Author: Andrew Howard

On April 10, 2026, the FDIC issued a new FIL concerning Multiple Re-Presentment NSF fees. This FIL rescinds the prior FDIC communication from June 16, 2023, which had already signaled a possible softer approach from regulators to re-presentment NSF fees as the guidance published in 2023 was a reissuance of an earlier FIL issued in 2022. The guidance issued in 2022 and 2023 coupled with regulatory actions in those timeframes generally viewed multiple NSF fees assessed against single transactions as “junk” fees and if not properly disclosed the assessment of these fees could rise to the level of a violation under Section 5 of the Fair Trade Commission (FTC) Act. Financial Institutions were encouraged to review their practices and disclosures regarding these multiple re-presentment fees and ensure that risk mitigation practices were implemented to reduce consumer harm and potential violations. With the release of the new FIL on April 10th, the FDIC is rescinding its earlier issuances of guidance concerning Multiple Re-presentment NSF Fees. The FDIC, through a review and assessment, has concluded that the previous guidance provided was too broad in nature and caused confusion as to when NSF re-presentment fees could result in potential unfairness concerns under Section 5 of the FTC Act.  
​
Although this guidance has been rescinded, it is recommended that institutions continue to ensure that their practices are clearly disclosed to their customers and the disclosures and/or agreements provided accurately reflect the practices with concerns to Multiple Re-Presentment NSF fees. At this point, we are not aware of any other prudential regulators rescinding related guidance. If your financial institution is considering making any changes with overdraft or NSF practices, please let us know how we can be helpful.   
 
FIL-14-2026
Referenced FIL: FIL-32-2023
Original Guidance: FIL-40-2022

Author: Nicholas Milcarek, CFE, CAMS

On April 15, 2026, FinCEN released updated statistics on the effectiveness of the Rapid Response Program (RRP). Since the beginning of 2025, the program has halted the transfer of $268 million in stolen funds bringing the total to $1.8 billion in funds retrieved. Stolen funds have largely consisted of investment scams, business email compromise, and phone scams. The RRP is a collaboration of various financial intelligence units and law enforcement agencies with a range over 96 jurisdictions. Once the program is activated, FinCEN will issue hold harmless/stop payment orders to the fraudster’s institution in an attempt to claw back the funds.

To activate the program, victims or institutions must file a complaint with law enforcement such as an FBI IC3 or report the activity to the nearest U.S. Secret Service field office.  report on behalf of the victim with information pertaining to the victim, identity of the fraudster (if available, including email addresses, phone numbers, I.P. addresses, etc.), and the nature of the incident. Filings within 72 hours of the fraudulent activity is deemed to be the most effective for funds retrieval. SAR confidentiality still applies within an IC3 report. In terms of SAR filings, banks should follow regular procedures for filing on funds transfer fraud with the addition of referencing reporting to law enforcement in applicable sections and including mention of the RRP in the narrative. Institutions should have adequate policies and procedures for when to file an IC3 report to activate the RRP, the timeliness of filing an IC3 report, and guidelines for adding the information into applicable SARs. See FIN-2022-FCT1 (linked below) for more details on SAR form completion when SARs are filed on cases where the Rapid Response Program was initiated. 

Additional information from the RRP fact sheet and the news release can be found below:
RRPFactSheet.pdf

FinCEN’s Rapid Response Program Interdicts Nearly $2 Billion on Behalf of U.S. Cyber-Enabled Fraud Victims | FinCEN.gov
​
FIN-2022-FCT1

Author: Hunter J. Brown, CAMS

On March 30, 2026, FinCEN issued Advisory FIN-2026-A001 in coordination with the FBI and the U.S. Department of Health and Human Services Office of Inspector General (HHS-OIG), urging financial institutions to sharpen their focus on health care fraud schemes targeting Medicare, Medicaid, and other federal and state health care benefit programs. The advisory is not a new regulatory requirement, but it carries real exam weight and the red flags it outlines have direct implications for how institutions should monitor their health care provider and supplier customer base.

The numbers behind this advisory are hard to ignore. FinCEN observed a 330% increase in health care fraud BSA reporting between 2020 and 2025, peaking at over 3,800 initial SARs in 2025 alone. The Treasury's 2026 National Money Laundering Risk Assessment (which we discussed in our Q1 2026 clients-only BSA/AML/CFT webinar) identifies health care fraud as one of the largest sources of illicit proceeds in the United States, and fraud remains a named AML/CFT National Priority. FinCEN acknowledges that even those record-filing numbers likely represent only a fraction of actual activity.

The schemes described in the advisory generally follow a predictable pattern. Illicit actors (increasingly transnational criminal organizations) use straw owners, stolen physician identities, and shell companies to register as health care providers or suppliers with Medicare and Medicaid programs. They open bank accounts under the appearance of legitimate medical businesses, begin submitting fraudulent claims, and then immediately launder the reimbursements once payment hits the account. Common laundering methods include outgoing wires to shell companies, transfers to virtual asset service providers (VASPs) and online betting platforms, cash withdrawals, and international wire transfers. The billing fraud itself takes several forms: phantom billing for services never rendered, double billing, upcoding, unbundling, and billing for medically unnecessary services.

Most community financial institutions are not banking large DME suppliers or home hospice networks, but the red flags in this advisory are broader than they might initially appear. Any institution banking medical practices, pharmacies, laboratories, adult day care centers, telemedicine companies, or medical supply businesses should take a close look at how those accounts are being monitored.
​
Action Steps for Financial Institutions:

• Review your health care provider and supplier customer base and assess whether those accounts have been appropriately risk-rated given the typologies described in this advisory.
• Incorporate health care fraud indicators into transaction monitoring scenarios, paying particular attention to newly opened or recently purchased health care entities receiving large reimbursements quickly; reimbursements immediately forwarded to related shell companies; high reimbursement volume with little to no corresponding business expenses; spiked billing patterns; and cash withdrawals correlated with billing increases.
• Familiarize your compliance team with the Medicare Administrative Contractors (MACs) that serve your geographic footprint — MAC payment descriptors may appear in ACH transaction data and can be a useful monitoring trigger.
• When filing applicable SARs, include the key term "HCF-2026-A001" in both SAR Field 2 (Filing Institution Note to FinCEN) and the narrative, and select SAR Field 34(g) — Healthcare/Public or Private Health Insurance — along with Fields 36 and 38 as applicable.
• Where straw owner activity is suspected, FinCEN specifically encourages institutions to include surveillance footage as supporting documentation for the SAR filings. This would be provided if law enforcement requested it and should be noted in the narrative.
• Ensure your CDD and EDD program adequately addresses health care providers and suppliers as a customer segment, including expected transaction activity and triggers for enhanced review.
• Consider whether your institution's 314(b) information sharing participation could support investigations involving health care fraud, particularly where multiple institutions may be seeing related activity.

 
For more detailed information, please view the FinCEN press release here: Treasury Targets Fraud Schemes Exploiting Government Health Care Benefits | U.S. Department of the Treasury

Advisory: FinCEN-Advisory-Health-Care-Fraud.pdf

Author: W. Brad Washburn, CRCM, CAMS

On March 13, 2026, the Trump Administration issued Executive Order 14393 (“the order”, titled “Promoting Access to Mortgage Credit,”). The order is a sweeping directive aimed at reducing regulatory burdens in the mortgage market and expanding access to home financing, particularly through community and smaller banks, which are often considered most impacted by the regulatory burden. Per the order, smaller banks are considered those with less than $100 billion assets and community banks are considered those with less than $30 billion assets.

This order signals a material shift in regulatory posture, with a clear emphasis on streamlining compliance requirements, modernizing mortgage processes, and increasing lender participation in residential mortgage lending.
The stated objective is to:

• Reduce compliance costs associated with mortgage origination and servicing.
• Reinvigorate community bank participation in mortgage lending.
• Improve access to credit for creditworthy borrowers, particularly in rural and low-to-moderate income segments.

At its core, the order reflects a policy shift away from highly prescriptive, process-driven compliance toward a more risk-based, outcomes-focused regulatory framework.

Key Regulatory Areas Potentially Affected
The order directs federal financial regulators, including the CFPB, Federal Reserve, FDIC, OCC, and others to review and potentially revise a wide range of mortgage-related regulations.

The following summary highlights key areas and objectives regulators are directed under the order to review and potentially revise regulations, supervisory guidance, or regulatory approach.

Ability-to-Repay (ATR) / Qualified Mortgage (QM) Reform

• Regulators are directed to revisit and possibly revise ATR/QM rules to:  
  • Tailor requirements for smaller banks and expand safe harbors for portfolio lending.
  • Provide potential relief from points-and-fees caps for small-balance loans.
  • Move toward less rigid underwriting compliance expectations, by reducing unnecessarily burdensome elements and greater reliance on prudent lender judgment.

TRID and Disclosure Modernization

• Regulators are directed to revisit and possibly revise TRID rules to:
  • Replace strict TRID disclosure timing requirements with a materiality-based disclosure framework, to reduce closing delays.
  • Tailor TILA/RESPA disclosure obligations for smaller institutions and potentially streamline requirements relative to rate-and-term refinancings.

Modernization of Rescission Processes

• Regulators are directed to revisit and possibly revise Right of Rescission rules to:
  • Modernize the right to rescission for mortgage lending, for example by enabling increased secure electronic and digital forms and processes.
  • Exempt rate-and-term refinances (including cash-out refinances) from rescission rights.

HMDA Reporting Relief

• Regulators are directed to revisit and possibly revise HMDA rules to:
  • Raise the asset threshold to make more institutions exempt from HMDA reporting.
  • Place emphasis on privacy protections in reporting and reducing the costs associated with HMDA compliance.

Capital, Liquidity, and Secondary Market Reforms

• Regulators are directed to revisit and possibly revise capital regulations to:
  • Tailor capital requirements to better reflect actual credit risk of mortgage assets.
  • Modernize and expand Federal Home Loan Bank (FHLB) liquidity programs.
  • Enhance access to longer-term funding tied to mortgage lending.

Appraisal and Valuation Modernization

• Regulators are directed to revisit and possibly revise and modernize appraisal regulations to:
  • Increase use of automated valuation models (AVMs), AI tools, and hybrid appraisals.
  • Reduce appraisal requirements for low-risk transactions, including low-LTV refinancing transactions, and low balance loans, as well as setting clear appraisal timelines.

Servicing, Construction Lending, and Licensing Relief
Prudential regulators are also directed to review and potentially revise regulations and/or update supervisory guidance as necessary to promote:

• Simplification of mortgage servicing requirements through aligning supervisory expectations to support portfolio mortgage servicing as a core community banking function; extending cure-first standards to good-faith servicing errors; simplifying loss mitigation requirements; and provide exemptions from complex mortgage services for smaller banks.
• Revising supervisory guidance both to exclude one-to-four-family residential development and construction lending from commercial real estate concentration guidance and providing support for responsible construction lending by community banks.
• Elimination of duplicative or unnecessary licensing requirements for mortgage loan officers at any smaller bank.

Supervisory and Enforcement Philosophy Shift

The order represents a notable shift toward principles-based supervision but also introduces interpretive uncertainty during the transition period.

• Under the order, regulators are encouraged to:
  • Allow institutions a reasonable opportunity for self-identification and remediation of appropriate compliance matters.
  • Consider good corporate conduct, including a bank's correction of good-faith, technical compliance errors.
  • Limit civil monetary penalties to willful, knowing, or reckless violations.

Conclusions and Key Takeaways
Executive Order 14393 represents one of the most significant recent efforts to restructure the mortgage regulatory environment, with the potential to reshape compliance expectations across origination, servicing, and reporting. While the order states the administration’s broad intentions, we will have to wait until proposed rules are released for comment to have a better understanding of the specific impacts to mortgage compliance and reporting requirements going forward. However, as we have seen with previous mortgage deregulation efforts in the prior Trump administration, any proposed changes to regulations and guidance may be subject to successful legal challenges.

While the order is deregulatory in intent, it does not eliminate compliance risk, it redefines it, placing greater emphasis on judgment, governance, and risk management effectiveness. Strong compliance review and internal monitoring processes will continue to be important as regulatory focus will continue to promote a bank’s correction of good faith technical errors and robust processes for self-identification and remediation of appropriate compliance matters.

We are actively tracking regulatory developments, agency rulemaking, and industry responses related to the order. As implementing guidance becomes available, we will provide timely updates and will be here as a resource to help you adapt.
​
If you have questions or if there are any other ways we can assist you, please contact our team.

Author: Nicholas P. Milcarek, CFE, CAMS

On February 13, 2026, FinCEN issued an order enabling “exceptive relief” to all covered financial institutions specifically under the 2016 CDD rule. Before the order, covered institutions were required to identify Beneficial Owners “at the time a new account is opened” with “new account” being identified as every account being opened at the institution regardless of longevity of the customer relationship. The order now only requires beneficial ownership information to be obtained/updated, “(1) when a legal entity customer first opens an account with a covered financial institution; (2) any time thereafter when the covered financial institution has knowledge of facts that would reasonably call into question the reliability of beneficial ownership information previously obtained about the legal entity customer; and (3) as needed based on a covered financial institution’s risk-based procedures for conducting ongoing customer due diligence.” Potential triggering events include death of an owner, purchase of the entity by an external party, potentially higher risk customer reviews, etc.

What does this mean for your financial institution? Now beneficial ownership requirements will more closely follow the CIP rules and will allow FIs to obtain Beneficial Ownership certificates and identification at initial account opening while subsequent account openings for the same entity will generally only need an updated Beneficial Ownership certification if triggering events happen (see 2 and 3 above).

Your FI will need to determine based on your risk profile if this exceptive relief should be implemented, as this change is not required and is within the FIs discretion. If changes are made, your Board approved policies and procedures will need to be updated and training for applicable staff will need to take place.  If an FI implements the exceptive relief, it may be a good idea to document discussions with the customer about any possible Beneficial Ownership change when additional accounts are opened for the same entity.

Financial institutions must continue to maintain adequate risk-based processes and procedures for complying with Beneficial Ownership requirements. Obtaining and documenting Beneficial Ownership information during the initial account opening process as well as for triggering events on an established relationship are still key aspects for remaining in compliance.
 
Reference for the FinCEN order and news release can be found below:
Order: https://www.fincen.gov/system/files/2026-02/FinCEN-Order-CCDExceptiveRelief.pdf

News Release: https://www.fincen.gov/news/news-releases/fincen-issues-exceptive-relief-streamline-customer-due-diligence-requirements

 Author: James M. Moore, CRCM
 
As we move into 2026, the calendar may have turned, but compliance obligations rarely reset. For those in compliance, a “new year” is less about starting over and more about building on what is already in motion—regulatory expectations, examiner focus areas, and evolving risks that continue to compound over time. The following reminders and updates are intended to help institutions recalibrate, confirm alignment, and address emerging priorities as they head into the year ahead.
 
Deposit Compliance:

• Regulation CC training should have been provided during 2025 and make plans to provide Reg. CC training during 2026.
• Regulation CC hold thresholds remain at $275 (next day) and $6,725 (exception) as of July 1, 2025. By the second business day, Regulation CC requires $550 in total funds availability, though cash withdrawal availability may be limited absent disclosure of a higher amount.
• Consider providing annual privacy training to all employees and directors.
• Ensure annual privacy disclosures will be mailed during 2026 or verify the institution’s exemption status for 2026.   
• Determine the number of remittance transfers under Regulation E from the previous calendar year to ensure the institution has not exceeded the threshold for “normal course of business” of 500 consumer transfers.
• Ensure the ID Theft Program administrator has reported to the Board annually on the status of the ID Theft Program.
• Regulatory agencies have provided guidance extending the implementation timeline for the new Advertisement of Membership rule, with institutions expected to be prepared to comply by January 1, 2027. 

Loan Compliance:

• The 2025 HMDA LAR for all institutions and CRA LAR for large institutions must be submitted by March 2, 2026.
• Check the historic examples for HELOC and ARM application disclosures to ensure the most recent 15 years are used in the examples.
• The CRA Public File should be updated by April 1, 2026.
• Check the accuracy of the affiliated business disclosures to ensure all affiliated businesses are disclosed along with the current range of fees and the current ownership interest of each affiliated business.
• The 2026 HOEPA points and fees test will use the following:
  • 5% of loan amounts of $27,592 or more
  • For a loan amount less than $27,592, the lesser of 8% or $1,380
• The 2026 QM points and fees test will use the following:
  • For a loan amount greater than or equal to $137,958: 3% of the total loan amount
  • For a loan amount greater than or equal to $82,775 but less than $137,958: $4,139
  • For a loan amount greater than or equal to $27,592 but less than $82,775: 5% of the total loan amount
  • For a loan amount greater than or equal to $17,245 but less than $27,592: $1,380
  • For a loan amount less than $17,245: 8% of the total loan amount
• The 2026 General QM threshold will use the following:
• 2.25 or more percentage points for a first lien covered transaction with a loan amount greater than or equal to $137,958
• 3.5 or more percentage points for a first lien covered transaction with a loan amount greater than or equal to $82,775 but less than $137,958
• 6.5 or more percentage points for a first lien covered transaction with a loan amount less than $82,775
• 6.5 or more percentage points for a first lien covered transaction secured by a manufactured home with a loan amount less than $137,958
• 3.5 or more percentage points for a subordinate-lien covered transaction with a loan amount greater than or equal to $82,775 and
• 6.5 or more percentage points for a subordinate-lien covered transaction with a loan amount less than $82,775.
• The 2026 Truth In Lending threshold is $73,400 for loans not secured by real property, not secured by personal property expected to be used as a primary dwelling, and are not private education loans.
• The 2026 “small creditors that operate predominantly in rural or underserved areas” asset threshold is $2.785 billion.
• The 2026 “insured creditor” asset threshold is $12.485 billion.
• The 2026 “small loan” exemption for HPML appraisal rules is $34,200 as of January 1, 2026.
• Until further notice, the safe harbor credit card penalty fee is $30 for the first and $41 for subsequent late fees garnered within the same or next six billing cycles. 
• If the creditor allows borrowers to shop for any required services for TRID loans, it should update (as necessary) the written list provided with the Loan Estimate to identify at least one available provider for each settlement service for which the consumer is permitted to shop. 
• Ensure that employees and Directors have received fair lending and CRA training for 2025.  Training should be planned for 2026.
• Review the CRA asset size thresholds for 2026:
  • CRA asset size thresholds as of December 31, 2025, are under $1.649 billion for small bank (based on both of the last two calendar years), at least $412 million up to $1.649 billion for intermediate small bank (based on either of the two last calendar years), and $1.649 billion and over for large bank (based on both of the last two calendar years).

• As of June 2025, the OCC, FDIC, and FED rescinded the 2023 CRA final rule for it to be replaced with the previous 1995 CRA regulations.
• The HMDA asset size threshold for depository institutions for 2026 is $59 million.
• Ensure a review of 2024 and 2025 transaction data is conducted for 2026 reporting requirements.  In addition to meeting the above HMDA asset threshold:
  • An institution must have in each of the two preceding calendar years, originated at least 25 or more covered closed-end dwelling secured loans to report closed-end loans. 
  • Dwelling secured open-end lines of credit must be reported if a covered institution originated 200 or more covered dwelling secured open-end lines of credit in each of the previous two calendar years. 
• Review HMDA small filer exemption for reduced field reporting criteria for 2026:
  • Originated less than 500 closed-end mortgages in each of the two preceding calendar years and received a “Satisfactory” or better CRA rating.
  • Originated less than 500 open-end mortgages in each of the two preceding calendar years and received a “Satisfactory” or better CRA rating.
• Ensure procedures are in place for performing escrow account analyses and that the financial institution has implemented procedures for providing annual escrow account notices.
• Ensure loan officers completed S.A.F.E. Act license renewal procedures.
• Ensure an annual independent S.A.F.E. Act audit has been performed.
• Ensure lenders who receive compensation based on insurance sales (credit life/disability) complete license renewal procedures.
• Ensure the financial institution has documented whether they meet the definition of a small servicer, and that documentation of the determination is retained for record retention.
• Ensure the financial institution has documented whether they meet the definition of a small creditor, and that documentation of the determination is retained for record retention.
• Review the final list or rural or underserved counties for 2026, calculate rural or underserved status by address on the CFPB’s website for covered loans, and ensure the financial institution has documented whether it qualifies for the rural / underserved TILA exemption by originating at least one covered loan in a rural or underserved area and that documentation of the determination is retained for record retention.

 
BSA Compliance:

• Schedule a Board review and approval of current BSA/AML/CFT and OFAC program policies.
• Update the BSA/AML/CFT and OFAC Risk Assessments.
• Ensure annual training was conducted for all employees during 2025 and is scheduled for 2026.  Furthermore, the Board of Directors should also receive annual BSA training, which should be documented in the Board minutes.
• Annual reviews should be conducted of all CTR exempt customers for suspicious activity and continued eligibility.
• Ensure any annual due diligence is completed for MSBs, MRBs, remote deposit capture, private ATM customers, coin operated amusement customers, etc. in accordance with the financial institution’s BSA/AML/CFT program.
• Review 314(a) contact information transmitted with the call report for accuracy.
• For institutions that voluntarily share information, ensure 314(b) registration is completed annually.
• Consider whether roles, responsibilities, and resource allocation for monitoring and updating the BSA program are adequate and appropriately aligned.
• Review the automated AML system, including its parameters, to assess whether it is appropriately configured to ensure complete and accurate inclusion of all required sanctions and restricted entity lists (e.g., SDN, Consolidated lists, 2313(a), Cuba).

We are looking forward to teaching at the Georgia Bankers Association’s 2026 compliance school! Stewart Thigpen, CPA; Brad Washburn, CRCM, CAMS; and James Moore, CRCM will be teaching at the upcoming school on a variety of topics. The GBA compliance school is a 2-year program and open to out of state bankers. We would love to see you there. Let us know if you have any questions about the school! See below for more information:

​Author: Jeremy T. Clifton, CRCM, CAMS

On October 9, 2025, FinCEN in conjunction with the Joint Agencies, released four new SAR related FAQs. The overall theme of the press release and FAQs is to provide clarification so BSA/AML/CFT and Fraud related employees can better use time and resources to provide law enforcement with highly valuable information via SARs and to de-emphasize SARs that may be less valuable. This all sounds great as many BSA/AML/CFT and Fraud departments are understaffed, overstretched, and running from one fire to another. However, these FAQs seem to provide more confusion than relief as no laws, regulations, or the FFIEC BSA/AML Examination Manual have been changed to correspond to these FAQs. I can foresee that these FAQs will be used to argue against resources, staffing, and wise SAR filing. Please encourage management to read this blog and the FAQs in their entirety as the headlines are deceiving. The opening paragraph of the FAQ even states, “The answers to these FAQs do not alter existing BSA legal or regulatory requirements or establish new supervisory expectations.”  Let’s look at each of the FAQs. We have restated the FAQs below with our commentary provided for each.  
 
Question 1: SAR Filings for Potential Structuring-related Activity
Is a financial institution required to file a SAR for a transaction or a series of transactions with a value at or near the currency transaction reporting (CTR) threshold (i.e., over $10,000) absent information that the transaction or series of transactions is designed to evade BSA reporting requirements?
No. The mere presence of a transaction or series of transactions by or on behalf of the same person at or near the $10,000 CTR threshold is not information sufficient to require the filing of a SAR. Financial institutions are only required to file a SAR if the institution knows, suspects, or has reason to suspect that the transaction or series of transactions are designed to evade CTR reporting requirements. Absent this knowledge, suspicion, or reason to suspect, financial institutions are not required to file a SAR.

A financial institution is required to file a SAR for a transaction conducted or attempted by, at, or through the institution if it involves or aggregates at least $5,000 in funds or other assets and the institution knows, suspects, or has reason to suspect that, among other criteria, the transaction is designed to evade any BSA reporting requirement. This includes transactions designed to evade the requirement that a financial institution file a CTR for one or more transactions in currency by, through, or to the institution, by or on behalf of any person, and that result in either cash in or cash out totaling more than $10,000 during any one business day.

Attempting to evade CTR reporting requirements—known as structuring—may be indicative of underlying illegal activity and is unlawful under the BSA. Under FinCEN’s regulations, structuring is defined as a person, acting alone, or in conjunction with, or on behalf of, other persons, conducting or attempting to conduct one or more transactions in currency, in any amount, at one or more financial institutions, on one or more days, in any manner, for the purpose of evading CTR reporting requirements.  “In any manner” includes, but is not limited to, the breaking down of a single sum of currency exceeding $10,000 into smaller sums, including sums at or below $10,000, or the conduct of a transaction, or series of currency transactions, at or below $10,000.

A financial institution’s AML/CFT program should be designed to detect and report structuring to guard against use of the institution for money laundering and ensure the institution is compliant with the suspicious activity reporting requirements of the BSA. The extent and specific parameters under which a financial institution must monitor accounts and transactions for suspicious activity should be commensurate with the level of money laundering and terrorist financing risk of the specific institution, considering the type of products and services it offers, the locations it serves, and the nature of its customers.
 
Powell & Co. Comments on FAQ 1 SAR Filings for Potential Structuring:
Please do not read FAQ 1 to say your FI should stop filing SARs on structuring, that could result in legal and regulatory issues. What the FAQ seems to be possibly indicating is that super defensive structuring SARs are not what most FIs should be getting bogged down in. The problem with that is the SAR filing thresholds are pretty low; therefore, FIs would be unwise not to investigate possible structuring and there is little incentive to not file.  “Financial institutions are only required to file a SAR if the institution knows, suspects, or has reason to suspect that the transaction or series of transactions are designed to evade CTR reporting requirements. Absent this knowledge, suspicion, or reason to suspect, financial institutions are not required to file a SAR.” It’s easy to “know” if someone is structuring, they often mention it to an employee plainly that they intend to structure transactions to avoid requirements, so a SAR is required assuming thresholds are met. On the other hand, having “reason to suspect” can be quite tricky. We typically recommend a process that includes educating customers that are possibly structuring by providing FinCEN’s Educational Pamphlet on CTR Requirements, having direct discussions about transaction activity at the transaction source (tellers, CSRs, etc.) and having conversions, if needed, by account officers or BSA/AML /CFT staff.  Remember, none of these conversions should affirm or deny the existence of a SAR. Once your staff better understands transaction patterns and the business itself the FI should be better able to determine if a SAR is required. The bad news is that this takes more work to make an informed decision, not less.  
 
Question 2: Continuing Activity Reviews
Is a financial institution required to conduct a review of a customer or account following the filing of a SAR to determine whether suspicious activity has continued?
No. Recognizing the burden that continued SAR filings on the same customer or account place on institutions, FinCEN suggested in October 2000 that institutions file a SAR for repeated and ongoing suspicious activity at least every 90 days. Over time, this suggestion has become interpreted as a requirement or expectation that financial institutions conduct a separate review of a customer or account following the filing of a SAR to determine whether suspicious activity has continued.

A financial institution is not required to conduct a separate review—manual or otherwise—of a customer or account following the filing of a SAR to determine whether suspicious activity has continued. Financial institutions instead may rely on risk-based internal policies, procedures, and controls to monitor and report suspicious activity as appropriate, provided those internal policies, procedures, and controls are reasonably designed to identify and report such activity.
 
Powell & Co. Comments on FAQ 2 Continuing Activity Reviews:
The FAQ notes that FIs would still be expected to reasonably design policies, procedures, and controls to identify ongoing suspicious activity. If the activity continues, your FI still is required to file a SAR assuming applicable thresholds are exceeded (e.g., $0, $5,000.00, $25,000.00, & $5,000.00). If your FI has a smooth process in place with 90-day reviews, I would not fix a process that is not broken.
 
Question 3: Continuing Activity Reviews – Timeline
What is the timeline for a financial institution that elects to file SARs in accordance with FinCEN’s continuing suspicious activity guidance?
As noted in the prior FAQ, FinCEN previously suggested that financial institutions report continuing suspicious activity via a SAR filing at least every 90 days. Subsequent FinCEN guidance advised financial institutions to file SARs for continuing activity after a 90-day period with the filing deadline being 120 calendar days after the date of the previously related SAR filing. However, financial institutions are not required to do so and may instead file SARs as appropriate in line with applicable timelines.

For financial institutions that elect to file SARs in accordance with FinCEN’s continuing suspicious activity guidance, below is a timeline in which a financial institution files a SAR with an identified subject and determines that suspicious activity has continued:
• Day 0: detection of facts that may constitute a basis for filing a SAR
• Day 30: filing of initial SAR
• Day 120: end of 90-day period
• Day 150: filing of a SAR for continued suspicious activity

When filing a SAR for continuing activity, the date or date range of suspicious activity (Item 30 on the SAR form) should include the entire 90-day period starting on the date immediately following the filing of the initial SAR or the date following the end of the previous 90-day period.
 
Powell & Co. Comments on FAQ 3 Continuing Activity Reviews-Timeline:
Remember that, absent the 90-day SAR guidance which was in itself regulatory relief, financial institutions are required to file SARs generally 30 days after determining the activity is suspicious. So, without the 90-day guidance you would generally be subject to filing every 30 days. In some cases, it may be appropriate to file before the end of 120 days, but we don’t see anything new here with the timeline as noted by FinCEN. One thing that is unclear is the brief description of “Day 0”. We are working under the assumption that the exam manual guidance on “initial detection” is still in effect. “The phrase "initial detection" should not be interpreted as meaning the moment a transaction is highlighted for review. The 30-day (or 60-day) period does not begin until an appropriate review is conducted and a determination is made that the transaction under review is "suspicious" within the meaning of the SAR regulation.” 
 
Question 4: No SAR Documentation
Is a financial institution required to document the decision not to file a SAR?
No. There is no requirement or expectation under the BSA or its implementing regulations for a financial institution to document its decision not to file a SAR. FinCEN has previously encouraged, but not required, financial institutions to document the decision not to file a SAR. Should a financial institution choose to document its decision not to file a SAR, the level of appropriate documentation may vary based on the specifics of the activity being reviewed and need not exceed that which is necessary for the institution’s internal policies, procedures, and controls, which should be risk-based and reasonably designed to identify and report suspicious activity. In most cases, a short, concise statement documenting a financial institution’s SAR decision will likely suffice, although a financial institution may consider more documentation to explain the factors that the institution considered in reaching a SAR filing determination in more complex investigation scenarios.
 
Powell & Co. Comments on FAQ 4 No SAR Documentation:
Hopefully, this will help with the picky examiner or independent auditor/reviewer that expects a formally documented decision not to file for any and every transaction on the books.  However, most examiners or reviewers aren’t looking for those “got you” moments.  What this doesn’t mean is that FIs can do a shoddy job with case documentation or alert disposition. A well-run suspicious activity program, whether manual or more automated should spin off decisions not to file through cases, internal referrals, emails from employes, etc. and every instance of suspicious activity will not result in a SAR being filed.

Author: James M. Moore, CRCM

Disparate impact occurs when a lending policy or practice that appears neutral on its face has a disproportionately negative effect on a protected class (such as race, national origin, sex, age, etc.) even if there is no intent to discriminate. In practice, the rule results in significantly fewer approvals, worse pricing, or higher denial rates for a protected group. For disparate impact, regulators or courts don’t have to prove the lender meant to discriminate. The effect itself can be enough.

Examination teams from the OCC, FDIC, and NCUA have included procedures for testing for disparate impact in their examination manuals for years.  This is changing.  In April 2025, President Trump signed Executive Order 14281, titled “Restoring Equality of Opportunity and Meritocracy.” The order states that disparate-impact liability is “unlawful” and directs federal agencies, including the DOJ, to deprioritize enforcement of any statutes or regulations that rely on disparate impact theory. It also revoked prior regulatory approvals that supported such liability under Title VI of the Civil Rights Act.

The Trump Administration has stated they believe disparate impact theory is illegal.  The Supreme Court has not. The Executive Branch of the government has the ability and the right to direct their time and resources as they should. This appears to be simply an enforcement rollback as no laws have been changed. The legal foundation for disparate-impact liability established by Supreme Court precedent (e.g., Griggs v. Duke Power Co., 1971) and reinforced in Texas Dept. of Housing v. Inclusive Communities (2015) remains intact. A new administration can reverse course at any time.

Use caution if you make changes to your fair lending programs. It may not be prudent for a Financial Institution to remove disparate impact theory and associated risks from their fair lending programs at this time. This may only be a temporary reprieve during the current exam cycle.

Author: Jeremy Clifton, CRCM, CAMS

On August 7, 2025, President Trump issued an executive order entitled Guaranteeing Fair Banking For All Americans. The EO outlines the administration’s road map for governing and reigning in what is defined as, “politicized or unlawful debanking”. The EO defines politicized or unlawful debanking as “an act by a bank, savings association, credit union, or other financial services provider to directly or indirectly adversely restrict access to, or adversely modify the conditions of, accounts, loans, or other banking products or financial services of any customer or potential customer on the basis of the customer’s or potential customer’s political or religious beliefs, or on the basis of the customer’s or potential customer’s lawful business activities that the financial service provider disagrees with or disfavors for political reasons.”

We know this as debanking or derisking which is generally utilized when a client has a risk profile that does not align with a financial institution’s risk tolerance.  Many times, the FI does not have staffing, resources, or expertise to properly mitigate the risks certain clients. 
​
The debanking could happen for appropriate reasons, such as:

• The customer may be in an industry that the Board of the financial institution has chosen not to bank (e.g., crypto exchange or ATM, marijuana, MSB, PEP).
• The customer has been subject to multiple SAR filings.
• The customer has participated in fraud, money laundering, or other illegal activity.
• The customer has not provided applicable or standard CDD or CIP information necessary to mitigate ongoing risk and/or open the account.

 
Most community FIs that we service are not debanking outdoor or gun shops, or “persons participating in activities and causes commonly associated with conservatism and the political right”, or targeting P2P transactions with terms like “MAGA”; however, we still see some risks that can be somewhat mitigated. The EO orders each Federal banking regulator to identify FIs that have engaged in unlawful debanking and to take appropriate remedial action, so we would expect this to be a possible test point for FIs in the near future.
 
Action Steps for FIs:

• Update BSA/AML policy to include debanking and include a statement prohibiting “politicized or unlawful debanking”.
• Understand what rights your account agreement provides for account closure.
• For industries that the FI has determined to be prohibited ensure a documented rationale as to why those industries (e.g., crypto exchange or ATM, marijuana, MSB, PEP) are prohibited.
• Ensure that the FIs SAR program includes possible account closure as a result of continued suspicious activity.
• Ensure that the FIs CDD & EDD program includes expected initial due diligence and ongoing due diligence expectations for higher risk industries.
• Ensure that the FIs CDD & EDD program includes guidance, for instances when expected due diligence is not provided including closing the account within a reasonable timeframe.
• Ensure that the FIs CIP program includes guidance, for instances when required documentation is not provided including closing the account within a reasonable timeframe.
• Ensure that any action taken from a periodic loan review (freezing lines of credit, utilizing demand clauses, etc.) is in line with the loan agreement and bank policy.