Regulatory Enforcement + Compliance

Subscribe to Regulatory Enforcement + Compliance via RSS

In a significant turn of events, the Consumer Financial Protection Bureau (CFPB or Bureau) has decided to initiate a new rulemaking process concerning its final rule on personal financial data rights under Section 1033 of the Consumer Financial Protection Act of 2010 (1033 rule). This decision comes amidst ongoing legal challenges, notably from Forcht Bank, N.A.; Kentucky Bankers Association; and the Bank Policy Institute, which filed a lawsuit immediately after the 1033 rule was finalized challenging it.

Today, the New York City Department of Consumer and Worker Protection (NYC DCWP) announced another delay in the effective date of its amended debt collection rules. This marks the second postponement. As discussed here, the rules were initially set to take effect on December 1, 2024. Then the enforcement date was first postponed to April 1, 2025, following industry concerns and legal challenges, and then to October 1, 2025. However, the NYC DCWP has now stated that the rules will not go into effect on October 1, 2025, and has committed to providing an update at least three months prior to the new effective date.

On July 18, America’s Credit Unions sent a letter to the Honorable Kyle Hauptman, Chairman of the National Credit Union Administration (NCUA), urging the agency to initiate rulemaking that would allow credit unions to take custody of digital assets for their members. This request comes in the wake of the recently enacted “Guiding and Establishing National Innovation for U.S. Stablecoins Act of 2025” (GENIUS Act), which provides a comprehensive federal framework for the regulation of payment stablecoins.

On July 14, the Consumer Financial Protection Bureau (CFPB or Bureau) filed a status report announcing its decision not to reissue its Medical Debt Collection Advisory Opinion, which had been issued in 2024 to “remind debt collectors of their obligations to comply with the Fair Debt Collection Practices Act [FDCPA] and Regulation F’s prohibition on false, deceptive, or misleading representations or means in connection with the collection of any medical debt and unfair or unconscionable means to collect or attempt to collect any medical debt.” The Advisory Opinion had been challenged in the U.S. District Court for the District of Columbia by ACA International and Collection Bureau Services, Inc.

On July 10, the U.S. Department of Housing and Urban Development (HUD) and the Office of Management and Budget (OMB) jointly announced the effective disbandment of the interagency Property Appraisal and Valuation Equity (PAVE) Task Force, a Biden-era initiative aimed at addressing discrimination in real estate appraisals through a whole of federal government approach. The announcement states that this decision to eliminate “the core policies of the PAVE Task Force” is in response to President Trump’s Executive Orders, including Ending Radical and Wasteful Government DEI Programs and Preferencing and Delivering Emergency Price Relief for American Families and Defeating the Cost-of-Living Crisis.

California Senate Bill 940 (SB 940), enacted in late 2024, introduces several key changes to arbitrations involving “consumer contracts,” which is defined as a contract prepared by a seller and signed by a consumer for the sale or lease of goods or services or for the extension of credit purchased or used primarily for personal, family, or household purposes. Below, we explore the major provisions of SB 940 and their implications.

On July 14, the Office of the Comptroller of the Currency (OCC), the Board of Governors of the Federal Reserve System (the Board), and the Federal Deposit Insurance Corporation (FDIC) jointly issued a statement addressing the safekeeping of crypto-assets by banking organizations on behalf of their customers. This announcement clarifies how existing laws, regulations, and risk management principles apply to the safekeeping of crypto-assets by banks and does not create any new supervisory expectations. Importantly, the federal banking regulators clearly signal that banks can serve as custodians of digital assets including storing cryptographic keys.

On July 14, the Office of the Comptroller of the Currency (OCC) issued Bulletin 2025-16, announcing the removal of references to disparate impact liability from the “Fair Lending” booklet of the Comptroller’s Handbook and instructing examiners to cease examining banks for disparate impact liability. This change aligns with Executive Order (EO) 14281, issued by President Trump (discussed here), which aims to eliminate the use of disparate impact liability in all contexts at both the federal and state level.

Recently, the Department of Financial Protection and Innovation (DFPI) in California issued a consent order against Coinme Inc., a company operating digital financial asset kiosks, commonly known as Bitcoin ATMs, across the state. This order comes after findings that Coinme violated several provisions of the California Consumer Financial Protection Law (CCFPL) and the Digital Financial Assets Law (DFAL). Notably, this is the first enforcement action taken under the DFAL and signals that DFPI is focused on trying to prevent scammers from taking advantage of Californians.