July 2025 Regulatory Update: CFPB Rulemakings and Fair Lending Enforcement

If you thought last month was full of surprises, June raised the stakes. From the CFPB’s mortgage rulemakings and shifting enforcement postures to fraud prevention efforts and state-level developments, regulatory change is coming from every direction — and fast. 

Join Ncontracts’ regulatory experts as we break down what these changes mean for your institution. We’re covering everything from redlining consent orders and delayed rule rollouts to agency exemptions and Congressional reversals. 

Want more insight? Tune into the Regulatory Update podcast for a deeper dive. And as always, detailed analysis and compliance tools are available in Ncomply to help you stay ahead. 

Issues Affecting All

CFPB submits three mortgage-related rulemakings to OMB

The CFPB has submitted three significant rulemaking items to the Office of Management and Budget (OMB), signaling potential changes in mortgage lending and servicing regulations. The first targets Regulation Z’s loan originator compensation provisions, which currently prohibit dual compensation and ban pay structures based on loan terms, such as prepayment penalties. It’s unclear what changes may be proposed. 

The other two submissions address mortgage servicing provisions under Regulations X and Z. These items will likely be released as Advance Notices of Proposed Rulemaking (ANPRs), giving institutions a chance to weigh in. Given the industry-wide impact of past servicing reforms, this is a development worth watching closely. 

CFPB extends 1071 compliance deadlines

The CFPB has issued a new delay for its Section 1071 small business lending rule, pushing compliance deadlines back by about a year. This update creates a unified timeline for all covered institutions, resolving confusion caused by earlier court-ordered stays that applied only to certain lenders. The Bureau had previously said it wouldn’t enforce the rule against others during the legal limbo. Now, with the interim final rule in place, all institutions have new, aligned deadlines. Stay tuned — another proposed rule may be on the way. 

CFPB clarifies when rules are officially issued

The CFPB has rescinded its 2012 procedural rule that allowed rules to be considered “issued” upon website posting. Going forward, CFPB rules will only be considered issued when published in the Federal Register — unless a statute says otherwise. This change removes confusion, aligns with traditional rulemaking practices, and simplifies compliance tracking. Be sure to update your monitoring procedures and calendars accordingly. 

DOJ moves to end Lakeland Bank redlining case early 

The DOJ has requested early termination of its 2022 redlining consent order with a New Jersey bank, originally set to run through 2027. The agency cited the bank’s substantial compliance and commitment to continue disbursing the $12 million loan subsidy fund. While some headlines suggest the bank is getting off easy, the financial obligations remain. The move reflects a broader trend of the current administration stepping back from aggressive fair lending enforcement — but institutions should remain vigilant. Regulatory lookbacks in future exam cycles will cover activity during this period, so now is not the time to let fair lending oversight slide. 

Florida clarifies debt collection email rules 

Florida has passed a new law confirming that debt collection emails sent between 9 p.m. and 8 a.m. do not violate state law. Prompted by a recent lawsuit, the law clarifies that email is not considered a “communication” until read and is less intrusive than a phone call. The rule applies only to emails — phone calls remain restricted during those hours. If your institution collects debts from Florida consumers, consider updating your policies to reflect this change. 

Issues Affecting Depositories

GENIUS Act passes Senate without credit card amendments 

The Senate has passed the GENIUS Act — which would create the first federal regulatory framework for payment stablecoins — without controversial amendments on interchange rules or credit card interest rate caps. The clean bill designates who can issue stablecoins and imposes transparency requirements on issuers, including monthly disclosures and annual audits for those with over $50 billion in market cap. Financial institutions considering stablecoin issuance should begin evaluating strategic fit, prepare for application requirements, and update compliance programs to include Bank Secrecy Act (BSA) obligations. 

FDIC, OCC and NCUA issue CIP exemption for TIN collection

The NCUA, FDIC, and OCC have issued a joint exemption allowing banks and credit unions under their supervision to collect a customer’s taxpayer identification number (TIN) from a third party, rather than directly from the customer, when opening accounts. The change addresses growing concerns over identity theft and data breaches, and builds on the success of a similar credit card exception. The exemption doesn’t alter the core CIP requirement to reasonably verify customer identity — and notably, it does not apply to institutions supervised by the Federal Reserve. 

Illinois delays interchange fee law until 2026 

Illinois has postponed implementation of its Interchange Fee Law to July 1, 2026. The law prohibits charging interchange fees on the tax and tip portions of card transactions. While federally chartered and out-of-state banks are exempt due to preemption, the law still applies to state and federal credit unions, Illinois-chartered banks, and payment processors. The delay gives affected institutions more time to adjust systems — but further litigation and copycat laws in other states may be on the horizon. 

Banks

Fed lifts Wells Fargo asset cap, but enforcement action remains

The Federal Reserve has lifted the asset cap imposed on Wells Fargo in 2018, citing the bank’s progress in meeting risk management and governance requirements. The cap, set at $1.95 trillion, was a response to widespread consumer abuses tied to unauthorized account openings. While this marks a major milestone, other provisions of the 2018 enforcement action remain in place. The case is a reminder that the consequences of compliance failures can last for years — even after restrictions are lifted. 

Court upholds Townstone consent order despite CFPB reversal effort

A U.S. District Court has denied a joint motion by the CFPB and Townstone Financial to vacate their November 2024 consent order resolving redlining allegations. The new CFPB leadership argued the case was a misuse of power targeting protected political speech, but the court found no extraordinary circumstances to justify undoing the settlement. Emphasizing the public impact and the need for finality in judgments, the court ruled that policy disagreements by a new administration are not grounds to reopen resolved cases. The consent order remains in effect. 

Related: Financial Services Enforcement Action Tracker 

Regulators seek input on tackling payments fraud

The OCC, Federal Reserve, and FDIC have issued a Request for Information (RFI) on potential actions to combat payments fraud across all payment types, including checks and instant payments. Key focus areas include stakeholder collaboration, public education, regulatory updates (such as potential Reg CC changes), data sharing, and new fraud tools in Fed payment systems. Institutions should review their current fraud prevention strategies. Comments are due by September 18. 

Fed removes reputational risk from exam programs

The Federal Reserve has announced that reputational risk will no longer be a standalone component in its bank examination programs, aligning with other regulators taking a similar stance. However, this doesn’t mean reputational risk no longer matters. Institutions should continue to manage and monitor reputational exposure as part of broader risk management efforts, as it remains a key factor in public trust and long-term stability. 

 Trump overturns OCC bank merger rule via Congressional Review Act

President Trump has signed a resolution nullifying the OCC’s 2024 bank merger rule, which had eliminated expedited reviews for certain mergers. The reversal reinstates the fast-track process, easing uncertainty for smaller banks. Because it was overturned under the Congressional Review Act, similar rules can’t be reissued without congressional approval. This marks another in a growing list of federal rollbacks by the administration—and it’s only midyear. 

SEC-Regulated Entities

SEC withdraws 14 proposed rules, signaling shift in priorities

In a sweeping move, the SEC has formally withdrawn 14 proposed rules issued between March 2022 and November 2023, covering topics like cybersecurity, ESG disclosures, digital asset custody, predictive analytics, and best execution standards. New SEC Chair Paul Atkins emphasized a focus on clearer rules and stronger cost-benefit analysis. While the withdrawn proposals won’t be finalized, the SEC may revisit these areas with fresh rulemaking. Notably, the advisor Customer Identification Program (CIP) rule remains on the table — suggesting national security-aligned priorities may still move forward. Stay tuned for the upcoming Spring 2025 regulatory agenda. 

See how Ncomply makes managing compliance easier. 

Take a 5-minute tour to discover how Ncomply centralizes regulatory change, streamlines task management, and keeps your institution exam-ready.