Blog

On July 4, 2025, President Trump signed H.R.1, The One Big Beautiful Bill Act into law. Among the many, many other things that the law does, it dramatically reduces the amount of funding available to the Consumer Financial Protection Bureau (CFPB). Under the Dodd-Frank Act of 2010, the CFPB could request from the Federal Reserve up to 12% of its total operating expenses in 2009. Each year, the 2009 amount is adjusted for inflation to determine the new amount of the CFPB’s maximum permissible withdrawal from the Federal Reserve. Under H.R.1, this cap has been reduced from 12% to 6.5%, a reduction of nearly half of the CFPB’s annual funding. Senate Republicans claim that the reduction in funding for the CFPB will save taxpayers around $2 billion. Under the temporary leadership of Russ Vought, we’ve seen the CFPB withdraw nearly 70 guidance documents, de-prioritize enforcement of its payday lending rule, vacate its credit card late fee rule, stop defending a number of rules in federal court, and terminate several pending enforcement actions for alleged violations of consumer financial protection law. All this to say that a 46% reduction in its annual budget shouldn’t be too difficult for the lame duck agency to manage.

Under 31 CFR 1020.220, a financial institution's Customer Identification Program (CIP) requires the collection of certain information in connection with the opening of a new account. Specifically, the rule requires the financial institution to collect the following from the customer : Name Date of birth (for an individual) Residential or business street address, and Identification number (e.g., taxpayer identification number) Under an order issued by the Financial Crimes Enforcement Network (FinCEN) on June 27, 2025, financial institutions are now permitted to collect a customer's taxpayer identification number (TIN) from a third-party, instead of directly from the customer. To utilize this alternative collection method, the financial institution must have written procedures that: a) enable the financial institution to obtain the customer's TIN prior to account opening, b) recognize the relevant risks associated with obtaining the customer's TIN from a third-party, and c) enable the financial institution to form a reasonable belief that it knows the true identity of the customer. Nothing in the order requires the financial institution to utilize this alternative collection method.  You can access a copy of the FinCEN order here .

Today, the Consumer Financial Protection Bureau (CFPB) published an interim final rule extending the mandatory compliance dates once again for its small business lending data collection rule under Section 1071 of the Dodd-Frank Act. The new mandatory compliance dates are as follows: Tier One Lenders (those that originated at least 2,500 covered credit transactions in both years of their determination period) July 1, 2026 Tier Two Lenders (those that originated between 500 and 2,499 covered credit transactions in both years of their determination period) January 1, 2027 Tier Three Lenders (those that originated between 100 and 499 covered credit transactions in both years of their determination period) October 1, 2027 The interim final rule also clarifies that a covered financial institution may use any of the following combinations for its determination period - 2022 and 2023, 2023 and 2024, or 2024 and 2025. The CFPB indicates that it plans to use this additional time to initiate a new Section 1071 rulemaking. The notice of proposed rulemaking, which we anticipate will make significant changes to the current small business lending data collection framework, will be issued as expeditiously as possible according to the agency.

In late 2024, the Consumer Financial Protection Bureau (CFPB) finalized its open banking rule as required by Section 1033 of the Dodd-Frank Act. The rule requires financial institutions and other data providers to make covered data regarding financial products and services available to consumers and authorized third parties in electronic form. Almost immediately, the CFPB was sued in federal district court in Kentucky, alleging several deficiencies with the rulemaking. On May 23 rd , the CFPB’s general counsel indicated that the agency plans to file a motion for summary judgment by May 30 th asking the court to cancel the rule. In a status report filed with the court, the CFPB stated, “after reviewing the rule and considering the issues that this case presents, Bureau leadership has determined that the rule is unlawful and should be set aside.” Notwithstanding this development, financial institutions must keep in mind that Section 1033 of the Dodd-Frank Act statutorily mandates that the CFPB prescribe rules requiring covered persons to make certain information about financial products and services available to consumers in electronic form. Absent an act of Congress striking this requirement from the Dodd-Frank Act, the CFPB will need to start anew with its open banking initiative.

On May 15, 2025, the Consumer Financial Protection Bureau (CFPB) published notice in the Federal Register that it is withdrawing three proposals introduced under the previous administration. First, the CFPB is withdrawing a proposed interpretive rule regarding applicability of the Electronic Fund Transfers Act to emerging payment mechanisms. Under the January 2025 proposal, a stablecoin, bitcoin, or other cryptocurrency transaction conducted in connection with a consumer asset account would be considered an electronic fund transfer subject to Regulation E’s requirements. Next, the CFPB is withdrawing a proposed rule that would have banned unfair provisions in credit contracts and specifically prohibited certain terms and conditions. Under the January 2025 proposal, a credit contract could not contain provisions such as a confession of judgment or waiver of exemption. In addition, a covered financial institution would not be able to enforce any term or condition that permits it to unilaterally amend a contract or restrain expression. Finally, the CFPB is withdrawing its proposed rule concerning harmful data broker practices. The proposal, issued in December 2024, would have treated data brokers as consumer reporting agencies, required a permissible purpose to obtain credit header data (e.g., name, address, date of birth, and social security number of a consumer) from a consumer reporting agency, and emphasized that marketing is not a permissible purpose to obtain a credit report under the FCRA. On May 9, 2025, the White House announced that President Trump is nominating Jonathan McKernan as Undersecretary of Treasury for Domestic Policy. It was later confirmed that as a result, Mr. McKernan’s previous nomination to head the CFBP is being withdrawn. Russell Vought, the Director of the White House Office of Management and Budget, is currently serving as acting director of the Bureau. He may continue to do so for an additional 210 days under the Federal Vacancies Reform Act. The White House has yet to announce a new nominee for CFPB director.

On May 12th, the Consumer Financial Protection Bureau (CFPB) published notice in the Federal Register that it is withdrawing dozens of interpretive rules, policy statements, and advisory opinions, dating as far back as 2011. The Bureau is withdrawing its guidance in light of the President’s directive to deregulate and streamline bureaucracy. In the future, the agency intends to only issue guidance when absolutely necessary, and only to reduce compliance burden. While the amount of guidance being withdrawn by the Bureau is too voluminous to fully detail here, below is a flavor of the agency's previous interpretations that no longer carry any precedential value: Policy Statements (8 withdrawn in total) Statement of Policy Regarding Prohibition on Abusive Acts or Practices – issued in April 2023, this statement provided an analytical framework of what constitutes an abusive act and/or practice Interpretive Rules (7 withdrawn in total) ECOA (Regulation B); Discrimination on the Bases of Sexual Orientation and Gender Identity – issued in March 2021, this interpretive rule expanded Regulation B’s prohibition against sex discrimination to include both sexual orientation and gender identity Advisory Opinions (13 withdrawn in total) Circulars (16 withdrawn in total) Reopening Deposit Accounts that Consumers Previously Closed – issued in May 20243, this circular indicated that it is likely an unfair act and/or practice to unilaterally reopen a deposit account that was previously closed by the consumer Bulletins (23 withdrawn in total) Prohibition of Unfair, Deceptive, or Abusive Acts or Practices in the Collection of Consumer Debts – issued in July 2013, this bulletin outlined several debt collection practices that the agency would consider to be unfair, deceptive, and/or abusive

In January, the Consumer Financial Protection Bureau (CFPB) issued a final rule to amend Regulation V concerning the use of medical information in connection with a determination of eligibility for credit. Under the rule, the instances in which a creditor can use medical information about a consumer are significantly limited. In addition, the rule generally prohibits consumer reporting agencies from providing a creditor with a report that contains medical debt information. The rule was originally scheduled to take effect on March 17th. However, due to litigation filed in the US District Court for the Eastern District of Texas, the rule was stayed for 90 days until June 15th. The CFPB now agrees that it exceeded its statutory authority when promulgating the rule. The parties have filed a joint motion asking the court to find that the rule is contrary to federal law. In light of this development, Judge Jordan has cancelled a scheduled hearing regarding the preliminary injunction and has asked all parties involved to fully brief the case for final resolution. If this case follows in the footsteps of the credit card late fee rule, the CFPB's decision to not defend the rule in federal court is likely a death knell. Final resolution of the litigation is anticipated in advance of the June 15th expiration of the preliminary injunction.

On April 14 th , the Chamber of Commerce of the United States and the Consumer Financial Protection Bureau (CFPB) filed a joint motion for entry of consent judgment to resolve litigation in the US District Court for the Northern District of Texas regarding the CFPB’s credit card late fee rule. In March 2024, the CFPB issued a final rule that would have limited large card issuers (those with more than 1 million open and active credit card accounts) from charging a late fee that exceeds $8. Almost immediately, a lawsuit was brought by the US Chamber of Commerce in federal district court asserting that the rule violated the CARD Act. To resolve this litigation, the parties have jointly asked the court to vacate the rule. Once the terms of the settlement have been approved by the court, card issuers will return to the safe harbor fee amounts outlined in 12 CFR 1026.52.

In a filing submitted in connection with a lawsuit in the US District Court for the Southern District of Florida challenging the small business lending data collection rule, the Consumer Financial Protection Bureau (CFPB) has indicated its intent to reopen the rule to make changes. According to the filing, the agency intends to issue a notice of proposed rulemaking as expeditiously as reasonably possible. By way of reminder, the rule is currently stayed by the 5th Circuit in companion litigation, but only for members of the American Bankers Association, America’s Credit Unions and other plaintiffs/intervenors. All other covered financial institutions are required to begin complying with the rule as soon as July 18, 2025 (depending on loan volume).  However, the CFPB’s filing in the Florida case also agreed that “subjecting similarly situated entities to different compliance dates for Section 1071’s data collection requirements would not serve the public interest.” As a result, it is anticipated that the agency will announce that it does not intend to enforce the rule, in its current form, against any institution. Stay tuned for further developments.