OVER A CENTURY: BUILDING BETTER BANKS — Helping Coloradans Realize Dreams January/February FRAUD VICTIM SUPPORT How Financial Institutions Can Respond and Restore Trust
Discover® Debit Gives You The Advantage. When it comes to your debit program, you should always have the upper hand. Discover® Debit puts you in control of the board with superior economics, marketing support, and personalized service. Checkmate. Debit that’s here for you.® Find out more at DiscoverDebit.com/Win Stay One Move Ahead of the Competition
©2026 The Colorado Bankers Association (CBA) | Memberlink Solutions DBA The newsLINK Group LLC. All rights reserved. Colorado Banker is published six times per year by The newsLINK Group LLC for CBA and is the official publication for this association. The information contained in this publication is intended to provide general information for review, consideration and education. The contents do not constitute legal advice and should not be relied on as such. If you need legal advice or assistance, it is strongly recommended that you contact an attorney as to your circumstances. The statements and opinions expressed in this publication are those of the individual authors and do not necessarily represent the views of CBA, its board of directors or the publisher. Likewise, the appearance of advertisements within this publication does not constitute an endorsement or recommendation of any product or service advertised. Colorado Banker is a collective work, and as such, some articles are submitted by authors who are independent of CBA. While a first-print policy is encouraged, in cases where this is not possible, every effort has been made to comply with any known reprint guidelines or restrictions. Content may not be reproduced or reprinted without prior written permission. For further information, please contact the publisher at (855) 747-4003. Jenifer Waller President & CEO Alison Morgan Director of State Government Relations Brandon Knudtson CFO & Director of Membership Lindsay Muniz Vice President of Education and Communications Megan Carruth Executive Assistant Margie Mellenbruch Bookkeeper* Melanie Layton Lobbyist* Garin Vorthmann Lobbyist* Caroline Woodhouse Lobbyist* Michael McReynolds Lobbyist* *Outsourced 140 E. 19th Ave., Ste. 400 Denver, Colorado 80203 Office: (303) 825-1575 coloradobankers.org colorado-banker.thenewslinkgroup.org BUILDING BETTER BANKS — Helping Coloradans Realize Dreams 10 16 2025-2026 Issue 4 4 LEGISLATIVE UPDATE Defending the Industry By Jenifer Waller, President and CEO, and Alison Morgan, Director of State Government Relations, CBA 8 Fraud Victim Support How Financial Institutions Can Respond and Restore Trust By Terri Luttrell, CAMS-Audit, CFCS, Compliance and Engagement Director, Abrigo 10 Made in … Where Exactly? The 10th Circuit Opens the DIDMCA Door By Brett Goodnack, JD, CAMS, Associate General Counsel, Compliance Alliance 11 Celebrating 10 Years of Service 12 Debanking Debunked By Erin Busse, JD, Vice President and Deputy General Counsel, Compliance Alliance 14 CBA Centerpoint Going Beyond the Desk to Hear the Stories of Colorado Bankers 16 HMDA and Action Taken By Natalie Straus, Director-Financial Services, Forvis Mazars 18 Wildfire Exclusions in Your Bank’s Portfolio Are Your High-Risk Assets Protected? By MeKelee LaFoy, CP Insurance Associates 20 Seven Strategic Steps to Scale AI in Banking and Finance By Alec Crawford, Founder and CEO, Artificial Intelligence Risk Inc. 21 Women in Banking Conference Aug. 3-4, 2026 22 The New Frontier of Efficient Cash Recycling Unlocking the Full Potential of Teller Cash Recyclers with Managed Services By Cook Solutions Group 22 2026 Banker Summit May 20-22, 2026 3 Colorado Banker
LEGISLATIVE UPDATE Defending the Industry By Jenifer Waller, President and CEO, We are ready for a challenging legislative year in 2026. 2025 proved to be a year of fast-paced change, especially on the federal front. Federally, here is what we are working on. Sens. Josh Hawley (R-MO) and Bernie Sanders (I-VT) are sponsors of a 10 Percent Credit Card Interest Rate Cap Act, which would impose an all-in annual percentage rate cap of 10% on credit cards. The bill has not had a markup hearing yet. While the bill isn’t a current threat, the bipartisan sponsorship is a concern. We are ensuring lawmakers understand that interest rate caps restrict credit to those who may need credit the most. The Trump administration has formally determined the Consumer Financial Protection Bureau’s (CFPB) current funding mechanism is unlawful, a move that puts the agency on track to close in the coming months when its existing cash runs out. On Nov. 11, the DOJ notified federal courts that the CFPB anticipates exhausting available funds in early 2026, based on an Office of Legal Counsel opinion concluding that there are no “combined earnings of the Federal Reserve System” from which to transfer under 12 U.S.C. § 5497 while the Fed operates at a loss. The DOJ indicated that the Bureau expects to continue normal operations at least through Dec. 31, 2025, but a lapse would trigger Antideficiency Act constraints — pausing most rulemaking, examinations and enforcement except for narrow “emergency” functions. If a funding lapse occurs, rulemakings like Section 1071 could slow or pause, timelines could slip, and federal oversight gaps might spur more state attorney general and regulator activity. Sen. Hagerty’s Deposit Insurance Reform bill had a House hearing. The proposal would increase coverage on non-interest-bearing business accounts to $10 million. The GSIBs are exempt, and smaller banks would not pay for the increase. Banks over $10 billion would pay. Many have stated that there is not any immediate cost expected. The FDIC has given a response to several questions asked by members of Congress, but the FDIC’s response is confidential. After the House hearing, it is clear the bill will not pass in its current form. CBA has joined several other states in lobbying for changes to the Transaction Account Guarantee (TAG) program, making the TAG ability permanently in place and not requiring Congressional action to activate TAG. While we continue to push for broad DIF reform, the window of time is very narrow to get anything. To date, no one is opposed to the TAG proposal, which may be all we are able to get. The GENIUS Act/Stablecoin was signed into law on July 18. We continue to be concerned about the potential for funds to leave the banking system and be deposited in stablecoins. If that were to happen, the impact on access to credit would be damaging to the economy. Permitted issuers must maintain reserves backing the stablecoin on a one-to-one basis using U.S. currency or other similarly liquid assets. Bank deposits are not insured one-to-one. This may increase the desirability of stablecoins. The bill states stablecoin issuers are explicitly prohibited from paying interest or yield to holders of their stablecoins. This and Alison Morgan, Director of State Government Relations, CBA Colorado Banker 4
prohibition does not apply to affiliates. We are working to close this loophole through a market structure bill. These are the changes we are asking for: 1. Strengthen the prohibition on interest payments for payment stablecoins by extending it to brokers, dealers, exchanges and affiliates of payment stablecoin issuers. 2. State Chartered Depositories: Repeal Section 16(d) of the GENIUS Act to restore state authority over out-of-state chartered financial institutions. Many are acting as money transmitters. 3. Nonfinancial Company Activity: Close loopholes in the prohibition on nonfinancial companies being payment stablecoin issuers by removing all approval pathways and prohibiting both public and private nonfinancial entities. Bills have been introduced to increase regulatory asset thresholds and index them for inflationary growth. There is a proposal that increases the current Dodd Frank Act (DFA) $10 billion threshold to $50 billion. The concern is that the Senate doesn’t have the appetite to take the threshold that high. Congress is trying to find what increase would pass. It is important to note that this threshold increase would not apply to the Durban amendment. We have lobbied for it to be included, but the inclusion of Durbin would most likely kill the bill. The Supervisory Modifications for Appropriate Risk-Based Testing Act of 2025 would increase the threshold for a limited-scope examination after an on-site, full-scope exam from $3 billion to $6 billion. The Tailored Regulatory Updates for Supervisory Testing Act of 2025 would increase the total asset threshold under which institutions qualify for an 18-month exam cycle from $3 billion to $6 billion. We will continue to seek opportunities to increase and index all regulatory thresholds. CFPB has proposed new rules regarding 1071 and 1033. We are also lobbying Congress to make permanent changes to prevent the yo-yo effect with the next administration. At the time of drafting this article, we did not yet have the proposed changes to the 1033 rules. These are 1071 proposed changes (November 2025): • Narrowed Scope: Exclude some agricultural lending, merchant cash advances and loans under $1,000 (inflation-adjusted). • Higher Thresholds: Increase the number of covered credit transactions needed to qualify as a “covered financial institution.” Increasing the threshold from 100 to 1,000 originations in each of the two preceding calendar years, using only small business originations (not small farm). • Set a single compliance date — Jan. 1, 2028 — for institutions above the threshold in both 2026 and 2027. Institutions can begin collecting limited demographic data 12 months before their compliance date to test systems. • Tighten the “small business” definition from gross annual revenue of $5 million or less to $1 million or less, with future inflation adjustments in $100,000 increments every five years starting in 2035. The Bureau is seeking SBA approval for the alternative size standard and highlights alignment with Regulation B and the CRA “smaller business” revenue metric. • Confine initial data to statutory fields and a small set of discretionary items needed to make those statutory fields useful (e.g., NAICS code, time in business, number of principal owners). The CFPB proposes to remove several discretionary fields, including application method, application recipient, denial reasons, pricing components (including interest rate and fees) and number of workers. • Change the demographic collection in two ways. First, consistent with Executive Order 14168, the proposed rule would remove LGBTQI+ owned business status and require the collection of principal owners’ sex using a static male/female choice. Second, while the rule would still require race/ethnicity for principal owners, the Bureau seeks comment on whether to move from disaggregated subcategories to only aggregate categories in the initial build to reduce complexity. The right for applicants to refuse to provide demographic information would be more prominent. 5 Colorado Banker
The compliance effective dates have also been changed. Compliance Tier Original Compliance Date in the 2023 Final Rule Revised Compliance Date in the 2024 Interim Final Rule New Compliance Date First Filing Deadline Tier 1 Institutions (Highest Volume Lenders) October 1, 2024 July 18, 2025 July 1, 2026 June 1, 2027 Tier 2 Institutions (Moderate Volume Lenders) April 1, 2025 January 16, 2026 January 1, 2027 June 1, 2028 Tier 3 Institutions (Smallest Volume Lenders) January 1, 2026 October 18, 2026 October 1, 2027 June 1, 2028 The state legislature will provide plenty of sleepless nights, too, as the session began Jan. 14, 2026. Artificial intelligence continues to be a concern for banking and the broader business community. At this point, we don’t anticipate one bill from the governor’s task force. But CBA worked collaboratively with consumer groups ahead of the special session and agreed on the language. Moving forward with AI, we anticipate that the compromise language would still be honored. Sen. Rodriquez has made a commitment to CBA to honor the language: • Clarifies that the bill applies to consumers only; • Limits consequential decisions to opening and closing of accounts/loans, setting of payment schedules and interest rates, and denial of credit; • Exempts AI used for fraud prevention; • Exempts many daily transactions; and • Permits notification on a monthly statement. Interchange had so much uncertainty as we are working diligently to thwart a bill to be reintroduced in Colorado. We know there are legislators who would like to introduce a pared-down interchange bill, no interchange on taxes for a portion of the business industry. They fail to realize that it would still take a complete overhaul of the system for one state. No interchange legislation has been passed in any state in the U.S. The Illinois litigation is not resolved, and any legislation in Colorado is 100% likely to result in litigation and high litigation costs to the state. Credit unions continue to want to be banks without paying their fair share of taxes or regulatory compliance. We are expecting a bill that would permit credit unions to accept public deposits in 2026 or 2027. We face that legislative fight every few years. We are not expecting a bill to permit credit unions to buy a bank in 2026 or 2027 as well — we have defeated that bill the previous two years. We are working with AARP on an Elder Abuse bill. This would be an expansion of the bill that passed several years ago. AARP has provided CBA draft language and is working collaboratively with us. The bill aims to give financial institutions greater legal flexibility to hold funds when they suspect fraud. We are working on language that protects banks from failing to stop a transaction and for holding funds, whether a transaction is proven to be fraudulent or not. We also want to ensure that any information banks are required to give under the state law does not violate any federal privacy regulations. The Estate Non-Profit bill will be sponsored by Sen. Coleman, the Senate president. This bill is brought by the Nonprofit Association to address a gap in probate proceedings. An individual may bequeath their fiduciary account, bank account, investment account or IRA, for example, to a non-profit group. Some financial organizations have taken an extended period of time once the estate is settled to transfer the funds to the said non-profit. The proposed bill will place guidelines on the disbursement of funds once the estate is settled to the non-profit. CBA is working closely with the Nonprofit Association to ensure FDIC-insured institutions are protected, and reasonable guidelines are placed in the bill. We know there will be a few surprises during the session, but we stand ready to defend the industry. Don’t hesitate to reach out to either of us. Jenifer Waller jenifer@coloradobankers.org Alison Morgan alison@coloradobankers.org Colorado Banker 6
| Bank Stock Loans | Loan Participations | ATM/Debit | International Services | | Cash Management | Securities Safekeeping | Merchant Services | 800-873-4722 | NE: 888-467-5544 | www.bbwest.com Where community banks bank Est. 1980 – 45 years of service to community banks “As a service provider exclusively focused on community banks, Bankers’ Bank of the West is here to help strengthen our clients and the communities they serve.” Across the western states and Great Plains, we’re the place where community banks bank. That’s because we provide the services, technology, and expertise to help you extend your resources, deliver for your customers, and stand out in your market. 5 reasons to partner with us BBW - President and CEO - Bill Mitchell 1. You can unlock efficiencies and cost savings. We can provide sophisticated solutions and economies of scale because we’re powered by hundreds of community banks across our region. 5. Our priorities are aligned with yours. 2. You can expand your capabilities. 4. We’ll never compete for your customers. 3. You can count on prompt, reliable service. • Independent loan review • Loan and credit administration consultation • Strategic planning facilitation • Management, staffing, & succession planning • Acquisition & expansion • BSA/AML compliance • Regulatory risk consultation President, Jim Swanson President, Anne Benigsen • Consulting • Phishing Tests • Vulnerability Management • Security Monitoring Cyber/information security, strategic planning, independent loan review, AND MORE. Consulting Services $ 8.45B assets under management $ 1.9B daily transaction value processed/settled Serving more than 60% of community banks across 7 states
Fraud Victim Support As fraud schemes evolve in complexity and scope, financial institutions are called upon to do more than just detect and prevent illicit activity. Banks and credit unions often also serve as first responders when individuals or businesses fall victim to financial fraud. Institutions that respond with urgency and empathy to support victims of fraud can rebuild trust, restore confidence and reinforce long-term relationships with clients. But fraud victim support is about more than recouping financial loss. Understanding the common fraud schemes clients may encounter and taking an intentional approach to assist in the aftermath demonstrates an institution’s values, dedication to client care and role as a trusted advisor within the community. The Growing Cost of Fraud Reported fraud losses exceeded $12.5 billion in 2024, according to the Federal Trade Commission (FTC). The FBI documented an even higher total loss of over $16.6 billion across 859,000 complaints. These figures speak not only to the scale of financial harm but to the emotional toll these crimes leave behind. The volume and impact of fraud are increasing across all channels. In 2024, investment scams topped the list in financial damage, with $5.7 billion in reported losses. Imposter scams followed closely at nearly $3 billion. Criminals prey on trusting and vulnerable people, and they continue to leverage digital platforms to initiate contact via email, phone or text, and move funds through cryptocurrency, bank transfers or wire services. According to the FBI, phishing scams were the most frequently reported. However, business email compromise and investment fraud caused the most significant monetary damage. These trends highlight the urgent need for comprehensive fraud victim support programs that go beyond the basics of account recovery. Understanding the Scope of Fraud Financial institutions must first understand the various forms of fraud affecting their clients to deliver meaningful assistance. Some of the most prevalent methods include: • Cybercrime Attacks: Cybercrime attacks occur approximately every 11 seconds, costing organizations an average of $13 million per incident. Small businesses are especially vulnerable due to limited cybersecurity infrastructure. • Consumer Fraud: Consumer fraud takes many forms, including synthetic identity theft, spoofing, romance scams and grandparent scams. These often target the elderly and financially inexperienced. • Business and Investment Fraud Schemes: Scams such as Ponzi operations, business email compromise and wire fraud continue to result in insignificant losses for commercial clients. • “Pig Butchering”: A particularly alarming emerging scam is known among criminals as “pig butchering” because victims are deceived over time through emotional manipulation before being persuaded to make large financial transfers. Each scheme can leave a trail of emotional distress and financial disruption. A thoughtful, informed approach to fraud victim support is essential to help affected individuals navigate the aftermath. A Layered Approach to Fraud Victim Support 1. Prevention Through Education and Technology Preventing fraud begins with awareness. Banks and credit unions can help clients identify red flags by offering regular educational materials across digital and in-person channels. Topics include the creation of secure passwords, the identification of phishing attempts and safe usage of peer-to-peer payment apps. Technology also plays a pivotal role in prevention. Sophisticated fraud detection tools incorporating artificial intelligence and behavioral analytics can monitor suspicious activity in real-time. Institutions can also empower their clients with biometric login, multi-factor authentication and real-time fraud alerts. 2. Helping Clients Create a Response Plan Helping clients prepare a response plan before fraud occurs can reduce confusion and stress if the worst happens. Encourage clients to keep a written checklist that includes how to report fraud to their financial institutions, contact information for the FTC and FBI, and steps for freezing credit with the major bureaus. The plan should also cover resetting login credentials and enabling fraud alerts. Reviewing this plan regularly gives clients confidence that they know what to do and who to call. It is a simple way to support a long-term client relationship. HOW FINANCIAL INSTITUTIONS CAN RESPOND AND RESTORE TRUST By Terri Luttrell, CAMS-Audit, CFCS, Compliance and Engagement Director, Abrigo Colorado Banker 8
3. Responding With Clarity and Compassion A fast and empathetic response is critical following a fraud incident. Banks and credit unions should have clear procedures in place to support victim response plans, including measures around: • Freezing or closing affected accounts • Reissuing account credentials and payment cards • Assisting with dispute processes and documentation • Communicating directly with law enforcement when appropriate Empowering front-line employees to handle these cases with care can help ease client anxiety and reestablish trust during a particularly vulnerable time. 4. Supporting Financial Recovery While banks and credit unions often must reimburse clients for unauthorized transactions, many fraud cases involve victims being tricked into authorizing payments. In these situations, reimbursement is not always guaranteed. Still, financial institutions can support victims with the following meaningful actions: • Assist With Regulatory Reporting: Help victims file official complaints with the FTC, the FBI or the Consumer Financial Protection Bureau (CFPB). These reports establish a record of the incident and contribute to broader fraud tracking efforts. • Work With Law Enforcement and Other Financial Institutions: Cooperate with authorities and peer institutions to trace stolen funds and flag suspicious accounts. Swift action can help contain damage and may lead to partial recovery. • Provide Recovery Resources: Refer victims to identity theft protection services, legal aid or nonprofit support organizations. These resources can help clients manage credit impacts and protect against future fraud. Even when full financial recovery is impossible, these steps demonstrate a commitment to care and accountability. Institutions prioritizing fraud victim support during recovery reinforce trust and deepen client relationships. 5. Sustaining Support Beyond the Incident Helping a client through the immediate fallout of fraud is the first step. Ongoing protection is key to rebuilding confidence. Financial institutions can offer continued support through: • Identity theft monitoring • Credit and account activity alerts • Help with placing credit freezes • Referrals to advocacy groups for seniors or other vulnerable individuals Staying engaged after the crisis helps banks and credit unions show they are not just financial service providers but also long-term partners in their clients’ security and peace of mind. Making Victim Support a Shared Responsibility An effective response to fraud must involve collaboration across internal teams. Anti-money laundering (AML), information technology, fraud prevention and client service departments should operate under a unified plan to ensure quick and coordinated action. Regular training and updates on emerging fraud trends are essential. Equally important is leadership support. Institutions that invest in fraud prevention tools, adequate staffing and client education signal that fraud victim support is not a side function but a core priority. Turning Crisis into Opportunity Fraud response efforts should be viewed as risk mitigation and opportunities to lead with purpose. Financial institutions can demonstrate their commitment to ethical banking and social responsibility by standing with victims and guiding them through recovery. Banks and credit unions that take fraud victim support seriously will be better positioned to retain loyal clients, enhance their brand reputation and serve as trusted pillars in their communities. Terri Luttrell is a seasoned AML professional and former director and AML/OFAC officer with over 20 years in the banking industry, working both in medium and large community and commercial banks ranging from $2 billion to $330 billion in asset size. 9 Colorado Banker
Made in … Where Exactly? THE 10TH CIRCUIT OPENS THE DIDMCA DOOR The 10th Circuit’s recent decision in National Association of Industrial Bankers, et al. v. Weiser et al. (24-1293) marks the first major judicial interpretation of a state’s ability to “opt out” of the Depository Institutions Deregulation and Monetary Control Act of 1980 (DIDMCA) in over 40 years. It’s a striking departure from some long-held (and well-cemented) industry assumptions. For several decades, state-chartered banks relied on DIDMCA’s “rate-exportation” framework, which allowed them to charge interest based on the laws of the state where the bank is located (which, in this context, has historically been interpreted by the FDIC to mean something broader than where its main offices were located in the past). Colorado’s 2023 Opt-Out Law disrupted that model, but few expected the court to go further and hold that a loan is made wherever either the lender or the borrower is located — or, more specifically, that “loans made in such State” refers to “loans in which either the lender or the borrower is located in the opt-out state.” While the district court initially blocked Colorado’s law, the 10th Circuit reversed, concluding that DIDMCA’s “loans made in such State” language gives opt-out states authority over loans tied to their residents. The ruling also emphasized that, absent clear congressional intent, courts should not presume that DIDMCA continues to preempt state rate caps once a state opts out. As a result, state-chartered banks located outside Colorado may no longer export their home-state interest rates when lending to Colorado consumers, a move many believe will significantly limit fintech partnership programs. The decision triggers several immediate and longer-term considerations: (1) an appeal, either en banc or to the Supreme Court, is likely, but will take time; (2) bank-fintech programs must immediately remove Colorado residents from eligible lending populations unless their products comply with Colorado’s rate caps; (3) the relative value of partnering with national banks has now increased because national banks are not subject to DIDMCA opt-outs; and (4) other states, especially those within the 10th Circuit, may now pursue similar opt-outs, empowered by the Weiser rationale and longstanding concerns about “rent-a-bank” arrangements. On the latter point, a handful of states (including Maryland, Nevada, Minnesota, Rhode Island and D.C.) have already introduced opt-out bills in prior sessions, making them early favorites to re-engage. However, arguably, the broader risk may lie with states governed by a “Democratic trifecta” (or states with Democratic governors in which both houses of the legislature are also controlled by Democrats) that also maintain strict usury ceilings. Roughly 10 such jurisdictions remain, including major markets such as California, New York, New Jersey and Massachusetts. Legal opinions and case law are not everyone’s cup of tea, so if you take away nothing else, perhaps it should be this — the 10th Circuit has likely opened the door for states to exert far more control over interest rate limits applied to their residents, and that door may be wide enough for a wave of new opt-out laws to follow. For any readers whose cup of tea is appellate reasoning, you can access the full opinion by scanning the QR code. https://www.ca10.uscourts.gov/opinion/24-1293 Brett Goodnack holds a law degree from Duquesne University and a B.S. in Crime, Law and Justice from Penn State. Brett has over 10 years of experience in due diligence and risk mitigation, including roles in trust administration and governance consulting. Brett previously served as associate director for a global investment bank in AML and KYC and is a featured author for Compliance Alliance. By Brett Goodnack, JD, CAMS, Associate General Counsel, Compliance Alliance Colorado Banker 10
Celebrating 10 Years of Service Congratulations to Lindsay Muniz This year marks a significant milestone at the Colorado Bankers Association as we celebrate Lindsay Muniz’s 10th anniversary with the organization! Lindsay joined CBA in 2016 as an executive assistant and has grown into a key leader on our team. Through hard work, creativity and a deep commitment to the banking industry, Lindsay has taken on new roles and responsibilities and now serves as our vice president of education and communications. Lindsay works closely with banks and associate members to plan educational programs, webinars and learning opportunities that support bankers across Colorado. She has launched programs from foundational learning to advanced leadership development. Her goal is to keep bankers informed and engaged on important industry issues. If you’ve attended the annual Banker Summit or Women in Banking Conference, you’ve seen Lindsay’s work firsthand. She plays a key role in ensuring our events are informative, engaging and impactful. Lindsay is recognized as a leader outside of Colorado as well. She serves on the American Bankers Association Emerging Leaders Council, representing Colorado and helping shape the future of the banking industry. “Lindsay is instrumental to CBA’s success. She serves the banking industry with passion and a desire for perfection. There is nothing Lindsay isn’t willing to take on to ensure CBA’s success. I am very lucky to have her on the team,” said CBA President and CEO Jenifer Waller. We’re incredibly grateful for Lindsay’s 10 years of dedication to CBA and the banking industry. Please join us in congratulating her on this exciting milestone — and here’s to many more years to come! 11 Colorado Banker
Debanking Debunked By Erin Busse, JD, Vice President and Deputy General Counsel, Compliance Alliance On Aug. 7, 2025, the Trump administration issued the “Guaranteeing Fair Banking for All Americans” Executive Order (“the Order”). The EO asserts that certain Americans have faced discrimination in banking due to their “political affiliation, religious beliefs or lawful business activity.” The Order further states that these practices are prohibited under the Equal Credit Opportunity Act (ECOA) and constitute “politicized or unlawful debanking,” which must be addressed. The language of the Order has already sparked debate among regulators and lenders about how far its reach extends. To grasp the rule’s scope, financial institutions must understand the meaning of “politicized or unlawful debanking.” The Order defines the term as: “[…] an act by a bank, savings association, credit union, or other financial services provider to directly or indirectly adversely restrict access to, or adversely modify the conditions of, accounts, loans, or other banking products or financial services of any customer or potential customer on the basis of the customer’s or potential customer’s political or religious beliefs, or on the basis of the customer’s or potential customer’s lawful business activities that the financial service provider disagrees with or disfavors for political reasons.” In combating debanking, the Order places the burden on the regulators. This refers to all “Federal member agencies of the Financial Stability Oversight Council.” The Council includes most financial regulators, namely, the Office of the Comptroller of the Currency (OCC), the Federal Reserve Board (FRB), the Federal Deposit Insurance Corporation (FDIC), the Consumer Financial Protection Bureau (CFPB) and the Department Colorado Banker 12
of the Treasury. Although not part of the Council, the Order includes the Small Business Administration (SBA) as a defined “regulator.” As part of facilitating the Order, the Administration chose to specifically utilize the SBA and the Treasury. For the prudential regulators, such as the OCC, FDIC, FRB, etc., the Order requires the removal of “reputational risk or equivalent concepts” from any materials that could result in politicized or unlawful debanking within 180 days of the Order. This includes guidance, manuals and other materials used to evaluate or regulate financial institutions. Further, regulators must review banks’ policies to determine whether the institution encouraged or facilitated unlawful debanking and issue fines, consent orders or other disciplinary actions, as appropriate, if the regulators determined that a bank was in violation of the Order within the 120 days prior to its issuance. Lastly, if the regulators determine that a bank unlawfully debanked a customer based on religion, then the regulators should refer the matter to the applicable state’s Attorney General within 180 days of the Order. Further, the Order requires the SBA to issue notice within 60 days to all SBA lenders regarding the debanking requirements. The Order also requires the Treasury to consult with the assistant to the president for economic policy to develop a comprehensive strategy to “combat” unlawful debanking by the regulators within 180 days of the Order. In response to the issuance of the Order, the SBA, OCC and FDIC have issued statements or changes in compliance with the Order. The SBA’s Office of General Counsel issued a letter outlining four steps for lenders to ensure compliance with SBA requirements. First, banks must identify any current policies or practices that furthered “unlawful debanking.” Next, institutions must make reasonable efforts to reinstate any customers who were denied access to banking due to these policies. Further, the letter requires banks to notify any applicants qualified under the SBA program who were denied access to the option to renew engagement. Lastly, the bank should identify all clients denied access to payment processing services under SBA programs and send notification to each customer, providing them with the option to renew. Lenders must have submitted the report to the SBA by Jan. 5, 2026, to remain in good standing and avoid punitive damages. On Sept. 8, 2025, the OCC issued a statement, as well as two bulletins, discussing plans to comply with the Order. Bulletin 2025-22 focuses on the Community Reinvestment Act (CRA), stating the OCC will review licensing filings to evaluate whether institutions debanked customers based on Order-defined factors. The OCC will use the evaluation to consider CRA ratings. The second bulletin, Bulletin 2025-23, relates to privacy and suggests that some banks participated in “government-directed surveillance programs” and targeted individuals associated with the Jan. 6, 2021, activities. Additionally, the OCC clarifies within the bulletin that it was issued to “remind” banks of their obligations to protect customers’ financial information under the Right to Financial Privacy Act (RFPA). The bulletin further states that there are limited situations in which a bank is required to file a Suspicious Activity Report (SAR), suggesting that banks should be careful to avoid improperly disseminating private customer information within a SAR, and requires banks to evaluate their policies and procedures in light of the Order. Lastly, the FDIC released a very short statement affirming the Order and confirming that the FDIC has plans to comply with it. However, these plans have not yet been released. As with many executive orders and legal actions, there are arguments that the “Guaranteeing Fair Banking” Executive Order lacks the legal authority to compel action. As of the date of publication, there are no pending lawsuits opposing the Order; however, banks must now wait and see how regulators enforce the Order and how the Treasury chooses to combat “unlawful debanking.” Erin Busse, JD, vice president and deputy general counsel for Compliance Alliance, holds degrees in psychology and English from Loyola University New Orleans and earned her JD from Saint Louis University School of Law. 13 Colorado Banker
CBA Centerpoint GOING BEYOND THE DESK TO HEAR THE STORIES OF COLORADO BANKERS Scott Aylor Commercial Market President, Boulder County First Interstate Bank What is the most rewarding aspect of your job? The most rewarding part of my job is the impact we’re able to make in our local community. As bankers, we play a pivotal role — from financing new developments and helping businesses expand, to supporting first-time homebuyers in achieving their dream of homeownership. Seeing clients’ financial goals come to life is incredibly fulfilling and a reminder of how meaningful our work truly is. What is the most important thing you’ve learned from a career in banking? Throughout my career, I’ve learned that relationships and trust are at the heart of banking. Finances can be deeply personal and sometimes sensitive, so building trust within your network takes time and genuine effort. It’s incredibly humbling when clients refer new business or view you as a trusted advisor — those moments are a true testament to the relationships you’ve built and the integrity you bring to your work. What topic could you give a 20-minute presentation on without any preparation? I could easily give a 20-minute presentation on SBA 504 lending. I’m passionate about this program because it empowers small business owners to purchase their own space — creating long-term stability and equity while supporting business growth. It’s one of the best financing tools available, and I believe more business owners should be aware of how it can help them expand and invest in their future. Tell us something about yourself that most people don’t know. In college, I founded a nonprofit organization that provided temporary housing for individuals experiencing homelessness by repurposing recycled shipping containers. The experience taught me a great deal about leadership, community needs and the vital role nonprofits play in strengthening our communities. Today, as part of a community bank, I’m continually inspired by the incredible nonprofits we support and the difference they make locally. Jereme Koehler Senior Vice President FirstBank, now part of PNC Bank How did you get started in the banking industry? When my wife (then girlfriend) moved to Vail for work, I saw it as the perfect time for a fresh start. I wasn’t enjoying my job at the time, and a position at FirstBank in Avon caught my eye. Banking had always been on my radar because I admired my uncle, who was a bank president, and thought it could be a career that offered both growth and purpose. I was fortunate to be hired as a management trainee, and 16 years later, I’m still here. FirstBank has given me opportunities to learn different areas of the business, grow as a leader and build a rewarding career. What is the most rewarding aspect of your job? As an internal auditor, I have the opportunity to add value across the entire organization by helping teams enhance efficiency, strengthen controls and reduce risk through meaningful insights into their business processes. The most rewarding part of this role is knowing that my work not only improves how we operate internally but also contributes to a stronger, more resilient organization that ultimately serves our customers more effectively and builds their trust in us. What do you like to do to give back to the community (either personally, as a bank representative or both)? I serve as secretary/treasurer for Jeffco Prosperity Partners, a nonprofit dedicated to helping Jefferson County families move from poverty to prosperity. We use a two-generation approach, supporting parents and children together through education, coaching and community connections. It is incredibly rewarding to see the impact this work has on families’ lives. What do you geek out about? Fantasy football. I probably spend too much time on podcasts and stats, but I love the strategy behind it, and honestly, I just love football. When you were a child, what did you want to be when you grew up? I wanted to own a toy store. To me, it sounded like the ultimate dream job: playing with toys all day and having fun at work. Of course, I didn’t realize back then how much online shopping would change the world of retail. Colorado Banker 14
Sandra Cafuentes Branch Manager Vectra Bank How did you get started in the banking industry? Growing up, I remember thinking that working at a bank or for the government is considered a highly respected profession, and I always envisioned myself working in one of those fields. My banking career began after we moved to Colorado from Mexico. I needed a car, so I went with my parents to KeyBank to apply for a car loan. After getting approved, I started making my payments in person and asked what it would take to work there. They told me where to apply, so I did, and I was hired a week later. I’ve been in banking ever since, now with Vectra Bank. What do you like to do to give back to the community? As part of Vectra Bank’s mission to give back to the community, I host financial literacy and SBA workshops for my clients and local communities. These events support small business owners by promoting their businesses, building community and encouraging networking and collaboration. I’m passionate about financial literacy and committed to helping underrepresented communities, small business owners and women entrepreneurs. I also serve as the board chair for Adelante Community Development, a nonprofit that empowers small business owners through workshops, mentorship, leadership programs, digital literacy and access to resources. What are you most proud of in your professional life right now? I’m most proud of helping my customers achieve their goals, whether it’s buying their first home, growing their business or learning about credit and investing. I take pride in bringing financial literacy and the resources Vectra Bank offers to my clients and my community. I’m also proud of the skills I’ve developed throughout my career, including public speaking, hosting community events, coaching, mentoring and team development. Being able to adapt to the ever-changing banking industry has been incredibly rewarding. As well as my participation in the Branch Manager Advisory Council with Zions Bancorp, representing Vectra Bank, that has been an incredible opportunity where I was able to bring my ideas and participate in meeting sessions with our CEO and COO. What is the most important thing you’ve learned from a career in banking? The most important lesson I’ve learned is how to build trust and long-term relationships with clients, colleagues and the community. Banking isn’t just about managing money; it’s about understanding people’s goals and dreams, guiding them toward financial success and creating genuine connections that make me a trusted advisor. What is important to you personally? My kids, my family, my community and my career. My kids are my biggest motivation; they inspire me to grow, learn and be the best version of myself every day. I want to show them that anything is possible when you have faith and determination. They are my most valuable relationships and my legacy. My family keeps me grounded and supports me unconditionally. My community matters because I strive to make a positive impact on everyone I meet. And my career is important because it allows me to make a meaningful difference in my clients’ lives. I’m deeply committed to my work at Vectra Bank as a branch manager, business developer and community leader. I am driven by a passion for helping people and promoting financial literacy. Ty Gavette Assistant Vice President Bank of Colorado How did you get started in the banking industry? I grew up on a dairy farm north of Greeley in the early years of my life. After our family liquidated the milk cows, we moved east, where we ran a custom hay retrieval business and my mom became a schoolteacher. My parents instilled the importance of agriculture in my siblings and me. After attending Monfort School of Business, I realized it was possible to link my education with an industry that I love. Bank of Colorado afforded me a great opportunity to work with farm and ranch families and provide banking solutions to those who need it most. What is the most rewarding aspect of your job? Working with a long-term client and watching their family operation become financially sound and provide an opportunity for their next generation. The greatest compliment someone can give is a referral; it allows me to know that I made a lasting impact on someone. What is the most important thing you’ve learned from a career in banking? Being a genuine person who shares common values with clients and the bank leads to a fortified relationship. Re-investing in the community in which we work continues to be the foremost goal that leads to a greater impact. “People working together in a strong community with a shared goal and common purpose can make the impossible possible.” What do you geek out about? Outside of the bank, I spend most of my time hunting and fly fishing in the Rocky Mountains with my wife and 3-month-old son. My wife says, between tying my own flies and cooking what we harvest, I have accumulated an inexcusable amount of outdoor gear. 15 Colorado Banker
HMDA and Action Taken By Natalie Straus, Director-Financial Services, Forvis Mazars Despite uncertainty involving the future of the Consumer Financial Protection Bureau (CFPB), recent regulatory agency findings highlight the continued significance of the Home Mortgage Disclosure Act and Regulation C (HMDA). Covered institutions are required to collect and report specific information about certain mortgage lending activity to the federal government on an annual basis. HMDA data is used to accomplish the following goals: 1. To help determine whether financial institutions are serving the housing needs of their communities; 2. To assist public officials in distributing public-sector investment to attract private investment to areas where it is needed; and 3. To assist in identifying possible discriminatory lending patterns and enforcing anti-discrimination statutes.1 In the 2025 Consumer Compliance Supervisory Highlights, the FDIC identified HMDA as the fifth-most cited violation. HMDA violations constituted 65 of the 1,275 total violations cited by the agency in 2024.2 In addition, in the Consumer Compliance Outlook: First Issue 2025, the Federal Reserve indicated HMDA violations constituted 253, or 38.2%, of the 662 total violations identified during exams in 2024.3 Both agencies identified “action taken required under § 1003.4(a)(8)” as a source of violations. Action Taken “Action taken” has long presented reporting difficulties to reportable institutions. Confusion often arises from nuances associated with “approved but not accepted” applications, “withdrawn” applications, applications that are “closed for incompleteness” and “counteroffers.” Approved but Not Accepted An institution must carefully consider the “conditional approvals” guidance when it issues an approval that is subject to the applicant meeting certain conditions, as these do not always constitute an “approved but not accepted” application. HMDA makes a distinction between approvals conditioned solely on “customary commitment or closing conditions” and those that are conditioned on any “underwriting or creditworthiness conditions.” The appropriateness of coding an application “approved but not accepted” when conditions are not met depends on the category of outstanding conditions. “Customary commitment or closing conditions” include conditions such as “clear-title requirement, an acceptable property survey, acceptable title insurance binder, clear termite inspection, a subordination agreement from another lienholder, and, where the applicant plans to use the proceeds from the sale of one home to purchase another, a settlement statement showing adequate proceeds from the sale.”4 “Underwriting or creditworthiness conditions” include conditions “that constitute a counter-offer, such as a demand for a higher down payment; satisfactory debt-to-income or loan-to-value ratios, a determination of need for private mortgage insurance, or a satisfactory appraisal requirement; or verification or confirmation, in whatever form the institution requires, that the applicant meets underwriting conditions concerning applicant creditworthiness, including documentation or verification of income or assets.”5 An institution should report “approved but not accepted” when an approval is conditioned on “customary commitment or closing conditions,” and the conditions are met but credit is not ultimately extended, or when the conditions are not met and the loan is not originated as a result. For example, an application would be coded “approved but not accepted” when the approval is subject to a clear termite inspection and a clear inspection is obtained, but the applicant changes their mind and decides not to purchase the property. In addition, an application would be coded “approved but not accepted” when the approval was subject to clear title requirements, when the title report shows potential issues and the institution is consequently unable to originate the loan. An institution should not report “approved but not accepted” when an approval is subject to “underwriting or creditworthiness conditions” and the Colorado Banker 16
conditions are not met. The “action taken” should be reported as “denial” when an approval is subject to this category of conditions, and those conditions are not met. For example, “approved but not accepted” would not be acceptable if the approval were subject to the applicant paying down a credit card bill to improve their debt-to-income ratio, and the applicant is unable to do so. The application should be coded “denial” under these circumstances. “Approved but not accepted” would be appropriate, on the other hand, if the application is subject to “underwriting and creditworthiness conditions” and these conditions are met, but the loan is not originated. For example, “approved but not accepted” is appropriate if an approval is subject to income verification and this requirement is satisfied, but the applicant ultimately decides to pursue financing elsewhere, and the loan is not originated. Withdrawn Applications HMDA indicates it is appropriate to report an application as “withdrawn” when the application is “expressly” withdrawn by the applicant before the institution makes a credit decision or before the application is closed for incompleteness.6 The concept of an “express” withdrawal is integral. The applicant must affirmatively communicate to the institution that they no longer wish to proceed with their application. “Withdrawn” is not an appropriate “action taken” when an institution is unable to contact an applicant. A withdrawal may not be inferred from a lack of communication. For example, “withdrawn” would not be the appropriate type of “action taken” when a loan officer repeatedly tries to contact an applicant to complete an application and the applicant does not respond. It is also important to document the date of express communication from the applicant for the purpose of confirming an additional data point, “date of action taken.” This means an institution should retain any written correspondence or create a memo or description of any oral correspondence for the purposes of documentation in the file. “Withdrawn” is also appropriate when an approval is conditioned on “underwriting or creditworthiness conditions” and the applicant expressly withdraws the application before the institution obtains the related information necessary to make a credit decision or before the file is closed for incompleteness. File Closed for Incompleteness HMDA requires that a financial institution “reports that the file was closed for incompleteness if the financial institution sent a written notice of incompleteness under Regulation B, 12 CFR 1002.9(c)(2), and the applicant did not respond to the request for additional information within the period of time specified in the notice before the applicant satisfies all underwriting or creditworthiness conditions.”7 This type of action taken is also appropriate when an institution sends a written notice of incompleteness requesting information related to “underwriting or creditworthiness conditions” necessary to make a credit decision, and the applicant does not respond within the designated timeframe. For example, an application should be coded as “closed for incompleteness” if the institution sends a notice of incompleteness requesting income verification and the customer does not respond within the specified time frame. Counteroffers The significance of a “counteroffer” in connection with “action taken” depends on the applicant’s response to the counteroffer. The institution should report a “denial” when an institution makes an offer to lend on different terms than those the applicant applied for and the applicant declines to proceed.8 For example, a financial institution might propose a lower loan amount when a property appraisal comes in low and no longer supports an appropriate loan-to-value calculation. If the applicant declines to proceed because they are disappointed in the property value, this means they have not accepted the counteroffer. Therefore, the applicant should be reported as a “denial.” When an applicant agrees to proceed with a counteroffer, the appropriate type of action taken will depend on the outcome of the application under the revised terms. If, in the above example, the applicant agreed to proceed with the lower loan amount and was subsequently approved subject to customer closing and commitment conditions, the type of action taken would be subject to the conditional approval rules discussed previously. How ProBank Advisor Can Assist Tackling the complex and evolving regulatory compliance landscape can be challenging for financial institutions. Digital solutions like ProBank Advisor can help your institution gain peace of mind to thrive in this complicated space. If you have any questions, please visit www.forvismazars.us/contact-us to contact a professional at Forvis Mazars. 1. 12 CFR 1003.1(b). 2. “Consumer Compliance Supervisory Highlights – Federal Deposit Insurance Corporation,” fdic.gov, July 2025. 3. “Consumer Compliance Outlook,” consumercomplianceoutlook.org, August 2025. 4. 12 CFR 1003 Supplement I. 5. Ibid. 6. Ibid. 7. Ibid. 8. Ibid. 17 Colorado Banker
www.thenewslinkgroup.orgRkJQdWJsaXNoZXIy MTg3NDExNQ==