Regulatory Roundup - January 2026: Debanking, Enforcement, and the Expanding Compliance Perimeter
- Steve Marshall
- 1 day ago
- 5 min read
This month’s Regulatory Roundup reflects a clear shift from ambiguity to accountability across financial services, fintech, and emerging technologies. From the rollback of “reputation risk” in debanking oversight to aggressive AML and sanctions enforcement, heightened scrutiny of non-profits and funding flows, and new guardrails for AI and stablecoins, regulators are signaling that innovation, access, and growth must be matched by strong governance, transparency, and risk-based decisioning. Across every theme, one message is consistent: compliance expectations are broadening, not easing, and institutions must be prepared to defend both what they do and how they do it.
SPECIAL ANALYSIS: Debanking
From “Operation Chokepoint 2.0” to Fair Banking
A recent report from the House Financial Services Committee alleges that informal supervisory pressure discouraged banks from serving certain lawful industries, particularly digital-asset firms, through practices labeled “Operation Chokepoint 2.0.” According to the report, vague and inconsistently applied “reputation risk” criteria led some lawful businesses to lose access to essential banking services.
In response, the Office of the Comptroller of the Currency (OCC) has taken notable steps in 2025: removing reputation risk from supervisory guidance, proposing formal rulemaking with the FDIC to eliminate its use, aligning with the Fair Banking Executive Order, and launching supervisory reviews into potential unlawful debanking.
As we’ve noted before, regulatory priorities may swing, but one principle remains constant. Risk-based decisions must be grounded in well-supported, well-documented, and factual analysis. That discipline is essential for both regulatory defensibility and long-term trust.
ANTI-MONEY LAUNDERING (AML)
DOJ and FinCEN signal continued AML enforcement in crypto
The U.S. Department of Justice and FinCEN reached resolutions with Paxful, which pled guilty to willfully failing to maintain an effective AML program and operating as an unlicensed money transmitter—resulting in multimillion-dollar penalties, including executive-level accountability. The case reinforces that crypto and fintech firms must meet MSB registration, SAR filing, and risk-based AML requirements, supported by strong controls and a clear tone from the top.
House pushes to rescind banking guidance as OCC signals shift on third-party risk
Members of the U.S. House of Representatives have urged the rescission of four banking guidance documents covering leveraged lending, model risk management, venture funding, and third-party risk, arguing they were improperly issued under the Congressional Review Act and are hindering U.S. economic growth. At the same time, the OCC has issued a request for information on community banks’ reliance on core and essential service providers, signaling a potential shift toward placing more direct risk management and supervisory accountability on third-party providers themselves.
Swiss indictment highlights AML failures and successor liability risk
The Swiss Office of the Attorney General has filed an indictment against the former Credit Suisse SA, alleging money laundering tied to suspicious foreign transfers linked to the Mozambique debt scandal and serious organizational compliance failures, including the absence of SAR filings. The case underscores how AML deficiencies can carry forward as criminal liability to successor institutions—raising renewed scrutiny for UBS following the forced 2023 merger and reinforcing the need for deep, liability-focused due diligence in acquisitions.
New York mandates cash acceptance, raising risk considerations
The state of New York has enacted a new law requiring retail establishments and food stores to accept cash for in-person transactions, aimed at protecting unbanked and cash-reliant consumers. While not framed as a financial crime measure, the law is likely to increase cash activity—heightening risk considerations for financial institutions, which will need to reassess customer risk profiles, enhance due diligence, and adjust transaction monitoring for newly or increasingly cash-intensive businesses.
SANCTIONS
OFAC signals zero tolerance for willful sanctions violations
The Office of Foreign Assets Control (OFAC) imposed a near statutory maximum $7.14 million penalty on Gracetown, Inc. for willfully violating Russia-related sanctions and failing to report blocked assets, despite having received explicit prior notice from OFAC. The case underscores that all U.S. persons—not just financial institutions—must maintain robust sanctions compliance programs, with particular focus on beneficial ownership, indirect dealings, and “reason to know” standards, especially in high-risk sectors like real estate.
OFAC enforcement highlights “reason to know” standard for private equity
OFAC imposed an $11.49 million penalty on IPI Partners for Ukraine/Russia-related sanctions violations after it solicited and received funds linked to sanctioned oligarch Suleiman Kerimov through layered structures. OFAC emphasized that knowledge or “reason to know” of sanctioned involvement, combined with incomplete disclosures to outside counsel, can be an aggravating factor, reinforcing the need for independent, robust sanctions due diligence and governance within private equity firms.
OFAC penalizes U.S. lawyer for sanctions evasion via trust structures
OFAC fined a U.S. attorney $1.1 million for serving as fiduciary to a family trust funded by a Russian oligarch, concluding the lawyer should have known the blocked person retained control despite layered legal structures and outside advice. The action reinforces that U.S. persons must assess both ownership and control—looking beyond formal arrangements to the practical reality of decision-making—when evaluating sanctions exposure.
NSPM-7 signals heightened scrutiny of funding and non-profits
The Trump administration’s National Security Presidential Memorandum 7 (NSPM-7), Countering Domestic Terrorism and Organized Political Violence, directs a whole-of-government effort to investigate not only acts of domestic terrorism and political violence, but also the institutional and individual funders—and potentially non-profits and U.S. persons with foreign ties—under Foreign Agents Registration Act (FARA) and money laundering authorities. The memo signals increased scrutiny of nonprofit funding flows, reinforcing the need for strong compliance programs, Know-Your-Funder/Grantee practices, and clear documentation around the source and use of funds.
ARTIFICIAL INTELLIGENCE & DIGITAL ASSETS
New York sets frontier AI safety Rules amid federal-state tension
New York has enacted the Responsible AI Safety and Education (RAISE) Act, establishing new requirements for “frontier” AI developers to implement documented risk mitigation protocols, publish transparency reports, and report critical incidents, with penalties reaching millions for non-compliance. While the law builds on California’s approach to create a common benchmark, emerging federal efforts to limit states’ AI regulation signal likely legal challenges—making robust model risk management and close regulatory monitoring essential for affected companies.
AI adoption raises the compliance bar, not the shield
Regulators are making clear that the use of AI does not insulate companies from enforcement. In fact, greater data availability, enhanced internal review capabilities, and expanding government use of AI by agencies such as the Department of Homeland Security (DHS) can increase duty-of-care expectations and scrutiny. As investigations and audits emerge with little warning, firms must pair AI-driven compliance tools with strong human oversight, clear governance, and thorough documentation to defend both the decision to use AI and the way it is implemented.
UK-U.S. stablecoin rules diverge, raising comparability challenges
A new comparison highlights a centralized, broader stablecoin regime in the United Kingdom—targeting implementation in 2026—versus a more fragmented federal-and-state approach in the United States, with a narrower focus on payment stablecoins and likely implementation in 2027. As stablecoins increasingly bridge traditional finance and digital assets, foreign issuers will need to closely track evolving U.S. requirements to demonstrate regulatory “comparability,” a standard that may prove difficult in practice.
FinTech rulemaking accelerates stablecoin and payments integration
U.S. regulators, including the FDIC and the Federal Reserve, are advancing new rulemaking to integrate stablecoins and payment innovations into the traditional banking system, from proposed stablecoin application frameworks to expanded access via “skinny” master accounts. While aimed at fostering innovation and competition, regulators are also signaling concern about deposit migration and systemic risk, underscoring the need for banks and fintechs to align new payment models with existing AML/CFT and prudential requirements.
Specialized support for evolving compliance challenges
As regulatory expectations advance and legal risks evolve, FinScan’s Advisory Services offer the insight and hands-on guidance organizations need to stay proactive. Whether improving model oversight, elevating data quality, or addressing sanctions and AI-driven risks, our experts help build stronger, future-ready compliance programs. Partner with us to enhance resilience—and move forward with confidence.