Regulatory Roundup - October 2025: From AI Accountability to Fair Banking
- Steve Marshall
- Oct 8
- 5 min read
This month’s regulatory update reveals a regulatory landscape in transition, where technology, fairness, and financial crime prevention increasingly intersect. US agencies advanced both innovation and oversight: the OCC tied merger approvals to “fair banking” practices, FinCEN encouraged global data-sharing and vigilance against Chinese laundering networks, and the Treasury opened the door to public input on stablecoin regulation under the GENIUS Act. Meanwhile, regulators reaffirmed expectations for transparency in AI models, responsible blockchain analytics, and risk-based sanctions compliance. Regulatory oversight may ebb and flow, but defensible, well-governed compliance remains the only sustainable path forward.
SPECIAL ANALYSIS
The Intersection of AI and Debanking Risk
As artificial intelligence finds a key role in financial crime detection, a new layer of complexity is emerging: the intersection of AI-driven decisioning and “debanking” risk. Financial institutions increasingly rely on AI to identify and mitigate financial crime—an essential but costly and labor-intensive process. Yet the very technology designed to strengthen compliance also introduces its own risks. If not transparent, explainable, and auditable, AI systems can obscure accountability, leading to risk-based decisions that can’t be rationalized or defended when challenged by regulators or the public.
Recent US executive actions illustrate the shifting policy landscape shaping these challenges. Following Executive Order 14179, which empowered NIST to lead AI governance and assurance, the 2025 directives—EO 14319 (“Preventing Woke AI in the Federal Government”) and EO 14331 (“Guaranteeing Fair Banking for All Americans”)—have redefined oversight expectations. In particular, the removal of formal reporting on “reputation risk” and the OCC’s decision to weigh debanking history in merger reviews highlight how defensibility and fairness in decision-making are now under sharper scrutiny.
For banks, the mandate is evident: AI-enabled risk models must be accurate and demonstrably unbiased. Transparent model governance, bias-free training data, and rigorous auditability are essential to prevent financial inclusion from becoming an unintended casualty of automation. In the era of algorithmic compliance, “the computer said so” is no longer a valid justification for who gets (or loses) access to the financial system.
ANTI-MONEY LAUNDERING (AML)
OCC targets unjustified debanking in merger reviews
The OCC has announced new guidance signaling that banks’ merger applications could be rejected if they have engaged in discriminatory or unjustified “debanking” practices. Building on Executive Order 14331, Guaranteeing Fair Banking for All Americans, the OCC will now factor debanking history and policies into both merger reviews and Community Reinvestment Act (CRA) assessments while removing “reputation risk” as a valid justification for account closures. Financial institutions will need to ensure that all risk rating methodologies, including those informed by adverse media, are quantifiable, defensible, and demonstrably unbiased.
FinCEN backs cross-border collaboration to strengthen financial crime defenses
FinCEN and federal regulators have issued new guidance encouraging financial institutions to voluntarily share information across borders to better combat money laundering, terrorist financing, and other illicit activity. The move aims to break down data silos and enhance collective investigative capabilities through more robust sharing of transaction, customer, and investigative information. However, institutions must proceed carefully, by balancing transparency with SAR confidentiality, privacy regulations, and legal oversight to avoid inadvertent tipping-off or compliance breaches.
OCC ends AML consent order, signaling shift in enforcement priorities
The OCC has terminated a consent order against a bank previously cited for deficiencies in its Bank Secrecy Act (BSA) and AML compliance program. The regulator stated that the bank’s safety, soundness, and compliance no longer warrant the order’s continuation, effectively removing enhanced scrutiny. However, the decision reflects a broader pattern of federal agencies rolling back earlier enforcement actions, underscoring the need for financial institutions to maintain robust compliance programs despite evolving regulatory priorities.
FinCEN warns banks of expanding Chinese money laundering networks
FinCEN has issued an advisory alerting financial institutions to the growing threat of Chinese Money Laundering Networks (CMLNs) that facilitate illicit transactions for Mexican transnational criminal organizations. The advisory urges vigilance in identifying and reporting related activity, using specific SAR codes and incorporating red flags outlined in FinCEN’s recent Financial Trend Analysis: Chinese Money Laundering Networks 2020–2024 Threat Pattern & Trend Information published in August. As these networks evolve with remarkable speed and sophistication, financial institutions must continuously refine their detection strategies to stay ahead of emerging financial crime risks.
COUNTERING THE FINANCING OF TERRORISM
UK sanctions breach highlights risk of resource gaps in compliance teams
Vanquis Bank Limited (VBL) has been reported by HM Treasury for breaching sections 11 and 12 of the Counter-Terrorism (Sanctions) (EU Exit) Regulations 2019 after failing to promptly act on an OFSI prenotification of a soon-to-be-designated customer. A lack of first-line resources, which were reassigned to remediation activities, delayed alert review and reporting. The case underscores the importance of effective resource allocation and timely alert management, reminding financial institutions that addressing one compliance issue should never create another.
OFAC fines ShapeShift $750K for sanctions violations linked to restricted jurisdictions
ShapeShift AG has agreed to a $750,000 settlement with OFAC for facilitating digital asset transactions between 2016 and 2018 involving users in Cuba, Iran, Sudan, and Syria without a sanctions compliance program in place. Despite having IP data that could indicate user location, the company failed to screen for sanctioned jurisdictions or designated individuals. The case underscores that sanctions compliance obligations extend to all US persons, including those operating abroad, and highlights the critical need for proactive screening and risk-based controls in digital asset environments.
ARTIFICIAL INTELLIGENCE & TECHNOLOGY
Why “knowing your model” is becoming the new compliance imperative
As AI becomes deeply embedded in financial decision-making and risk management, understanding model provenance—the full chain of custody from creation to deployment—is essential for trust, accountability, and regulatory compliance. Provenance tracking ensures visibility into how models are trained, tested, updated, and influenced by data or hardware environments. To manage AI responsibly, firms must establish standardized vendor due diligence, maintain continually updated provenance records, and ensure meaningful human oversight at every stage of the model lifecycle.
Five fundamentals for managing AI risk with confidence
Effective AI governance begins with strong data foundations and extends through accountability, transparency, and human oversight. Organizations should classify and respond to AI-related incidents, adopt clear contractual standards, and implement practical controls and education to ensure safe and ethical use. These principles mirror traditional model risk management, reinforcing that disciplined protocols remain the cornerstone of responsible and resilient AI deployment.
New York regulators urge banks to use blockchain analytics for crypto risk management
The NYSDFS has emphasized that institutions engaged in or considering virtual currency activities should leverage blockchain analytics to strengthen their financial crime controls. The guidance highlights using blockchain intelligence to screen wallets, verify fund sources, monitor customer and counterparty risk, and align expected versus actual crypto activity. As digital assets become mainstream, regulators increasingly expect firms to adopt advanced technologies like blockchain analytics to proactively detect and mitigate money laundering and sanctions risks.
LOOKING FORWARD
US Treasury seeks industry input on GENIUS Act implementation
The US Treasury has released an Advanced Notice of Proposed Rulemaking (ANPRM) inviting public comment on 58 questions across six key areas of the GENIUS Act, including stablecoin issuers, illicit finance, taxation, and foreign payment regimes. With comments due by October 20, 2025, this marks a critical opportunity for providers, vendors, and market participants to help shape the regulatory framework governing stablecoins and digital asset ecosystems.
Trusted expertise for today’s evolving compliance challenges
As regulatory expectations become increasingly intricate, FinScan’s Advisory Services delivers the insight and hands-on guidance you need to stay ahead. Whether optimizing model governance, improving data integrity, or addressing sanctions and emerging technology risks, we help strengthen your compliance framework and future-proof your operations. Build a stronger, more resilient program—connect with our experts today.