewhat Concerned
Not Very Concerned
Not at all Concerned
Building a Financial Services Ecosystem
(Fintech/Big Tech Partnerships, Third-Party Risk Management, Open Banking)
Concerned or Very Concerned
Creating a financial services ecosystem includes developments in open banking and BaaS, wherein data is shared between multiple entities. While the field is rife with opportunity, vendor management must be handled carefully.
Technology providers that enable open banking carry a great deal of responsibility in maintaining security and overseeing the flow of information between banks and technology partners. However, the onus of due diligence and risk management falls squarely on financial institutions. As open banking continues to become the norm, banks must ensure that the partner company adheres to regulations, refrains from misusing information and avoids using it for resale purposes.
Very Concerned
Somewhat Concerned
Not Very Concerned
Not at all Concerned
Cybersecurity Compliance
Concerned or Very Concerned
In addition to reputational and financial dangers, the persistent threat of hackers and other malicious actors is a constant concern for bankers. Fraud and money laundering activities are frequently rooted in cybersecurity breaches by phishing or other means to seize control of accounts and similar assets.
As mentioned, institutions must carefully weigh their cybersecurity investments with their overall risk profile, risk appetite and business objectives. Guidance from the FFIEC, such as the AIO booklet, can help determine investments in preventative measures like ransomware self-assessment tools, cyber insurance and multi-factor authentication.
Very Concerned
Somewhat Concerned
Not Very Concerned
Not at all Concerned
Monetizing Data
(Product and Service Optimization)
Concerned or Very Concerned
Data monetization can take many forms, like targeted advertising and marketing or offering anonymized data to third-party businesses or researchers. Banks must tread carefully on this front and strike a delicate balance in utilizing such information. Numerous regulations from various agencies dictate how data can be employed, be it for creating new products and services or even engaging in the resale of data. Carefully adhering to these privacy regulations and the personal preferences of an institution’s customer base will help maintain compliance and trust.
Very Concerned
Somewhat Concerned
Not Very Concerned
Not at all Concerned
Cloud-Based Banking Technologies
Concerned or Very Concerned
Gartner predicts that 85% of organizations will embrace a cloud-first approach by 2025 for its efficiency gains and security.25 So, as with open banking, it’s wise to monitor the anticipated regulatory focus on ensuring cybersecurity compliance and adherence to risk management procedures in information flow between banks and technology providers.
For instance, a recent FFIEC joint statement encourages financial institutions to engage in effective risk management around cloud computing and to understand “shared responsibilities between cloud service providers and their financial institution clients.”26
Very Concerned
Somewhat Concerned
Not Very Concerned
Not at all Concerned
Community Reinvestment Act
Concerned or Very Concerned
In October 2023, regulatory agencies issued a final rule to modernize the Community Reinvestment Act (CRA).27 Updates include encouraging banks to expand banking services access in low- and moderate-income neighborhoods, adapting to technological advancements and tailoring CRA evaluations and data collection by bank demographics. Most requirements become applicable by 2026, so bank focus will shift in the coming months to ensure sufficient information for CRA reporting.
Very Concerned
Somewhat Concerned
Not Very Concerned
Not at all Concerned
Cryptocurrencies
Concerned or Very Concerned
Crypto had a rocky 2022, causing industry news about banks’ involvement with digital assets to become more muted throughout 2023. However, some cryptocurrencies have steadily recovered, and prices are rising again. Meanwhile, the nation has seen continued headlines about crypto-enabled financial crime, the collapse of crypto firm FTX, and subsequent revelations of fraudulent practices.
So, the field remains a profoundly polarizing topic, as nearly half (49%) of respondents were “very concerned” about cryptocurrencies, a higher proportion than any other issue tested.
Compared to an average concern of 61% in last year’s survey, this year’s survey also signals increased concern about digital assets, including cryptocurrencies. Whether digital assets like Bitcoin become classified as a fiat currency, security or other classification, the industry must keep an eye on guardrails from the OCC and other entities, especially those institutions interested in becoming nodes for Distributed Ledger Technology (DLT).
Very Concerned
Somewhat Concerned
Not Very Concerned
Not at all Concerned
UDAAP
(Fair Lending, Overdraft, Junk Fees)
Concerned or Very Concerned
The FDIC and CFPB have placed a strong focus on Unfair, Deceptive, or Abusive Acts or Practices (UDAAP), particularly addressing Non-Sufficient Funds (NSF) fees and the CFPB’s concerns about “junk fees,” such as return deposit item fees. Continuing a trend from 2023’s survey, bankers also expressed a high concern around UDAAP topics like discrimination and fair lending (a hurdle for applying AI for processes like credit underwriting).
Very Concerned
Somewhat Concerned
Not Very Concerned
Not at all Concerned
Expert Insight
Fraud and money laundering techniques constantly evolve, and industry professionals face real challenges to stay ahead of them. New technologies exacerbate the problem, with growing threats like synthetic IDs and even the incorporation of AI to deceive consumers and business leaders. However, new technologies can also help teams differentiate between legitimate and illegitimate funds.
As previously mentioned, the focus on AI in fighting financial crime is partly driven by the AML Modernization Act of 2020, which mandates the adoption of AI to identify relationships between fraud and money laundering and reveal nefarious connections that are difficult to detect. Although some industry professionals are wary that these new technologies could undermine physical compliance professionals, many who deploy AI-enabled anti-fraud and AML tools do so to assist their existing staff in detecting and preventing threats faster and with more confidence.
