On October 27, 2025, amendments to Delaware’s Medical Debt Protection Act took effect, establishing a total ban on the inclusion of medical debt in consumer credit reports. The amendments, enacted through Senate Substitute 1 for Senate Bill 156, revise Delaware’s consumer protection laws to prohibit both the furnishing and use of medical-debt information by consumer reporting agencies.Continue Reading Delaware Bans Medical Debt from Consumer Credit Reports
On November 3, the U.S. District Court for the Northern District of West Virginia granted class certification certified a statewide class of borrowers challenging a credit union’s alleged assessment of unauthorized “pay-to-pay” fees under the West Virginia Consumer Credit and Protection Act. The plaintiff alleged that the institution imposed a 5 dollar fee each time consumers made monthly payments by phone or other electronic means, even though neither the loan agreement nor any statute authorized the charge.Continue Reading West Virginia Federal Court Certifies Class Action Challenging “Pay-to-Pay” Fees
On October 29, the U.S. District Court for the Eastern District of Kentucky granted a preliminary injunction prohibiting the Consumer Financial Protection Bureau from enforcing its Personal Financial Data Rights Rule, also known as the open banking rule, until the Bureau completes its reconsideration of the rule. The court determined that the plaintiffs, a national bank and two banking associations, demonstrated a likelihood of success on several claims, including that the rule exceeds the Bureau’s authority under the Dodd-Frank Act and is arbitrary and capricious under the Administrative Procedure Act.Continue Reading Federal Court Halts Implementation of CFPB’s Open Banking Rule
On October 15, the Oklahoma State Banking Department issued a memo detailing new licensing and compliance obligations for digital kiosk operators. The memo details the requirements under Senate Bill 1083, enacted in May under the Oklahoma Financial Reporting Act, which became effecting on November 1, 2025.Continue Reading Oklahoma Issues Memo Detailing New Digital Asset Kiosk Licensing Requirements
On October 24, 2025, the Massachusetts Division of Banks (DOB) finalized a suite of regulatory amendments implementing the Massachusetts Money Transmission Act. The final regulations, 209 Mass. Code Regs. §§ 44.00, 45.00, 48.00, and 801 Mass. Code Regs. § 4.02, take effect November 7. The changes establish a uniform licensing and compliance regime for all entities engaged in money transmission, replacing prior requirements that applied only to check cashers, check sellers, and foreign transmittal agencies.Continue Reading Massachusetts Finalizes Comprehensive Money Transmission Regulations
On October 30, the California DFPI announced a consent order against a Nevada-based crypto kiosk operator for alleged violations of the Digital Financial Assets Law and the California Consumer Financial Protection Law. The action follows a DFPI investigation into widespread noncompliance among crypto ATM operators, which the agency has identified as a growing consumer-protection concern.Continue Reading DFPI Fines Kiosk Operator $675,000 for Alleged Violations of the Digital Financial Assets Law
On October 16, Federal Reserve Governor Michael Barr delivered remarks highlighting the significant implementation gaps regulators must bridge under the GENIUS Act, the newly enacted federal framework for payment stablecoins (previously discussed here). Barr’s comments centered on areas where the statute leaves critical details to regulators, including reserve composition, supervisory authority, and consumer safeguards, which will determine whether the framework effectively mitigates systemic and operational risks.Continue Reading Federal Reserve Governor Barr Highlights Gaps Regulators Must Bridge Under GENIUS Act
On October 29, the CFPB rescinded two related rulemakings that would have created public registries for nonbank financial companies. The Bureau withdrew both the Registry of Nonbank Covered Persons Subject to Certain Agency and Court Orders and the Registry of Supervised Nonbanks That Use Form Contracts To Waive or Limit Consumer Legal Protections rules, citing significant compliance costs, duplication with existing systems, and a lack of quantifiable consumer benefit.Continue Reading CFPB Withdraws Repeat Offender and Form Contract Registry Proposals
On October 28, the CFPB issued an interpretive rule under the Fair Credit Reporting Act (FCRA) declaring that federal law generally preempts state laws governing the content of consumer credit reports. The Bureau’s action, led by Acting Director Russell Vought, replaces and withdraws a July 2022 interpretive rule issued under the prior administration, which had concluded that the FCRA’s preemption provisions were limited in scope.Continue Reading CFPB Issues Interpretive Rule Asserting Federal Preemption Over State Medical Debt Credit Reporting Laws
On October 17, 2025, the California Department of Financial Protection and Innovation (DFPI) entered a consent order with a licensed consumer lender, alleging violations of the Fair Access to Credit Act, which amended the California Financing Law to cap interest rates and fees on consumer loans between $2,500 and $10,000. The DFPI alleged that the lender charged rates and administrative fees above those limits and continued the practice as recently as January 2023.Continue Reading DFPI Orders Lender to Pay $1 Million for Alleged Violations of the Fair Access to Credit Act
On October 21, the NYDFS issued new cybersecurity guidance addressing the growing risks associated with regulated entities’ reliance on third-party service providers (TPSPs). The guidance clarifies compliance obligations under the New York Cybersecurity Regulation and outlines best practices for managing cybersecurity risk across the third-party relationship lifecycle.Continue Reading NYDFS Issues Cybersecurity Guidance on Third-Party Service Provider Risk