In its annual Banking Priorities survey, CSI asked bankers across the country about their views on top compliance and financial crimes challenges. Read on to learn more about how bankers view the changing regulatory landscape.

With several issues competing for bankers’ attention, only 8% selected regulatory change as the issue most likely to affect the financial industry. Nevertheless, 2024 is poised to be a hot regulatory year, with more than eight in ten bankers concerned about all regulatory issues evaluated. Bankers agreed on several noteworthy compliance issues on the 2024 horizon that both regulators and bankers agree will require significant attention this year.

Want access to the full results of this year’s survey? Download the interactive report.

Exploring Bankers’ Top Banking Compliance and Regulatory Issues for 2024

CSI’s 2024 Banking Priorities survey revealed these five regulatory issues as front and center in bankers’ minds this year.

1. Financial Crimes Compliance

Financial crimes compliance took the largest share of the votes, with 89% of respondents reporting it as either concerning or very concerning. New FinCEN rules and regulations have led to this intensified focus on financial crimes compliance. For instance, the implementation of Geographic Targeting Orders (GTOs) represents a targeted approach to combating financial crimes in regions experiencing human rights violations, such as Russia or China. As the geo-political climate and regulations evolve, navigating the compliance landscape will remain increasingly challenging.

In addition to evolving regulations, fraud and money laundering tactics are advancing and forcing industry professionals to keep up—especially as new payment services emerge. The adoption of P2P and instant payment transactions has skyrocketed, increasing usage and potential for abuse. Fraud prevention remains crucial for financial institutions, as fraud often serves as the precursor to anti-money laundering (AML) activities. To combat this complex issue, many institutions are focused on developing and deploying advanced fraud and AML tools that integrate AI and machine learning.

2. Building a Financial Services Ecosystem

Coming in second on the list of bankers’ regulatory concerns, 88% of bankers are concerned or very concerned about building a financial services ecosystem. This includes developments in open banking and BaaS, wherein data is shared between multiple entities. A growing concern in this area stems from increased investment in open banking, which enables financial institutions to offer new products and services without building them internally or relying on one technology provider. While the open banking field is rife with opportunity, vendor management must be handled carefully.

Technology providers that enable open banking have a responsibility to maintain security and oversee the flow of information between banks and technology partners. However, the responsibility for conducting due diligence and risk management falls squarely on financial institutions. As open banking continues to become the norm, banks must ensure that the partner company adheres to regulations, refrains from misusing information and avoids using it for resale purposes.

3. Cybersecurity Compliance

While cybersecurity compliance wasn’t the highest cybersecurity concern, it took the third highest regulatory concern. Nearly 90% of respondents are concerned or very concerned about cybersecurity compliance in the coming year, signifying the constant challenge of thwarting cyber threats while satisfying regulatory expectations.

As a key component of an institution’s cybersecurity posture, regulators emphasize cybersecurity compliance more than ever and expect institutions to maintain a secure IT infrastructure and mitigate risk. In addition to meeting regulators’ expectations, a robust cybersecurity compliance program can prevent your institution from suffering the consequences of a damaging breach.

Institutions should deploy several strategies to strengthen cybersecurity compliance, including penetration testing, vulnerability scanning, cyber insurance and multi-factor authentication.

4. Monetizing Data

85% of respondents are concerned or very concerned about monetizing data, which isn’t surprising considering the amount of data available to banks. Data monetization can take many forms, like targeted advertising and marketing or offering anonymized data to third-party businesses or researchers. However, banks must tread carefully on this front and strike a delicate balance in utilizing such information.

Numerous regulations from various agencies dictate how data can be employed, be it for creating new products and services or even engaging in the resale of data. Carefully adhering to these privacy regulations and the personal preferences of an institution’s customer base will help maintain compliance and trust.

5. Cloud-Based Banking Technologies

Additionally, 85% of respondents are concerned or very concerned about cloud-based technologies. Gartner predicts that 85% of organizations will embrace a cloud-first approach by 2025 for its efficiency gains and the security it affords. The prominence of cloud-based banking technologies is closely tied to open banking, ecosystem building and cybersecurity considerations. There is no one-size-fits-all path for cloud migration; institutions must weigh the benefits and challenges to decide what makes sense for their IT goals, available resources and risk appetite.

An FFIEC joint statement encourages financial institutions to engage in effective risk management around cloud computing and to understand “shared responsibilities between cloud service providers and their financial institution clients.” As with embracing any new technology, it’s wise to monitor the anticipated regulatory focus on ensuring cybersecurity compliance and adherence to risk management procedures in information flow between banks and technology providers.

New and Upcoming Regulations in 2024

• Community Reinvestment Act (CRA): In addition to the issues listed above, more than 80% of bankers expressed concern about the CRA. Regulatory agencies issued a final rule to modernize the CRA in October 2023, which encouraged banks to expand access to banking services in low-and moderate-income neighborhoods and adapt to technological advancements. Most requirements become applicable by 2026, so banks should begin ensuring they have sufficient information for CRA reporting.

• UDAAP: CSI’s survey revealed 83% of bankers are very or somewhat concerned about UDAAP compliance. The FDIC and CFPB have placed a strong focus on Unfair, Deceptive, or Abusive Acts or Practices (UDAAP), particularly addressing Non-Sufficient Funds (NSF) fees and the CFPB’s concerns about “junk fees,” such as return deposit item fees. Continuing a trend from 2023’s survey, bankers also expressed a high concern around UDAAP topics like discrimination and fair lending (a hurdle for applying AI for processes like credit underwriting).
• NIST Cybersecurity Framework: In 2014, the National Institute of Technology created the Cybersecurity Framework (CSF) 1.0 to provide organizations with guidance on mitigating cyber risk. NIST released the CSF 2.0 in February 2024, which incorporates stakeholder feedback to “reflect the ever-evolving cybersecurity landscape and to help organizations more easily and effectively manage cybersecurity risk.” This is the first major update to the framework since its creation and includes resources to help organizations reach their cybersecurity goals with an emphasis on governance. The CSF 2.0 supports implementing the National Cybersecurity Strategy due to its expanded scope that serves all organizations—not just those related to critical infrastructure.

Other Regulatory Issues on Bankers’ Radar

In addition to the issues explored above, CSI’s annual survey revealed 84% of bankers remain concerned or very concerned about cryptocurrencies. Crypto had a tumultuous 2023, but some cryptocurrencies have steadily recovered. This year’s survey results indicate increased concern about digital assets, including crypto. This emphasizes the need for banks to navigate regulations, address AML concerns and possibly adapt their systems to handle digital asset management.

Explore Bankers’ Priorities for 2024

In addition to exploring regulatory issues, CSI’s 2024 survey reveals bankers’ perspectives on a host of issues, including rising interest rates, improving the digital experience for account holders, fraud and risk mitigation and evolving opinions on artificial intelligence’s role in banking.

Want to know what else bankers anticipate for our industry in 2024? Download the 2024 Banking Priorities Executive Report for a full breakdown of the data.

Read the report

Amber Goodrich is a compliance analyst at CSI.