To keep you informed of recent activities, below are several of the most significant federal and state events that have influenced the Consumer Financial Services industry over the past week.
Federal Activities
On December 19, the Federal Deposit Insurance Corporation (FDIC) published a notice of proposed rulemaking to implement the Guiding and Establishing National Innovation for U.S. Stablecoins Act (GENIUS Act) by establishing a tailored application process under 12 CFR Part 303 for FDIC‑supervised insured state nonmember banks and state savings associations seeking approval to issue payment stablecoins through a subsidiary as a permitted payment stablecoin issuer. The proposal describes required application contents so that the FDIC can assess the applicant’s ability to meet statutory 1:1 reserve, disclosure, risk management, and consumer protection standards and to operate in a safe and sound manner. The rule would require the FDIC to determine whether an application is “substantially complete” within 30 days, act on a substantially complete application within 120 days (with inaction resulting in deemed approval), limit denials to cases where activities would be unsafe or unsound under specified statutory factors, allow approvals with conditions that do not exceed GENIUS Act requirements, and provide a structured hearing and appeal process with defined timelines for applicants whose applications are denied. Comments on the proposal must be received by February 17, 2026. For more information, click here.
On December 19, the Federal Reserve Board requested public input on a proposed “payment account” that eligible financial institutions could use solely for clearing and settling payments, with the goal of supporting innovation while maintaining a safe and efficient payment system. The proposed payment account would be distinct from a traditional master account: it would not pay interest, would not have access to Federal Reserve credit, would be subject to balance caps, and would not expand or otherwise change legal eligibility for access to Federal Reserve payment services. By tailoring the account to limited-purpose use and restricting associated risks, the board anticipates that many requests for payment accounts could receive a more streamlined review. The request for information, described by Governor Christopher J. Waller as a key step in ensuring the Fed remains responsive to evolving payments models, will be open for public comment for 45 days after publication in the Federal Register. For more information, click here.
On December 18, the U.S. Senate confirmed President Trump’s crypto‑friendly nominees Mike Selig as chair of the Commodity Futures Trading Commission (CFTC) and Travis Hill as chair of the FDIC, in a 53–43 vote as part of a broader nominations package, positioning both agencies for a more supportive stance toward digital assets. Selig, a former senior cryptocurrency regulator and adviser with experience at the Securities and Exchange Commission (SEC) and CFTC, is expected to play a central role in making the CFTC a primary regulator of U.S. crypto activity, particularly if Congress completes long-pending market-structure legislation expanding the agency’s authority. Hill, who had been serving as acting FDIC chair and has already taken a crypto‑friendly approach is expected to oversee how stablecoin issuers and crypto‑focused banks interact with the insured banking system. For more information, click here.
On December 18, White House AI and crypto czar David Sacks said in a post on X that the Senate Banking and Agriculture Committees plan to mark up crypto market structure legislation in January, following confirmation from Senate Banking Chair Tim Scott and Senate Agriculture Chair John Boozman on a call, signaling movement on a draft bill that would give the CFTC greater oversight over digital asset markets and potentially set the stage for clearer US crypto policy in 2026. For more information, click here.
On December 17, the U.S. Court of Appeals for the District of Columbia issued a new order in National Treasury Employees Union (NTEU) v. Consumer Financial Protection Bureau (CFPB) granting rehearing en banc, vacating the panel’s August 15, 2025, judgment, and setting an expedited briefing and argument schedule. As background, the August 15 order vacated the district court’s preliminary injunction, which had previously restricted the CFPB’s actions to halt the bureau’s operations and terminate its employees. For more information, click here.
On December 17, the Office of the Comptroller of the Currency (OCC) proposed new guidance that would significantly streamline how community banks elect to be evaluated under the Community Reinvestment Act (CRA) by providing a simplified strategic plan form. Framed as part of Comptroller Gould’s broader initiative to reduce regulatory burden on community banks, the proposal would make the strategic plan option more accessible, more predictable, and less resource‑intensive for smaller institutions. The OCC’s proposed guidance does not change the underlying CRA regulation. Instead, it layers on an optional, more user‑friendly process and form for community banks that want to use a strategic plan. For more information, click here.
On December 17, the SEC’s Division of Trading and Markets issued a staff statement providing interim guidance on how broker-dealers can satisfy the “physical possession or control” requirement in paragraph (b)(1) of Rule 15c3-3 when custodying crypto asset securities for customers, explaining that the staff will not object to a broker-dealer treating itself as having “physical possession” if it has direct access to and transfer capability over the crypto asset security on its distributed ledger, conducts and documents ongoing assessments of the relevant blockchain’s technology, network, and governance, refrains from custodying assets where it is aware of material security, operational, or business risks associated with the network, implements written policies, procedures, and controls aligned with industry best practices to protect private keys from theft, loss, or unauthorized use, and maintains plans and arrangements to preserve safekeeping and accessibility of the crypto asset securities while emphasizing that this staff view is limited to Rule 15c3-3(b)(1) and does not address other federal securities law obligations. For more information, click here.
On December 17, the SEC’s Division of Trading and Markets issued FAQs on crypto asset activities and distributed ledger technology, explaining how existing broker-dealer, SIPC, transfer agent, exchange, ATS, clearing, and Regulation M frameworks apply to crypto asset securities and nonsecurity crypto assets. The FAQs clarify that Rule 15c3-3’s possession or control requirements apply only to securities, that crypto asset securities can be controlled under Rule 15c3-3(c) even if not certificated, and that broker-dealers may custody crypto asset securities without relying on the 2020 Special Purpose Broker-Dealer statement while treating proprietary bitcoin and ether positions as readily marketable for net capital haircuts. They emphasize that SIPC protection generally covers only “securities” as defined in SIPA and does not extend to nonsecurity crypto assets, discuss use of Article 8 UCC structures and robust recordkeeping for non-security crypto activities, and explain when crypto-related service providers must register as transfer agents and how registered transfer agents may use blockchains as their master securityholder file. The FAQs further state that exchanges and ATSs may offer security/nonsecurity crypto pairs trading if they meet all federal securities law requirements and make appropriate Form ATS/Form ATS-N disclosures, that broker-dealer ATS operators may also perform customary brokerage, custodial, and internal clearing functions without being clearing agencies, and that the staff will not object if crypto ETPs rely on the 2006 commodity-based investment vehicle Regulation M no‑action framework, subject to anti-fraud and anti-manipulation laws. For more information, click here.
On December 16, the CFTC published a notice in the Federal Register announcing that, effective December 10, 2025, it is withdrawing its June 24, 2020 interpretive guidance on “actual delivery” for retail commodity transactions involving certain digital assets (virtual currencies), explaining that the 2020 guidance has likely become outdated in light of market developments in spot and related derivatives markets and may conflict with the Commission’s ongoing work to implement recommendations of the President’s Working Group on Digital Asset Markets under Executive Order 14178. The Commission stated that the withdrawal is intended to allow it to reevaluate its approach to actual delivery in this area, noted that the action is neither a “significant regulatory action” under Executive Order 12866 nor a “major rule” under the Congressional Review Act, and reported that Acting Chairman Pham voted in favor with no commissioner voting against. For more information, click here.
On December 16, the FDIC’s board of directors approved the application for federal deposit insurance for Erebor Bank, N.A., a de novo national bank to be headquartered in Columbus, OH, subject to stringent conditions including at least $276 million in initial paid-in capital, maintenance of a Tier 1 leverage ratio of at least 12% for the first three years, prompt capital restoration via a capital call agreement if key capital thresholds are breached, and adherence to the submitted business plan absent prior regulatory nonobjection to material changes. The order also requires prior FDIC approval for changes in proposed management or significant ownership stakes before opening, full disclosure of insider interests to proposed directors, FDIC review and potential objection to senior management employment and compensation arrangements, and the ability to object to any director or senior executive following completion of background checks. In addition, the bank must finalize and submit its information systems and operational architecture, obtain independent validation of its proprietary core processing system, implement technical protocols to enable immediate cessation of transactions at the FDIC Cutoff Point, secure adequate fidelity coverage, and undergo annual independent financial statement audits for at least its first three years. Federal deposit insurance will not become effective until the OCC charters the bank and fully approves its operation, the FDIC’s consent will expire in one year if insurance is not in effect (absent an approved extension), and the FDIC reserves the right to alter, suspend, or withdraw its commitment based on interim developments. For more information, click here.
On December 16, the OCC released its Fall 2025 Semiannual Risk Perspective, concluding that the federal banking system remains sound, with satisfactory balance sheets and strong capital and liquidity positions, but cautioning that failure to invest in new technologies, products, and services could create long-term strategic risks for institutions. The report highlights credit, market, operational, and compliance risks as key themes, noting that commercial and retail delinquencies, loss rates, and noncurrent and classified loans remain manageable and liquidity is solid, while warning of rising cyber threats from foreign state-sponsored actors and sophisticated criminal groups, as well as continued challenges from increasingly complex and elevated fraud and scams targeting banks and their customers. For more information, click here.
On December 16, the FDIC board of directors approved two significant rules. The first was a final rule to streamline and reduce regulatory burden for insured state nonmember banks and insured foreign bank branches seeking to establish or relocate branches and main offices by, among other changes, deeming most expedited filings approved three business days after submission, eliminating the FDIC’s discretion to remove filings from expedited processing, removing filing requirements for de minimis facility changes, eliminating public notice and comment requirements, and extending approval expiration periods. The second was an interim final rule amending the collection of the special assessment used to recoup an estimated $16.7 billion in deposit insurance fund losses tied to 2023 bank failures, which lowers the eighth‑quarter assessment rate (payment due March 30, 2026) to avoid overcollection and establishes mechanisms to offset or impose a one‑time final special assessment after litigation and receiverships are resolved, depending on whether total collections ultimately exceed or fall short of the actual losses. For more information, click here and here.
On December 15, Senators Elissa Slotkin (D-MI) and Jerry Moran (R-KS) introduced the bipartisan Strengthening Agency Frameworks for Enforcement of Cryptocurrency (SAFE Crypto) Act, which would create a federal task force bringing together the Treasury Department, law enforcement, financial regulators, and private-sector experts to better identify, track, and stop cryptocurrency fraud. The task force would focus on equipping local law enforcement with improved tools, enhancing public education so consumers can recognize and avoid scams, and providing Congress with regular updates on emerging threats and enforcement progress as crypto use expands. Emphasizing the need to protect Americans’ financial security amid increasingly sophisticated digital asset scams, the sponsors framed the bill as a way to strengthen coordination across government and industry. For more information, click here.
On December 15, at the SEC’s Crypto Task Force Roundtable on Financial Surveillance and Privacy in Washington, D.C., Chairman Paul Atkins, Commissioner Hester Peirce, and Commissioner Mark Uyeda each emphasized that emerging crypto technologies force a fundamental reassessment of how to balance national security, illicit finance enforcement, and the Bank Secrecy Act with Americans’ core expectations of privacy and liberty. Atkins criticized the federal government’s “insatiable desire for data,” warning that tools like the Consolidated Audit Trail risk turning markets into a system of mass surveillance and that treating every wallet, protocol, and transaction as a surveillance node could yield a financial panopticon, even as crypto also enables privacy-preserving compliance through technologies such as zero-knowledge proofs and selective disclosure. Peirce, invoking both wartime experiences of surveillance and modern legal doctrines like the third‑party doctrine, argued that financial surveillance has become normalized in ways inconsistent with how we protect privacy in our homes, and she called for rethinking when and how transactions are monitored, particularly as disintermediated, on-chain activity grows and new tools like mixers, decentralized infrastructure, and privacy tech allow lawful users to protect themselves without branding privacy-seeking as suspicious. She stressed that regulators should not force intermediation just to create surveillance footholds, nor impose Bank Secrecy Act-style obligations on software developers who lack custody or control, and should pursue bad actors while protecting builders and law-abiding users. Uyeda framed the debate in constitutional terms, citing the Fourth Amendment and Justice Scalia’s warnings about technology eroding guaranteed privacy, and he highlighted both the efficiency and convenience of modern financial technologies and the danger that indiscriminate data collection by public and private actors can produce an omnipotent surveillance system that chills individual freedom. Across all three speeches, the commissioners urged a humble, principled regulatory approach that uses innovation to isolate wrongdoing without subjecting every American’s financial life to constant monitoring, thereby preserving both effective enforcement and the civil liberties that underlie a free society. For more information, click here, here, and here.
On December 15, Custodia Bank, Inc. filed a petition for rehearing en banc in the Tenth Circuit, arguing that a divided panel wrongly held that Federal Reserve regional banks have unreviewable discretion to grant or deny “master accounts” that are indispensable for a bank’s access to the payments system, effectively giving Fed officials the power to “kill” a state‑chartered bank by denying it an account. The petition contends this presents a question of exceptional importance because the ruling allows the Fed to veto state bank charters such as Wyoming’s special purpose depository institutions for digital asset businesses and raises serious Appointments Clause concerns by vesting that unreviewable power in regional Reserve Bank presidents who are not appointed as principal or inferior “Officers of the United States” under Article II. Custodia argues the panel’s reading disregards the plain text of the Monetary Control Act, which it says imposes a nondiscretionary duty to make Federal Reserve services (including master accounts) available to all “nonmember depository institutions” eligible for FDIC insurance, departs from decades of practice in which eligible banks routinely received accounts, and contradicts principles of federalism and constitutional avoidance. It urges the full court to adopt the view of the dissent and of Judge Bacharach in Fourth Corner Credit Union, holding that the Fed must provide master account access to legally eligible institutions and must manage risk through other statutory tools rather than by debanking entire categories of state‑chartered banks. For more information, click here.
On December 15, the Federal Reserve Board, CFPB, and OCC jointly announced inflation‑indexed threshold adjustments for 2026, stating that, based on a 2.1% increase in the Consumer Price Index for Urban Wage Earners and Clerical Workers, known as CPI-W, as of June 1, 2025, Regulation Z (Truth in Lending) and Regulation M (Consumer Leasing) will generally apply to consumer credit and lease transactions of $73,400 or less, while the exemption from special appraisal requirements for higher‑priced mortgage loans under the Dodd‑Frank Act will rise from $33,500 to $34,200, with both changes intended to ensure that key consumer protections keep pace with price levels and thereby support a safe, flexible, and stable monetary and financial system. For more information, click here and here.
On December 15, the CFPB issued a final rule amending Appendix O to Regulation V (which implements the Fair Credit Reporting Act (FCRA)) to set the maximum allowable charge that a consumer reporting agency may impose for a file disclosure under FCRA section 609 at $16.00 for calendar year 2026. Using the statutory $8.00 baseline in section 612(f)(1)(A) and the proportional increase in the CPI-U from September 1997 to September 2025 (from 161.2 to 324.800), the Bureau calculated an indexed amount of $16.12 and, as required, rounded it to the nearest fifty cents. The amendment is effective January 1, 2026. For more information, click here.
On December 15, the CFPB issued a final rule amending Regulation Z (Truth in Lending) to make its annual, CPI-based dollar threshold adjustments for 2026, leaving the minimum interest charge disclosure threshold for open-end credit plans unchanged at $1 while increasing the Home Ownership and Equity Protection Act (HOEPA) high-cost mortgage total loan amount threshold to $27,592 and the related points-and-fees dollar trigger to $1,380, and updating the “general qualified mortgage” (QM) and other QM thresholds so that, effective January 1, 2026, APR–APOR spread tests and points-and-fees caps reflect a 2.3% CPI‑U increase (for example, using new loan-amount tiers keyed to $137,958 and $82,775 for first-lien QMs and setting QM points‑and‑fees caps at 3% of the total loan amount for loans ≥ $137,958, $4,139 for loans between $82,775 and $137,958, 5% for loans between $27,592 and $82,775, $1,380 for loans between $17,245 and $27,592, and 8% for loans under $17,245). For more information, click here.
On December 15, U.S. and EU authorities issued a joint statement on the EU‑U.S. Joint Financial Regulatory Forum, which met in Washington, D.C. on December 9 and 10, 2025, co‑chaired by the U.S. Treasury and European Commission with participation from key U.S. and European financial regulators, to discuss shared priorities in financial regulation. The forum focused on six main areas: digital financial innovation, modernization and simplification of banking regulation and supervision, revitalization of capital markets, updates on FATCA, U.S. G-20 financial sector priorities, and strengthening the European Savings and Investments Union and competitiveness. Participants emphasized the value of the forum in maintaining regular, structured dialogue on regulatory and supervisory issues to promote economic growth, financial stability, investor protection, market integrity, and a level playing field, and noted that the next meeting is expected in mid‑2026. For more information, click here.
On December 11, the U.S. Department of the Treasury reported that Secretary Scott K. H. Bessent convened a meeting of the Financial Stability Oversight Council in executive and open sessions, where members reviewed priority workstreams covering such topics as artificial intelligence, household resilience, market resilience, and crisis preparedness, and discussed potential revisions to the council’s interpretive guidance on nonbank designations and its analytic framework for identifying and addressing financial stability risks. In open session, the council received a staff presentation on its 2025 annual report and unanimously approved it, heard updates from the Federal Reserve, OCC, FDIC, and NCUA on recent banking supervision and regulatory reforms aimed at strengthening regulatory frameworks and positioning banks and credit unions to support economic growth and security, and approved the minutes of its September 10, 2025 meeting. For more information, click here.
On December 11, the Federal Trade Commission (FTC) released its FY 2025 National Do Not Call Registry Data Book, reporting that although total complaints about unwanted calls increased over the year, such calls remain about 48% lower than in FY 2021, when roughly five million complaints were filed. The report details trends in robocall and live-caller complaints, top complaint topics (including debt reduction, imposters, and medical/prescription issues), and provides state-by-state data on registrations and complaints per 100,000 people. In FY 2025, about 4.7 million numbers were added to the National Do Not Call Registry, bringing active registrations to approximately 258.5 million — up 1.9% from FY 2024 and nearly 6% since FY 2021 — with New Hampshire again leading in registrations per capita and Arizona, Tennessee, Nevada, Illinois, and Florida reporting the highest complaint rates. The FTC noted that robocalls still account for most DNC violation complaints, and reminded consumers that they can register or report unwanted telemarketing calls at DoNotCall.gov or via its fraud-reporting tools. For more information, click here.
State Activities
On December 19, New York Governor Kathy Hochul signed the RAISE Act, a nation‑leading law requiring “frontier” AI model developers to adopt and publicly disclose safety frameworks, report significant incidents of harm to the state within 72 hours, and submit to oversight by a new office within the Department of Financial Services that will assess large developers and publish annual reports. The law, which builds on and goes beyond California’s AI framework to create a unified benchmark among major tech states, authorizes the attorney general to bring civil actions against noncompliant developers, with penalties of up to $1 million for a first violation and $3 million for subsequent violations, including for false statements. For more information, click here.
On December 18, the court entered a stipulated final judgment and order resolving the case brought by the CFPB and Massachusetts attorney general against Commonwealth Equity Group, LLC d/b/a Key Credit Repair and its owner, Nikitas Tsoukales, after prior findings that they violated the Telemarketing Sales Rule and Consumer Financial Protection Act by charging advance fees and making deceptive claims about credit‑repair services. The order, based on a proposal filed by the parties bans the defendants from providing credit‑repair and debt‑relief services for 25 years, requires them to pay $20,000 in partial satisfaction of a redress judgment that includes $36,229,618 in fees charged to consumers since 2013 (with the balance suspended due to their limited ability to pay), and imposes a $1 civil money penalty to allow the bureau to tap the Civil Penalty Fund to help redress harmed consumers. For more information, click here.
On December 17, New Jersey announced its adoption of what its attorney general is calling the “most comprehensive state-level disparate impact regulations in the country.” Effective December 15, the Division on Civil Rights’ (DCR) new rules under the New Jersey Law Against Discrimination (LAD) codify guidance on disparate impact discrimination across housing, lending, employment, places of public accommodation, and contracting. Attorney General Matthew Platkin and DCR Director Yolanda Melville framed the rules as reinforcing New Jersey’s “nation‑leading civil rights protections” at a time when the federal government is reconsidering disparate impact protections. The press release accompanying the rules stresses that the rules “do not create additional liability under the LAD,” but instead clarify how DCR understands disparate impact claims are analyzed under existing law. For more information, click here.
On December 17, CalPrivacy issued Enforcement Advisory No. 2025-01 to remind data brokers of their obligations under California’s Delete Act to register annually by January 31, disclose all trade names and websites through which they provide services, and register each entity separately rather than relying on a parent or affiliate’s registration, emphasizing that failures can result in fines of $200 per day plus fees and enforcement costs. The advisory notes that some data brokers have obscured their identities by using unregistered trade names or websites, undermining transparency and consumer rights, and highlights that registration fees support CalPrivacy’s Data Broker Registry and the forthcoming Delete Request and Opt-Out Platform (DROP), which will allow consumers, starting January 1, 2026, to request deletion of their personal information from all registered data brokers with a single request. CalPrivacy officials stressed that “the rules of the road are clear” and warned that enforcement actions will continue against noncompliant brokers. For more information, click here.
On December 16, Acting Superintendent Kaitlin Asrow of the New York State Department of Financial Services (DFS) testified before the NYS Assembly Insurance and Science and Technology Committees on the use of artificial intelligence in insurance underwriting and pricing, emphasizing DFS’s commitment to enabling responsible innovation while safeguarding consumers and financial stability. She described her background in fintech and regulatory innovation and outlined DFS’s tech‑agnostic approach, under which existing laws apply equally to manual processes and AI systems, with DFS using guidance, circular letters, and supervisory reviews to clarify expectations rather than imposing AI‑specific rules to date. Asrow highlighted DFS’s 2024 Circular Letter on AI and external consumer data, its virtual currency customer-service guidance addressing AI use with customers, and its October 2024 cybersecurity guidance on AI-related risks, as well as the creation of an internal AI Steering Committee and AI Governance Committee. She stressed that while AI offers significant benefits it also presents risks including bias, discrimination, privacy, and cyber threats, and that any use of AI in insurance must be accompanied by appropriate risk management, redundancy, and continued adherence to long-standing principles of consumer protection and market soundness. For more information, click here.
On December 12, Illinois Attorney General Kwame Raoul announced that he led a coalition of 20 attorneys general in submitting a comment letter to the CFPB strongly opposing the bureau’s proposed changes to regulations implementing the Equal Credit Opportunity Act (ECOA), arguing that rescinding disparate-impact protections and revising “discouragement” rules would violate the Administrative Procedure Act and weaken critical safeguards against discrimination in credit markets. The coalition contends that ECOA and its 1976 amendments were intended to ensure fair access to credit based on creditworthiness rather than protected characteristics such as race, color, religion, national origin, sex, age, or marital status, and that existing regulations properly recognize disparate impact liability as a lawful and necessary tool to remedy discriminatory effects, even when unintentional. The letter warns that the CFPB’s proposal wrongly assumes consumers will retain broad protections without disparate impact, is contrary to law, would harm credit applicants and enforcement efforts, and is arbitrary and unreasonable because it relies on speculative harms without proof, ultimately risking increased discrimination and denial of fair, unbiased credit to countless Americans. For more information, click here.
On December 12, New York Governor Hochul signed Assembly Bill A2739 into law, amending the Real Property Law and Real Property Actions and Proceedings Law to strengthen borrowers’ rights around mortgage payoff and discharge by requiring mortgagees to accept any payment received at the location and in the manner specified in the mortgage, when made in reliance on a payoff statement, prohibiting them from returning or destroying such payments, and mandating that they promptly apply those funds to unpaid principal, interest, and other amounts due, while retaining existing timelines and statutory penalties for failing to issue and record a satisfaction of mortgage after the debt has been paid. For more information, click here.
On December 12, Hochul signed Senate Bill S6361A, the “Prohibition of Unfair Real Estate Service Agreements Act,” which amends the General Business Law to bar unfair residential real estate service agreements. This generally applies to long-term service contracts not to be performed within two years that purport to run with the land, bind future owners, allow assignment without the homeowner’s consent, or create liens or other real property security interests outside of traditional mechanisms like mortgages or mechanics’ liens. The law makes such agreements unenforceable, prohibits their recording (and denies them effect as notice against bona fide purchasers or creditors), and allows courts to declare them invalid, while carving out legitimate products like home warranties, insurance, options, HOA maintenance contracts, and utility service agreements. It treats entering into these unfair agreements as a deceptive act under state law, authorizes enforcement by the attorney general and local consumer authorities with restitution and injunctive relief, and creates a private right of action for harmed homeowners, including actual damages or statutory damages (with possible treble damages for willful violations) and attorneys’ fees. For more information, click here.