To keep you informed of recent activities, below are several of the most significant federal and state events that have influenced the Consumer Financial Services industry over the past week.
Federal Activities:
On October 28, the Consumer Financial Protection Bureau (CFPB) issued a new interpretive rule replacing its 2022 interpretive rule (withdrawn in May 2025) concerning the scope of preemption under the Fair Credit Reporting Act (FCRA). This new interpretive rule clarifies that the FCRA broadly preempts state laws related to credit reporting, reinforcing Congress’s intent to establish national standards. This move replaces the previous rule, which was criticized for its potential to create regulatory confusion. The new rule emphasizes that the FCRA broadly preempts state laws concerning credit reporting. The new rule seeks to maintain a unified national credit market, preventing the fragmentation that could arise from state-specific regulations. It is also consistent with Executive Order 13891, issued during President Trump’s first administration, emphasizing that federal agencies should not use guidance documents to create new rights or obligations. For more information, click here.
On October 24, Trump appointed Michael Selig as the new chair of the Commodity Futures Trading Commission (CFTC). Selig, who previously served as chief counsel for the CFTC’s crypto task force and collaborated with Securities and Exchange Commission (SEC) Chairman Paul Atkins, aims to transform the United States into the “Crypto Capital of the World.” His appointment, confirmed by both Selig and David Sacks, the White House’s AI and crypto czar, underscores the administration’s focus on digital assets amidst regulatory challenges. Selig’s commitment to modernizing regulatory approaches and fostering innovation aligns with the administration’s legislative efforts to elevate the digital assets industry. For more information, click here.
On October 21, Senators John Kennedy (R-LA) and Tim Scott (R-SC) introduced the STREAMLINE Act, aimed at modernizing the Bank Secrecy Act’s financial reporting requirements. The bill proposes to update the outdated thresholds for currency transaction reports (CTRs) and suspicious activity reports (SARs) to reflect inflation over the past 50 years, thereby reducing unnecessary paperwork and preventing the debanking of Americans. The proposed changes would raise the reporting thresholds and mandate the Treasury Department to adjust these amounts every five years. The legislation seeks to alleviate the regulatory burden on financial institutions, allowing them to focus on combating genuine financial crimes. The STREAMLINE Act has garnered support from several senators and industry associations, emphasizing the need for a modern regulatory framework that aligns with today’s economic realities. For more information, click here.
On October 21, Governor Christopher Waller delivered opening remarks at the Payments Innovation Conference held at the Federal Reserve Board in Washington, D.C. He emphasized the Federal Reserve’s commitment to embracing new technologies and players in the payments ecosystem, particularly those emerging from the decentralized finance (DeFi) and cryptocurrency sectors. Waller highlighted the transformative impact of innovations such as stablecoins, tokenized assets, and artificial intelligence on the payment system, and underscored the importance of integrating these advancements with traditional financial infrastructure. He introduced the concept of a “payment account” to provide basic Federal Reserve payment services to legally eligible institutions focused on payment innovations, aiming to streamline access and support the evolving payments landscape. Waller’s remarks signaled a new era for the Federal Reserve, welcoming private-sector innovation while maintaining the safety and stability of the financial system. For more information, click here.
On October 21, at the Securities Industry and Financial Markets Association’s (SIFMA) annual conference, SEC Chair Paul Atkins expressed support for congressional efforts to advance digital asset policy, particularly the market structure bill. He emphasized the SEC’s authority to define when an asset qualifies as a “security” and to issue rules and exemptions. Atkins proposed an “innovation exemption” to foster U.S.-based projects, with limits on size and participation to ensure it complements existing regulations. That same day, Acting CFTC Chair Caroline Pham announced that the CFTC is executing a 12-month roadmap to implement recommendations from the President’s Working Group on digital assets, targeting a year-end launch of “listed spot crypto” trading on a CFTC-registered designated contract market. Pham also plans to issue guidance on tokenized collateral in derivatives markets by year-end, highlighting the agency’s proactive stance in modernizing financial infrastructure through blockchain technology and tokenization. For more information, click here and here.
On October 20, the National Credit Union Administration (NCUA) announced a proposed rulemaking to formally eliminate the use of reputation risk from its supervisory program, as previously declared. This rule aims to prohibit the NCUA from directing credit unions to close accounts or terminate services based on a person or entity’s protected class or political views. The NCUA has identified reputation risk as subjective and lacking measurable criteria, and the proposed rule seeks to ensure that supervision and examination are grounded in data-driven conclusions, minimizing the influence of individual perspectives. Interested parties can review the proposed rule and submit comments through the Federal eRulemaking Portal. For more information, click here.
On October 20, Senators Elizabeth Warren (D-MA) and Andy Kim (D-NJ) addressed a letter to Acting Chairman Travis Hill of the Federal Deposit Insurance Corporation (FDIC), urging the reimposition of a moratorium on deposit insurance applications from commercially owned industrial loan companies (ILCs). The letter highlights concerns reminiscent of those in the early 2000s when Walmart’s proposed industrial bank raised significant public apprehension, leading to a similar moratorium. The senators argue that a pause is necessary to allow Congress to address the longstanding separation between banking and commerce, which is threatened by applications from Big Tech, automobile manufacturers, and large retailers. They emphasize that maintaining this separation is crucial for promoting economic competition, enhancing financial stability, and preventing the concentration of power among a few corporate giants. The letter underscores the need for rigorous evaluation of ILC applications against statutory standards, as many fail to meet the legal criteria, posing risks to the Deposit Insurance Fund and failing to serve community needs. For more information, click here.
On October 20, Comptroller of the Currency Jonathan Gould addressed the American Bankers Association Annual Convention in Charlotte, NC, outlining the Office of the Comptroller of the Currency’s (OCC) initiatives to support community banking. Gould emphasized the need to rectify the regulatory overreach that followed the 2008 financial crisis, which he believes led to inappropriate supervision and policy. To aid community banks, the OCC has reduced assessments by 30% for banks with assets under $40 billion, reinstated a dedicated supervisory group, and shifted focus to material financial risks rather than agency policy compliance. Additionally, the OCC has expedited the licensing process for community bank mergers and plans to ease Community Reinvestment Act reviews, arguing that community banks inherently meet local credit needs. For more information, click here.
On October 16, the FDIC, Federal Reserve Board, and OCC jointly announced the withdrawal of the interagency Principles for Climate-Related Financial Risk Management for Large Financial Institutions. The agencies concluded that these principles were unnecessary, as existing safety and soundness standards already require institutions to manage risks effectively based on their size and complexity. The decision reflects a belief that institutions should address all material financial risks, including emerging ones, without additional climate-specific guidelines. This withdrawal, effective immediately, follows the OCC’s earlier decision to cease participation in these principles. The notice of rescission will be published in the Federal Register. For more information, click here.
On October 15, Hill addressed the Single Resolution Mechanism’s 10th Anniversary Conference, highlighting the FDIC’s collaborative efforts with the Single Resolution Board to enhance resolution capabilities for financial institutions. Hill reflected on lessons learned from the 2023 banking turmoil, which saw the failure of three large U.S. banks and a global systemically important bank in Europe. He emphasized the FDIC’s shift from a bridge bank strategy to prioritizing weekend sales for resolving large regional banks, as outlined in recent FAQs. Hill also discussed improvements in the FDIC’s bidding process, transparency, and operational readiness, including the development of a prequalification process for nonbank bidders and enhancements to the least-cost test model. These initiatives aim to streamline the resolution process, reduce costs to the Deposit Insurance Fund, and ensure preparedness for future financial disruptions. For more information, click here.
On October 15, Senator John Kennedy (R-LA) addressed the floor regarding the need for market structure legislation for digital assets, highlighting the confusion surrounding the jurisdiction of the SEC and the CFTC over cryptocurrencies. The Senate Banking Committee is considering new legislation to provide clarity and address the regulatory overlap, following the passage of the Genius Act, which regulates stablecoins. The House has already passed the Clarity Act, but the Senate is contemplating drafting its own complementary bill. Kennedy emphasized the importance of balancing jurisdiction between the SEC and CFTC, coordinating with the Senate Agriculture Committee, and addressing concerns from the banking community about the Genius Act. The need for hearings to explore issues such as tokenized securities, deposit insurance for digital assets, and fiduciary responsibilities of digital commodity brokers was also underscored. For more information, click here.
State Activities:
On October 21, the New York Department of Financial Services (DFS) issued important guidance for covered entities (including all DFS licensees) for managing their cybersecurity risk related to third-party service providers (TPSPs). Industry Letter – October 21, 2025: Guidance on Managing Risks Related to Third-Party Service Providers specifically includes the covered entity’s use of cloud, file transfer, AI and fintech providers. According to the DFS, the “Guidance does not impose new requirements or obligations . . ..” Rather, “it is intended to clarify regulatory requirements, recommend industry best practices . . ., and promote compliance . . ..” The Guidance highlights that managing the cybersecurity risk presented by TPSPs “remains a crucial element of a Covered Entity’s cybersecurity program,” and notes that it applies to all covered entities, regardless of size. Particularly given the prominence of TPSPs in recent cybersecurity incidents, the Guidance should be considered carefully in every covered entity’s evergreen effort to mitigate cybersecurity risk. For more information, click here.
On October 21, the Oregon Division of Financial Regulation (DFR) issued two bulletins urging insurance companies, health care service contractors, state-regulated financial institutions, and other financial product providers to offer relief to those impacted by the ongoing federal government shutdown. The shutdown, which began on October 1, has affected approximately 10,000 federal employees in Oregon, leading to potential financial hardships. DFR Administrator TK Keen emphasized the importance of regulated entities taking proactive measures to assist affected customers, such as providing grace periods for premium payments, extending deadlines for insurance claims, and postponing foreclosures and evictions. The bulletins, available on the DFR’s website, aim to ensure compliance with state and federal regulations while offering necessary support to those facing financial difficulties due to the shutdown. For more information, click here.
On October 20, a coalition of attorneys general (AG) from 21 states submitted a comment letter to SEC Commissioner Hester Peirce in response to her statement, “There Must Be Some Way Out of Here,” which solicited public input on cryptocurrency and digital asset issues. The letter primarily addresses the need for clear, narrowly tailored definitions regarding when digital assets or related transactions constitute securities under federal law. The AGs emphasize that such clarity is essential to prevent federal overreach that could undermine state authority, disrupt consumer protections, and impede states’ operational needs, such as unclaimed property administration. They advocate for definitions that respect federalism, enhance consumer protection, and support state innovation in regulating emerging technologies. The letter builds on recent legislative developments, including the GENIUS Act, and underscores the importance of maintaining the balance of power between federal and state governments. For more information, click here.
On October 20, New York AG Letitia James announced a settlement with Wojeski & Company, a public accounting firm, following two cybersecurity incidents that exposed the personal information of more than 4,700 New Yorkers. The investigation revealed that Wojeski failed to promptly notify affected individuals, taking more than a year to do so. As part of the settlement, Wojeski agreed to pay $60,000 in penalties and implement enhanced data security measures, including comprehensive information security programs, encryption of personal data, and improved incident response plans. The settlement underscores the importance of robust cybersecurity practices and timely communication in protecting consumer data. For more information, click here.
On October 17, the California Department of Financial Protection and Innovation entered into a consent order with Apoyo Financiero Inc. The order addresses violations of the California Financing Law (CFL) by Apoyo Financiero, specifically concerning excessive charges on consumer loans. The company agreed to cease collection efforts on charges exceeding CFL limits, vacate certain court judgments, and provide refunds to affected borrowers. Additionally, Apoyo Financiero will pay a $1 million penalty and $5,500 in investigative costs. For more information, click here.
On October 14, New York City Mayor Eric Adams issued Executive Order No. 57, establishing the Office of Digital Assets and Blockchain Technology within the Office of the Mayor. This initiative aims to position New York City as a leading hub for digital assets and blockchain technology, reflecting the city’s status as a global financial capital. The newly formed office will be led by an executive director reporting to the chief technology officer and will focus on fostering industry growth, encouraging investment, and promoting responsible innovation. It will also collaborate with various city agencies to align policies and initiatives related to digital assets. The order underscores New York City’s commitment to supporting the burgeoning digital asset sector and ensuring its integration into the city’s economic framework. For more information, click here.