By Cynthia Hetherington

This past year has brought about a great deal of change in due dili­gence requirements for compliance regulations, with The Committee on Foreign Investment in the United States (CFIUS) seeing the Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA) signed into law. CFIUS and FIRRMA didn’t capture as much attention as the European Union’s GDPR, but the impact on U.S. businesses is signifi­cantly more involved for open source investigators.

Our research efforts deconstruct foreign investors to address the “growing national security concerns over foreign exploitation of certain investment structures” who are investing in U.S.-based interests. If the investors don’t qualify, they will lose their opportunity. This work brings the best of what we investiga­tors do into clear focus, as it requires expert due diligence efforts for nation­al security. This is not the only due dili­gence requirement; states also have their own requirements.

In this 4-part series, we provide information on banks and financial institutions, business entities, non-profits, and franchises, so that when you conduct due diligence for your clients, you know you’re dotting all the i’s and crossing all the t’s. This week, we explore banks and financial institutions.

Banks & Financial Institutions

Office of the Comptroller of the Currency

The Office of the Comptroller of the Currency (OCC) is a bureau of the U.S. Department of the Treasury. It charters, regulates, and supervises all national banks and federal savings associa­tions. The OCC also supervises feder­ally chartered branches and agencies of foreign banks that may not be mem­bers of the Federal Reserve System. On the OCC’s website, under the Licensing tab, one can find lists of active banks and federal savings associations by name, city, and state.

The OCC has the statutory authority to take action against Institution-Affiliated Parties (IAPs), including:

  • Officers, directors, and employees; and
  • A bank’s controlling stockholders, agents, and certain other individuals.

Investigators can conduct enforcement actions searches for violations of laws, rules or regulations, unsafe or unsound practices, violations of final orders, violations of conditions imposed in writing, and for IAP breach­es of fiduciary duty.

Federal Deposit Insurance Corporation (FDIC)

The Federal Deposit Insurance Corporation (FDIC) insures deposits in banks and thrift institutions for at least $250,000 and identifies, monitors, and addresses risks to the deposit insur­ance funds when a bank or thrift institu­tion fails. The FDIC has the statutory authority to take enforcement actions against the following entities:

  • FDIC insured state-chartered banks that are not members of the Federal Reserve System;
  • FDIC insured branches of foreign banks; and
  • Officers, directors, employees, controlling shareholders, agents, and certain other cate­gories of individuals (institution affiliated par­ties) associated with such institutions.

The FDIC Enforcement Decisions and Orders (ED&O) contain the full text of the formal enforcement actions against financial institutions that are regulated by the FDIC or against their affiliated parties. The ED&O is updated on a monthly basis.

Federal Reserve Board

The Federal Reserve is the central bank of the U.S. It super­vises and has the statutory authority to take formal enforcement actions against the following entities:

  • State member banks;
  • Bank holding companies;
  • Non-bank subsidiaries of bank holding companies;
  • Edge and agreement corporations;
  • Branches and agencies of foreign banking organizations operating in the United States and their parent banks; and
  • Officers, directors, employees, and certain other categories of individuals associated with the above banks, companies, and organizations (referred to as institution-affili­ated parties).

The Federal Reserve can take formal enforcement actions against the enti­ties listed above for violations of laws, rules, or regulations, unsafe or unsound practices, breaches of fiduciary duty, and violations of final orders. Since August 1989, the Federal Reserve has made all final enforcement orders pub­lic.

The National Information Center (NIC), part of the Federal Reserve System, is a central repository of data about banks and other institutions that the Federal Reserve has a supervisory, regulatory, or research interest. This includes domestic and foreign banking organizations operating in the U.S. The USBA Search allows one to search for an institution’s current and non-current information by name and location.

National Credit Union Administration

The National Credit Union Administration (NCUA) is an independent federal agency that charters and supervises federal credit unions. The website offers plenty of research and data access.



Next week, we continue our examination of due diligence investigations with a discussion of business entity records.

Are you an analyst or investigator looking for advanced training on enhanced due diligence compliance? If so, check out Hg’s webinar series, where you can attend live sessions and receive CEUs or watch previously recorded sessions to beef up your OSINT skills.


In today’s global marketplace, investors are faced with multi-national compliance regulations. As veteran investigators in enhanced due diligence, Hetherington Group understands the business world and the legal and regulatory frameworks in which corporations and privately held companies operate.  Learn how our team can help you mitigate risk at home and abroad.

Cynthia Hetherington, MLS, MSM, CFE, CII is the founder and president of Hetherington Group, a consulting, publishing, and training firm that leads in due diligence, corporate intelligence, and cyber investigations by keeping pace with the latest security threats and assessments. She has authored three books on how to conduct investigations, is the publisher of the newsletter, Data2know: Internet and Online Intelligence, and annually trains thousands of investigators, security professionals, attorneys, accountants, auditors, military intelligence professionals, and federal, state, and local agencies on best practices in the public and private sectors.