Regulatory Roundup: October 2024

Regulatory Round-Up – October 2024

Here’s the regulatory compliance headlines that could impact your organization.

Exam Priorities

SEC Announces 2025 Exam Priorities

• The SEC has outlined its exam priorities for 2025, with particular attention on fiduciary duties, standards of conduct, anti-money laundering (AML), cybersecurity, and the emerging use of AI and other technologies in financial services. This annual prioritization signals what the SEC will be examining in brokers, advisors, and funds, influencing risk assessments and compliance strategies across the industry. Compliance professionals need to stay updated on these focus areas to enhance controls, especially around investor protection and data security, and to ensure alignment with SEC expectations. Understanding these priorities can help anticipate regulatory scrutiny areas.

ESG

ESG/Sustainability Frameworks Standards and Regulations

• ESG standards are facing heightened enforcement, as demonstrated by the SEC’s recent action against WisdomTree for not meeting its stated ESG investment criteria. Understanding the key ESG reporting frameworks and standards is essential for companies to accurately report on their practices, risks, and opportunities related to ESG.

CFPB

Personal Financial Data Rights & Open Banking

• The CFPB adopted a new rule under the Dodd-Frank Act, granting consumers control over their financial data, effective 60 days post-publication. This rule mandates that financial institutions provide consumers with transparent, secure data-sharing capabilities, with staggered compliance deadlines based on institution size. Compliance teams at financial institutions must prepare to support consumer-directed data transfers and increased transparency in data use. This shift aims to improve data security and consumer control, potentially transforming customer retention and data management practices, as open banking standards gain traction worldwide. 

Enforcement Actions

Compliance Failures in Apple-Goldman Partnership

• In 2017, Goldman Sachs and Apple launched an Apple-branded credit card, but the CFPB recently cited compliance failures, noting Apple’s technology was unprepared to meet federal requirements. Both companies were fined for violating financial protection laws (TILA and Reg Z) and instructed to enhance their compliance programs. Goldman is also barred from new card programs until it meets CFPB standards. This action underscores the need for strong compliance and tech readiness in digital finance, urging consumer finance teams to monitor new CFPB regulations closely.

AI & GDPR

EU AI Act and GDPR Compliance Standards

• Just six years after its implementation, the EU’s GDPR is recognized as the global standard for data protection. Following its success, the EU AI Act, adopted in July 2024, is poised to set a similar benchmark for AI regulation. Noncompliance with these frameworks can lead to significant penalties, prompting many firms to adopt AI-driven tools to meet compliance demands. Compliance teams should prioritize aligning with both GDPR and the AI Act as they represent foundational regulatory requirements in data protection and AI usage. These regulations highlight the need for advanced compliance technology, particularly as data protection and AI frameworks become more interwoven.