In its annual Banking Priorities survey, CSI asked bankers across the country about their views on top compliance and financial crimes challenges. Read on to learn more about how bankers view the changing regulatory landscape.
With several issues competing for bankers’ attention, 14% selected regulatory change as the issue most likely to affect the financial industry. While that’s a minority of respondents, it is an increase from 2024’s survey, and 2025 is poised to be a hot regulatory year nonetheless. Bankers identified several key compliance issues on the 2025 horizon that both regulators and bankers agree will demand significant attention this year.
Want access to the full results of this year’s survey? Read the interactive report.
Exploring Bankers’ Top 6 Banking Compliance and Regulatory Issues for 2025
CSI’s 2025 Banking Priorities survey revealed these six regulatory issues as front and center in bankers’ minds this year.
1. Community Reinvestment Act (CRA)
More than 70% of bankers expressed concern about the CRA. Regulatory agencies issued a final rule to modernize the CRA in October 2023, which encouraged banks to expand access to banking services in low-and moderate-income neighborhoods and adapt to technological advancements. Most requirements become applicable by 2026, so banks should begin ensuring they have sufficient information for CRA reporting.
2. Financial Crimes Compliance
The AML Act of 2020 touches upon using AI as a tool to enhance compliance capabilities for financial institutions. Regulatory bodies, including FinCEN and other federal agencies, recognize AI’s potential to strengthen AML/CFT efforts, particularly in monitoring transactions, assessing risk and detecting suspicious activities in real time.
3. Cloud-Based Banking Technologies
Additionally, 73% of respondents are concerned or very concerned about cloud-based technologies. Cloud-based banking technologies deliver a variety of benefits, including scalability and efficiency, but carry regulatory implications as well. As banks partner with different providers for cloud-based technologies, prioritizing risk management, due diligence and compliance with regulatory requirements is key.
An FFIEC joint statement encourages financial institutions to engage in effective risk management around cloud computing and to understand “shared responsibilities between cloud service providers and their financial institution clients.” As with embracing any new technology, it’s wise to monitor the anticipated regulatory focus on ensuring cybersecurity compliance and adherence to risk management procedures in information flow between banks and technology providers.
Proper risk management and due diligence is essential to taking full advantage of the power of cloud-based technologies.
4. Cybersecurity Compliance
85% of respondents are concerned or very concerned about monetizing data, which isn’t surprising considering the amount of data available to banks. Data monetization can take many forms, like targeted advertising and marketing or offering anonymized data to third-party businesses or researchers. However, banks must tread carefully on this front and strike a delicate balance in utilizing such information.
Numerous regulations from various agencies dictate how data can be employed, be it for creating new products and services or even engaging in the resale of data. Carefully adhering to these privacy regulations and the personal preferences of an institution’s customer base will help maintain compliance and trust.
5. Building a Financial Services Ecosystem
70% of respondents are concerned or very concerned about building a financial services ecosystem. Creating a financial services ecosystem includes developments in open banking as data is shared between multiple entities. As banks develop their open banking strategies, risk management and governance should be their guiding pillars. Regulatory agencies expect institutions to have strong risk management and governance programs in place—including robust vendor due diligence processes—to build the structural framework of their cybersecurity and compliance programs. As open banking becomes more prevalent, banks must ensure that any third-party partners adhere to regulations and use customer data only for intended purposes.
6. Monetizing Data
Additionally, 70% of respondents are concerned or very concerned about monetizing data. Banks can monetize data in various ways, including leveraging targeted advertising, engaging in personalized marketing or providing anonymized datasets to third-party organizations or researchers. However, institutions should approach this carefully by balancing data utilization with privacy considerations. A range of regulations from different agencies govern data use, whether for developing new products and services or for potential data resale. Adhering closely to these privacy standards and honoring customer preferences is essential for maintaining compliance and building trust with the customer base.
Data utilization opens up exciting opportunities for banks, like personalized marketing to consumers, but also presents compliance challenges.
New and Upcoming Regulations in 2024
- UDAAP: CSI’s survey revealed 68% of bankers are very or somewhat concerned about UDAAP compliance. The FDIC and CFPB have placed a strong focus on Unfair, Deceptive, or Abusive Acts or Practices (UDAAP), particularly addressing Non-Sufficient Funds (NSF) fees and the CFPB’s concerns about “junk fees,” such as return deposit item fees. Continuing a trend from 2023’s survey, bankers also expressed a high concern around UDAAP topics like discrimination and fair lending (a hurdle for applying AI for processes like credit underwriting).
- CFPB’s Rule 1033: In October 2024, the CFPB issued a final rule to implement section 1033 of the Consumer Financial Protection Act of 2010 to strengthen consumers’ financial data rights. Rule 1033 requires financial institutions and other data providers to help consumers access and share their data securely using application programming interfaces (APIs). The rule covers financial data housed at banks, credit unions and other financial institutions, as well as payments apps and digital wallets. As APIs become more important in our financial landscape, banks will likely be navigating new cybersecurity and privacy rules in the coming years.
Other Regulatory Issues on Bankers’ Radar
In addition to the issues explored above, CSI’s annual survey revealed 68% of bankers remain concerned or very concerned about cryptocurrencies. Due to headlines about crypto-enabled financial crime, the collapse of crypto firm FTX and subsequent revelations of fraudulent practices, this field remains a polarizing topic. Last year’s results indicated that 84% of bankers were concerned or very concerned about cryptocurrencies, so concern has dropped looking ahead to 2025. Banks should continue to keep an eye on crypto-related guidance from the FDIC, OCC and other entities.
Explore Bankers’ Priorities for 2025
In addition to exploring regulatory issues, CSI’s 2025 survey reveals bankers’ perspectives on a host of issues, including rising interest rates, improving the digital experience for account holders, fraud and risk mitigation and evolving opinions on artificial intelligence’s role in banking.
Want to know what else bankers anticipate for our industry in 2025? Download the 2025 Banking Priorities Executive Report for a full breakdown of the data.
Read the report
Amber Goodrich, Senior Compliance Analyst
Amber Goodrich has more than 15 years of financial industry experience. She is a Certified Anti-Money Laundering Specialist (CAMS) and a Certified Regulatory Compliance Manager (CRCM).