To keep you informed of recent activities, below are several of the most significant federal events that have influenced the Consumer Financial Services industry over the past week.
Federal Activities:
On May 15, the Office of the Comptroller of the Currency (OCC) issued two final rules addressing national banks’ and federal savings associations’ authority to pay interest on funds held in real estate escrow accounts, codifying longstanding powers to establish and maintain escrow accounts and to determine, in their business judgment, whether and on what terms to pay compensation or charge fees on those accounts, and issuing a preemption determination that federal law overrides New York’s interest-on-escrow statute and 13 other substantively equivalent state and territorial laws (including those in Guam and the U.S. Virgin Islands). The OCC framed federal preemption as a key tool to reduce regulatory burden and spur real estate lending, and praised a recent Second Circuit decision holding that federal law preempts New York’s law, stating that the court’s ruling and these final rules together provide important clarity on the scope of federal preemption in this area. For more information, click here.
On May 15, the National Credit Union Administration (NCUA) issued a notice of proposed rulemaking to establish operational and risk management standards for NCUA‑licensed permitted payment stablecoin issuers (PPSIs) under the GENIUS Act. NCUA Chairman Kyle Hauptman emphasized that the proposal is designed to align PPSI standards for credit union subsidiaries with those proposed for bank subsidiaries so credit unions are not disadvantaged. The rule would implement portions of the GENIUS Act by setting requirements for licensing, regulating, and supervising payment stablecoin issuers that are subsidiaries of federally insured credit unions, supplementing the NCUA’s February 2026 proposal on PPSI investments and licensing by addressing the issuance of payment stablecoins and related activities, and would also amend NCUA regulations on share insurance coverage, tokenized shares, and other conforming and clarifying changes. Comments are due by July 17, 2026. For more information, click here.
On May 15, the UK Financial Conduct Authority, Bank of England, and HM Treasury issued a joint statement warning that “frontier” AI models already enable cyber capabilities that exceed those of skilled human attackers in speed, scale, and cost, significantly amplifying cyber and operational resilience risks for regulated firms and financial market infrastructures; the authorities stressed that firms must ensure boards and senior management understand these risks, increase investment and resourcing for core cyber controls, rapidly identify and remediate vulnerabilities (including in third‑party and open‑source components), strengthen access, network, and data protections (potentially using AI‑enabled defenses), and be able to respond to and recover from frontier‑AI‑driven disruptions, while regulators continue to monitor developments and engage industry through the Cross Market Operational Resilience Group. For more information, click here.
On May 15, the European Central Bank (ECB) published a blog explaining how cross-border flows via nonbank financial institutions (NBFIs) are constraining financing for euro area firms and affecting monetary policy transmission, highlighting two key trends: euro area NBFIs, especially investment funds, have been reallocating their rapidly growing portfolios toward U.S. corporate equities and away from euro area corporate equities and other European assets, and euro area banks have been steadily increasing short-term, often collateralized lending to (frequently foreign) NBFIs while reducing lending to non-financial firms. ECB research cited in the post finds that a 1-percentage-point increase in NBFIs’ U.S. equity share is associated with a 0.3-percentage-point decline in their euro area equity share, and that when a bank raises its lending to NBFIs by 1 percentage point, its corporate borrowers’ access to bank credit falls by about 0.55 percentage points, leaving firms unable to fully substitute other funding sources and contributing to a sluggish recovery in external financing despite policy easing. For more information, click here.
On May 14, the Senate Banking, Housing, and Urban Affairs Committee held a hearing and voted 15–9 to advance H.R. 3633, the Digital Asset Market Clarity Act of 2025 (the CLARITY Act), sending the first comprehensive Senate crypto market structure bill to the floor. The CLARITY Act would create a federal regulatory framework for cryptocurrencies and other digital assets by clarifying the division of authority between the Securities and Exchange Commission (SEC) and Commodity Futures Trading Commission (CFTC), codifying core conduct and disclosure obligations for intermediaries, and integrating anti‑fraud and anti‑money‑laundering requirements into the digital asset ecosystem. The markup was not without controversy, particularly on financial crime and national security issues. And, while the bill advanced with bipartisan support, several committee members criticized the decision to rule certain amendments out of order and indicated they supported advancing the bill based on good‑faith negotiations, but would seek further changes before a floor vote, particularly on illicit finance and ethics. Despite these divisions, the committee’s bipartisan action signals growing Senate appetite to move away from a “regulation‑by‑enforcement” approach and toward clearer statutory rules of the road for digital assets. For more information, click here.
On May 13, the U.S. District Court for the District of Nevada granted in part the Federal Trade Commission’s (FTC) motion to hold payment processor Cardflex, Inc. (now Cliq Inc.) and two executives in civil contempt of a 2015 stipulated permanent injunction, finding by clear and convincing evidence that they violated multiple provisions of the order by processing for MATCH‑listed merchants (including Target Fulfillment, Limitless, Premier Health, and iBuumerang), failing to properly underwrite and monitor high‑risk clients, and assisting merchants in evading fraud and risk‑monitoring programs. The court imposed $6.5 million in compensatory contempt sanctions, well below the $52.9 million in consumer loss the FTC sought, but denied the FTC’s requests for coercive relief, including appointment of a receiver and lifetime industry bans, and separately rejected Cliq’s Rule 60(b)(5) motion to narrow or relax the existing order, holding that the company had not shown changed circumstances warranting modification. For more information, click here.
On May 13, the U.S. Senate voted 54–45 to confirm Kevin Warsh as the next chair of the Federal Reserve, in the narrowest and most partisan Fed chair confirmation of the modern era, with only one Democrat (Senator John Fetterman) crossing party lines. Warsh, a former Fed governor (2006–2011) and long‑time critic of recent monetary policy, has called for “regime change” at the central bank and will succeed Jerome Powell when Powell’s term expires Friday, while Powell remains on the Board as a governor. Warsh takes the helm amid intense political pressure from President Donald Trump for lower interest rates and fresh data showing inflation still running above the Fed’s 2% target, setting up immediate tests of how he will balance the White House’s expectations, market skepticism about further rate cuts, and his stated focus on affordability and price stability when he chairs his first Federal Open Market Committee meeting on June 16–17. For more information, click here.
On May 13, the FTC filed and simultaneously settled a lawsuit against online digital photo and video platform Shutterstock, Inc. in the Southern District of New York, alleging that the company used deceptive “negative option” subscription practices in violation of § 5 of the FTC Act and the Restore Online Shoppers’ Confidence Act (ROSCA). According to the complaint, Shutterstock misled consumers about its “annual, paid monthly” (APM) plans and on‑demand “packs,” failed to clearly disclose automatic renewals and hefty early‑termination fees, converted “free trials” into paid annual plans without adequate notice, and made it difficult and time‑consuming for customers to cancel. Under the stipulated order, Shutterstock does not admit liability but agrees to a permanent injunction and a $35 million monetary judgment for consumer redress. Going forward, Shutterstock must clearly and conspicuously disclose all material terms of any negative‑option offer (including renewal, billing frequency, cancellation fees, and how to stop charges) before obtaining billing information; obtain express informed consent to those terms; and provide cancellation mechanisms that are easy to find and at least as simple as enrollment, including true one‑click online cancellation and a functional customer‑service phone line. For more information, click here.
On May 13, the U.S. Court of Appeals for the Second Circuit affirmed the dismissal of all claims brought by Puerto Rico-chartered Banco San Juan Internacional, holding that the bank had no statutory entitlement to a Federal Reserve “master account” under the Federal Reserve Act as amended by the Monetary Control Act and that the Federal Reserve Bank of New York therefore did not have a nondiscretionary obligation to maintain the account after closing it for alleged anti-money laundering deficiencies. Because Banco San Juan’s federal claims (under the Administrative Procedures Act, Mandamus Act, Declaratory Judgment Act, and Fifth Amendment) all depended on such a mandatory duty, they were properly dismissed, and the court further concluded that the bank lacked constitutional standing to sue the Board of Governors, failed to plausibly allege any contract claim under New York law, and proposed a futile Equal Protection claim, thereby fully affirming the Southern District of New York’s judgment in favor of the Fed and its New York Reserve Bank. For more information, click here.
On May 11, the Consumer Financial Protection Bureau (CFPB) and Acting Director Russell Vought filed a notice of appeal to the U.S. Court of Appeals for the Ninth Circuit from Judge Edward Davila’s order granting summary judgment to three nonprofit plaintiffs in Rise Economy v. CFPB and from the resulting final judgment, which had effectively required the Bureau to resume drawing its primary funding from the Federal Reserve under 12 U.S.C. § 5497. The appeal sets up further litigation over the legality of the CFPB’s recent “profits-only” interpretation of the Fed’s “combined earnings” and the director’s decision not to request funds, an issue that goes to the heart of whether the agency can lawfully maintain operations through its standing appropriation or must curtail activity based on Antideficiency Act constraints. For more information, click here.
On May 11, the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) issued an alert to financial institutions detailing how Iran’s Islamic Revolutionary Guard Corps (IRGC) allegedly launders proceeds from illicit oil sales through shell companies, “shadow fleet” vessels, multijurisdictional shadow banking networks, and digital assets, including stablecoins, and urging firms to use a series of red flags — such as efforts to disguise vessel ownership and oil origin, unusual use of exchange houses, and atypical digital asset payments by petroleum or shipping companies — to detect and report suspicious activity; Treasury Secretary Scott Bessent framed the alert as part of the administration’s broader “Economic Fury” campaign to cut off funding for Iran’s weapons programs and terrorist proxies, emphasizing that any person, vessel, or financial institution facilitating illicit Iranian oil or commodity trade risks U.S. sanctions, while FinCEN highlighted its advisory and whistleblower programs as tools to help institutions strengthen AML/CFT controls and support law enforcement. For more information, click here.
On May 8, the SEC quietly sent a final rule titled “Rescission of Policy Regarding Denials in Settlements of Enforcement Actions” to the Office of Management and Budget (OMB) for review under Executive Order 12866. Although the text of the rule has not yet been released, the title strongly suggests that the SEC is preparing to roll back or significantly revise its decades‑old “no‑deny” settlement policy. Since 1972, SEC Rule 202.5(e) has provided that the agency will not settle a civil or administrative enforcement action unless the defendant or respondent agrees not to publicly deny the SEC’s allegations. In other words, a defendant can resolve an SEC case without admitting or denying the allegations, but cannot later publicly suggest that the allegations were unfounded. The rule was adopted as a statement of agency policy rather than through notice‑and‑comment rulemaking, and it applies across both federal court and administrative settlements. Critics have long argued that this “Gag Rule” operates as a content‑based prior restraint: it prohibits speech about the government’s own conduct, permanently, under threat that the SEC could reopen the case or seek additional sanctions if a defendant publicly contests the charges. That development arrives just as a major challenge to the policy is pending before the U.S. Supreme Court. For more information, click here.
On May 6, Fannie Mae issued Selling Guide Announcement SEL‑2026‑05, updating the Guide to (i) revise remote online notarization (RON) requirements by eliminating the obligation for lenders/servicers to retain the RON video, requiring use of a RON platform consistent with MISMO RON Standards 2.0 (except for the ID/authentication section), allowing identity verification via technical or non‑technical methods, and requiring retention and transfer of the RON audit trail; (ii) clarify that for single‑closing construction‑to‑permanent loans, lenders may sell loans with modified interest rates and loan amounts without resubmitting to Desktop Underwriter as long as changes fall within DU resubmission tolerances and all other construction‑to‑perm requirements are met; (iii) specify that IRS federal income tax installment agreements (approved or pending) may be included as monthly debt obligations when calculating DTI, subject to documentation and current‑payment evidence, otherwise requiring payoff of the tax balance before or at closing; and (iv) provide explicit project eligibility guidance for “condop” co-op projects that generally aligns with existing co-op standards but includes condop‑specific eligibility and documentation requirements, effective for new loan applications on or after August 6, 2026. For more information, click here.
State Activities:
On May 12, California Governor Gavin Newsom announced the appointment of Rohit Chopra, former director of the CFPB and former FTC commissioner, as secretary of the state’s new Business and Consumer Services Agency (BCSA). The new cabinet‑level agency, which formally launches on July 1, 2026, is designed to consolidate and elevate state‑level consumer and market oversight at a moment when federal enforcement is being scaled back. The BCSA will bring together a wide array of licensing, supervisory, and enforcement functions that directly affect consumer‑facing industries. The agency will house the existing Department of Financial Protection and Innovation (DFPI), the Department of Consumer Affairs, the Department of Real Estate, the Department of Alcoholic Beverage Control and its appeals board, the Department of Cannabis Control and appeals panel, and the California Horse Racing Board. With BCSA, those efforts will now be coordinated through a single agency. Chopra’s own statement underscores that, in his view, federal agencies are “making life more expensive and enriching special interests,” and that California intends to “fire on all cylinders” to prevent markets from being “rigged against families and small businesses.” For more information, click here.
On May 12, the Colorado legislature passed Senate Bill 26‑189, a substantial rewrite of its 2024 law establishing consumer protections for artificial intelligence (formerly referred to as the CO AI Act), and replaced it with a more targeted framework for “automated decision‑making technology” (ADMT). The law defines ADMT broadly as technology that processes personal data and uses computation to generate outputs (predictions, recommendations, classifications, rankings, or scores) that are used to make or assist decisions about individuals. A system becomes a “covered ADMT” when its outputs “materially influence” a consequential decision, meaning they are more than incidental and affect the outcome of the decision, for example by ranking applicants, constraining options, or determining pricing. Consumers who experience an adverse outcome from a consequential decision materially influenced by covered ADMT gain specific rights. They may request access to personal data used in the decision and request correction of factually incorrect or materially inaccurate personal data, in coordination with Colorado’s existing privacy framework. Consumers may also request “meaningful human review” and reconsideration of the decision, to the extent commercially reasonable. The changes will take effect on January 1, 2027. For more information, click here.
On May 12, Maryland Governor Wes Moore signed the Maryland Stablecoin Act (SB 662/HB 1355), creating a state-level regulatory and legal framework for payment stablecoin activities. Among other changes, the law designates the Office of Financial Regulation as the “state payment stablecoin regulator,” authorizes certain nondepository trust companies and credit union service organizations to be certified as “state issuers” or “payment stablecoin services institutions” aligned with the federal GENIUS Act, and establishes licensing, examination, and enforcement standards for entities that exchange payment stablecoins, provide custody and reserve management for permitted payment stablecoin issuers, or otherwise support stablecoin use, while prohibiting those entities from issuing stablecoins without explicit authority, making loans, or accepting insured deposits, and allowing the commissioner to tailor capital and assessment requirements and adopt implementing regulations before the act takes effect on January 1, 2027. For more information, click here.
On May 11, Georgia enacted the Georgia Payment Stablecoin Act (HB 1272), amending Title 7 of the Official Code of Georgia Annotated to create a comprehensive licensing and supervisory framework for “payment stablecoin” issuers aligned with the federal GENIUS Act, including requiring any “licensed payment stablecoin issuer” to be approved and overseen by the Department of Banking and Finance, maintain a substantive in‑state presence, and hold fully identifiable, highly liquid 1:1 reserves in specified assets (such as cash, Fed balances, short‑term Treasuries, and certain government money market instruments) held in trust for consumers. The law prohibits unlicensed issuance or marketing of payment stablecoins in Georgia after July 18, 2028, bars stablecoin issuers from paying interest or yield “solely in connection with” holding the token, and treats licensed issuers as financial institutions for Bank Secrecy Act, sanctions, anti-money laundering, and customer identification purposes, while authorizing the department to adopt rules, participate in NMLS, examine and investigate issuers, share information with the Federal Reserve, and use receivership, conservatorship, license revocation, cease‑and‑desist orders, and officer removals to enforce these requirements. The act becomes effective on the earlier of January 18, 2027, or 120 days after final GENIUS Act implementing regulations are issued. For more information, click here.