This is a transcript of the podcast A GRIP discussion on law, compliance and policymaking in 2025 in which our expert writers discuss areas such as AML enforcement, cryptocurrency regulation, ESG commitments and ever-present cybersecurity threats, among other topics.
[INTRO]
Julie DiMauro: Hello everyone. I’m Julie DiMauro, I’m the US Content Manager for GRIP, which is Global Relay Intelligence and Practice.
I am joined by Alexander Barzacanos, who is the Deputy Content Manager here in our offices in New York. You can find Global Relay Intelligence and Practice at grip.globalrelay.com. There, you will see a number of articles and podcasts and reports, interviews, and thought leadership for compliance and legal professionals. I hope you’ll check us out there and on LinkedIn and share our content with your colleagues.
This podcast, we’re kicking it off in 2025. Happy New Year to everyone. And Alexander has been gracious enough to join me to just do a little informal brainstorm on what we can expect for 2025 and moving forward. And based on 2024 or based on other things that we’ve seen on the horizon, percolating in politics and in compliance, legal circles, risk areas and technology arenas.
I recently wrote an article that looked at 2025 making some sort of predictions. And I talked about deregulation in the US federal regulatory regime. And yes, it’s quite likely I had argued, you know, for in certain ways, ushering in a less is more approach to new technologies such as artificial intelligence, alternative investments, climate disclosure, bank capital requirements and consumer protection rules in the financial services sector. But I did point out – and I want to point out today – that some areas that garner great bipartisan support should show little change in approach and that international and state level mandates in areas like consumer protection, sustainability reporting, privacy and other areas make it important that companies keep resources and skill sets ready to meet their compliance challenges because those will continue on.
And compliance and legal teams need to be prepared for some areas of risk to possibly increase just because, when policy objectives change, that means different mandates have to be addressed and they go in different directions. So you have to be kind of prepared for anything. Let’s dig in.
I wanted to start with AML and sanctions, if you don’t mind. It was a centerpiece of the SEC’s enforcement activity among others and FinCEN’s just to give a little overview. And I want you to dive in and talk about TD Bank and other things that are top of mind for you.
In September, FinCEN issued a final rule that adds certain registered investment advisors and exempt reporting advisors to the definition of financial institution under the regulations implementing the Bank Secrecy Act, which means that they must implement risk-based AML in combating the financing of terrorism programs, including internal controls, policies, training, independent testing and the designation of a qualified AML/CFT officer. Plus files suspicious activity reports and currency transactions. We had the TD Bank pleading guilty in October to AML failures. They got a record $3 billion plus in penalties, unusual asset cap. You’ll talk about really an interesting case that I think we’ll be referencing for some time.
But one thing I wanted to dive into is the Corporate Transparency Act, which was implemented on January 1 with a compliance date coming up on the same day in 2025, except thanks to a federal appeals court in Texas, companies actually don’t have to file those beneficial ownership details right now since the court’s judge blocked the law’s implementation. So we’ll see where that goes. But that beneficial ownership component of the law requires covered businesses to report information about their owners, namely anyone that owns 25 percent or more of ownership interest in the entity or exercises substantial control over the entity.
My argument is the CTA is probably not fatally wounded. And I say this because there was so much bipartisan effort in creating it, right? Marco Rubio is one of the key authors of it. And they were looking toward Putin’s invasion of Ukraine, which amplified the importance of the law, which is ongoing. Marco Rubio, senator from Florida at the time, said the federal government cannot properly implement sanctions against Putin and his oligarchs if it does not know the full extent of their holdings, hence the law.
So I do still see bipartisan support for this effort in some regard, whether it’s rewritten or reintroduced in some other way. I think scrutiny of China will continue with export restrictions, especially on minerals and other things that go into our tech agreement. And the Europeans are equally concerned. Other countries might seek to circumvent the proposed lofty tariffs that Trump has proposed and they might lead to rising prices for consumers.
But why should legal and compliance teams care about that? Well, I think that they need to, because when sales and product strategies and procurement practices are impacted and manufacturing locations are adjusted due to pricing and changing consumer patterns that, you know, compliance and legal need to be concerned in monitoring those situations. So turning it over to Alexander, I want to have you weigh in on AML sanctions.
Alexander Barzacanos: I think the TD Bank case was probably one of, if not the story of the year. We saw an incredible level of malfeasance going on with the TD’s AML controls. We saw money launderers were showing up at branches with bags of cash, no questions asked, no escalation, no reporting, very few filings of SARS, which are suspicious transaction reporting. They received a punishment that was in line with that of $3.09 billion in penalties leveraged by several government agencies in concert with one another.
I think we’re going to see all banks respond to this by shoring up their AML policies and procedures obviously too huge to ignore. I think TD is also going to suffer extremely in the reputation department. Before this, I think we would look at Wells Fargo as the perpetrator with a bad reputation in compliance. But I think now TD sort of carries that reputation with it. In the future, basically it seems like the government stopped just short of withdrawing TD’s banking license, which is a penalty that was also mulled over previously with Wells Fargo. Three billion plus fines and a growth cap are going to be a serious, serious thing for TD to overcome.
Julie DiMauro: You know, lawmakers were still hoping that they could get a little bit more.
Alexander Barzacanos: Elizabeth Warren, I think was, as she usually is, very upset that no one is going to jail over this.
Julie DiMauro: And it’s an area of expertise that companies, large firms especially, banks very much in particular, need to be mindful of. They need to have that level of expertise, technology that really works, internal controls to spot when the technology or people are not functioning as intended, and expertise at all levels, including the board.
Alexander Barzacanos: Absolutely. It always comes down to human capital with these situations. Even if you have great AI, great monitoring, technical capabilities, I think, you know, at the end of the day, there are going to be, especially when we’re talking about money laundering, this is going to be people talking to people, people reviewing that. So it’s all about personnel, I think, ultimately.
Julie DiMauro: All right, just to move on a little bit, banks more generally about capital rules and maybe some M&A activity. For now, banks that have been fighting against efforts to boost their capital requirements, they send some more cheery message coming in that vein.
And granted, these capital proposals have been watered down already, but some banking industry participants are wondering if the so-called Basel III endgame scheme can go away completely or get diluted further. Banks are like other companies seeking to consolidate and challenge other businesses in their sector or in tangential sectors that they seek to grow products and services in imminently. It’s true of Capital One and Discover, which are trying to challenge the large credit companies with a merger. Insofar as mergers and acquisitions and the future for them, they keep spreading technology, food, healthcare sectors. The antitrust regime granted for the past several years presided over by Lina Kahn at the Federal Trade Commission and Jonathan Kantor at the Department of Justice definitely have pushed back both of them and their agencies.
Without them, we could see a larger degree of deal-making activity that banks manage for these other businesses, subject to exceptions that arise on a case-by-case basis. I know Trump in his first term did oppose the AT&T acquisition of Time Warner, so we’ll see what happens. But I do see more deal-making activity going forward that bodes well for PE firms, of course, as they seek to finance some of this deal-making business.
What do you think, Alexander?
Alexander Barzacanos: So yeah, we saw a few months ago a shocking reversal I think of the Fed’s plan to implement the Basel III Capital Reserve requirements. Before that reversal, there was speculation that the reserve across the board levels for America’s largest banks could be increased by up to 19 percent. After receiving an intense amount of criticism from the banking industry, we saw them do a dramatic reversal and slash that to around 9 percent, so around half of what it had planned to be. Shocking contrition from members of the Federal Reserve over this point, they described it as a moment to relearn the value of humility, to paraphrase their statement there, which is not a concession you see from any federal agency, especially not the Fed.
So that was a huge moment. In that line, we also saw just earlier this month banks sue the Fed over their stress-testing models, which they use to set some of the capital reserve requirements that are specific to each bank. Previously, we saw Goldman Sachs become the first bank to successfully negotiate a reduction in their capital reserve levels from 6.4% to 6.2%.
Banks were able to do this since 2020, but Goldman was the first to be able to pull this off. We’re seeing the way that these stress tests are conducted, challenged due to their secret nature. The criteria that go into the tests are not publicly available. There’s no opportunity for notice and comment. Banks are claiming that this is illegal, that it violates the Administrative Procedure Act, where regulation has to be transparent, available for comment, things of that nature. The Fed seems to be accepting that the current legal status quo, where we have Loper-Bryde in place, Trevoron is gone, the deference that was once afforded to their decisions has been tossed out of a window.
They’re basically conceding that they’re probably going to lose, it seems. So they’ve unilaterally opened up those stress-testing protocols to notice and comment. We’ll see if anything changes on that front, but the banks are going ahead with their lawsuit.
Julie DiMauro: There’s been no shortage of litigation.
Alexander Barzacanos: No. When the Loper Bright opinion was first published, something I heard was that it introduces enough uncertainty into the environment that industry participants are not going to be that happy. Agencies are not going to be that happy now that their power has been reduced. The only people who are going to be happy are litigation lawyers. They’re going to be getting a lot of work that will be very highly paid, so good for them.
Julie DiMauro: Indeed. Alexander and I were talking before the session started that given Loper Bright, Congress will probably be very deliberate in how they write their statutes, their bills, and regulatory agencies as well in interpreting them and issuing their rulemaking. So it’ll be very interesting to see that dynamic. And whether or not that fosters collaboration and more communication between the two or not and how that will be handled is extremely interesting, I think, from a regulatory policy perspective.
Alexander Barzacanos: It’s interesting to see the sort of conservative opinion on this. I mean, it seems that they’re trying to uphold a mutually-contradictive paradigm. Figures like Elon Musk, who is now running DOGE, the Department of Governmental Efficiency, where they want laws to simultaneously be the size of a postcard and also so comprehensive that they could survive any legal challenge to them. I think it’s going to be very hard to see both of those goals met, but we’ll see.
But yes, I completely agree that Loper Bright is going to change the way that our lawmakers write laws. I think we’re going to see necessary updates made to some of our laws, which were written in the 1930s, which are completely inapplicable to the world we live in today. A big Loper Bright case that came out very recently was the elimination of net neutrality for the second or third time, I believe. It’s gone again. Say goodbye.
The issue hinged on whether internet service providers are providing a utility or an information service. Are they telecommunications providers? Are they not? These questions are meant to be addressed by law that was written before the internet was even contemplated by a single human being. We’re going to need changes to the laws. And I think now that agencies have lost their magisterial ability to interpret the law, we’re going to see efforts being made.
Julie DiMauro: By a Congress that has slim majorities in each house, right? So we’ll see how that pans out. I want to talk about consumer protection because we had a Consumer Financial Protection Bureau, CFPB, that was incredibly busy in the last few years. We’ll see what regulations that they had actually promulgated that will continue on and persist. So there was a broad swath of credit card companies and online digital payment app providers that were targeted. Overdraft late and other junk fees were targeted.
They clawed back the CFPB nearly $20 billion in consumer relief. Very, very active bureau right there. The recent rule capping credit card late fees, which is being challenged in courts, is likely to be discarded or re-gained. The idea of capping the limit to $8, down from $32, seems to discard free market principles. And it’s hard to see Trump CFPB vigorously defending it, but we’ll see what happens.
This summer, the agency proposed banning medical debt from appearing on consumers’ credit reports. In October, it warned companies against seeking payment on unverified bills, which triggered litigation from debt collectors, citing the costs they would bear and pass on to consumers. Even if the Trump administration dumps the rule, there are state regulators taking up that cause. Got to remember the state regulators and some international regulators, so jurisdictions beyond our shores, that still have rules in these areas.
So for larger firms and firms doing business in multiple states, you still might have to answer to these mandates. But getting back to these rules, payments for unverified bills, Colorado, California, and New York, either are enacting rules on medical debt reporting or proposing it. IT might come down to where you live as a consumer in terms of your consumer protection coverage, which has always been true, but it may be even more so with a conservative administration reigning in the federal consumer watchdog. And then speaking of reigning in, you brought him up. Elon Musk has already said that his cost-cutting role with the federal government will include deleting the CFPB.
Alexander Barzacanos: I was about to say that, yep. Let’s see what happens.
Julie DiMauro: Exactly. Let’s go on to ESG. I know you have a lot to talk about here too, Alexander. The SEC’s climate disclosure rule issued in March under the new federal administration, what will happen? It’s likely to be completely tossed out or incredibly whittled down. The reason why I’m not convinced that that means too much or that you could assign too much weight to that rule being abolished or severely watered down is, again, that there are other regimes, right? So the corporate sustainability reporting directive in the EU, there’s California’s regulations requiring disclosure over climate-related financial risks and greenhouse gases.
There’s also just stats. So CCSI’s Sabin Center has reported that many companies already published much of the information that has been called for by the new SEC rule that is not in fact but had been proposed. And they put that information in sustainability reports that they provide investors on their website. They’re already doing it. Why are they doing it? Because consumers want it. Because their investors want it, right? So they are already under the gun. They’re already being asked for it. It’s just been standard practice to offer something.
I’m not saying that they couldn’t do more or they couldn’t do it better, but they are already offering this. This is a trend. This is not something that would be completely brand new with the SEC’s law. So I do see that there has already been a change in mindset in stakeholder demands and expectations in this regard.
There is just a bunch of coalitions, pro-ESG coalitions, nonprofit groups and associations and other initiatives where they’re not going to stop the fight. I mean, they’re just continuing to go out there and talk about it from different angles, whether it’s the marketing angle or the business continuity angle. Listen, there are wildfires in California. This is because of climate in part. So let’s talk about climate. So there’s, again, this initiative of going at it in different angles. There’s greenwashing cases are going to continue. Why? Because they’re based on rules, preexisting rules that we already have, about not being misleading and deceptive in your marketing material and your advertising. So those things will continue. I think the idea of ESG being dead is overblown and not valid. How about you?
Alexander Barzacanos: I agree. And reports of ESG’s death are overstated. Yeah, I think ESG isn’t going to go away because these are material issues for investors. I think you can’t claim to have a shrewd investment portfolio if you’re not taking into consideration risk. What can produce greater risks than widespread catastrophes? I think this is something that smart investors want to know about, that this information is being provided without inducement by the government or anyone else. It’s necessary.
I think a lot of the backlash against ESG investing that we’re seeing on a state level is pretty transparently politically motivated. We saw the Texas teachers pension fund withdraw billions of dollars out from under Blackrock’s management despite receiving record-breaking returns on that fund. I think it’s difficult to argue that decision was in the best interest of the fund.
Julie DiMauro: I wanted to move on to cybersecurity and privacy. Cybersecurity continues to be one of the top, if not the top, concern for compliance and legal professionals when polled. It just doesn’t go away. Everybody feels subject to it, you know, that they could be susceptible to it. It almost feels like no amount of protections can completely insulate you. And they’re reputationally damaging to the core. There’s just nothing good about them. So they’re a key concern. How you secure your data, manage data, breach risk, remain resilient. How you respond to incidents appropriately and in a timely way, it remains a regulatory priority. Almost every industry in 2024 experienced critical IT disruptions. And some of them had national security implications.
So I want to talk about one of them, the CrowdStrike incident was one example. It put into stark relief how susceptible a truly wide swath of crucial industries in the global economy are to software vendor disruptions and over-reliance on the same tiny group of vendors. That was just, you know, really the lesson right there. There also have been some other incidents. Salt Typhoon was a China-linked threat group or is a China-linked threat group, recently infiltrated and maintains access to at least eight telecom providers in the US.
In response, the current Federal Communications Commission chair, Jessica Rosenworcel, her proposed rule changes would require telecom operators to secure their networks and maintain cybersecurity risk management plans. In like fashion, the incoming FCC chair, Brendan Carr, expressed significant concern over the implications of an adversary attacking US critical infrastructure, like our telecom networks, and said this risk needs to be tackled immediately. Cyber breach concerns for firms go beyond regulators’ concerns, though, and their mandates and their fines.
Class action litigants seek damages, too, especially since federal regulations have been lacking to protect customers and employees. Litigants often alleged that the defending company had a duty to protect their personally identifiable information, their PII, under various federal and state laws, and they used laws like Section 5 of the Federal Trade Commission Act, the Health Insurance Portability and Accountability Act, or HIPAA, or the California Consumer Privacy Act. So there’s that avenue for trying to get relief. Also, just want to mention the Change Healthcare Data Breach led to 79 federal complaints in the US courts, again litigation. So obviously, an area that I think bipartisan view is that companies need to have resiliency plans, do their penetration testing, have an incident response plan that has been tested and proven, the ever-important role of the chief information security officer is not going away. So, it’s always a high-risk area.
Alexander Barzacanos: Yeah, we saw at the end of last year, I think, the SEC go after, the CISO of SolarWinds for statements he made about the company’s cybersecurity policies and procedures. He was basically accused of overstating the efforts they were making to protect the company, which was victim of a massive cyberattack. Probably we’ll see a reversal of those tendencies going forward, especially because that part of the lawsuit was eventually dropped with some scolding from the judge. But it’s interesting nonetheless, I think we might see CISOs taking on more of a compliance function going forward, or at least becoming more integrated into the compliance chain of commands out of software companies and other related fields.
Julie DiMauro: The concern too was that it created a disincentive for people getting into that line of work if they were going to be concerned about personal liability.
Alexander Barzacanos: Absolutely, and also potentially a disincentive to be forthcoming about what your policies are because if you say less about what you’re doing, then there could be potentially less of a chance you’ll be gone after for overstating something.
Julie DiMauro: Absolutely. Point taken about CISOs interacting collaboratively with multiple departments. I just recently spoke to our own CISO here at Global Relay, Laurence Lafond, and he was talking about how much work he does with human resources, never mind compliance and legal. You know what I mean? And the architects and developers of our software. So it’s kind of unbelievable how many departments they have to interact with so that everybody understands the risks involved in transmitting, using, deploying, monitoring data.
Alexander Barzacanos: And I think the inverse of that is also true. I think we’re going to see compliance officers becoming increasingly specialized in tech fields and becoming more integrated in what the company is doing on a technical level, for sure.
Julie DiMauro: I mean, it’s a great, I think, note to end on, cryptocurrency.
Alexander Barzacanos: Cryptocurrency, yes. What an interesting year it’s been for crypto. I mean, not just the price, which has, I think we’re close to Bitcoin sitting at $100,000, but also from a regulatory perspective, too. We’ve seen the SEC lose some pretty important lawsuits over their attempts to regulate certain cryptocurrencies as securities. We talked about how a lot of the administrative enabling laws are outdated. I think the way that the SEC defines securities is based on a test formulated almost 100 years ago. This test is not applicable with any clarity to cryptocurrencies, in my opinion.
And in response, I think we’re going to see some legislation which has been pending for a while finally make its way through the House and the Senate finally have an effect on which agency is going to be responsible for regulating crypto between the SEC and the CFTC.
Julie DiMauro: I totally agree. Along those lines, I wanted to talk about that legislation. Financial Innovation and Technology for the 21st Century Act or FIT21. It was the House of Representatives passed a bipartisan supported law that that’s the one FIT21 that gives the CFTC new jurisdiction over digital commodities and clarifies the SEC’s jurisdiction over digital assets offered as part of an investment contract. One of the lawmakers who spearheaded the bill in Congress, French Hill, a Republican from Arkansas has just been appointed the next House Financial Services Committee chair and it’ll be likely high on the committee’s list of priorities, I would think on this year.
But I do think that like you just said, it’s the commodities watchdog agency that I think will see more regulatory oversight of digital assets. But crypto companies are feeling more confident about their central argument that investments written for securities firms do not work well for digital tokens that are designed to run on peer to peer networks. That will be interesting to see how everything plays out. But I think so far we’ve kind of seen with some agency heads that have been lined up for the SEC a departure at the CFTC and the fact that there’s an open spot there, you know, maybe fewer crypto skeptics. No one was, you know, as big of a crypto skeptic as Gary Gensler and the liberals on the SEC that joined him in majority decisions.
So yes, for sure, there’s going to be a sea change there. I do want to temper that just a little bit, though, by saying that, you know, investor protection doesn’t go away and our investor protection laws don’t go away and that any appetite for fraud, you know, doesn’t necessarily change. Right. So we are still going to be monitoring fraud in the crypto space. Individuals perpetrating it in companies. There are overseas jurisdictions like the EU that have more draconian rules in this regard, sticking to their guns and having stricter rules. You know, again, on balance, I think, yes, it’ll be a more crypto friendly place for development and sandbox innovation. But we’ll still have, I think, and need investor protection laws and oversight.
Alexander Barzacanos: Yes, I think we’re definitely going to see this movement away from critically treating crypto as an asset class, as we’ve seen with Gary Gensler and the previous incarnation of the SEC to more of a focus on the sort of transparently fraudulent crypto projects of which we’ve seen many. I think as time goes on, we’re just going to see this becoming more mainstream. We’re going to see dissolving of this kind of, this is crypto. So we need to make sure no one no one touches it kind of attitude that I think we’ve seen previously.
Julie DiMauro: And you know, what’s interesting too, is that spot bitcoin ETFs and the ether ones have been popular. And I think that is bringing the mainstream right in kind of initiative and investor interest into the space, which is great. But what I would love to see happen, and this is just me talking, is more investor education around these things. So it is an alternative investment still. It’s I wouldn’t advise anyone using money that they can’t afford to lose, you know, in investing in this space. It’s still risky. So I think if if the agency, agencies focused a little bit more on investor education, maybe not as much on enforcement, but still some enforcement and really made sure that retail investors understood what they were investing in and how much they should be, you know, kind of gambling with their money. I think that might go a longer way at the end of the day.
Alexander Barzacanos: Absolutely. I think we’re probably going to see a focus more on the retail investor going forward. One of the one of the most interesting SEC actions I saw this year was it was a case against Cumberland, which is this big crypto market maker that provides liquidity for transactions involving ultra high net worth investors, institutional investors, entities of that nature. And the SEC went after them for being an unregistered distributor of crypto currencies, which elicits the question, who was the SEC trying to protect exactly in that case? Certainly, it wasn’t the common guy who’s getting duped into investing in something he doesn’t understand, right? Probably going forward, we’re going to see less of less fewer cases of that type.
Julie DiMauro: Alexander, I could talk to you all day, which is why I work with you. Thanks to everyone for listening in. We really appreciate it. We hope we’ll listen to many more podcasts of ours this year in 2025 and keep reading our articles at grip.globalrelay.com. It’s been a pleasure, thank you.
Alexander Barzacanos: Thank you.
