Welcome to ZMW!

Stay ahead of audit red flags with practical insights and real-world tips to fix internal control weaknesses before they’re found.

Author

Norm Osumi
May 29, 2025

Welcome to this edition (week ending May29, 2025) of ZMW — a newsletter built for CFOs and controllers who want to stay ahead of material weaknesses before they become audit red flags. Whether you're preparing for SOX compliance, managing IPO-readiness, or just tightening up your internal control environment, this newsletter brings practical insights, industry trends, and real-world examples straight to your inbox. Our goal? Help you fix what’s weak, before the auditors find it.

Featured Sponsor

Financial-Close – Consark.ai
Move from Manual To a Fully Automated Close Process

Is ELC, PLC bothering you? Talk to us.

consark.ai/financial-close

News this week

  • SEC – FASB ASU 2025-04
    FASB’s new Accounting Standards Update 2025-04 retools GAAP for share-based incentives issued to customers. It defines performance conditions, eliminates ASC 606’s variable-consideration option, and places measurement squarely under ASC 718. Effective for 2026 year-ends, it accelerates expense recognition, compelling companies to reassess customer contracts, stock-based comp models, and disclosures ahead of budgeting.

  • PCAOB Audit Focus Bulletin
    PCAOB’s May 21 Audit Focus Bulletin spotlights persistent deficiencies in auditing accounting estimates. It urges auditors to test management assumptions, build independent expectations, and incorporate post-measurement events while guarding against cognitive biases. The guidance foreshadows tougher 2025 inspections, prompting audit committees and controllers to strengthen valuation documentation and scepticism now.

  • CFPB rescinds 67 guidance documents (effective May 12, 2025)
    On May 12, 2025, the CFPB published a Federal Register notice revoking 67 circulars, bulletins, advisory opinions and interpretive rules issued since 2014. Acting Director Russell Vought said the Bureau will lean on formal rulemaking and case-by-case adjudication, immediately lifting many compliance expectations and signaling sharply reduced enforcement going forward.

    *Here is the list of 67 items which have been revoked:

    1 . Policy Statements (8)

    1. Policy Statement on No Action Letters, 90 FR 1970 (Jan 10 2025)

    2. Policy Statement on Compliance Assistance Sandbox Approvals, 90 FR 1974 (Jan 10 2025)

    3. Statement of Policy Regarding Prohibition on Abusive Acts or Practices, 88 FR 21883 (Apr 12 2023)

    4. Statement on Enforcement & Supervisory Practices Relating to the Small-Business Lending Rule (ECOA/Reg B), 88 FR 34833 (May 31 2023)

    5. Statement on Supervisory & Enforcement Practices Regarding the Remittance Rule in Light of the COVID-19 Pandemic (Apr 10 2020)

    6. Disclosure of Consumer Complaint Narrative Data, 80 FR 15572 (Mar 24 2015)

    7. Disclosure of Consumer Complaint Data, 78 FR 21218 (Apr 10 2013)

    8. Disclosure of Certain Credit-Card Complaint Data, 77 FR 37558 (Jun 22 2012)

    2 . Interpretive Rules (7)

    1. Use of Digital User Accounts to Access Buy-Now-Pay-Later Loans, 89 FR 47068 (May 31 2024)

    2. Limited Applicability of CFPA’s “Time-or-Space” Exception to Digital Marketers, 87 FR 50556 (Aug 17 2022)

    3. FCRA’s Limited Preemption of State Laws, 87 FR 41042 (Jul 11 2022)

    4. Authority of States to Enforce the CFPA, 87 FR 31940 (May 26 2022)

    5. Examinations for Risks to Active-Duty Servicemembers & Covered Dependents, 86 FR 32723 (Jun 23 2021)

    6. ECOA/Reg B: Discrimination on the Bases of Sexual Orientation & Gender Identity, 86 FR 14363 (Mar 16 2021)

    7. Bulletin clarifying mortgage-lending rules for Surviving Family Members (Jul 8 2014)

    1. Advisory Opinions (13)

    1. Truth-in-Lending (Reg Z): Consumer Credit Offered in Advance of Expected Wages, 90 FR 3622 (Jan 15 2025)

    2. Fair Credit Reporting: File Disclosure, 89 FR 4167 (Jan 23 2024)

    3. Debt-Collection (Reg F): Deceptive & Unfair Collection of Medical Debt, 89 FR 80715 (Oct 4 2024)

    4. Fair Credit Reporting: Background Screening, 89 FR 4171 (Jan 23 2024)

    5. Truth-in-Lending (Reg Z): Home-Sales Contracts for Deed, 89 FR 68086 (Aug 23 2024)

    6. Consumer Information Requests to Large Banks & Credit Unions, 88 FR 71279 (Oct 16 2023)

    7. Debt-Collection (Reg F): Time-Barred Debt, 88 FR 26475 (May 1 2023)

    8. Fair Credit Reporting: Permissible Purposes for Consumer Reports, 87 FR 41243 (Jul 12 2022)

    9. Debt-Collection (Reg F): Pay-to-Pay Fees, 87 FR 39733 (Jul 5 2022)

    10. ECOA/Reg B: Revocations or Unfavorable Changes to Existing Credit Terms, 87 FR 30097 (May 18 2022)

    11. Fair Credit Reporting: Name-Only Matching Procedures, 86 FR 62468 (Nov 10 2021)

    12. Truth-in-Lending (Reg Z): Earned-Wage Access Programs, 85 FR 79404 (Dec 10 2020)

    13. Truth-in-Lending (Reg Z): Private Education Loans, 85 FR 79400 (Dec 10 2020)

    4 . Other Guidance (39)

    1. Circular 2024-06: Background Dossiers & Algorithmic Scores for Employment, 89 FR 88875 (Nov 12 2024)

    2. Circular 2024-05: Improper Overdraft Opt-In Practices, 89 FR 8007 (Oct 2 2024)

    3. Circular 2024-04: Whistle-blower Protections (CFPA § 1057), 89 FR 65170 (Aug 9 2024)

    4. Circular 2024-03: Unlawful / Unenforceable Contract Terms, 89 FR 51955 (Jun 21 2024)

    5. Circular 2024-02: Deceptive Marketing of Remittance Speed/Cost, 89 FR 27357 (Apr 17 2024)

    6. Circular 2024-01: Preferencing & Steering by Digital Intermediaries, 89 FR 17706 (Mar 12 2024)

    7. Circular 2023-03: Adverse-Action Notices & Reg B Sample Forms, 89 FR 27361 (Apr 17 2024)

    8. Circular 2023-02: Re-opening Closed Deposit Accounts, 88 FR 33545 (May 24 2023)

    9. Circular 2023-01: Unlawful Negative-Option Marketing, 88 FR 5727 (Jan 30 2023)

    10. Circular 2022-07: Reasonable Investigation of Consumer-Report Disputes, 87 FR 71507 (Nov 23 2022)

    11. Circular 2022-06: Unanticipated Overdraft-Fee Practices, 87 FR 66935 (Nov 7 2022)

    12. Circular 2022-05: Invalid Nursing-Home Debts—Debt-Collection & Reporting, 87 FR 57375 (Sep 20 2022)

    13. Circular 2022-04: Insufficient Data-Security Practices, 87 FR 54346 (Sep 6 2022)

    14. Circular 2022-03: Adverse-Action Notices & Complex Algorithms, 87 FR 35864 (Jun 14 2022)

    15. Circular 2022-02: Deceptive FDIC/Deposit-Insurance Representations, 87 FR 35866 (Jun 14 2022)

    16. Circular 2022-01: System of CFPB Circulars, 87 FR 35868 (Jun 14 2022)

    17. Bulletin 2023-01: Unfair Billing & Collection After Student-Loan Discharge, 88 FR 17366 (Mar 23 2023)

    18. Bulletin 2022-06: Unfair Returned-Deposited-Item Fees, 87 FR 66940 (Nov 7 2022)

    19. Bulletin 2022-05: UDAAPs Impeding Consumer Reviews, 87 FR 17143 (Mar 28 2022)

    20. Bulletin 2022-04: Mitigating Harm from Auto-Repossessions, 87 FR 11951 (Mar 3 2022)

    21. Bulletin 2022-03: Public-Service Loan-Forgiveness Servicer Duties, 87 FR 11286 (Mar 1 2022)

    22. Bulletin 2022-01: Medical-Debt Collection & Reporting (No Surprises Act), 87 FR 3025 (Jan 20 2022)

    23. Enforcement-Compliance Bulletin 2021-03: Rental-Information Reporting, 86 FR 35595 (Jul 7 2021)

    24. Bulletin 2021-02: Housing-Insecurity Supervision & Enforcement Priorities, 86 FR 17897 (Apr 7 2021)

    25. Policy Guidance on Early Compliance with 2016 RESPA/TILA Mortgage-Rule Amendments, 82 FR 29713 (Jun 30 2017)

    26. Bulletin 2016-03: Detecting & Preventing Harm from Production Incentives, 82 FR 5541 (Jan 18 2017)

    27. Bulletin 2015-07: In-Person Collection of Consumer Debt (Dec 16 2015)

    28. Bulletin 2015-02: Section 8 Housing-Choice Voucher Home-Ownership Program (May 11 2015)

    29. Bulletin 2014-02: Marketing of Credit-Card Promotional APR Offers (Sep 3 2014)

    30. Bulletin 2014-01: FCRA Investigations by Furnishers (Feb 27 2014)

    31. Bulletin 2013-09: FCRA Dispute-Investigation & “All-Relevant-Info” Rule (Sep 4 2013)

    32. Bulletin 2013-07: UDAAPs in Consumer-Debt Collection (Jul 10 2013)

    33. Bulletin 2013-01: Indirect Auto Lending & ECOA Compliance (Mar 21 2013)

    34. Bulletin 2012-09: FCRA Streamlined Process for Free Annual Reports (Nov 29 2012)

    35. Bulletin 2012-08: Implementation of Reg E Remittance-Transfer Rule (Nov 27 2012)

    36. Bulletin 2012-06: Marketing of Credit-Card Add-On Products (Jun 27 2011)

    37. Bulletin 2012-04: Lending Discrimination (Apr 18 2012)

    38. Bulletin 2012-02: Loan-Originator Compensation (Apr 2 2012)

    39. Bulletin 11-2: Interstate Land Sales Full Disclosure Act (Jul 20 2012)

  • FINRA Proposed Rule 6152 – public order-execution statistics
    On 20 May 2025 the SEC designated extra time to act on FINRA filing SR-FINRA-2025-002, which would create Rule 6152. The rule compels every member to file monthly Rule 605-style execution statistics for NMS stocks with FINRA for public posting. Firms should begin mapping order-handling data and prepare comment letters.

    What member firms should be considering now:

    • Begin mapping internal order-handling data to the Rule 605 fields so you can generate reports quickly if the rule is approved.

    • Identify any execution venues you rely on that do not currently produce 605 reports and assess reputational exposure once public posting begins.

    • Prepare comment letters; although the formal SEC comment period closed 2 May, additional feedback can still be submitted.

  • Cybersecurity alert: phishing campaign impersonating FINRA executives
    FINRA issued a cybersecurity alert on 21 May 2025 revealing a sophisticated phishing campaign impersonating senior FINRA executives. Emails sent to broker-dealer and RIA leadership contain malicious links and attachments. The alert lists domains, IPs and subject lines to block, and urges firms to reinforce “CEO-fraud” awareness training.

    What member firms should be considering now:

    • Block the domain names and IP addresses listed in the alert, and update secure-email gateways to quarantine look-alike senders.

    • Run a keyword hunt for the subject lines across your mail archive since 21 May.

    • Issue an internal “CEO-fraud” reminder to staff, emphasizing that FINRA will never send executable files or ask for credentials by email.

  • OCC May enforcement actions – The OCC issued C&D orders to Eastern National Bank (Miami) and EH National Bank (Beverly Hills) over capital, liquidity and governance weaknesses, and levied six-figure civil penalties plus personal C&Ds on former Wells Fargo audit executives, spotlighting stringent oversight of liquidity risk and individual accountability.

  • OMB H.R. 1 SAP (May 21). OMB’s policy statement champions the “One Big Beautiful Bill Act,” backing permanent 2017-tax-cut extensions, new middle-class breaks, a $1 trillion defense top-line, and $1.6 trillion in mandatory savings—clearly flagging the Administration’s fiscal priorities and promising the President’s signature if enacted.

  • Executive Order on the Nuclear Industrial Base (May 23). The order elevates OMB to co-lead a 240-day nuclear-fuel-cycle strategy, craft a 120-day uranium-conversion plan, and clear any related spending or legislation—embedding tight budget oversight in a cross-agency drive to expand advanced reactors and domestic fuel supply.

A thought from our Author Norm Osumi 

"Qatar’s Mega-Gift to the U.S. President Raises Big Questions

Qatar has offered America’s leader a lavish Boeing 747-8 jet, but accepting it isn’t simple. Under the 1966 Foreign Gifts and Decorations Act, U.S. officials must refuse pricey presents or log them as government property. If Washington keeps the plane, every screw and wire would need checks and military upgrades—an overhaul that experts say could top $4 billion and take years. Turning it into “Air Force One-level” security means adding EMP shields, anti-missile gear, and a flying White House inside. If the jet were treated as a personal gift, critics warn it could clash with the Constitution’s Emoluments Clause, which bars leaders from pocketing valuables from foreign states without Congress’s okay. Key decisions now sit with newly confirmed Chief of Protocol Monica Crowley, who must decide whether the plane is stored, souped-up, or sent back. Her call could shape U.S. diplomacy—and spark a fresh battle over ethics and influence in Washington."

eatured Sponsor

Financial-Close – Consark.ai
AI-Powered Flux Analysis Platform

Use the power of AI for a faster and more accurate Flux Analysis. Talk to us.

consark.ai/flux-management

Reg-Hack Quiz (20-Second Challenge)!

The Company’s new AI-powered credit model guarantees instant approvals for qualifying applicants and delivers risk-free returns for investors. Which sentence creates the biggest regulatory red flag under current SEC and CFPB rules?

Login or Subscribe to participate in polls.

Ask the PCAOB Whisperer

Q. What’s in the PCAOB’s brand-new guide on accounting estimates?

A. The nine-page “Audit Focus” brief, released May 21, highlights the assumptions auditors miss most often (credit-loss reserves, impairments) and offers plain-language checklists. It arrives as inspection teams keep flagging weak estimate testing—and as lawmakers threaten to scrap the Board, making its guidance even more urgent.

Weekly Podcasts

We want to keep you engaged with meaningful topics, so we create weekly podcasts and host periodic webinars.

Why are US investors missing out on global crypto opportunities? In our latest ReportingNorms.ai episode, Norm breaks down how regulatory hurdles in the US are pushing crypto innovation overseas, while countries like Singapore and Switzerland roll out the welcome mat. Tune in to get the inside scoop on what’s holding America back—and which nations are taking the lead!

Tune in to hear more.

Here’s the audio version of the same:

To watch more podcasts, visit and follow us on ReportingNorms.ai.

 Featured Sponsor

Financial-Close – Consark.ai AI-Powered Transaction Matching

Are your Account Recons still on Excel? Talk to us.

consark.ai/transaction-matching

Norm Osumi

Norm is the CEO of HighIQ.ai, bringing 30+ years of executive leadership across startups, public, and private companies. A seasoned strategist, he's led global teams, major acquisitions, and digital transformations across the hardware and SaaS sectors. With deep expertise in finance, operations, and M&A—including key roles at VeriSign, Symantec, and NEC—Norm is now focused on driving innovation and AI-powered growth from Nashville, TN. Fluent in Japanese and shaped by global experience, he’s passionate about building high-performing teams and delivering lasting impact.

www.youtube.com/@ReportingNorms

Like what you see? Subscribe now and join a growing network of finance leaders building stronger, audit-ready companies.

Reply

or to participate.