Blog

On April 14 th , the Chamber of Commerce of the United States and the Consumer Financial Protection Bureau (CFPB) filed a joint motion for entry of consent judgment to resolve litigation in the US District Court for the Northern District of Texas regarding the CFPB’s credit card late fee rule. In March 2024, the CFPB issued a final rule that would have limited large card issuers (those with more than 1 million open and active credit card accounts) from charging a late fee that exceeds $8. Almost immediately, a lawsuit was brought by the US Chamber of Commerce in federal district court asserting that the rule violated the CARD Act. To resolve this litigation, the parties have jointly asked the court to vacate the rule. Once the terms of the settlement have been approved by the court, card issuers will return to the safe harbor fee amounts outlined in 12 CFR 1026.52.

In a filing submitted in connection with a lawsuit in the US District Court for the Southern District of Florida challenging the small business lending data collection rule, the Consumer Financial Protection Bureau (CFPB) has indicated its intent to reopen the rule to make changes. According to the filing, the agency intends to issue a notice of proposed rulemaking as expeditiously as reasonably possible. By way of reminder, the rule is currently stayed by the 5th Circuit in companion litigation, but only for members of the American Bankers Association, America’s Credit Unions and other plaintiffs/intervenors. All other covered financial institutions are required to begin complying with the rule as soon as July 18, 2025 (depending on loan volume).  However, the CFPB’s filing in the Florida case also agreed that “subjecting similarly situated entities to different compliance dates for Section 1071’s data collection requirements would not serve the public interest.” As a result, it is anticipated that the agency will announce that it does not intend to enforce the rule, in its current form, against any institution. Stay tuned for further developments.

On March 28, 2025, the Consumer Financial Protection Bureau (CFPB) announced that it will not prioritize enforcement or supervision actions with regard to the payday lending rule. In its press release , the CFPB said that it is contemplating issuing a notice of proposed rulemaking that would further narrow the scope of the rule. As a reminder, the payday lending rule, which took effect on March 30th, requires covered financial institutions to: Obtain new and specific automatic payment authorization for a covered loan after two consecutive automatic payment attempts have failed, and Provide specific disclosures and notices in connection with a covered loan. Only lenders that originate 2,500 or more covered loans in a calendar year are covered by the requirements of the rule.

The Financial Crimes Enforcement Network (FinCEN) has issued an interim final rule removing the requirement for domestic reporting companies to file their beneficial ownership information directly with the agency. The Corporate Transparency Act (CTA), passed by Congress in 2020, required reporting companies to submit information about their beneficial owners directly to FinCEN. The interim final rule now exempts domestic reporting companies from this registration requirement. A domestic reporting company is defined as any corporation, limited liability company, or other entity that is created by a filing with the secretary of state (or similar office) under the laws of any state or Indian tribe. Foreign reporting companies will continue to be subject to the reporting requirement; however, will not have to report information about any of its beneficial owners that are US persons. Existing foreign reporting companies will have 30 days from the rule's publication in the Federal Register to submit their information to FinCEN. New foreign reporting companies will have 30 days from formation to submit their information. FinCEN's interim final rule does not change the 2018 customer due diligence requirements, which charge financial institutions with collecting beneficial ownership information about legal entity customers at the time of account opening.

On March 19th, the US Department of Housing and Urban Development (HUD) issued Mortgagee Letter 2025-08 . The letter rescinds, among other things, ML 2024-07, which imposed several borrower-initiated reconsideration of value (ROV) requirements in connection with FHA-insured residential mortgage loans with a case number assigned on or after October 31, 2024. The borrower-initiated ROV requirements rescinded by HUD's most recent mortgagee letter include, but are not limited to: Disclosure at application and again upon delivery of the appraisal copy information about the borrower's ability to initiate an ROV request, Policies and procedures that outline the steps a borrower must take to initiate an ROV request, along with milestones for communication with the borrower as to the status of his/her request, and The actions a creditor may take in response to an ROV request. While underwriter-initiated ROV requirements remain in effect for FHA loans, HUD states that the borrower-initiated requirements are being rescinded in response to President Trump's executive order dated January 20, 2025. That executive order was aimed at reversing policies that the administration feels have adversely affected key sectors, including the housing market. It remains to be seen whether the Federal Housing Finance Agency will follow suit and rescind their borrower-initiated ROV requirements in connection with Fannie Mae and Freddie Mac loans.

In Letter to Credit Unions 25-CU-03 , the National Credit Union Administration (NCUA) announced its new exam scheduling policy. Effective January 1, 2025, federally insured credit unions (FICUs) will be examined according to the following schedule: 8 to 12 months following its last examination date FICUs with ANY of the following characteristics - A CAMELS rating of 3, 4, or 5, Considered less than well capitalized, An outstanding enforcement action, or Assets greater than or equal to $10 billion. FICUs with assets between $1 billion and $10 billion, and A CAMELS rating of 3, 4, or 5, or A change in CEO since its last examination. 12 to 16 months following its last examination date FICUs with assets between $1 billion and $10 billion, and A CAMELS rating of 1 or 2, and No change in CEO since its last examination. 14 to 18 months following its last examination date Federal credit unions (FCUs) not included above Once every 5 years Federally insured state-chartered credit unions (FISCUs) not included above The NCUA believes this revised schedule will allow it to better respond to emerging risks and priorities using available resources. It is important to note that nothing in the new schedule limits the NCUA's authority to examine any FICU as frequently as the agency deems necessary.

Back in December 2023, the Federal Communications Commission (FCC) adopted a new rule amending the prior express written consent requirements under the Telephone Consumer Protection Act (TCPA). That rulemaking would have done a couple of things. First, it would have clarified that a consumer’s prior express written consent can apply to not more than one seller. In other words, the rule would have prevented a company from obtaining a consumer’s consent to the receipt of advertising and telemarketing messages both for itself as well as its affiliates. Second, the rule would have required that a consumer’s consent be logically and topically associated with the interaction that prompted the consent. That second requirement was particularly concerning for financial institutions. The language of the rulemaking seemed to suggest that an institution that captured prior express written consent at the time of account opening could not later rely on that same consent for purposes of sending advertising or telemarketing messages related to loans, credit cards, or other non-deposit products. The Insurance Marketing Coalition asked for a judicial review of the rulemaking at the Eleventh Circuit Court of Appeals. On January 24, 2025, that court vacated the new requirements. In its order, the court found that the FCC exceeded its statutory authority because the amendments to the definition of prior express written consent impermissibly conflicted with the statutory definition of the same term under the TCPA. 

Following years of litigation, the Consumer Financial Protection Bureau’s 2017 payday lending rule will take effect on March 30, 2025. Three types of consumer loans are covered by the payday lending rule: Short-term loans that require repayment within 45 days, Longer term loans with a balloon payment, and Longer term loans for which the APR exceeds 36% and automatic payment is required from the consumer's account. Under the rule, covered lenders will have to adhere to both payment restrictions and notice requirements. First, when two consecutive automatic payment attempts have failed in connection with a covered loan, the lender is prohibited from attempting another withdrawal until it has obtained a new and specific authorization from the consumer. Second, the rule imposes the following notice requirements in connection with a covered loan: Written notice before the lender attempts to withdraw the first automatic payment from the consumer's account, Written notice before a subsequent automatic payment attempt that will differ in amount or effective date, and Written notice when two consecutive payment attempts have failed. Lenders that do not originate more than 2,500 covered loans in a calendar year are exempt from the rule’s requirements. Additional implementation resources regarding the payday lending rule are available from the CFPB here .

The Consumer Financial Protection Bureau (CFPB) has issued an advanced technologies special edition of its supervisory highlights’ publication, available here . First, the CFPB found evidence of disparate treatment in the underwriting and pricing of credit cards. Certain complex credit scoring models used by some card issuers resulted in disproportionately negative outcomes for Black/African American and Hispanic applicants. In response, the CFPB is encouraging card issuers to test their scoring models for potential bias and look for less discriminatory alternatives. Second, the CFPB found that some auto lenders are using credit scoring models that rely heavily on alternative data. As explained in an Interagency Statement on the Use of Alternative Data in Credit Underwriting, data not directly related to a consumer’s finances may present greater consumer protection risks. These auto lenders are encouraged to look for less discriminatory alternatives when considering the input variables that make up their scoring models. Finally, auto lenders are reminded of the requirement under Regulation B to provide a statement of specific reasons for adverse action. When an application is denied by a credit scoring model, it is not sufficient to state on the adverse action notice that the applicant did not meet the required minimum credit score. Specific factors that contributed to the applicant’s credit score (e.g., delinquent past or present obligations) must be identified.