Newsletter – February 2026

Regulatory Compliance Management

Despite the current deregulation environment, discussed in our September 2025 Newsletter, the need for ensuring robust regulatory management framework in Financial Institutions continues to be important. Keeping track of regulatory priorities, and risks continues to be an ongoing effort at Financial Institutions ensuring that the various risk assessments are up to date and reflect not only regulatory changes, but internal changes that could impact regulatory priorities and risks.

Given the deregulation that is occurring, whereas new guidelines and updates are also being issued, it is necessary to ensure robust regulatory management infrastructure at regulated institutions.

Deregulation

The trend in deregulation, discussed in our September 2025 Newsletter, continues and some key updates from 2025 are as under –

• • In October 2025, the Federal Deposit Insurance Corporation (“FDIC”) and the Office of the Comptroller of the Currency (“OCC”) proposed removal of reputation risk from their supervisory programs[1]. In conjunction with the proposed rule, references to reputation risk were proposed to be removed from regulatory guidance, policy documents, and examination manuals so that examiners will no longer use reputation risk as a basis for supervisory criticism. The Board of Governors of the Federal Reserve System (“FRB”) had removed ‘reputational risk’ as a component of bank examination program earlier in June 2025. In November 2025, FRB issued enhancements in its bank supervision program principles to better align bank examination and ratings to material financial risks, reduce duplication between exams from different supervisors, and streamline the remediation of issues cited by supervisors, etc.[2].
  • Also in October 2025, FDIC, Board of Governors of the Federal Reserve System “FRB”), and the OCC (collectively, ‘agencies’) jointly rescinded[3] the “Principles for Climate-Related Financial Risk Management for Large Financial Institutions”, which was intended for institutions with over $100 billion in total assets. The agencies ‘now’ do not believe that the principles for the management of climate-related financial risk are necessary, and OCC had withdrawn these earlier in 2025.
  • The same month, OCC proposed rulemakings[4] to reduce Regulatory Burden on Community Banks. Key changes include removing fixed examination requirements for community banks and instead tailoring the examination scope and frequency to be consistent with risk-based supervision and clarified its expectations regarding community banks tailoring their model risk management practices commensurate with the bank’s risk exposures, its business activities, and the complexity and extent of its model use.
  • In November 2025, FDIC issued a final rule[5] reducing burden on smaller community banks by amending certain regulatory thresholds, including those related to annual independent audit and reporting requirements. Key changes include increased from $1 billion to $5 billion in total assets for management assessment and external auditor attestation; Part 363 applicability regarding audit increased from $500 million to $1 billion in total assets; and fully independent audit committee requirement raised from banks with $500 million to $1 billion.
  • In November 2025, OCC issued its BSA Examination Procedures for community banks[6]. These reduce burden on the community banks and include provisions for (a) concluding on the BSA program if independent testing is satisfactory, (b) carrying forward conclusions from prior exam on Training and BSA Officer pillars, and (c) emphasizing examiner discretion for limiting testing.

Other Regulatory Updates

1. FinCEN Issues Final Rule Severing Huione Group from the U.S. Financial System

In October, 2025, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) issued a final rule[7] that severs Cambodia-based Huione Group from the U.S. financial system. The Huione Group serves as a critical link for laundering proceeds from the Democratic People’s Republic of Korea and for other transnational criminal organizations in Southeast Asia perpetrating virtual currency investment scams, commonly known as “pig butchering” scams, among others. As a result, financial institutions are prohibited from opening or maintaining correspondent accounts for or on behalf of Huione Group and are required to take reasonable steps to prevent processing transactions for the correspondent account of a foreign banking institution in the United States if such a transaction involves Huione Group. 

2. FDIC and OCC rule on Unsafe or Unsound Practices, Matters Requiring Attention

Also in October 2025, the OCC and FDIC issued a joint notice[8] of proposed rulemaking that, among other things, would define the term “unsafe or unsound practice” for purposes of section 8 of the Federal Deposit Insurance Act. The proposed new ruling would also revise the supervisory framework for the issuance of matters requiring attention (MRAs) and other supervisory communications and is intended to promote greater clarity regarding certain enforcement and supervision standards and ensure bank supervisors prioritize concerns related to material financial risks over those regarding policies, processes, documentation, and other nonfinancial risks. 

3. DFS Guidance on Managing Risks Related to Third-Party Service Providers

The New York State Department of Financial Services (“DFS”) issued guidance[9] on managing risks related to Third-Party Service Providers (“TPSPs”). This guidance, issued in October 2025, is applicable to covered entities of all sizes and is intended to clarify regulatory requirements, recommend industry best practices to mitigate common risks associated with TPSPs. The guidance is intended to assist covered entities in complying with the DFS Part 500 regulation[10] and describes steps that these entities should consider to assess and address cybersecurity risks throughout the lifecycle of a TPSP relationship.

4. NACHA Rule Changes

Key changes to NACHA Operating Rules that are applicable to all financial institutions become effective in phased manner during 2026[11]. On March 20, 2026, the 1^st phase of Fraud Monitoring enhancements would become applicable for all Originating Depository Financial Institutions (“ODFIs”), amongst others. These changes are aimed at reducing the incidence of successful fraud attempts and are aimed at improving the recovery of funds in case fraud occurs. The 2^nd phase, that would become applicable on June 22, 2026, would make these requirements applicable to all, including Receiving Depository Financial Institutions (“RDFIs”), amongst others. Consistent with the aim of reducing frauds and increasing funds recover in successful fraud instances, certain ‘Company Entry Description’ requirements would kick in effective March 20, 2026. Certain other changes related to funds availability to customers at RDFIs and International ACH Transaction (“IAT”) entries definition become effective on September 18, 2026.

5. FRB will be Expanding Operating Days for Two Payment Services

In October 2025, FRB issued a proposal[12] to expand operating days of two large-value payments services, Fedwire Funds Service and the National Settlement Service (NSS), to include Sundays and weekday holidays. This change will not be implemented before 2028 to ensure operational and industry readiness. Moving forward, the Board will monitor demand for a potential further expansion of operating hours to seven days per week. If the Board decides in the future to propose such an expansion, it will seek public comment in a new proposal.

For further guidance or assistance contact us at: info@RGSGlobalAdvisors.com

[1] https://www.occ.treas.gov/news-issuances/news-releases/2025/nr-ia-2025-98a.pdf

[2] https://www.federalreserve.gov/newsevents/pressreleases/files/bcreg20251118a1.pdf

[3] https://www.fdic.gov/federal-register-notice-rescission-principles-climate-related-financial-risk-management-large.pdf

[4] https://www.occ.gov/news-issuances/news-releases/2025/nr-occ-2025-95.html

[5] https://www.fdic.gov/board/federal-register-notice-adjusting-and-indexing-thresholds.pdf

[6] https://www.occ.gov/news-issuances/bulletins/2025/bulletin-2025-37a.pdf

[7] https://home.treasury.gov/news/press-releases/sb0278

[8] https://www.federalregister.gov/documents/2025/10/30/2025-19711/unsafe-or-unsound-practices-matters-requiring-attention

[9] https://www.dfs.ny.gov/industry-guidance/industry-letters/il20251021-guidance-managing-risks-third-party

[10] https://www.dfs.ny.gov/system/files/documents/2023/12/rf23_nycrr_part_500_amend02_20231101.pdf

[11] https://www.nacha.org/content/summary-upcoming-rule-changes

[12] https://www.federalreserve.gov/newsevents/pressreleases/other20251009a.htm