The latest updates in various industries reveal a range of regulatory developments and initiatives. In this article, we’ll cover key highlights, including state-specific AI regulations, FDIC’s amendments on brokered deposits, and evolving standards in internal audit and risk management.
General Industry Updates
2024 State Summary on AI
The 2024 State Summary on AI highlights the significant increase in AI-related legislation across the United States, with nearly 700 bills introduced in 45 states. Colorado led the way by enacting comprehensive legislation to regulate high-risk uses of AI. Meanwhile, other states like California and Tennessee focused on specific issues, such as data provenance and digital replicas.
Despite the surge in legislative activity, there is no consensus on a unified regulatory model, and state policymakers are expected to continue this momentum into 2025. The article emphasizes the need for a consistent and harmonized approach to AI legislation to avoid conflicting regulations.
Unsafe & Unsound Banking Practices: Brokered Deposits Restrictions; Extension of Comment Period
On August 23, 2024, the Federal Deposit Insurance Corporation (FDIC) published a Notice of Proposed Rulemaking (NPR) seeking comments on proposed amendments that would strengthen the important prudential protections of the safety and soundness rules on brokered deposits (12 CFR 337.6 and 12 CFR 303.243) that implement Section 29 of the Federal Deposit Insurance Act (FDI Act).
To provide additional opportunity for the public to prepare comments addressing the matters raised by the NPR, the FDIC is extending the comment period for the brokered deposits-related NPR from October 22, 2024, to November 21, 2024.
The CFPB Has More Power Than You Think
The CFPB Has More Power Than You Think discusses how Director, Rohit Chopra, has effectively utilized the statutory framework to expand the Consumer Financial Protection Bureau’s (CFPB) influence. Chopra has pushed the boundaries of the CFPB’s authority, focusing on aggressive enforcement actions and regulatory oversight.
This approach has led to significant penalties and refunds for consumers, highlighting the CFPB’s robust role in financial regulation. The article underscores the importance of understanding the CFPB’s evolving power dynamics and their implications for financial institutions.
Multi-Billion-Dollar Credit Unions in California & Massachusetts Plan Merger
This article discusses the planned merger between two multi-billion-dollar credit unions – one based in California and the other in Massachusetts. This merger aims to create a stronger financial entity with enhanced resources and capabilities to better serve their members.
The combined institution will benefit from increased operational efficiencies and a broader geographic reach. The merger is expected to be finalized by mid-2025, pending regulatory approval.
How Internal Audit Can Strengthen Governance
The How Internal Audit Can Strengthen Governance article highlights the new Internal Audit Code of Practice released by the Chartered Institute of Internal Auditors, which aims to enhance corporate governance and risk management. The code provides a comprehensive framework for internal audit functions, emphasizing the importance of independent assurance and effective risk management.
It also highlights the role of internal audit in assessing corporate culture and emerging risks, such as environmental sustainability and cybersecurity. By raising internal audit standards, the code seeks to restore trust in corporate governance and contribute to economic stability.
RMAG Originator Essentials
RMAG, Nacha’s Risk Management Advisory Group, has a list of what it calls “the top things we wish Originators knew.” And these risk and compliance experts have now put that list in writing. This two-page PDF is a handy guide which comprises the minimum of what an Originator must know to originate quality automated clearing house (ACH) payments and keep their financial institutions and receivers happy. It’s a complimentary download from Nacha.org.
Upcoming Changes to the Automated Clearing House Rule Book
Risk Management Topics – October 1, 2024
These rule amendments are part of a larger risk management package intended to reduce the incidence of successful fraud attempts and improve the recovery of funds after frauds have occurred:
- Codification of Expanded Use of Return Reason Code R17: Under the new rule, Receiving Depository Financial Institutions (RDFIs) will be allowed, but not required, to use Return Reason Code R17 to return entries they believe to be suspicious or questionable.
The use of R17 remains optional and should be accompanied by the descriptor QUESTIONABLE in the return addenda record when used for this purpose. This rule is designed to enhance the recovery of funds in cases of fraud.
- Expanded Use of ODFI Request for Return/R06: This new rule will allow an Originating Depository Financial Institution (ODFI) to request a return from the RDFI for any reason. Beginning April 1, 2025, RDFIs will be required to respond to the request within 10 banking days.
Financial institutions can use the newly launched “Secure Exchange” feature in the Risk Management Portal to send notifications to comply with the response requirement.
- Additional Funds Availability Exceptions: This rule will give RDFIs an additional exemption from funds availability requirements for credit entries suspected of being originated under false pretenses. This new rule provides an essential tool for RDFIs to delay funds availability when their fraud detection processes flag an entry as questionable.
RDFIs can utilize the newly launched “Secure Exchange” feature in Nacha’s Risk Management Portal to meet the notification requirement to inform ODFIs about the delay of funds.
- Timing of Written Statement of Unauthorized Debit (WSUD): This rule provides RDFIs the ability to obtain a WSUD signed by the Receiver on or after the date the entry is presented, even if the debit has not yet posted to the account.
This amendment is intended to better protect consumers and streamline the process for handling unauthorized debits.
- Requirement for RDFIs to Promptly Return Unauthorized Debits: This rule requires RDFIs to return unauthorized consumer debits within six banking days following the completion of their review of the WSUD. This prompt action is crucial for reducing fraud risks and ensuring a rapid response to unauthorized transactions.
The new rule does not alter the extended return timeframe. Consumer unauthorized/improper debit returns must be transmitted within 60 calendar days of the settlement date.
Fraud Monitoring Phase 1 – March 20, 2026
These rule amendments related to monitoring for fraud become effective on March 20, 2026, and are part of a larger risk management package intended to reduce the incidence of successful fraud attempts and improve the recovery of funds after frauds have occurred.
Company Entry Descriptions – March 20, 2026
These two rule amendments on Company Entry Descriptions become effective on March 20, 2026, and are part of a larger risk management package intended to reduce the incidence of successful fraud attempts and improve the recovery of funds after frauds have occurred.
Fraud Monitoring Phase 2 – June 19, 2026
These rule amendments related to monitoring for fraud become effective on June 19, 2026, and are part of a larger risk management package intended to reduce the incidence of successful fraud attempts and improve the recovery of funds after frauds have occurred.
NOTE: As June 19th is a federal holiday, the practical effective date for these two rules will be the next banking day – Monday, June 22, 2026. All affected parties are encouraged to become compliant with these rules as soon as possible, but no later than June 22, 2026.
To stay informed and ahead of the curve on regulatory developments that could impact your organization, reach out to a member of our team today.
