Cyber phishing remains one of the most significant and rapidly growing cybersecurity threats, accounting for the vast majority of successful cyberattacks and impacting both individuals and organizations on a daily basis. As highlighted by Dean Stockford and Len Suzio, phishing schemes exploit human trust—rather than technical vulnerabilities—through increasingly sophisticated tactics, many now powered by generative AI, which has driven a dramatic surge in highly convincing and personalized attacks. Real-world incidents, including major corporate breaches and multimillion-dollar fraud cases, demonstrate the severe financial and operational consequences. Given this evolving threat landscape, organizations must prioritize continuous employee training, strengthen email authentication and filtering systems, adopt AI-driven detection tools, and implement multi-factor authentication, all while tailoring their defenses to their specific risk profiles to effectively mitigate phishing risks.

Brought to you by GeoDataVision and M&M Consulting

In this episode, Len Suzio and Dean Stockford discuss the CFPB’s November 2025 proposed rulemaking on Section 1071 and explain how it could dramatically scale back the current small business lending data-collection requirements. Len highlights the biggest proposed changes, including moving to a single compliance date of January 1, 2028, sharply reducing the number of required data points, raising the reporting threshold from 100 to 1,000 small business loans in each of the prior two years, narrowing the definition of a small business from $5 million to $1 million in gross annual revenue, and excluding certain products like merchant cash advances, agricultural loans, and transactions of $1,000 or less. He argues that the most significant impact would come not from fewer data fields, but from the much smaller pool of covered lenders and loans, while also warning that the revised definition could create confusion with CRA reporting standards and increase the risk of errors. Brought to you by GeoDataVision and M&M Consulting

In this episode, Dean Stockford and Len Suzio discuss what compliance risk management should look like in 2026 as financial institutions face rising fraud, cyber threats, AI-related risks, third-party exposure, and an uncertain regulatory environment. Dean argues that compliance functions can no longer remain purely advisory and instead must evolve into active risk management and oversight roles, with stronger risk assessments, enhanced monitoring, root-cause analysis, more targeted training, better frontline tools, and closer alignment between risks, controls, and institutional risk appetite. He emphasizes that a strong compliance culture begins with understanding the organization’s structure, risk tolerance, and operational realities, then building a more robust compliance management system around those insights. The episode closes with Dean’s view of the biggest compliance risk areas in 2026, including data privacy and cybersecurity, AML/CTF, digital banking, AI compliance, third-party risk, regulatory fragmentation, and the growing cost of top-tier compliance talent. Brought to you by GeoDataVision and M&M Consulting

Len explains that the OCC issued a December 18, 2025 proposal to create a “Simplified Plan Process for Community Banks” to make the CRA strategic plan option easier, but he believes its real value extends beyond banks using strategic plans because it reveals how regulators think about “Satisfactory” and “Outstanding” performance under normal CRA standards. The proposal distinguishes between “custom” bank-specific goals (which Len says offers little practical guidance) and “elective” goals, which are quantifiable targets drawn from approved plans and OCC supervisory experience. Len highlights that the most useful—and historically murky— CRA test is Community Development. The OCC's proposal provides explicit benchmarks for CD lending, investing, combined lending/investing, and CD services, using ratios tied to Tier 1 capital or total assets (including notably lower investment thresholds when a bank relies heavily on donations, acknowledging their significance). He notes the proposal also introduces measurable expectations for CD service hours per employee, while offering little new insight on traditional lending tests. Although the OCC states elective goals are not “safe harbors” and not formal benchmarks outside the simplified process, Len argues they align with what regulators historically expect and can help CRA officers set internal performance targets; this is where you would provide a link to the 67 tests, performance standards and ratings. https://geodatavision.com/content/occ-proposed-elective-goals-for-cra-strategic-planning/ Brought to you by GeoDataVision and M&M Consulting

This podcast episode discusses the alarming rise of cyber fraud in financial institutions, highlighting that global losses exceeded $1 trillion in 2025 and AI-powered attacks increased by 93%, including deepfake videos, voice cloning, and sophisticated phishing campaigns. The hosts explain that financial institutions are investing heavily in fraud prevention technologies such as AI fraud detection, predictive analytics, Open APIs with Agentic AI, and solutions like Glassbox that analyze user sessions for anomalies. They emphasize that combating this crisis requires a collaborative approach between financial institutions, tech companies, law enforcement, regulators, and third-party providers—noting that no single entity can win this fight alone and that information sharing, best practices, and enhanced training are essential for protecting customers while maintaining a positive user experience. Brought to you by GeoDataVision and M&M Consulting

Len Suzio explains that although President Trump’s Executive Order 14281 aims to limit disparate impact liability, the legal status of disparate impact remains unsettled. The Supreme Court upheld disparate impact under the Fair Housing Act in Inclusive Communities but imposed strict limits requiring a clear causal link between a specific practice and disparities—limits often downplayed by regulators in recent enforcement actions. Despite legal uncertainty and shifting enforcement priorities between administrations, Len advises compliance professionals to continue using disparate impact statistical analysis as a risk-management tool. Regardless of its legal future, it remains a practical way to identify potential discrimination, prompt further review, and demonstrate good-faith compliance. Brought to you by GeoDataVision and M&M Consulting

This episode provides a high-level recap of the major regulatory compliance themes covered in 2025. Dean highlights intense regulatory volatility, especially around CRA and Section 1071, including rule freezes, proposed repeals, litigation, delayed compliance dates, and the CFPB’s move toward an interim final rule for small-business lending data collection.

The discussion also revisits key fair lending, redlining, and data-analysis topics, along with rising operational risks such as BSA/AML/KYC modernization, third-party risk management, and expanding concerns around AI, data governance, cybersecurity, and privacy. Consumer protection issues featured prominently, particularly Regulation E error-resolution failures, elder financial exploitation, and recurring flood compliance violations.

The takeaway for compliance and risk officers: conduct a CMS health check, document lessons learned from 2025, and proactively brief senior management and the board with a clear 2026 risk and compliance plan focused on these evolving priorities. Brought to you by GeoDataVision and M&M Consulting

This episode focuses on common compliance problems under Regulation E, which governs electronic fund transfers and is designed to protect consumers using electronic channels such as ATMs, debit cards, online banking, and phone-initiated transfers. As electronic usage and fraud increase, regulators are finding frequent violations—especially around how financial institutions handle error resolution and consumer liability. A key issue is the improper application of liability limits when consumers report unauthorized transactions, particularly misunderstanding the 60-day rule tied to periodic statements, which can expose consumers to unlimited liability for later transactions if they delay reporting. Another major concern is failures in the provisional credit process—institutions often delay investigations beyond allowed timeframes without issuing timely provisional credit (including interest), despite clear requirements to begin investigations promptly and credit the consumer if more time is needed. The takeaway is that financial institutions must have clear, accurate procedures and well-trained staff to ensure timely investigations, proper liability determinations, and full compliance with Regulation E’s consumer protections.

Brought to you by GeoDataVision and M&M Consulting