To keep you informed of recent activities, below are several of the most significant federal and state events that have influenced the Consumer Financial Services industry over the past week.
Federal Activities
State Activities
Federal Activities:
On April 18, at an emergency hearing in National Treasury Employees Union v. Vought, Judge Amy Berman Jackson once again halted the layoffs of more than 1,000 employees at the Consumer Financial Protection Bureau (CFPB). The hearing came one day after approximately 1,400-1,500 employees received reduction-in-force notices, leaving the CFPB with just over 200 personnel to carry out its regulatory activities. The judge emphasized the need for a comprehensive record to determine whether the firings complied with the D.C. Circuit’s order from last week. Specifically, the D.C. Circuit stayed Judge Jackson’s previous injunction on terminating employees “insofar as it prohibits the defendants from terminating or issuing a notice of reduction in force to employees deemed unnecessary after a particularized assessment.” In their show cause motion, the union argued that it was implausible that the CFPB “made a ‘particularized assessment’ of each employee’s role in the three-and-a-half business days since the court of appeals imposed that requirement.” Judge Jackson ordered another hearing for April 28, where plaintiffs will be able to call key decision-makers at the agency to the stand. For more information, click here.
On April 18, the National Credit Union Administration (NCUA) released a message to all employees regarding the current state of the NCUA Board. The message confirmed that President Donald J. Trump had terminated the positions of Todd Harper and Tanya Otsuka on April 17. This action has left the NCUA Board with only one member, leading to industry speculation about the board’s ability to function. The NCUA assured employees that there is precedent for a single board member to exercise full authority, referencing the period during the Bush administration when Chairman Dennis Dollar acted as the sole board member. The NCUA emphasized that Chairman Hauptman and the leadership team have the necessary authority to continue fulfilling the agency’s mission of protecting credit unions and their members. For more information, click here.
On April 18, the Federal Deposit Insurance Corporation (FDIC) announced modifications to its approach to resolution planning for large insured depository institutions (IDIs). The new strategy aims to streamline the resolution process by focusing on operational information critical for either resolving a large bank through a weekend sale or operating the institution temporarily while marketing it. For the upcoming submission cycle, the FDIC has exempted IDIs from certain content requirements, including the use of a bridge bank strategy and hypothetical failure scenarios. Acting Chairman Travis Hill highlighted that the 2023 bank failures underscored the high costs and risks associated with bridge bank solutions, prompting this shift toward more cost-effective and stabilizing resolutions for large regional banks. Additionally, the FDIC has released updated FAQs to clarify these exemptions and expectations, and it continues to evaluate other provisions of the IDI Rule for potential further guidance. For more information, click here.
On April 18, the U.S. Attorney for the Eastern District of New York, informed the Honorable Eric R. Komitee that the internal review of the case against John Karony, in light of the April 7, 2025 Memorandum issued by the deputy attorney general, has been completed. In the referenced memo, the deputy attorney general said the U.S. Department of Justice (DOJ) is “not a digital asset regulator” and that prosecutors should not proceed in cases where the DOJ would have to litigate whether a digital asset is a security or a commodity and where alternative charges such as wire fraud are available. The government confirmed its decision to proceed to trial on all counts against Karony, who, along with other executives of SafeMoon LLC, is charged with conspiracy to commit securities fraud, wire fraud, and money laundering. The charges stem from allegations that the defendants misappropriated millions of dollars of investors’ funds for personal use, including the purchase of luxury vehicles and real estate, by misleading investors about the security and use of SafeMoon’s liquidity pools. For more information, click here.
On April 16, Federal Reserve Chair Jerome H. Powell delivered remarks at the Economic Club of Chicago, discussing the economic outlook and monetary policy. Powell highlighted the solid position of the U.S. economy, with the labor market near maximum employment and inflation slightly above the 2% target. He noted that recent economic data indicates a slowdown in growth and heightened uncertainty due to trade policy concerns. Powell emphasized the Fed’s commitment to its dual mandate of maximum employment and stable prices, acknowledging the potential challenges posed by evolving policy changes in trade, immigration, fiscal policy, and regulation. Importantly, Powell’s speech suggested that the Fed is closely monitoring these developments and may consider adjustments to its policy stance to adapt to the changing economic landscape and ensure financial stability. For more information, click here.
On April 16, the U.S. District Court for the District of Columbia issued a memorandum opinion in the case of American Federation of Labor and Congress of Industrial Organizations v. Department of Labor, addressing the defendants’ motion to dismiss the plaintiffs’ first amended complaint. The plaintiffs, including several labor unions, alleged that the U.S. Department of Government Efficiency Service (USDS) and various federal agencies, including the Department of Labor (DOL), the Department of Health and Human Services (HHS), and the CFPB, engaged in unlawful actions following an executive order issued by Trump aimed at modernizing federal technology and software. The plaintiffs claimed that USDS personnel were given unprecedented access to sensitive information systems across these agencies, which included personal and confidential data. Specifically, at the CFPB, the plaintiffs alleged that USDS personnel gained access to internal systems managing human resources, procurement, and finance, potentially compromising more than 10 million consumer complaints and sensitive financial data. The court found that the plaintiffs adequately stated their ultra vires claim against USDS and some claims under the Administrative Procedure Act (APA) against DOL, HHS, and CFPB. However, the court determined that the plaintiffs failed to state their standalone Privacy Act claim. For more information, click here.
On April 16, the Office of the Comptroller of the Currency (OCC) announced significant changes to its organizational structure to enhance its supervisory approach, align similar functions, and improve efficiency. The OCC will merge the Midsize and Community Bank Supervision and Large Bank Supervision functions into a new Bank Supervision and Examination line of business. Greg Coleman, senior deputy comptroller for large bank supervision, will lead the new office. Additionally, the OCC will reinstate the Chief National Bank Examiner office, which will encompass the divisions of Bank Supervision Policy and Supervision Risk and Analysis, led by Jay Gallagher. The OCC will elevate its Information Technology and Security (ITS) function, appointing a new senior deputy comptroller for ITS to the Executive Committee. These changes will take effect on June 2. For more information, click here.
On April 16, the CFPB released a memo to staff outlining its new supervision and enforcement priorities for 2025. Key points include that going forward, the CFPB will: 1) decrease the overall number of supervisory exams by 50% and focus on conciliation, correction, and remediation of harms subject to consumer complaints; 2) shift its focus back to depository institutions and away from nonbanks; 3) prioritize cases involving actual fraud against consumers, with identifiable victims and measurable damages; 4) focus on getting money back directly to consumers rather than imposing penalties to fill the CFPB’s penalty fund; 5) prioritize providing redress to service members, their families, and veterans; 6) deprioritize participation in multistate exams unless required by statute and minimize duplicative enforcement where state regulators are already engaged; 7) eliminate duplicative supervision and coordinate exam timing with other federal regulators; 8) not pursue supervision under novel legal theories and will focus on areas clearly within its statutory authority; 9) not engage in redlining or bias assessment supervision based solely on statistical evidence, but instead pursue matters with proven intentional racial discrimination and identified victims. For more information, click here.
On April 15, the Department of the Treasury issued a direct final rule aimed at eliminating unnecessary regulations as part of an initiative to reduce regulatory burdens in accordance with Executive Order 14219. This rule targets the removal of outdated or inapplicable regulations within titles 12 and 31 of the Code of Federal Regulations (CFR). Specifically, it revokes regulations related to Federal Financing Bank Bills, Book-Entry Procedures for Federal Financing Bank Securities, TARP Standards for Compensation and Corporate Governance, TARP Conflicts of Interest, and certain civil penalty provisions under the Bank Secrecy Act. The rule will take effect on June 16, unless significant adverse comments are received by May 15. For more information, click here.
On April 15, the CFPB published its annual GAO-IG Act Reporting Annual Report, in compliance with the Good Accounting Obligation in Government Act (GAO-IG Act). This report details the status of open public audit recommendations issued by the Government Accountability Office (GAO) and the Office of the Inspector General (OIG) of the Board of Governors of the Federal Reserve System. Since its inception in July 2010, the CFPB has received a total of 471 recommendations, of which 92% have been closed. As of December 31, 2024, there are 38 open recommendations, with 35 being public. The report also confirms that there are no discrepancies between the CFPB’s report and those issued by the GAO and OIG. For more information, click here.
On April 15, the Federal Deposit Insurance Corporation (FDIC) announced the permanent adoption of electronic communications as the preferred method for supervisory correspondence, solidifying the temporary secure mail procedures initially implemented in March 2020. This change applies to all FDIC-supervised financial institutions and includes guidance on using the FDIC’s Secure Email portal for sending official supervisory correspondence. While electronic communication is now the standard, institutions may still submit hardcopy documents, if necessary, though this is expected to be rare. For more information, click here.
On April 15, a group of U.S. senators, including Andy Kim (D-NJ), Elizabeth Warren (D-MA), and Charles E. Schumer (D-NY), formally requested that the Federal Housing Finance Agency (FHFA) OIG review recent actions taken by FHFA leadership. These actions include the overhaul of the boards of directors of Fannie Mae and Freddie Mac, as well as significant workforce reductions within the FHFA. The senators are seeking to determine whether these decisions complied with all relevant federal laws, regulations, and agency policies, and to assess the impact of these workforce reductions on the FHFA’s ability to fulfill its statutory functions. The request follows reports of sudden board member dismissals, the appointment of FHFA Director William Pulte as chair of both boards, and the placement of 35 unionized FHFA employees on administrative leave without advance notice. For more information, click here.
On April 14, the Federal Trade Commission (FTC) issued a request for public comment regarding the reduction of anti-competitive regulatory barriers, in line with Trump’s Executive Order 14267. The FTC seeks input on how federal regulations may harm competition within the American economy, potentially excluding new market entrants, protecting dominant incumbents, and stifling innovation. The FTC encourages feedback from a wide range of stakeholders, including consumers, businesses, and academics, on specific regulations that create monopolies, limit competition, or impose unnecessary barriers. Comments must be submitted by May 27. For more information, click here.
On April 14, the CFPB agreed to vacate its controversial credit card late fee rule in a joint motion for entry of consent judgment filed in Chamber of Commerce of the United States of America v. CFPB yesterday. The joint motion requested the court to vacate the credit card late fee rule and dismiss all other claims with prejudice. The parties agreed that the rule violated the Credit Card Accountability and Disclosure Act (CARD Act) by not allowing card issuers to charge penalty fees that account for deterrence and consumer conduct. For more information, click here.
On April 14, the FTC released a data spotlight on the top text scams of 2024, revealing a significant increase in financial losses despite a decrease in the number of reports. Specifically, in 2024, reported losses to text scams reached $470 million, more than five times the amount reported in 2020. Due to a lack of reporting, this number reflects only a fraction of the actual losses. The report identifies the top five text scams, which together account for about half of all text frauds reported to the FTC’s Consumer Sentinel Network in 2024: fake package delivery problems; phony job opportunities; fake fraud alerts; bogus notices about unpaid tolls; “wrong number” texts. For more information, click here.
On April 11, the DOJ implemented a critical national security program aimed at protecting Americans’ sensitive data from foreign adversaries such as China, Russia, and Iran. This Data Security Program, established under Executive Order 14117 and managed by the National Security Division (NSD), seeks to prevent these adversaries from exploiting U.S. government-related data and personal data for espionage, surveillance, and other activities that threaten national security. The program introduces export controls to restrict access to sensitive data and includes a compliance guide, a list of frequently asked questions, and an initial 90-day enforcement policy to help entities comply with the new regulations. The program, which went into effect on April 8, underscores the DOJ’s commitment to addressing the national security threats identified in various assessments and strategies, including Trump’s 2017 National Security Strategy and the 2025 Annual Threat Assessment of the U.S. Intelligence Community. For more information, click here.
State Activities:
On April 18, Iowa enacted House File 857, a bill aimed at regulating the solicitation practices of financial institutions using prescreened trigger lead information from consumer reports. The new law prohibits financial institutions from engaging in unfair or deceptive practices when soliciting consumers who have applied for loans with other institutions. Specifically, it mandates clear disclosure of nonaffiliation with the initial lender, adherence to state and federal laws on prescreened solicitations, and prohibits the use of information from consumers who have opted out of such offers or are on the federal do-not-call registry. Violations of this law are deemed unlawful practices under section 714.16 of the Iowa Code. For more information, click here.
On April 17, the Arizona House of Representatives took significant action on SB 1373, which aims to create the Digital Assets Strategic Reserve Fund. Representative Carbone motioned, pursuant to House Rule 12(P), to calendar SB 1373 for an Additional Committee of the Whole for further amendments, which passed by voice vote. SB 1373 establishes the fund to be administered by the state treasurer. The fund will consist of monies appropriated by the legislature and digital assets seized by the state. The state treasurer is tasked with depositing seized digital assets into the fund through secure custody solutions or exchange-traded products, administering the fund, and ensuring that no more than 10% of the fund’s total monies are invested in any fiscal year. Additionally, the treasurer is authorized to loan digital assets from the fund to generate returns, provided there is no increase in financial risk to Arizona. For more information click here.
On April 16, the U.S. District Court for the Eastern District of Kentucky issued an order in the case of Commonwealth of Kentucky v. SEC, granting the defendants’ consented-to motion to hold the case in abeyance. The motion, supported by both parties, cited a leadership transition within the Securities and Exchange Commission (SEC) that could potentially resolve the ongoing dispute. The lawsuit, initiated by Kentucky and 17 other states, challenges the SEC’s authority to regulate digital assets by classifying them as investment contracts. The court’s order stays all proceedings and deadlines for 60 days and requires the parties to jointly file a status report within 30 days. This development comes amid broader legal and regulatory shifts under Trump’s administration, which has pledged to roll back SEC enforcement efforts in the crypto market. For more information, click here.
On April 16, eight state regulators announced the formation of the Consortium of Privacy Regulators, a bipartisan effort aimed at enhancing the implementation and enforcement of privacy laws to protect consumers. This consortium, which includes state attorneys general and the California Privacy Protection Agency, has entered into a memorandum of understanding to facilitate discussions on privacy law developments and shared priorities. The collaboration seeks to address the rapid changes in technology and the increasing use of personal information, which, while valuable for innovation, also poses significant risks of exploitation and exposure. By sharing expertise and resources, the consortium aims to coordinate efforts to investigate potential violations and promote consistent enforcement of privacy protections across jurisdictions. Members include representatives from California, Colorado, Connecticut, Delaware, Indiana, New Jersey, and Oregon. For more information, click here.
On April 14, North Dakota passed House Bill No. 1127 establishing a comprehensive financial institution data security program. The bill also amends and reenacts various sections of the Century Code related to the Department of Financial Institutions, including provisions on the removal of officers, directors, and employees of financial institutions, the issuance of cease-and-desist orders, and the renewal and revocation of licenses. The new chapter mandates that financial corporations develop, implement, and maintain robust information security programs to safeguard customer information, including requirements for risk assessments, encryption, and incident response plans. The bill aims to enhance the security and integrity of financial data, ensuring that financial institutions in North Dakota adhere to stringent data protection standards. For more information, click here.
On April 14, Arkansas enacted HB 1467, amending the Uniform Money Services Act. Key changes include the addition of definitions for “elder adult,” “existing customer,” “new customer,” and “virtual currency kiosk operator.” The act mandates comprehensive disclosure requirements for virtual currency transactions, including material risks and terms and conditions. It also establishes maximum daily transaction limits and requires virtual currency kiosk operators to implement robust security measures, such as multifactor authentication and blockchain analyses. Additionally, the act introduces training requirements for authorized delegates to recognize and respond to financial abuse of elder adults. The legislation aims to enhance consumer protection and data security within the state’s financial services sector. For more information, click here.
On April 11, Tennessee Governor Bill Lee signed HB 911 into law, enacting several significant amendments to the Tennessee Consumer Protection Act of 1977. The bill expands the definition of unlawful acts to include practices that are unfair to consumers, in addition to those that are deceptive. It removes the provision that made it unlawful to advertise or sell goods or services that are illegal in the state. The bill also modifies the process for the attorney general to negotiate assurances of voluntary compliance, eliminating the requirement for such assurances to be in writing and approved by the court. Additionally, the bill clarifies the attorney general’s role in discovery during enforcement actions and revises exemptions for publishers and broadcasters. It updates the requirements for disclosures in advertisements under the Government Imposter and Deceptive Advertisements Act, mandates that violations of on-site parking payment and third-party ticket reseller provisions be treated as violations of the Consumer Protection Act, and redefines “nonprofit organization” under the Tennessee Information Protection Act to include public utilities regulated by state law. For more information, click here.
On April 11, Tennessee enacted Senate Bill 816, which amends various titles of the Tennessee Code Annotated (TCA), specifically Titles 4, 39, 47, and 65. The bill increases the timeframe within which consumer reporting agencies (CRAs) must place a security freeze on a consumer report, extending it from three to five business days after receiving a written or electronic request from a Tennessee consumer. This change aims to provide CRAs with additional time to process security freeze requests, thereby enhancing the protection of consumer information. For more information, click here.
On April 10, State Senator Mark Walker advanced Senate Bill 1797, known as the Digital Assets and Consumer Protection Act, through the Illinois Senate. This legislation aims to protect Illinois consumers from digital asset fraud by establishing stringent guidelines for cryptocurrency companies. The bill mandates that these companies provide clear disclosures to consumers, demonstrate financial fitness for payouts, and register with the Illinois Department of Financial and Professional Regulation. Additionally, it requires the implementation of procedures to mitigate risks related to money laundering, fraud, and cybersecurity. Walker emphasized the importance of these measures in fostering a trustworthy environment for the digital assets industry, which has been plagued by fraudulent schemes such as “pig butchering” and “rug pulls.” With Illinois ranking sixth in the nation for crypto fraud losses in 2023, this bill seeks to enhance consumer protection while supporting the growth of legitimate digital coin businesses. For more information, click here.
On April 10, New York Assembly Bill A7788, which establishes cryptocurrencies as a form of payment for state agencies, was referred to the Governmental Operations Committee. Sponsored by Assembly Member Vanel, this bill proposes that state agencies in New York be allowed to accept digital currencies such as Bitcoin, Ethereum, Litecoin, and Bitcoin Cash for payments of fines, taxes, fees, and other financial obligations. The bill aims to modernize payment methods and integrate digital assets into state financial operations. If enacted, it would require state agencies to enter agreements with cryptocurrency issuers and ensure secure and regulated transactions. For more information, click here.
