Blog
In late 2024, the Consumer Financial Protection Bureau (CFPB) finalized its open banking rule as required by Section 1033 of the Dodd-Frank Act. The rule requires financial institutions and other data providers to make covered data regarding financial products and services available to consumers and authorized third parties in electronic form. Almost immediately, the CFPB was sued in federal district court in Kentucky, alleging several deficiencies with the rulemaking. On May 23 rd , the CFPB’s general counsel indicated that the agency plans to file a motion for summary judgment by May 30 th asking the court to cancel the rule. In a status report filed with the court, the CFPB stated, “after reviewing the rule and considering the issues that this case presents, Bureau leadership has determined that the rule is unlawful and should be set aside.” Notwithstanding this development, financial institutions must keep in mind that Section 1033 of the Dodd-Frank Act statutorily mandates that the CFPB prescribe rules requiring covered persons to make certain information about financial products and services available to consumers in electronic form. Absent an act of Congress striking this requirement from the Dodd-Frank Act, the CFPB will need to start anew with its open banking initiative.
On May 15, 2025, the Consumer Financial Protection Bureau (CFPB) published notice in the Federal Register that it is withdrawing three proposals introduced under the previous administration. First, the CFPB is withdrawing a proposed interpretive rule regarding applicability of the Electronic Fund Transfers Act to emerging payment mechanisms. Under the January 2025 proposal, a stablecoin, bitcoin, or other cryptocurrency transaction conducted in connection with a consumer asset account would be considered an electronic fund transfer subject to Regulation E’s requirements. Next, the CFPB is withdrawing a proposed rule that would have banned unfair provisions in credit contracts and specifically prohibited certain terms and conditions. Under the January 2025 proposal, a credit contract could not contain provisions such as a confession of judgment or waiver of exemption. In addition, a covered financial institution would not be able to enforce any term or condition that permits it to unilaterally amend a contract or restrain expression. Finally, the CFPB is withdrawing its proposed rule concerning harmful data broker practices. The proposal, issued in December 2024, would have treated data brokers as consumer reporting agencies, required a permissible purpose to obtain credit header data (e.g., name, address, date of birth, and social security number of a consumer) from a consumer reporting agency, and emphasized that marketing is not a permissible purpose to obtain a credit report under the FCRA. On May 9, 2025, the White House announced that President Trump is nominating Jonathan McKernan as Undersecretary of Treasury for Domestic Policy. It was later confirmed that as a result, Mr. McKernan’s previous nomination to head the CFBP is being withdrawn. Russell Vought, the Director of the White House Office of Management and Budget, is currently serving as acting director of the Bureau. He may continue to do so for an additional 210 days under the Federal Vacancies Reform Act. The White House has yet to announce a new nominee for CFPB director.
On May 12th, the Consumer Financial Protection Bureau (CFPB) published notice in the Federal Register that it is withdrawing dozens of interpretive rules, policy statements, and advisory opinions, dating as far back as 2011. The Bureau is withdrawing its guidance in light of the President’s directive to deregulate and streamline bureaucracy. In the future, the agency intends to only issue guidance when absolutely necessary, and only to reduce compliance burden. While the amount of guidance being withdrawn by the Bureau is too voluminous to fully detail here, below is a flavor of the agency's previous interpretations that no longer carry any precedential value: Policy Statements (8 withdrawn in total) Statement of Policy Regarding Prohibition on Abusive Acts or Practices – issued in April 2023, this statement provided an analytical framework of what constitutes an abusive act and/or practice Interpretive Rules (7 withdrawn in total) ECOA (Regulation B); Discrimination on the Bases of Sexual Orientation and Gender Identity – issued in March 2021, this interpretive rule expanded Regulation B’s prohibition against sex discrimination to include both sexual orientation and gender identity Advisory Opinions (13 withdrawn in total) Circulars (16 withdrawn in total) Reopening Deposit Accounts that Consumers Previously Closed – issued in May 20243, this circular indicated that it is likely an unfair act and/or practice to unilaterally reopen a deposit account that was previously closed by the consumer Bulletins (23 withdrawn in total) Prohibition of Unfair, Deceptive, or Abusive Acts or Practices in the Collection of Consumer Debts – issued in July 2013, this bulletin outlined several debt collection practices that the agency would consider to be unfair, deceptive, and/or abusive
In January, the Consumer Financial Protection Bureau (CFPB) issued a final rule to amend Regulation V concerning the use of medical information in connection with a determination of eligibility for credit. Under the rule, the instances in which a creditor can use medical information about a consumer are significantly limited. In addition, the rule generally prohibits consumer reporting agencies from providing a creditor with a report that contains medical debt information. The rule was originally scheduled to take effect on March 17th. However, due to litigation filed in the US District Court for the Eastern District of Texas, the rule was stayed for 90 days until June 15th. The CFPB now agrees that it exceeded its statutory authority when promulgating the rule. The parties have filed a joint motion asking the court to find that the rule is contrary to federal law. In light of this development, Judge Jordan has cancelled a scheduled hearing regarding the preliminary injunction and has asked all parties involved to fully brief the case for final resolution. If this case follows in the footsteps of the credit card late fee rule, the CFPB's decision to not defend the rule in federal court is likely a death knell. Final resolution of the litigation is anticipated in advance of the June 15th expiration of the preliminary injunction.
On April 14 th , the Chamber of Commerce of the United States and the Consumer Financial Protection Bureau (CFPB) filed a joint motion for entry of consent judgment to resolve litigation in the US District Court for the Northern District of Texas regarding the CFPB’s credit card late fee rule. In March 2024, the CFPB issued a final rule that would have limited large card issuers (those with more than 1 million open and active credit card accounts) from charging a late fee that exceeds $8. Almost immediately, a lawsuit was brought by the US Chamber of Commerce in federal district court asserting that the rule violated the CARD Act. To resolve this litigation, the parties have jointly asked the court to vacate the rule. Once the terms of the settlement have been approved by the court, card issuers will return to the safe harbor fee amounts outlined in 12 CFR 1026.52.
In a filing submitted in connection with a lawsuit in the US District Court for the Southern District of Florida challenging the small business lending data collection rule, the Consumer Financial Protection Bureau (CFPB) has indicated its intent to reopen the rule to make changes. According to the filing, the agency intends to issue a notice of proposed rulemaking as expeditiously as reasonably possible. By way of reminder, the rule is currently stayed by the 5th Circuit in companion litigation, but only for members of the American Bankers Association, America’s Credit Unions and other plaintiffs/intervenors. All other covered financial institutions are required to begin complying with the rule as soon as July 18, 2025 (depending on loan volume). However, the CFPB’s filing in the Florida case also agreed that “subjecting similarly situated entities to different compliance dates for Section 1071’s data collection requirements would not serve the public interest.” As a result, it is anticipated that the agency will announce that it does not intend to enforce the rule, in its current form, against any institution. Stay tuned for further developments.
On March 28, 2025, the Consumer Financial Protection Bureau (CFPB) announced that it will not prioritize enforcement or supervision actions with regard to the payday lending rule. In its press release , the CFPB said that it is contemplating issuing a notice of proposed rulemaking that would further narrow the scope of the rule. As a reminder, the payday lending rule, which took effect on March 30th, requires covered financial institutions to: Obtain new and specific automatic payment authorization for a covered loan after two consecutive automatic payment attempts have failed, and Provide specific disclosures and notices in connection with a covered loan. Only lenders that originate 2,500 or more covered loans in a calendar year are covered by the requirements of the rule.
The Financial Crimes Enforcement Network (FinCEN) has issued an interim final rule removing the requirement for domestic reporting companies to file their beneficial ownership information directly with the agency. The Corporate Transparency Act (CTA), passed by Congress in 2020, required reporting companies to submit information about their beneficial owners directly to FinCEN. The interim final rule now exempts domestic reporting companies from this registration requirement. A domestic reporting company is defined as any corporation, limited liability company, or other entity that is created by a filing with the secretary of state (or similar office) under the laws of any state or Indian tribe. Foreign reporting companies will continue to be subject to the reporting requirement; however, will not have to report information about any of its beneficial owners that are US persons. Existing foreign reporting companies will have 30 days from the rule's publication in the Federal Register to submit their information to FinCEN. New foreign reporting companies will have 30 days from formation to submit their information. FinCEN's interim final rule does not change the 2018 customer due diligence requirements, which charge financial institutions with collecting beneficial ownership information about legal entity customers at the time of account opening.
On March 19th, the US Department of Housing and Urban Development (HUD) issued Mortgagee Letter 2025-08 . The letter rescinds, among other things, ML 2024-07, which imposed several borrower-initiated reconsideration of value (ROV) requirements in connection with FHA-insured residential mortgage loans with a case number assigned on or after October 31, 2024. The borrower-initiated ROV requirements rescinded by HUD's most recent mortgagee letter include, but are not limited to: Disclosure at application and again upon delivery of the appraisal copy information about the borrower's ability to initiate an ROV request, Policies and procedures that outline the steps a borrower must take to initiate an ROV request, along with milestones for communication with the borrower as to the status of his/her request, and The actions a creditor may take in response to an ROV request. While underwriter-initiated ROV requirements remain in effect for FHA loans, HUD states that the borrower-initiated requirements are being rescinded in response to President Trump's executive order dated January 20, 2025. That executive order was aimed at reversing policies that the administration feels have adversely affected key sectors, including the housing market. It remains to be seen whether the Federal Housing Finance Agency will follow suit and rescind their borrower-initiated ROV requirements in connection with Fannie Mae and Freddie Mac loans.
In Letter to Credit Unions 25-CU-03 , the National Credit Union Administration (NCUA) announced its new exam scheduling policy. Effective January 1, 2025, federally insured credit unions (FICUs) will be examined according to the following schedule: 8 to 12 months following its last examination date FICUs with ANY of the following characteristics - A CAMELS rating of 3, 4, or 5, Considered less than well capitalized, An outstanding enforcement action, or Assets greater than or equal to $10 billion. FICUs with assets between $1 billion and $10 billion, and A CAMELS rating of 3, 4, or 5, or A change in CEO since its last examination. 12 to 16 months following its last examination date FICUs with assets between $1 billion and $10 billion, and A CAMELS rating of 1 or 2, and No change in CEO since its last examination. 14 to 18 months following its last examination date Federal credit unions (FCUs) not included above Once every 5 years Federally insured state-chartered credit unions (FISCUs) not included above The NCUA believes this revised schedule will allow it to better respond to emerging risks and priorities using available resources. It is important to note that nothing in the new schedule limits the NCUA's authority to examine any FICU as frequently as the agency deems necessary.
