The Compliance 911 Show

Hosted by Dean Stockford - Len Suzio

BusinessInterviews guests

Website RSS feed

Episodes

100

Latest episode

Jun 2026

Language

About the show

Welcome to Compliance 911, a no-nonsense, cut to the point, style show for today’s busy bank and credit union compliance professionals. With this series of bi-weekly shows our goal is to boil down some of today’s hottest regulatory compliance topics in quick and easy to digest 5-10 minute episodes so you can get the information you want and get on with your day. We’ll be discussing topics like CRA, HMDA, Fair Lending, Anti Money Laundering, and so much more. Don’t forget to subscribe and tell a friend about us! Follow M&M Consulting and GeoDataVision us on LinkedIn to get the latest updates.

Listen to episodes

60 recent

June 10, 2026Episode 11513 min

AI Integration Into Compliance

The episode “AI Integration Into Compliance” explains how artificial intelligence is already becoming a practical tool for bank compliance teams as regulatory expectations rise, data volumes grow, and manual compliance processes become harder to sustain. Dean highlights three major areas where AI is creating value: transaction monitoring and AML, where machine learning can reduce false positives and detect suspicious activity more effectively; regulatory change management, where AI can scan updates and map them to internal policies and controls; and risk assessments/reporting, where AI can aggregate data to give management and boards clearer insights. However, the episode emphasizes that AI is not a plug-and-play replacement for compliance professionals. Banks must maintain strong governance, transparency, explainability, data controls, model validation, documentation, human oversight, and clear escalation paths. The key message is that AI should support compliance judgment—not replace it—and institutions should start with low-risk, high-pain use cases, clean and govern their data, collaborate across departments, and be ready to explain their AI tools to regulators. Brought to you by GeoDataVision and M&M Consulting

May 27, 2026Episode 11411 min

CRA: Other Ways in which banks help meet the needs of the community

This podcast explains that banks can strengthen their CRA exam performance by presenting additional lending activity that examiners may not otherwise consider, beyond the usual focus on small business, small farm, and community development loans. Len Suzio highlights several examples, including technically disqualified small business loans such as asset-based lines of credit, standby letters of credit for contractors, multifamily and small rental property financing reflected in HMDA data, affordable housing units supported by those loans, auto loans that help low-income borrowers access employment, and small business expansion loans that create jobs. The key point is that these activities can help paint a fuller, more favorable picture of how a bank is meeting community credit needs, but to receive consideration, banks must properly geocode the loans, collect relevant data, and ensure the information is reliable. Brought to you by GeoDataVision and M&M Consulting

May 14, 2026Episode 11312 min

Cyber Phishing

Cyber phishing remains one of the most significant and rapidly growing cybersecurity threats, accounting for the vast majority of successful cyberattacks and impacting both individuals and organizations on a daily basis. As highlighted by Dean Stockford and Len Suzio, phishing schemes exploit human trust—rather than technical vulnerabilities—through increasingly sophisticated tactics, many now powered by generative AI, which has driven a dramatic surge in highly convincing and personalized attacks. Real-world incidents, including major corporate breaches and multimillion-dollar fraud cases, demonstrate the severe financial and operational consequences. Given this evolving threat landscape, organizations must prioritize continuous employee training, strengthen email authentication and filtering systems, adopt AI-driven detection tools, and implement multi-factor authentication, all while tailoring their defenses to their specific risk profiles to effectively mitigate phishing risks. Brought to you by GeoDataVision and M&M Consulting

May 4, 2026Episode 11211 min

CFPB NPR Section 1071 Compliance Dates

In this episode, Len Suzio and Dean Stockford discuss the CFPB’s November 2025 proposed rulemaking on Section 1071 and explain how it could dramatically scale back the current small business lending data-collection requirements. Len highlights the biggest proposed changes, including moving to a single compliance date of January 1, 2028, sharply reducing the number of required data points, raising the reporting threshold from 100 to 1,000 small business loans in each of the prior two years, narrowing the definition of a small business from $5 million to $1 million in gross annual revenue, and excluding certain products like merchant cash advances, agricultural loans, and transactions of $1,000 or less. He argues that the most significant impact would come not from fewer data fields, but from the much smaller pool of covered lenders and loans, while also warning that the revised definition could create confusion with CRA reporting standards and increase the risk of errors. Brought to you by GeoDataVision and M&M Consulting

April 10, 2026Episode 11111 min

Compliance Risk Management in 2026

In this episode, Dean Stockford and Len Suzio discuss what compliance risk management should look like in 2026 as financial institutions face rising fraud, cyber threats, AI-related risks, third-party exposure, and an uncertain regulatory environment. Dean argues that compliance functions can no longer remain purely advisory and instead must evolve into active risk management and oversight roles, with stronger risk assessments, enhanced monitoring, root-cause analysis, more targeted training, better frontline tools, and closer alignment between risks, controls, and institutional risk appetite. He emphasizes that a strong compliance culture begins with understanding the organization’s structure, risk tolerance, and operational realities, then building a more robust compliance management system around those insights. The episode closes with Dean’s view of the biggest compliance risk areas in 2026, including data privacy and cybersecurity, AML/CTF, digital banking, AI compliance, third-party risk, regulatory fragmentation, and the growing cost of top-tier compliance talent. Brought to you by GeoDataVision and M&M Consulting

March 25, 2026Episode 11011 min

Important CRA Lesson from OCC proposal for all Intermediate-Small and Large Banks

Len explains that the OCC issued a December 18, 2025 proposal to create a “Simplified Plan Process for Community Banks” to make the CRA strategic plan option easier, but he believes its real value extends beyond banks using strategic plans because it reveals how regulators think about “Satisfactory” and “Outstanding” performance under normal CRA standards. The proposal distinguishes between “custom” bank-specific goals (which Len says offers little practical guidance) and “elective” goals, which are quantifiable targets drawn from approved plans and OCC supervisory experience. Len highlights that the most useful—and historically murky— CRA test is Community Development. The OCC's proposal provides explicit benchmarks for CD lending, investing, combined lending/investing, and CD services, using ratios tied to Tier 1 capital or total assets (including notably lower investment thresholds when a bank relies heavily on donations, acknowledging their significance). He notes the proposal also introduces measurable expectations for CD service hours per employee, while offering little new insight on traditional lending tests. Although the OCC states elective goals are not “safe harbors” and not formal benchmarks outside the simplified process, Len argues they align with what regulators historically expect and can help CRA officers set internal performance targets; this is where you would provide a link to the 67 tests, performance standards and ratings. https://geodatavision.com/content/occ-proposed-elective-goals-for-cra-strategic-planning/ Brought to you by GeoDataVision and M&M Consulting

March 12, 2026Episode 1097 min

Cyber Fraud Risk

This podcast episode discusses the alarming rise of cyber fraud in financial institutions, highlighting that global losses exceeded $1 trillion in 2025 and AI-powered attacks increased by 93%, including deepfake videos, voice cloning, and sophisticated phishing campaigns. The hosts explain that financial institutions are investing heavily in fraud prevention technologies such as AI fraud detection, predictive analytics, Open APIs with Agentic AI, and solutions like Glassbox that analyze user sessions for anomalies. They emphasize that combating this crisis requires a collaborative approach between financial institutions, tech companies, law enforcement, regulators, and third-party providers—noting that no single entity can win this fight alone and that information sharing, best practices, and enhanced training are essential for protecting customers while maintaining a positive user experience. Brought to you by GeoDataVision and M&M Consulting

March 5, 2026Episode 10713 min

Disparate Impact

Len Suzio explains that although President Trump’s Executive Order 14281 aims to limit disparate impact liability, the legal status of disparate impact remains unsettled. The Supreme Court upheld disparate impact under the Fair Housing Act in Inclusive Communities but imposed strict limits requiring a clear causal link between a specific practice and disparities—limits often downplayed by regulators in recent enforcement actions. Despite legal uncertainty and shifting enforcement priorities between administrations, Len advises compliance professionals to continue using disparate impact statistical analysis as a risk-management tool. Regardless of its legal future, it remains a practical way to identify potential discrimination, prompt further review, and demonstrate good-faith compliance. Brought to you by GeoDataVision and M&M Consulting

January 27, 2026Episode 10814 min

2025 Recap

This episode provides a high-level recap of the major regulatory compliance themes covered in 2025. Dean highlights intense regulatory volatility, especially around CRA and Section 1071, including rule freezes, proposed repeals, litigation, delayed compliance dates, and the CFPB’s move toward an interim final rule for small-business lending data collection. The discussion also revisits key fair lending, redlining, and data-analysis topics, along with rising operational risks such as BSA/AML/KYC modernization, third-party risk management, and expanding concerns around AI, data governance, cybersecurity, and privacy. Consumer protection issues featured prominently, particularly Regulation E error-resolution failures, elder financial exploitation, and recurring flood compliance violations. The takeaway for compliance and risk officers: conduct a CMS health check, document lessons learned from 2025, and proactively brief senior management and the board with a clear 2026 risk and compliance plan focused on these evolving priorities. Brought to you by GeoDataVision and M&M Consulting

December 18, 2025Episode 10613 min

Electronic Funds Transfers Issues

This episode focuses on common compliance problems under Regulation E, which governs electronic fund transfers and is designed to protect consumers using electronic channels such as ATMs, debit cards, online banking, and phone-initiated transfers. As electronic usage and fraud increase, regulators are finding frequent violations—especially around how financial institutions handle error resolution and consumer liability. A key issue is the improper application of liability limits when consumers report unauthorized transactions, particularly misunderstanding the 60-day rule tied to periodic statements, which can expose consumers to unlimited liability for later transactions if they delay reporting. Another major concern is failures in the provisional credit process—institutions often delay investigations beyond allowed timeframes without issuing timely provisional credit (including interest), despite clear requirements to begin investigations promptly and credit the consumer if more time is needed. The takeaway is that financial institutions must have clear, accurate procedures and well-trained staff to ensure timely investigations, proper liability determinations, and full compliance with Regulation E’s consumer protections. Brought to you by GeoDataVision and M&M Consulting