Year-End 2025 Industry Update: Internal Audit Trends & Regulatory Changes

General Banking & Regulatory Updates for Financial Institutions

House Passes Bills to Establish Digital Assets Regulatory Frameworks, Bar U.S. CBDC

The House of Representatives has passed three digital asset-related bills designed to establish a clearer regulatory framework. These include:

• The GENUIS Act, which provides guidelines for payment stablecoins.
• The Clarity Act, which determines whether crypto assets and intermediaries fall under the oversight of the Commodity Futures Trading Commission (CFTC) or the Securities and Exchange Commission (SEC).
• The Anti-CBDC Surveillance State Act, which prohibits the Federal Reserve from issuing a central bank digital currency (CBDC).

Agencies Issue Joint Statement on Risk Management Considerations for Crypto-Asset Safekeeping

Federal bank regulators published a joint statement regarding crypto-asset-related activities banks are engaging in. The joint statement provides guidance on risk management practices for holding crypto-assets on behalf of customers and safekeeping those assets. It reinforces existing risk management principles rather than introducing new supervisory requirements, reflecting the agencies’ ongoing effort to offer clearer direction to financial institutions engaged in crypto-asset-related services.

FDIC Proposes Revisions to New Signage Requirements | ABA Banking Journal

The FDIC has proposed revisions to its recently updated digital signage requirements for financial institutions. First, the compliance deadline is extended from March 1, 2026, to January 1, 2027, while introducing several changes aimed at reducing regulatory burden based on industry feedback.

The primary updates include giving financial institutions more flexibility in presenting the FDIC’s official digital signage in terms of visual formatting, removing the unclear “landing page” mandate for digital signage, and focusing signage requirements on deposit account transaction pages. Additionally, non-deposit product pages and screens will now require specific non-deposit signage to be clearly visible.

OCC to Reduce the Regulatory Burden on Community Banks by Adjusting the Frequency & Scope of Bank Examinations

Starting January 1, 2026, the OCC will remove “all examination requirements required by agency policy rather than statute” in an effort to ease the burden on community banks (financial institutions with less than 30 billion in assets). The updated examination requirements will incorporate considerations of the institution’s size, complexity, and risk profile focusing on material financial risks.

FASB Guidance Ends “CECL Double Count” on Purchased Loans

Effective for annual reporting periods beginning after December 15, 2026, the accounting standards update (ASU) will revise the standards for recording of the allowance for credit losses for purchased loans.

The Evolution of the Bank Branch

In recent years, the role and design of bank branches have evolved significantly as digital banking becomes the primary platform for everyday transactions. With this shift, branches are no longer focused solely on processing transactions – they’ve transformed into collaborative spaces where customers seek financial guidance and personalized consultation. This article explores key changes in customer expectations and how branch design strategies are adapting to meet these evolving needs.

OCC Allows Banks to Hold Crypto to Cover Related Fees

In November 2025 the OCC released a letter allowing national banks to have small crypto asset holdings for use coving any crypto transaction network-related fees the institution may incur.

Upcoming Changes to the Automated Clearing Hours (ACH) Rule Book

Fraud Monitoring Phase 1

As part of the Nacha Risk Management package and Fraud Monitoring Phase 1 rule amendments, all Originating Depository Financial Institutions (ODFIs) must implement fraud monitoring practices beginning March 20, 2026. The rules set forth a new requirement for “processes and procedures” around detecting and preventing fraud for ODFIs, third-party service providers, and third-party senders.

Company Entry Descriptions

New ACH rules effective March 20, 2026, introduce standardized entry descriptions for payroll and purchase transactions. Entry descriptions for payroll Prearranged Payment and Deposit (PPD) credits and e-commerce purchases must include this detail in the description. These changes aim to streamline ACH processes.

Fraud Monitoring Phase 2

As part of the Nacha Risk Management package and Fraud Monitoring Phase 2 rule amendments, all ODFIs must extend their fraud monitoring procedures implemented within Phase 1 above to all originators, Third-Party Service Providers, and Third-Party Senders not covered in Phase 1. Phase 2 is effective June 22, 2026.

Definition of IAT Entries

New ACH rule effective September 18, 2026, with the intent to provide further clarity for making IAT determinations.

Funds Availability Requirements for Non-Same Day Credit Entries

New ACH rule effective September 18, 2026, stating non-same day ACH credits must be made available by 9:00 AM local time on the settlement date, removing the previous 5:00 PM receipt condition.

To stay informed and ahead of the curve on regulatory developments that could impact your organization, reach out to a member of our team today.