Compliance

Treasury Proposes Rule to Implement the GENIUS Act’s Requirements to Counter Illicit Finance

Stablecoin issuers may soon face federal AML and sanctions rules, including KYC, SARs, Travel Rule duties, and on-chain enforcement controls.
Quick Links:
No items found.
No items found.

If your institution issues, plans to issue, or operates a subsidiary that issues U.S. dollar-denominated stablecoins, your compliance obligations are about to be codified in federal law for most stablecoin issuers for the first time. (PPSIs that are subsidiaries of insured depository institutions already have BSA obligations through their parent institutions; for them, this rule adds significant new on-chain enforcement and standalone sanctions compliance requirements with substantial penalties.) On April 8, 2026, FinCEN and OFAC jointly issued a Notice of Proposed Rulemaking (NPRM) that would require permitted payment stablecoin issuers (PPSIs) to comply with federal AML and sanctions laws. This is a proposed rule. The comment period closes June 9, 2026. Final regulations are required by July 18, 2026, with full enforcement beginning no later than January 18, 2027. (Federal Register Vol. 91, No. 69, April 10, 2026; Docket FINCEN-2026-0100.)

NETBankAudit experts have over 25 years of experience in digital asset compliance and regulatory audits. If you have questions about the GENIUS Act or the proposed rule, please contact our team.

What Is the GENIUS Act? Essential Background

Enacted July 18, 2025, the GENIUS Act governs payment stablecoins, digital tokens pegged to the U.S. dollar that allow holders to transfer value on blockchain networks and redeem tokens for dollars on demand, creating the first comprehensive federal regulatory framework for this market. 

Its most consequential provision classifies all permitted payment stablecoin issuers as financial institutions under the Bank Secrecy Act (BSA), triggering the full suite of BSA compliance obligations. Prior to the GENIUS Act, stablecoin issuers operated in a regulatory gray area where BSA obligations were not explicitly applied to token issuance; this rule eliminates that ambiguity entirely.

What Is the GENIUS Act?
What Is the GENIUS Act?

The stablecoin market is now processing trillions of dollars in annual volume and is increasingly integrated into cross-border payment corridors, raising the regulatory stakes. The Treasury Congressional Report on the GENIUS Act and illicit finance highlighted the threat landscape that motivated this rule: stablecoins have been exploited for fentanyl trafficking, Hamas terrorist financing, Iranian sanctions evasion, and large-scale investment fraud. These risks, combined with the rapid growth of the market, drove the urgency for BSA classification and robust compliance requirements.

Treasury Secretary Scott Bessent has framed the proposal as a way to secure American leadership in digital assets, expand dollar access globally, and drive demand for U.S. Treasuries (which back stablecoins). The OCC and FDIC have already issued proposed prudential standards covering reserve asset requirements; the FinCEN/OFAC rule is the AML/sanctions layer on top of those prudential rules. This dual-rule structure creates overlapping enforcement mechanisms for both state-regulated and federally-regulated issuers.

Who Is Covered: Defining “Permitted Payment Stablecoin Issuers”

A PPSI is defined as an entity that issues U.S. dollar-denominated stablecoins for payments and allows on-demand redemptions. There are three subcategories of PPSIs under the GENIUS Act:

  • Subsidiaries of insured depository institutions
  • Federally-regulated issuers
  • State-regulated issuers meeting federal standards (available to PPSIs with less than $10 billion in outstanding stablecoins)

For PPSIs that are subsidiaries of insured depository institutions, FinCEN expects parent and subsidiary AML/CFT program obligations would be similar enough that compliance resources and practices can be coordinated and shared. The rule also applies to non-U.S. issuers seeking to serve U.S. markets, they would be required to comply with the same AML/sanctions obligations, with specific enforcement mechanisms for non-U.S. issuers to be addressed in the final rule. Major existing stablecoin issuers and new market entrants will need to assess how the proposed requirements affect their compliance structures.

The Regulatory Stack: Where This Rule Fits

  • This FinCEN/OFAC rule is the AML/sanctions layer in a multi-agency regulatory stack that also includes:
    • OCC: proposed prudential standards (February/March 2026) covering reserve asset requirements
    • FDIC: prudential framework proposal (April 7, 2026), largely mirroring the OCC approach; includes 1:1 reserve requirements, prohibition on payment of yield/interest, 12-month operational backstop, two-day redemption requirement
    • FDIC clarified that stablecoin holders are not covered by deposit insurance, though reserves backing those tokens are protected; deposit insurance at the $250,000 cap per depository bank applies to the issuer, not passed through to stablecoin holders, meaning large issuers may not be able to fully cover reserves through deposit insurance, and customer disclosures should be clear that stablecoin holders have no pass-through deposit insurance protection.
    • FDIC’s April 2026 proposal clarified that “tokenized deposits” will be treated as deposits for regulatory purposes if they functionally mirror deposit definitions, regardless of labeling.
  • The White House Council of Economic Advisors released a report on April 8, 2026, finding that eliminating stablecoin yield would increase bank lending by only $2.1 billion (0.02% increase), a finding that put the White House mildly on the side of allowing yield, a fiercely contested issue. The FDIC’s prohibition on yield in its prudential proposal directly contradicts this, and the issue remains unresolved and actively contested.
  • Notably, both this NPRM and FinCEN’s concurrent proposed overhaul of BSA program requirements for traditional financial institutions were published in the same Federal Register edition, reflecting a unified enforcement philosophy that applies equally to digital and traditional institutions and a shift from check-the-box to effectiveness-based compliance.

The Core AML/CFT Program Requirements

As proposed, PPSIs would be required to establish a written, board-approved AML/CFT program that includes:

  • A documented risk assessment process
  • Internal controls
  • Independent testing of the AML/CFT program (with a written copy available to FinCEN upon request)
  • Ongoing employee training program
  • A designated AML/CFT compliance officer who would be required to reside in the United States (individuals with felony convictions related to financial crimes, including insider trading, cybercrime, and fraud, would be barred from this role)

The rule would require a risk-based approach: issuers would need to focus compliance resources on higher-risk users and transactions, and risk assessments would need to consider both on-chain and off-chain information, reflecting the reality that stablecoin markets span public blockchains and secondary exchanges.

Customer Due Diligence and KYC

  • PPSIs would be required to identify and verify customers and conduct enhanced due diligence on high-risk clients, putting stablecoin issuers on the same KYC standard as traditional financial institutions.
  • Enhanced due diligence would be required for correspondent accounts for foreign financial institutions and private banking accounts.
  • While the rule would not require direct monitoring of all secondary market transactions between third parties, PPSIs would be required to maintain a reasonable understanding of their customers’ secondary market activity. This creates a significant compliance obligation that would need to be documented carefully. Firms should document their approach to understanding customer secondary market activity, determine the scope of enhanced due diligence triggered by secondary market risk, and ensure that approach is defensible and clearly distinguished from direct secondary market monitoring, which is not required.
  • SAR (Suspicious Activity Report) filings would be required for transactions that may indicate violations of law, subject to a proposed $5,000 reporting threshold. SAR obligations would not extend to secondary market transactions between third parties that merely interact with a smart contract (an important carve-out).

Travel Rule and Recordkeeping

  • PPSIs would be required to comply with the Recordkeeping Rule for fund transfers of $3,000 or more.
  • PPSIs would be required to transmit required information under the Travel Rule to other financial institutions, this is a standard BSA requirement now being applied to stablecoin issuers.

The Sanctions Compliance Program: Unique Provisions

  • For the first time in proposed regulation, PPSIs would be explicitly required to maintain a standalone OFAC sanctions compliance program, separate from and in addition to their AML/CFT program. Previously, stablecoin issuers had no explicit OFAC program requirement, operating instead under general U.S. person sanctions obligations.
  • PPSIs would be required to maintain technical capabilities to block, freeze, and reject transactions that violate U.S. sanctions, including the ability to “burn” tokens (permanently destroy them) or re-issue tokens when required by law or lawful regulatory/law enforcement orders.
  • Non-compliance with sanctions obligations would carry penalties of $100,000 per day.
  • OFAC’s five-pillar framework would apply: management commitment, risk assessment, internal controls, testing and auditing, and training. OFAC would not expect “check-the-box compliance” but would grant flexibility in implementation; institutions would need to document all five pillars.
  • OFAC’s own view: internal audits can lack the independence, expertise, and resources needed for objective evaluation of sanctions compliance. The rule responds to this by requiring a truly independent audit of both the AML and sanctions programs.
  • The sanctions provisions would apply to U.S. persons, including stablecoin issuers, with respect to OFAC-sanctioned persons, entities, and jurisdictions.

On-Chain Enforcement Challenge

  • PPSIs would be required to have technical systems to block, freeze, burn, or re-issue tokens in compliance with lawful orders, this is straightforward for clearly sanctioned, listed wallets.
  • Determining when blocking or rejecting secondary market transactions is necessary would be technically and legally complex, especially for gray-area transactions, and may carry litigation risk, as PPSIs may face legal challenge when blocking transactions involving wallets not on official sanctions lists but associated with suspicious activity.
  • The rule recognizes the cryptographic nature of stablecoin markets and the fact that transactions occur on public blockchains where PPSIs may not have direct control over all secondary activity.
  • If a stablecoin’s transactions suddenly spike on a foreign exchange known for poor AML controls, the PPSI would be required to incorporate this into its risk assessment and compliance program.

Enforcement Philosophy: Important Nuance

  • FinCEN stated in the NPRM preamble it “generally would not take an enforcement action” against issuers whose programs meet the rule’s standards, this signals regulatory forbearance for good-faith compliant firms.
  • Enforcement actions and major supervisory actions would be limited to cases where the issuer has a significant or systemic failure to maintain its program, not isolated or technical violations.
  • Under the proposal, FinCEN would need to be notified at least 30 days before any other regulator takes a significant AML-related supervisory action against a PPSI, a mechanism that did not previously exist and centralizes enforcement coordination through FinCEN.
  • FinCEN encourages financial institutions to use innovative technologies (AI, machine learning, blockchain analytics) as part of their AML programs; firms that responsibly experiment with innovation would not incur additional enforcement risk.

What Compliance Professionals Should Do: A Three-Horizon Action Plan

1. Before June 9, 2026 (Comment Period)

  • Review the proposed rule in detail and assess how the requirements would affect your institution’s current compliance program, technical capabilities, and staffing.
  • Identify areas where the proposed requirements would create operational or technical challenges, especially regarding secondary market monitoring, on-chain enforcement, and sanctions compliance.
  • Submit comments to FinCEN/OFAC highlighting any ambiguities, implementation challenges, or areas where further regulatory clarity is needed.

2. Before July 18, 2026 (Preparation for Final Rule)

  • Begin gap analysis of your current AML/CFT and sanctions compliance programs against the proposed requirements, including the five-pillar OFAC framework.
  • Engage with technology and legal teams to assess your institution’s ability to block, freeze, burn, or re-issue tokens in response to lawful orders and sanctions requirements.
  • Develop a documented approach to understanding customer secondary market activity, including how you will distinguish between required due diligence and direct monitoring.

3. Before January 18, 2027 (Full Compliance Readiness)

  • Finalize and board-approve your written AML/CFT and sanctions compliance programs, ensuring all required elements are documented and independently tested.
  • Build or enhance internal audit capability for digital assets and smart contract risk, ensuring independence and technical expertise.
  • Train compliance staff on the new requirements, focusing on the nuances of secondary market monitoring, on-chain enforcement, and the documentation of risk-based decisions.

Key Takeaways for Compliance Professionals

  • Review your institution’s BSA/AML program and identify where new on-chain and sanctions-specific requirements would require changes or additions to existing controls.
  • Before June 9, 2026, prioritize submitting comments on any ambiguous or operationally challenging aspects of the proposed rule, especially around secondary market monitoring and technical enforcement.
  • Assess your institution’s current technical capabilities for on-chain enforcement (blocking, freezing, burning, re-issuing tokens) and begin planning for any required upgrades or new controls.
  • Prepare for the OFAC five-pillar sanctions compliance requirement, including the need for a truly independent audit function that can evaluate both AML and sanctions programs for digital assets.
  • Use January 18, 2027 as your planning anchor for full compliance readiness, build your implementation timeline backward from this date to ensure all program elements are in place and tested before enforcement begins.

Building a compliant PPSI program requires specialized expertise across AML program design, OFAC sanctions compliance, digital asset audit capability, and on-chain technical controls, areas where NETBankAudit’s team is equipped to provide targeted support. For more information on how these requirements may affect your institution, or for support in preparing your compliance program, contact NETBankAudit.

THE GOLD STANDARD IN
Cybersecurity and Regulatory Compliance

Request For ProposalAsk a Question
 
class SampleComponent extends React.Component { 
  // using the experimental public class field syntax below. We can also attach  
  // the contextType to the current class 
  static contextType = ColorContext; 
  render() { 
    return <Button color={this.color} /> 
  } 
}
Table of Contents
This is also a heading
This is also a heading
This is a heading

Mitigate Risks with Comprehensive Audits & Assessments

Request For Proposal
NEWS & ARTICLES

Explore Our Learning Center

View All Articles
Compliance
Treasury Proposes Rule to Implement the GENIUS Act’s Requirements to Counter Illicit Finance
Stablecoin issuers may soon face federal AML and sanctions rules, including KYC, SARs, Travel Rule duties, and on-chain enforcement controls.
Read more
Compliance
FDIC Chairman Travis Hill’s 2026 Regulatory Toolkit Update: Key Takeaways for Compliance Professionals
On March 11, 2026, FDIC Chairman Travis Hill delivered remarks at the ABA Washington Summit outlining the agency’s ongoing and planned reforms to its regulatory toolkit.
Read more
Compliance
FinCEN CDD Exceptive Relief: Reducing Repeat Beneficial Ownership Collection
FinCEN issued a pivotal exceptive relief order that eliminates the requirement to re-identify and re-verify beneficial owners at each new account opening for an existing legal entity customer. Instead, institutions are now required to collect beneficial ownership information at the first account opening and update it only when risk or reliability concerns arise.
Read more
Compliance
FinCEN Launches Official Webpage for Whistleblowers and Confidential Tips
FINCEN has launched a dedicated online portal to receive confidential whistleblower tips related to fraud, money laundering, Bank Secrecy Act (BSA) violations, U.S. sanctions, and other statutes critical to the integrity of the financial system.
Read more
Compliance
FDIC IT Exam Changes in 2026: Observations from Recent Examinations
FDIC IT exams in 2026 are shifting away from URSIT to a single overall IT rating with focus on governance, cybersecurity, BCP, vendors, and audit. Learn what examiners are asking for and how to prepare.
Read more
Industry News
2025 Annual IT Audit and Exam Issues: Insights and Multi-Year Trends from NETBankAudit
A 2025 survey of examination and audit issues collected from over 250 audit engagements to assist our clients in identifying commonly reported examination and audit issues.
Read more
Cybersecurity
BSA Ransomware Trends from 2022 to 2024: Key Insights for Financial Institutions
Between 2022 and 2024, Bank Secrecy Act (BSA) data and regulatory reports reveal evolving attack patterns, payment trends, and supervisory expectations that compliance professionals must understand to strengthen their institution’s resilience and response capabilities.
Read more
Cybersecurity
The Top 5 Most Exploited Vulnerabilities (CVEs) of 2025 for Financial Institutions
Understand the five most relevant CVEs for financial institutions in 2025. Learn each vulnerability, its impact, and practical steps for mitigation to protect against future threats.
Read more
Cybersecurity
CISA Cross-Sector Cybersecurity Performance Goals 2.0: Implications for Financial Institutions
Learn about CISA Cross-Sector Cybersecurity Performance Goals 2.0, an updated set of voluntary, prioritized practices designed to help critical infrastructure sectors, including financial services, strengthen their cyber resilience.
Read more
Cybersecurity
Vendor Accountability and Cybersecurity Standards Case Study: Self-Help Credit Union vs Fiserv
Explore how Self-Help Credit Union’s lawsuit against Fiserv is reshaping vendor accountability and cybersecurity standards in financial services, including implications on contract compliance, MFA requirements, and risk mitigation.
Read more
Cybersecurity
CISA, FBI, and Partners Issue Critical Guidance on Akira Ransomware in Joint Statement
Learn how CISA, FBI, and partners warn about Akira ransomware, its tactics against financial institutions, and key defenses to strengthen your resilience.
Read more
Compliance
Federal Reserve’s 2025 Statement of Supervisory Operating Principles: What Compliance Professionals Need to Know
In October 2025, the Federal Reserve Board released a pivotal Statement of Supervisory Operating Principles, signaling a significant shift in the approach to bank supervision.
Read more
Compliance
Leveraging Frameworks from NIST, CISA, and CRI to Enhance Cybersecurity Programs
With the sunsetting of FFIEC CAT/ACET, there are new cybersecurity frameworks: The NIST Cybersecurity Framework (CSF) 2.0, CISA Cybersecurity Performance Goals (CPGs), and the Cyber Risk Institute (CRI) Profile 2.0.
Read more
Compliance
Key Takeaways from Recent BSA/AML Enforcement Actions: Lessons for Financial Institutions in 2025
This article distills the most important insights from the 2025 AML & Fraud School presentation, focusing on the current regulatory environment, recent enforcement actions, common themes, and actionable considerations for your BSA/AML program.
Read more
Compliance
Consumer Compliance Outlook: Key Fraud Trends and Compliance Strategies for 2025
The Federal Reserve System’s latest Consumer Compliance Outlook (Second Issue 2025) provides critical insights into the evolving landscape of check fraud, confidence scams, payment fraud, and cybersecurity risks.
Read more
Compliance
FinCEN Regulation of Virtual Assets and Crypto Mixers: Compliance and Risk Implications for FIs
FinCEN is intensifying oversight of virtual assets and crypto mixers under the PATRIOT Act, requiring stronger AML, Travel Rule, and monitoring controls for institutions.
Read more
Compliance
FinCEN’s Two-Year Delay of the Investment Adviser AML Rule: Strategic Implications for Compliance Professionals
FinCEN delayed the Investment Adviser AML rule to 2028, giving firms more time to adapt technology, assess risks, and prepare for future regulatory changes.
Read more
Compliance
FinCEN’s Final Rule for Increasing Transparency in Residential Real Estate Transfers
FinCEN’s new rule requires reporting on all-cash residential real estate transfers to entities and trusts, increasing transparency, closing money laundering loopholes, and creating new compliance responsibilities for financial institutions.
Read more
Cybersecurity
CISA’s CVE Program Roadmap: Strategic Shifts and Implications for Financial Institutions
Explore CISA’s CVE Program Roadmap and its shift to the “Quality Era,” focusing on automation, data quality, transparency, and lessons from MOVEit, SolarWinds, and Log4j for financial institutions managing compliance and risk.
Read more
Cybersecurity
Quantum Threat Readiness for Financial Institutions: A Guide to Post-Quantum Cryptography
Quantum computing is rapidly advancing, and with it comes a new class of cybersecurity risks that threaten the cryptographic foundations of the financial sector.
Read more
Cybersecurity
Cloud Security Gap in Financial Services: How Institutions Can Address Expanding Risks
The rapid shift to cloud computing has created a significant cloud security gap, exposing organizations to new regulatory, technical, and operational risks.
Read more
Cybersecurity
Ransomware Gangs Targeting Financial Institutions: In-Depth Technical Analysis and Audit Imperatives
Ransomware attacks on financial institutions have evolved into highly sophisticated, multi-stage operations. Learn about the most active ransomware gangs in the financial sector.
Read more
Risk Assessments
Crypto-Asset Safekeeping by Banking Organizations: Regulatory Guidance and Risk Assessments
An overview of Crypto-Asset Safekeeping regulatory landscape, risk management expectations, and practical considerations for cybersecurity and IT professionals at financial institutions.
Read more
Cybersecurity
NVD and CVE: The Backbone of Vulnerability Management in Financial Institutions
Background and recent news on the CVE and NVD and how financial institutions can increase vulnerability management to protect against cybercrime.
Read more
Compliance
The Gramm-Leach-Bliley Act (GLBA): Compliance Guide for Financial Institutions
While the GLBA fostered competition and innovation, it also introduced a robust framework for consumer privacy and data security. For compliance professionals, understanding GLBA’s structure, requirements, and enforcement mechanisms is essential to safeguarding both institutional integrity and consumer trust.
Read more
Compliance
The Truth in Lending Act (TILA): 2025 Compliance Guide for Financial Institutions
Since its enactment in 1968, TILA has evolved to address new risks, market practices, and regulatory priorities. Recent regulatory changes, especially those effective in 2024 and 2025, require compliance professionals to update their programs and stay vigilant for further developments.
Read more
Compliance
Community Reinvestment Act (CRA) Compliance Guide: Current Rules, Examination Procedures, and Rescinded 2023 Changes
This guide provides a detailed overview of the CRA, the 2023 proposed modernization and its subsequent rescission, and a thorough breakdown of examination procedures for large institutions, intermediate small banks, and small banks.
Read more
Industry News
Ransomware Response for Banks: Key Audit Decisions, Compliance Triggers & Regulatory Risks
Prepare for and respond to ransomware attacks with guidance on audit considerations, incident response planning, regulatory notification requirements, cyber insurance pitfalls, and emerging threat trends facing financial institutions.
Read more
Industry News
Reexamining Regulator Cybersecurity: Data Risks and Oversight Gaps in the Financial System
Recent cyber breaches at the OCC and U.S. Treasury have exposed gaps in federal data handling practices. This article from NETBankAudit explores the risks centralized supervisory data poses to financial institutions, highlights oversight inconsistencies, and outlines key audit actions to mitigate exposure.
Read more
Industry News
OCC Rejects Call to Rescind Preemption Rule: What It Means for the Dual Banking System
Understand the OCC’s reaffirmation of federal preemption and its impact on the dual banking system, including legal context, industry response, and audit implications for financial institutions navigating federal and state oversight.
Read more
Industry News
Insights From BSA Coalition’s AI and Fraud Webinar
Explore key takeaways from the BSA Coalition’s AI and Fraud webinar, including deepfake risks, synthetic ID fraud, governance gaps, and practical strategies for financial institutions to stay secure and compliant.
Read more
Industry News
NETBankAudit Announces Elaine Rudolph-Carter as Regulatory Oversight and BSA Specialist
NETBankAudit welcomes Elaine Rudolph-Carter as Regulatory Oversight and BSA Specialist. With decades of experience at the Federal Reserve and as a BSA Coalition co-founder, Elaine enhances our compliance and audit expertise.
Read more
Cybersecurity
Social Engineering Testing: Safeguarding Financial Institutions from Human-Centric Cyber Threats
Discover how financial institutions can protect against social engineering attacks through phishing, vishing, pretexting, and more. Learn the value of internal and third-party testing to strengthen employee awareness and regulatory compliance.
Read more
Compliance
Flood Disaster Protection Act: Lender Compliance, Insurance Requirements, and Regulatory Oversight
Understand lender obligations under the Flood Disaster Protection Act, including flood insurance purchase requirements, force placement, escrow management, and private policy acceptance. Essential guidance for financial institutions.
Read more
Compliance
Regulation B – Equal Credit Opportunity Act: Practical Guide for Fair Lending Compliance
Explore key requirements of Regulation B and the Equal Credit Opportunity Act, including fair lending rules, prohibited practices, application standards, and recent enforcement actions. Essential for compliance professionals in financial services.
Read more
Compliance
Right to Financial Privacy Act: Safeguarding Customer Financial Records from Unwarranted Government Access
Learn how the Right to Financial Privacy Act (RFPA) protects customer financial records from unwarranted government access. This guide explains RFPA procedures, exceptions, enforcement actions, and how financial institutions can stay compliant.
Read more
Risk Assessments
Independent Network Testing Requirements And Recommendations
Explore essential network testing protocols and best practices to ensure optimal performance, reliability, and compliance in modern IT infrastructures.
Read more
Cybersecurity
Assessing It Department Performance And Staffing
Learn how to evaluate IT department efficiency and staffing needs using key performance indicators and strategic assessment methodologies.
Read more
Cybersecurity
Artificial Intelligence: Opportunities And Threats for Financial Institutions
Understand the risks and benefits of AI in financial institutions, with actionable strategies to ensure ethical use, regulatory compliance, and resilience.
Read more
Compliance
Regulatory Landscape Shift: What is the Status of CFPB and Other Regulatory Agencies?
Stay ahead of U.S. regulatory changes impacting financial institutions, including CFPB restructuring, OCC priorities, and Basel III Endgame considerations.
Read more
Cybersecurity
Vulnerability & Patch Management in Financial Institutions
Discover a compliance-first approach to vulnerability and patch management, minimizing security risks within financial organizations.
Read more
Compliance
Understanding Customer Identification Program (CIP) Requirements
Gain insights into CIP mandates for financial institutions, ensuring compliance with KYC regulations and enhancing customer verification processes.
Read more
Cybersecurity
Ransomware in 2025: A Persistent Threat in a Shifting Landscape
Analyze the diminishing influence of ransomware groups and understand the factors contributing to their reduced impact in the cybersecurity landscape.
Read more
Cybersecurity
Generative AI Controls and Risk Assessments for Financial Institutions 
Uncover potential risks of generative AI, including ethical, legal, and operational challenges, and learn strategies to mitigate them effectively.
Read more
Risk Assessments
Enhanced Due Diligence: A Practical Guide for Compliance Officers in Financial Institutions
Explore how Enhanced Due Diligence protects financial institutions from high-risk clients by meeting FATF, FinCEN, and FFIEC compliance expectations.
Read more
Risk Assessments
The CRI Cyber Profile: A Guide for Financial Institutions
Learn how the CRI Cyber Profile helps financial institutions meet FFIEC standards through scalable risk assessments and enhanced regulatory alignment.
Read more
Compliance
Protecting Elderly Customers: NETBankAudit's Elder Fraud (EFE) Audit Services
NETBankAudit offers specialized Elder Fraud Audit Services designed to help financial institutions detect, prevent, and respond effectively to EFE, ensuring compliance with regulatory standards and reinforcing trust with their customers.
Read more
Compliance
Key Findings from NETBankAudit’s 2024 BSA/AML Audits and MIS Verification Audits
View results of over 30 Bank Secrecy Act (BSA) Compliance Audits across community banks, credit unions, and other financial institutions in 2024.
Read more
Compliance
Guide to Currency Transaction Reports (CTRs): Strategies and Best Practices
Currency Transaction Reports (CTRs) serve as critical tools in the fight against money laundering, terrorist financing, and other financial crimes.
Read more
Compliance
Enhancing Transaction Monitoring and Suspicious Activity Reporting: Strategies for Effective Compliance
Learn about Transaction Monitoring and Suspicious Activity Reporting best practices for Financial Institutions.
Read more
Compliance
Risk Assessment Best Practices for BSA/AML/CFT and OFAC Compliance
Fortify your institution’s BSA AML risk assessment processes by weaving together best practices, real-world examples, and authoritative guidance from global regulatory entities.
Read more
Compliance
Emerging Threats to BSA/AML/CFT and OFAC Compliance: Navigating AI, Cryptocurrency, and Machine Learning Risks
Understand the impact of emerging technologies such as AI, Machine Learning, Crypto and more on BSA, AML and CFT compliance.
Read more
Industry News
Key Cybersecurity Deadlines and New DFS Requirements Coming in 2025
Updates on The New York Department of Financial Services (DFS) new requirements under its amended Cybersecurity Regulation (23 NYCRR Part 500).
Read more
Industry News
FFIEC CAT Sunset Prep: A Guide to NIST CSF 2.0, CRI Cyber Profile & CIS Controls
With the Federal Financial Institutions Examination Council (FFIEC) announcing the sunset of the Cybersecurity Assessment Tool (CAT) by August 31, 2025, financial institutions must pivot to new resources to manage cybersecurity risks effectively.
Read more
Compliance
FCA Final Rule on Cyber Risk Management: The 2025 Guide for Financial Institutions
The Farm Credit Administration (FCA) has issued a groundbreaking final rule on Cyber Risk Management, reshaping how institutions within the Farm Credit System (FCS) address cybersecurity.
Read more
Cybersecurity
Farm Credit Administration Guidance on Navigating AI and Emerging Cybersecurity Risks
Discover how the Farm Credit Administration's guidance helps financial institutions navigate AI integration and emerging cybersecurity risks. Learn key strategies for compliance and effective risk management.
Read more
Industry News
2024 Annual Audit and Exam Issues: Insights from NETBankAudit
A 2024 survey of examination and audit issues collected from over 250 audit engagements to assist our clients in identifying commonly reported examination and audit issues.
Read more
Compliance
Understanding Placement, Layering, and Integration: The Core Stages of Money Laundering
This guide delves into each stage of money laundering—Placement, Layering, and Integration— highlighting common methods, red flags, and the challenges inherent in detection.
Read more
Compliance
Structuring and Smurfing Explained: Strengthening AML Compliance
This guide delves into the definitions, methods, legal implications, real-world examples, and best practices associated with structuring and smurfing, providing actionable insights to bolster compliance programs.
Read more
Compliance
Circular Transactions & Funnel Accounts: Unveiling Money Laundering Tactics
This guide delves into the methodologies of circular transactions and funnel accounts, highlights red flags for their identification, and provides actionable best practices for robust compliance.
Read more
Compliance
Navigating BSA, AML, CFT and OFAC: An Overview of Finance Regulations
This guide provides an overview of the Bank Secrecy Act (BSA), Anti-Money Laundering (AML) protocols, and Office of Foreign Assets Control (OFAC) regulations.
Read more
Cybersecurity
Elder Financial Exploitation and Fraud: What You Need to Know
This article delves into the scope, trends, and impacts of elder fraud, highlighting red flags and strategies to protect one of society’s most vulnerable groups.
Read more
Risk Assessments
Understanding Gift Card Scams: Regulations, Risks, and Tips for Safe Usage
Learn about gift card scams including essential regulations, common risks, and actionable tips to ensure you can use gift cards wisely and securely.
Read more
Risk Assessments
FFIEC Development, Acquisition, and Maintenance (DA&M) Booklet: What You Need to Know
Understand the FFIEC's Development, Acquisition, and Maintenance (DA&M) Booklet including key updates and their implications on financial entities.
Read more
Cybersecurity
Phishing in Financial Services: Protecting Your Institution Against Cyber Threats
Phishing Attacks on financial institutions are increasing in frequency and complexity. We explain the tactics, regulations and strategies to protect your institution from cyber threats.
Read more
Cybersecurity
Penetration Testing Methodology and Procedures for Financial Institutions
Learn the process, methodologies, tools, and best practices for conducting effective penetration tests in financial institutions.
Read more
Cybersecurity
IT Governance: Aligning Technology with Business Strategy for Optimal Performance
Explore how financial institutions can implement effective IT governance frameworks to align their technology initiatives with business objectives, manage risks, and ensure regulatory compliance.
Read more
Cybersecurity
Common Cybersecurity Attacks and Penetration Testing Solutions For Financial Institutions
Understand common cybersecurity attacks and penetration testing solutions to mitigate risk in an increasingly sophisticated environment.
Read more
Industry News
Bank-Fintech Partnerships: Analysis of the Federal Reserve Board's 2024 Guidance
Analysis of bank-fintech partnerships, risks, and regulatory programs with a focus on the Federal Reserve Board's 2024 guidance.
Read more
Industry News
Risks and Strategies for AI Cybersecurity Risks: Key Takeaways from NY DFS Letter
Learn key AI cybersecurity risks and controls from the October 2024 letter from New York Department of Financial Services
Read more
Cybersecurity
IT Risk Management Solutions for Financial Services: Safeguarding Your Digital Assets
This article explores key IT risk management solutions for the financial sector, offering practical insights to help institutions protect their digital assets and maintain regulatory compliance.
Read more
Cybersecurity
IT Business Continuity Plans for Financial Institutions
This article explores the essential components of IT business continuity planning, emphasizing the unique needs of financial institutions drawing from FFIEC guidance.
Read more
Cybersecurity
IT Change Management for Financial Services
This guide covers IT change management for financial services, providing insights, best practices, and strategies for successfully navigating the complexities of managing IT changes.
Read more
Cybersecurity
Data Assurance in Financial Services: Ensuring Integrity of Financial Information
This guide delves into the critical aspects of data assurance in financial services, offering insights, best practices, and forward-looking perspectives to help you navigate this complex field.
Read more
Cybersecurity
IT Crisis Management Guide for Financial Services: Protecting Your Institution
This guide explores the critical aspects of IT crisis management in financial services, offering insights and strategies to help financial institutions navigate through disasters.
Read more
Industry News
2023 Annual Audit and Exam Issues: Insights from NETBankAudit
Read NETBankAudit's insights from the 2023 audit season, based on over 250 audit and over 750 technical testing engagements with financial institutions.
Read more
Compliance
Customer Due Diligence (CDD) Guide for Financial Institutions
Learn best practices for of Customer Due Diligence (CDD) for financial institutions, designed to prevent money laundering, terrorist financing, and other financial crimes.
Read more
Risk Assessments
Ransomware Assessment Facilitation for Financial Institutions
Get an in-depth look at ransomware assessment facilitation, focusing on the tools and strategies available to financial institutions to protect themselves against this pervasive threat.
Read more
Risk Assessments
URSIT Analysis – A Six Part Whitepaper Series
Learn about the the Uniform Rating System for Information Technology (URSIT) and the importance for financial services risk management.
Read more
Compliance
CECL Model and Validation: Ensuring Compliance with Regulatory Requirements
Learn about the Current Expected Credit Loss (CECL) model, introduced by the Financial Accounting Standards Board (FASB) with best practices for model validation.
Read more
Cybersecurity
IT Network Security Management: Protecting Your Digital Assets
Explore the key components of IT network security management, best practices for implementation, and emerging trends that are shaping the future of cybersecurity.
Read more
Cybersecurity
IT Security Incident Reporting: A Guide for Financial Institutions
Explore the critical aspects of IT security incident reporting, tailored specifically for smaller financial institutions.
Read more
Cybersecurity
Guide to Cybersecurity Assessments for Financial Institutions
A guide to cybersecurity assessments for financial institutions including guidance for the discontinuation of the CAT in 2025 and the shift to NIST 2.0 and CISA CPGs.
Read more
NETBankAudit Logo PNG
2024 NETBankAudit. All Rights Reserved.
Privacy PolicyTerms of Service
Ask a Question
Thank you! We will email you the answer to your question shortly!
Oops! Something went wrong while submitting the form.