All Entries

Subscribe to All Entries via RSS

On October 29, the Consumer Financial Protection Bureau (CFPB or Bureau) officially rescinded its rule requiring nonbank entities to register certain agency and court orders with the Bureau. This decision follows a proposal made earlier this year (discussed here), which highlighted concerns about the regulatory burden and costs imposed on nonbank entities, which could ultimately affect consumers.

On October 28, the Consumer Financial Protection Bureau (CFPB or Bureau) issued a new interpretive rule replacing its 2022 interpretive rule (withdrawn in May 2025) concerning the scope of preemption under the Fair Credit Reporting Act (FCRA). This new interpretive rule clarifies that the FCRA broadly preempts state laws related to consumer reporting, reinforcing Congress’s intent to establish national standards when information is used to determine a consumer’s eligibility for credit, insurance, employment and the like. This move replaces the previous rule, which was criticized for its potential to create regulatory confusion.

According to a recent report by WebRecon, court filings under the Fair Debt Collection Practices Act (FDCPA) and Telephone Consumer Protection Act (TCPA) rose by double digits while litigation under the Fair Credit Reporting Act (FCRA) trended slightly down.  Complaints filed with the Consumer Financial Protection Bureau (CFPB) saw a modest increase.

In a recent decision, the Superior Court of New Jersey, Appellate Division, upheld the dismissal of a class action lawsuit filed against First National Collection Bureau, Inc. (FNCB). In an unpublished opinion, the court affirmed the lower court’s ruling that the plaintiff’s complaint failed to state a claim under the Fair Debt Collection Practices Act (FDCPA). This decision clarifies the scope of third-party communications under the FDCPA, particularly in the context of using third-party vendors for mailing collection letters.

On October 15, the California Hospital Association (CHA) filed a petition against the California Office of Health Care Affordability (OHCA) and related entities. The petition challenges the imposition of stringent cost targets on hospitals across California, arguing that these targets are arbitrary, capricious, and not based on comprehensive data analysis. CHA contends that the cost targets violate both state and federal laws, including the Takings and Due Process Clauses of the U.S. Constitution, by being confiscatory and lacking a clear methodology for compliance. Furthermore, the petition asserts that OHCA’s actions were prematurely implemented without adequate stakeholder engagement, potentially leading to significant operational disruptions and threatening the quality and accessibility of health care services.

Key point: All businesses struggle with cybersecurity risks presented by their service providers. New guidance from the NY DFS applies to all DFS regulated entities, but the guidance would assist any business in any industry in addressing these risks.

On October 21, 2025, the New York Department of Financial Services (the “DFS”) issued important guidance for covered entities (including all DFS licensees) for managing their cybersecurity risk related to third-party service providers (“TPSPs”). Industry Letter – October 21, 2025: Guidance on Managing Risks Related to Third-Party Service Providers | Department of Financial Services specifically includes the covered entity’s use of cloud, file transfer, AI and fintech providers (“Guidance”). According to the DFS, the “Guidance does not impose new requirements or obligations . . ..” Rather, “it is intended to clarify regulatory requirements, recommend industry best practices . . ., and promote compliance . . ..” The Guidance highlights that managing the cybersecurity risk presented by TPSPs “remains a crucial element of a Covered Entity’s cybersecurity program,” and notes that it applies to all covered entities, regardless of size.

In a significant development for lenders and borrowers alike, on October 6, the U.S. Supreme Court declined to review the Fox decision, leaving unresolved questions about the retroactive application of the Foreclosure Abuse Prevention Act (FAPA). This decision has shifted the focus to the New York State Court of Appeals where oral argument was heard on October 16, and potentially to the U.S. Court of Appeals for the Second Circuit.