Fifteen years of CFPB content disappeared from the agency's website starting in May, and by June, four Senators wanted to know why. The Bureau also rescinded a 2020 advisory opinion that shaped how lenders built Special Purpose Credit Programs, told creditors that immigration status now belongs in an ability-to-repay analysis, and resolved a fintech's compliance failures without filing a single enforcement action.
Depositories had their own share of activity. Colorado's governor vetoed an interchange fee restriction that Illinois already has courts sorting through, the FDIC proposed two rules that would reshape assessment pricing and information sharing, and the NCUA finalized a records rule while asserting its own interchange fee authority for federal credit unions.
Want a deeper dive into the latest headlines? Watch the July Reg Update podcast. For additional resources and regulatory analyses, check Ncomply.
Starting in May, the Bureau removed thousands of pages spanning fifteen years of content, including blog posts, press releases, speeches, testimony, consumer advisories, settlement notices, and all 35 Supervisory Highlights reports dating back to 2012. The Supervisory Highlights reports were a practical resource for compliance teams, offering anonymized but specific insight into what examiners were finding on the ground. What remains: the interactive regulations and final rules, the exam manual, a lighter guidance section, and the consumer complaint program, including the Submit a Complaint portal, the complaint database, and access to log in and respond to complaints.
On June 22nd, four Senate Democrats sent Acting Director Vought a letter asking who authorized the deletions, where the records are being preserved, whether any of the content will be restored, and whether the Bureau plans to continue publishing consumer advisories and Supervisory Highlights going forward. A response was expected by July 2nd; as of this writing, no public response has been made available.
Check compliance programs, policies, and training materials that link to CFPB resources, since many of those links now return 404 errors. Save anything from the Supervisory Highlights archive that your program needs.
The CFPB hasn't published a new consumer advisory, and it's uncertain whether the Supervisory Highlights will resume. Start building out other sources for supervisory trend intelligence now, through peer benchmarking, trade association guidance, and examination findings shared across industry groups.
Related: From Gatekeeper to Growth Partner: How AI Is Changing the Compliance Officer’s Role
The CFPB says it no longer has the resources to maintain the Consumer Complaint Database as it exists today.
Complaints jumped from just over 150,000 in 2019 to more than 5 million in 2025. Credit reporting complaints drive a disproportionate share of that growth, and the CFPB points to a few causes: credit repair organizations and social media influencers pushing consumers toward the portal, and AI tools making it faster to file complaints at scale. The Bureau also says credit reporting agencies haven't responded to complaints consistently, which has slowed resolution times across the board.
In response, the CFPB issued a revised Company Portal Manual clarifying response closure categories and added two-factor authentication for complaint submitters. It also now requires third parties to identify their role in the complaint process and is developing APIs to share complaint data with companies more efficiently. These changes follow a CFPB notice stating that consumers must first dispute credit reporting errors directly with the credit reporting agency before filing with the Bureau.
These updates don’t change what your FI owes consumers directly. Complaint management, including complaint intake, flagging, response tracking, and resolution documentation, remain essential regardless of what happens at the federal level. Fewer complaints reaching the CFPB doesn't mean fewer reaching your primary banking regulator, who will pass them along to your institution just the same.
For credit reporting disputes from consumers, your Fair Credit Reporting Act (FCRA) and Regulation V obligation to investigate and correct inaccurate information with the credit reporting agency remains.
Related: 5 Ways Complaint Management Can Reduce Compliance Risk
The CFPB is working directly with a fintech company to resolve errors tied to its transition to a new bank partner, including rent and mortgage payments not being sent and subpar customer service from AI-powered chatbots. No formal enforcement action was filed. The company refunded customers for overdraft, late, and insufficient funds fees, and submitted documentation confirming its systems were back on track. The Bureau will keep monitoring the situation until it confirms complete redress.
The Bureau frames this as an example of its updated enforcement principles: focusing on real, demonstrable consumer harm, only pursuing enforcement where statutory authority is clear, and avoiding duplicating work already being handled by states or other regulators. The agency says it's prioritizing collaboration with FIs and encouraging self-reporting and voluntary fixes to resolve issues quickly.
On June 8th, the CFPB published a statement in the Federal Register with implications for lenders’ operations, specifically how immigration status factors into the ability-to-repay analysis. While not a final rule, it's a formal agency position that impacts ability-to-repay determinations under TILA and Regulation Z.
The core point: if information in an application or supporting records suggests a borrower's income could be disrupted by their immigration status, specifically the risk of removal from the United States, the CFPB says that may need to factor into your Ability to Repay (ATR) determination. Ignoring it could mean your determination isn't reasonable.
The Bureau also flagged ITIN use as a potential indicator of unlawful presence, since ITINs go to taxpayers who lack proof of legal residency, a signal worth attention for mortgage lenders and card issuers. Regulation B has long permitted creditors to consider immigration status in underwriting, and the line between that permissible consideration and discriminatory treatment based on national origin remains a real risk.
Review your ATR policies and underwriting guidelines to address how immigration-status-related income risk gets evaluated, particularly for mortgage products and credit cards. Don't treat ITIN use as an automatic disqualifier. The guidance identifies it as a relevant data point, not a bright-line denial trigger, and blanket denials based on ITIN use could create fair lending exposure under ECOA.
Document your reasoning either way. The guidance doesn't cover every immigration status scenario, so expect more clarification to follow.
Related: How to Organize ERM Documentation: A Guide for FIs
If your FI runs a Special Purpose Credit Program (SPCP) or has one in development, the roadmap has changed. On June 17th, the CFPB rescinded a 2020 advisory opinion that many lenders used to structure these programs, which said that SPCP participants could be required to share characteristics such as race, national origin, or sex.
Two things drove the rescission. The CFPB's April 2026 Regulation B amendments already contradict the 2020 opinion directly. For-profit SPCPs can no longer use race, color, national origin, or sex as eligibility criteria, and the bar for demonstrating need is higher, requiring programs to serve people who would actually be denied credit rather than those who probably would be. The Bureau also cited constitutional concerns tied to the Supreme Court's 2023 Students for Fair Admissions decision.
The rescission, alongside the ATR and immigration status guidance above, points to a consistent direction from the current Bureau. It frames underwriting as a matter of income, repayment capacity, and financial risk, separate from protected class characteristics used to expand or restrict access to credit.
The federal banking regulators, along with the Treasury, the FHFA, the CFTC, and the SEC, issued a joint final rule establishing data standards meant to improve how regulatory data moves across agencies. The rule takes effect October 1, 2026, but it won't require reporting changes at your FI until individual agencies pass their own rulemakings incorporating the standards.
The Legal Entity Identifier (LEI) is the standard numeric identifier for entities, so expect to provide one on information submitted to regulators going forward. Dates must follow ISO 8601 format, meaning year, month, day. The standards also cover product identifiers, financial instrument classification, currencies, and postal codes, and regulators are required to make the resulting data fully searchable and machine-readable. Each agency retains significant flexibility in how it implements these standards, so start watching for agency-specific rulemaking rather than expecting a uniform rollout.
New Jersey's Attorney General and Division of Consumer Affairs issued an enforcement statement warning businesses that the state's Consumer Fraud Act already covers junk fee practices, including hidden, misleading, excessive, or low-value charges. The statement extends scrutiny to pricing, add-ons, consent practices, and digital dark patterns.
The reasoning tracks familiar deceptive and unconscionable conduct standards. Affirmative misrepresentations about fees, including hiding mandatory charges or misrepresenting their purpose, fall under deceptive conduct. The New Jersey Supreme Court has described unconscionability as a lack of good faith and honesty in fair dealing, and the AG's office argues that unbundling a product's price into numerous fees can hide its true cost and prevent consumers from comparison shopping.
New Jersey's statement is a state-level example of a broader trend: states are picking up junk fee enforcement where the CFPB and federal government have pulled back. Junk fees remain a significant compliance risk for FIs everywhere, so review your fee structures and disclosure language now, regardless of whether your institution operates in New Jersey.
Related: How to Keep Up with State Regulations
The interchange fee conversation continued this month with Colorado's governor vetoing legislation that would have prohibited interchange fees on the sales tax portion of card transactions for FIs with more than $60 billion in assets. The governor cited federal preemption risk and operational infeasibility.
As mentioned in our last reg update, the Illinois General Assembly extended the Interchange Fee Prohibition Act's (IFPA) implementation date to 2027. A court recently ruled the law doesn't apply to out-of-state or national banks, though it does apply to credit unions, a development that builds on our earlier coverage of the IFPA litigation. With more than a dozen other states considering similar legislation, Colorado's veto suggests many will hold off until the IFPA litigation resolves.
The FDIC closed out June with some proposed rules. The first raises the asset threshold separating small institutions from large ones, from $10 billion to $30 billion, immediately moving a meaningful number of banks into the lower-cost small institution pricing framework. It also cuts assessment rates across the board and creates a voluntary Resolution Readiness Adjustment, giving large and highly complex institutions up to a 1 basis point break on their assessment rate in exchange for populating a Virtual Data Room and giving the FDIC direct access to core deposit, loan, and general ledger data.
The second modernizes confidential supervisory information sharing. Banks would be able to share confidential supervisory information (CSI) with affiliates, outside counsel, auditors, service providers (including fintechs), and potential merger partners without needing FDIC approval first if a qualifying confidentiality agreement is in place.
The NCUA issued an interim final rule, effective June 30, clarifying that federal credit unions have explicit authority under the Federal Credit Union Act to impose non-interest charges and fees, including interchange fees from credit and debit card transactions, and that the NCUA holds exclusive regulatory authority over those charges regardless of conflicting state law.
This is the NCUA following the OCC's lead, aiming to keep the IFPA and similar state interchange laws from applying to federal credit unions. Unlike the National Bank Act, the Federal Credit Union Act only preempts state law relative to loans and lines of credit. While credit cards may fit that category, debit cards are a harder case. The IFPA ruling on national banks has already been appealed, and the court will need to weigh that appeal alongside this new NCUA rule.
Other states may slow down as a result, with many likely to hold off on new interchange fee legislation until the IFPA litigation plays out.
The NCUA finalized updates to its vital records preservation rule, Part 749, eliminating both of its appendices.
Appendix A, the record retention guidelines, had become a de facto requirement rather than guidance, pushing credit unions to retain records well beyond what disaster recovery required. Appendix B, the catastrophic act preparedness guidelines, is being removed from the rule itself, though NCUA plans to keep its content available on its website for reference.
The final rule also tightens what counts as a vital record: specifically, what your credit union needs to restore core member services after a catastrophic event, including member account balances, month-end financial reports, bank reconcilements, investment and account listings with contact information, and emergency contact information for staff, officials, and vendors. The records preservation log requirement changes too. Credit unions can choose their own format and content, including fully electronic logs, as long as the log supports locating and accessing vital records when needed.
Part 749 isn't a general records retention framework, and it doesn't touch your record-keeping obligations under other regulations. A narrower vital records definition doesn't mean other records can be purged, so review your broader retention schedule separately. If your program has been built around Appendix A's old recommendations as though they were mandatory, July 16th is your effective date to right size it.
June cut in two directions at once. Agencies eased up on transparency, enforcement, and pricing rules in some areas, tightened fair lending and data reporting expectations in others, and pushed back hard against states on interchange fees. For compliance teams, that means tracking where requirements are loosening and where they're not, often within the same agency.
That state-by-state patchwork is exactly what we dig into in How State-Level Regulations Are Creating Compliance Blind Spots, a closer look at where fragmented state activity is putting FIs at risk.