January 2026 continued the regulatory shift that started last year: as federal agencies pull back from examination frameworks, state-level enforcement is stepping forward. Multiple agencies are moving away from disparate-impact oversight — HUD proposed removing its discriminatory-effects regulations, the CFPB and DOJ withdrew guidance on immigration status, and the Supreme Court let stand a Second Circuit ruling on disparate-impact standards.
At the same time, state attorneys general retain full authority to enforce disparate impact under the Fair Housing Act, and New York issued a final CRA-type framework for mortgage bankers. The throughline is clear: financial institutions (FIs) face a fragmented enforcement landscape where clear governance and documentation are more critical than ever.
Listen to our regulatory experts discuss these developments in depth in the February Reg Update podcast. For additional resources and regulatory analyses, check your Ncomply solution.
Related: See the latest enforcement action updates in our December 2025 roundup. No enforcement actions were announced in January 2026.
Following fears of a “zombie regulator” crisis, the CFPB continues to operate.
A federal judge in DC ruled that the Dodd-Frank Act looks at the Fed's revenue, not whether it made a profit, resolving debate about whether the Federal Reserve's financial losses blocked CFPB funding. Following the ruling, the CFPB reversed course and received $145 million from the Federal Reserve, covering roughly the first quarter of 2026.
The CFPB also announced it will discontinue its HMDA email alert service effective January 20, citing "operational constraints." Lenders must now proactively monitor the CFPB's website and "HMDA News and Updates" page, where updates will be tagged as "Announcements."
While the CFPB has received funding for now, continue to watch for shifts in the enforcement landscape, including uneven federal enforcement, more aggressive state attorneys general, and multiplying private lawsuits. Also, if applicable to your services, monitor the CFPB website directly for HMDA updates instead of relying on email alerts. Announcements related to HMDA changes can also be found under the Ncomply News tab.
Related: How to Keep Up with State Regulations
The CFPB and DOJ withdrew their joint statement issued on October 12, 2023, regarding the implications of a creditor's consideration of an individual's immigration status under the Equal Credit Opportunity Act (ECOA).
The agencies indicated that the statement had created the impression that FIs can’t consider immigration or citizenship status in lending decisions, but that's never actually been prohibited. Citizenship and immigration status are not explicitly protected characteristics under ECOA. The concern arises when those statuses serve as proxies for protected characteristics such as national origin or ethnicity, typically demonstrated through analysis.
The withdrawal clarifies that immigration and citizenship status can be considered in credit decisions when tied to legitimate creditworthiness factors. FIs should ensure that any consideration of immigration or citizenship status is based on creditworthiness and risk of non-payment. For example, denying a 30-year mortgage to an applicant whose work visa expires in 3 years may be justified based on repayment risk. However, denying an applicant primarily based on their status as a permanent resident enters riskier territory that could be viewed as proxying for protected characteristics like national origin.
HUD is seeking comments on removing its regulatory framework governing disparate impact liability under the Fair Housing Act (FHA). HUD proposes to eliminate its existing discriminatory-effects regulations and defer entirely to federal courts for interpretation and application of disparate impact liability in housing-related activities, including residential mortgage lending.
Here's what's important to understand: this proposal does not mean that disparate impact would no longer be a viable legal theory for discriminatory conduct. Disparate impact is written into the FHA statute itself, which covers actions that have "discriminatory effects," not just intentional discrimination. Only Congress has the power to change the statute, not HUD.
FIs should continue treating disparate impact as a valid legal risk. Disparate impact has been a fundamental aspect of federal civil rights laws for more than five decades and remains valid under Supreme Court precedent from 2015, which ruled on the Fair Housing Act itself, not HUD's implementing regulations.
Even if HUD finalizes this rule as proposed, private individuals retain the right to sue lenders. State attorneys general also retain the right to enforce the FHA using disparate impact theories.
The U.S. Supreme Court declined to hear a challenge to a Second Circuit decision interpreting FHA standards for disparate impact and causation in discrimination claims. By denying certiorari in City of New York v. Wells Fargo Bank, N.A., the Court left in place a ruling that critics argue lowers the bar for mortgage discrimination claims.
The core issue involved a jury instruction by the district court that omitted the word "disproportionate" when evaluating whether the practice of making a certain type of loan harmed Black and Hispanic borrowers. The lender argued this omission eliminated the comparative analysis required under disparate impact — meaning a practice could be discriminatory even if it affected all racial groups equally.
However, the Second Circuit stated that by focusing the jury on a "substantial adverse impact on African-American or Hispanic borrowers," the instruction captured the necessary comparison of white borrowers to Black and Hispanic borrowers.
It’s important to note that this ruling doesn’t create a new standard for disparate impact. The disparity between a control group and a protected group must still be proven. Disparate impact cases under the Fair Housing Act still require demonstrating disproportionate adverse effects on protected classes compared to other groups.
The next two developments may sound political on the surface, but for compliance teams, they're really about risk decisions and public scrutiny.
President Donald Trump filed a $5 billion lawsuit against JPMorgan Chase and its CEO, alleging the bank closed accounts for political reasons. JPMorgan has denied the allegation, stating that the account closures were based on legal, regulatory, and risk considerations, not politics.
Whether this lawsuit ultimately succeeds is almost beside the point. What matters for the industry is that routine account-closure decisions are now being reframed publicly as political discrimination. Decisions that used to live quietly inside BSA, fraud, and reputational risk programs are now being pulled into lawsuits, congressional hearings, and media narratives.
This isn't happening in a vacuum. The OCC has now weighed in on debanking practices. The agency recently released findings from a supervisory review of large banks focused on how banks make decisions about providing or limiting access to accounts and services, particularly where those decisions rely on reputation risk or broad category-based exclusions rather than clear, customer-specific risk factors.
Taken together, the lawsuit and the OCC's work send the same message: it's no longer enough to say, "this was a risk decision." FIs must be able to demonstrate how, why, and with what consistency decisions were made.
FIs should review account-closure and service-restriction policies to ensure they set clear and objective standards, demonstrate decisions were based on behavior, activity, or legal exposure rather than viewpoint or affiliation, and maintain documentation that holds up under regulatory, legislative, or judicial review. Account-closure governance is now litigation defense and reputation protection.
Related: What You Need to Know Ahead of Your FI's Next Exam
Ahead of this year's midterms, President Trump revived a campaign proposal calling on Congress to enact a one-year, 10% cap on credit card interest rates.
To be clear, this is not a law. There is no federal credit card-specific APR cap in place, and there is no indication that Congress is close to passing one.
However, compliance teams should still pay attention because it reflects growing political comfort by stepping directly into pricing decisions, especially when consumer affordability becomes a headline issue. This isn't unprecedented. The federal push to eliminate so-called "junk fees" temporarily shifted enforcement priorities and materially affected non-interest income for many institutions.
Expect renewed scrutiny of pricing fairness, disclosures, and consumer impact at both the federal and state levels. Be prepared for board-level questions about how rates and fees are set, explained, and defended. Even symbolic or temporary proposals can influence future rulemaking, exams, and enforcement priorities.
The FDIC finalized amendments to its revised deposit-signage rules, which aim to provide greater flexibility for digital signs and remove certain placement requirements. The FDIC also delayed compliance until April 1, 2027, extending the previous deadline of January 1, 2027. The changes clarify standards for ATM, account-opening, and digital channel displays.
Related: Get regulatory alerts based on your FI’s size, services, and examiner with Ncomply.
NCUA has released its Supervisory Priorities for 2026, emphasizing a "No Regulation by Enforcement" approach with streamlined exams aligned with the GENIUS Act.
Key focus areas include:
Notably absent: Consumer compliance topics like overdrafts, fair lending, and HMDA were called out explicitly in 2025 but aren't a standalone priority this year.
The NCUA is signaling a more streamlined approach, but don’t mistake efficiency for leniency. Examiners will focus on whether FIs have the governance and capital to weather continued stress, particularly regarding credit quality, interest rate risk, and operational resilience, including fraud prevention and payment security.
Related: A Guide to Governance for Financial Institutions
The NCUA's deregulation initiative aims to remove regulatory requirements for federal credit unions and FISCUs that are obsolete, overly burdensome, or duplicative. Four phases of proposals have been released so far. Noteworthy items include:
While these proposals may reduce compliance burdens, it’s still best practice to maintain existing systems and controls. Removing them may be costly to reinstitute if future administrations take different regulatory positions.
The New York State Department of Financial Services (NYDFS) issued a final rule creating a CRA-type framework for mortgage bankers operating in New York. The rule requires mortgage bankers to establish geographic assessment areas, provides an evaluation framework, and establishes data collection and reporting requirements.
Related: Master CRA Compliance with Confidence
Federal enforcement may be quieter, but your compliance risk hasn't disappeared — it's just coming from more directions. Learn how to prepare with our compliance experts in our 2026 Regulatory Outlook webinar.