On November 13, the CFPB issued a proposed rule to amend Regulation B’s 2023 small business lending rule implementing section 1071 of the Equal Credit Opportunity Act. The proposal would revise the scope of covered transactions, redefine which institutions are subject to reporting, modify several data fields, and adjust compliance timelines.Continue Reading CFPB Proposes Revisions to Regulation B’s Small Business Lending Rule Under Section 1071
On November 13, the CFPB issued a sweeping proposed rule to overhaul Regulation B, arguably the most far-reaching ECOA rewrite in the agency’s history. The proposal would eliminate disparate-impact liability under ECOA, sharply narrow the scope of discouragement to focus on explicit statements directed at applicants, and prohibit or heavily restrict the use of protected-class criteria in Special Purpose Credit Programs offered by for-profit organizations. Continue Reading CFPB Proposed Rule Dramatically Revises ECOA
On October 29, the U.S. District Court for the Eastern District of Kentucky granted a preliminary injunction prohibiting the Consumer Financial Protection Bureau from enforcing its Personal Financial Data Rights Rule, also known as the open banking rule, until the Bureau completes its reconsideration of the rule. The court determined that the plaintiffs, a national bank and two banking associations, demonstrated a likelihood of success on several claims, including that the rule exceeds the Bureau’s authority under the Dodd-Frank Act and is arbitrary and capricious under the Administrative Procedure Act.Continue Reading Federal Court Halts Implementation of CFPB’s Open Banking Rule
On October 29, the CFPB rescinded two related rulemakings that would have created public registries for nonbank financial companies. The Bureau withdrew both the Registry of Nonbank Covered Persons Subject to Certain Agency and Court Orders and the Registry of Supervised Nonbanks That Use Form Contracts To Waive or Limit Consumer Legal Protections rules, citing significant compliance costs, duplication with existing systems, and a lack of quantifiable consumer benefit.Continue Reading CFPB Withdraws Repeat Offender and Form Contract Registry Proposals
On October 21, the NYDFS issued new cybersecurity guidance addressing the growing risks associated with regulated entities’ reliance on third-party service providers (TPSPs). The guidance clarifies compliance obligations under the New York Cybersecurity Regulation and outlines best practices for managing cybersecurity risk across the third-party relationship lifecycle.Continue Reading NYDFS Issues Cybersecurity Guidance on Third-Party Service Provider Risk
On October 21, 2025, the National Credit Union Administration (NCUA) announced a proposed rule to formally remove “reputation risk” from its supervisory framework under the Federal Credit Union Act. The proposal would amend Parts 702 and 791 of the NCUA’s regulations to prohibit the agency from taking adverse action against a federally insured credit union based on reputation risk.Continue Reading NCUA Proposes Rule Prohibiting Use of Reputation Risk in Supervision
On October 7, the OCC and FDIC jointly proposed two rules to refocus bank supervision on material financial risks and eliminate “reputation risk” from their oversight frameworks. The first proposal would define the term unsafe or unsound practice under the Federal Deposit Insurance Act and revise the agencies’ standards for issuing matters requiring attention (MRAs). The second proposal would codify the agencies’ removal of reputation risk from supervisory programs and prohibit examiners from taking actions based on a bank’s perceived reputational exposure.Continue Reading OCC and FDIC Propose Rules to Eliminate Reputation Risk and Debanking
On October 2, The CFPB finalized a rule extending the compliance deadlines for its 2023 Small Business Lending Data Collection Rule under the Equal Credit Opportunity Act (ECOA) and Regulation B. The final rule confirms the Bureau’s June 2025 interim rule delaying implementation by approximately one year to align compliance timelines across institutions affected by federal court stays and ongoing litigation over the rule’s validity.Continue Reading CFPB Extends Compliance Deadlines for Section 1071 Small Business Lending Rule
On October 6, the Office of the Comptroller of the Currency (OCC) announced new guidance eliminating policy-based examination requirements for community banks that are not mandated by statute or regulation. Effective January 1, 2026, the revisions aim to reduce supervisory burden while maintaining risk-based oversight under section 8 of the Federal Deposit Insurance Act.Continue Reading OCC Announces Guidance Reducing Compliance Scope for Community Banks
On September 25, the CFPB finalized a rule rescinding its several Biden-era amendments to the risk-based supervisory designation process and reinstating the Bureau’s 2013 framework under the Dodd-Frank Act. The rule, effective October 27, restores confidentiality of decisions and orders, revives the role of a recommending official, and eliminates several procedural changes made in 2022-2024.Continue Reading CFPB Looks to Amend Supervisory Designation Proceedings
On September 8, the OCC issued two bulletins addressing banks’ obligations under the Right to Financial Privacy Act and clarifying how the agency will evaluate “politicized or unlawful debanking” in licensing and Community Reinvestment Act (CRA) reviews. The guidance was issued consistent with the recently issued Executive Order 14331 (previously discussed here).Continue Reading OCC Issues Bulletins on Customer Financial Record Protections and Politicized Debanking