<img src="https://ws.zoominfo.com/pixel/pIUYSip8PKsGpxhxzC1V" width="1" height="1" style="display: none;">

November 2023 Regulatory Update: CRA, the CFPB and the Latest on Climate Risk

3 min read
Nov 14, 2023

Worried you’re missing a key regulatory development? Unclear on what regulatory change means for your institution? 

The Ncontracts compliance team is here to save the day! Each month our team of regulatory attorneys and certified compliance specialists breaks down the biggest issues in financial services regulatory compliance in our Ncast Regulatory Brief podcast so that you know what’s going on and what it means for your organization. 

For even more information, including plain-English explanations of state and federal regulations and implementation guides, log into our Ncomply compliance management solution.  

This month brings the unveiling of Community Reinvestment Act modernization rules, a new framework for climate risk, enforcement actions, and a lot of Consumer Protection Financial Board (CFPB) activity—including an update on 1071. 

For a deeper dive into what all took place in October, be sure to watch the video here.


Let's dig in.

CFPB Had a Busy Month 

CFPB Section 1071 

The Supreme Court heard oral arguments in October challenging the constitutionality of the Consumer Financial Protection Bureau (CFPB)’s funding mechanism. A decision is expected in June 2024. 

That decision will impact 1071 implementation. In October a federal court in Texas expanded its injunction postponing implementation of the CFPB’s 1071 rule until after the Supreme Court ruling to all covered financial institutions. (Previously the injunction applied only to certain trade association members.) 

Want more details on 1071? Here’s our in-depth recap. 

CFPB proposes Section 1033 rule on personal financial data

A hot topic more than 10 years in the making, the CFPB has finally released a proposed rule implementing Section 1033 of the Dodd-Frank Act, which covers personal financial data rights. The proposed rule would regulate the access, use, and security of personal financial data. Comments are due by December 29.

Eyes Junk Fees and Discrimination Against Immigrants

The CFPB and the Justice Department issued a joint statement warning that financial institutions can’t discriminate based on immigration status without violating the Equal Credit Opportunity Act (ECOA). Financial institutions are encouraged to review their existing policies and practices including underwriting guidelines, staff training, and even algorithms or technology used in automated decision-making systems, to ensure they are in line with ECOA. For more analysis, listen to the podcast.

The CFPB also issued guidance prohibiting banks and credit unions with $10 billion or more in assets for making it hard to access basic account information, including charging excessive fees.


The Federal Reserve and New York Department of Financial Services teamed up for enforcement actions that cost a New York bank nearly $30 million for deficient customer identification, customer due diligence, and third-party risk management programs that led to huge fraud within its prepaid card program.

Meanwhile the Department of Justice achieved a new milestone in its Combatting Redlining Initiative, securing more than $107 million in lending discrimination settlements since 2021, and the CFPB filed a lawsuit against a mortgage company that required HMDA data with many errors (despite a 2019 consent order for the same thing). In August the mortgage company was filed $1.75 million for illegal kickbacks for mortgage loan referrals.

Related: 2023 Regulatory Enforcement Actions


FinCEN issued a proposed rule that would implement recordkeeping and reporting requirements for transactions involving convertible virtual currency (CVC) mixing at domestic financial institutions and agencies. It also issued a guidance warning financial activities to be on the look for and report suspicious activity related to Hamas financing.

Climate Risk Management

The Federal Reserve, OCC, and FDIC issues Principles for Climate Related Financial Risk Management for Large Financial Institutions. The framework covers four categories (governance, strategy, risk management and disclosure) and applies to institutions with $100 billion or more in assets.  The principles provide a roadmap for how to approach those risks, from board-level governance to day-to-day risk management, and are likely to influence other financial firms.

It is also different from two new California laws requiring entities with revenue over $500 million annually to report on climate risk and those with annual revenue of $1 billion or more to report on greenhouse gas emissions.

Listen to the podcast for a breakdown of the agency principles and the California laws and their key differences.

Agencies Release Final Community Reinvestment Act Rule 

The Federal Reserve, OCC and FDIC jointly issued a final rule modernizing Community Reinvestment Act (CRA) regulations.  Meant to encourage banks to help meet the credit needs of their entire communities, especially in low- and moderate-income (LMI) neighborhoods, in a safe and sound manner, of the rule's requirements will take effect January 1, 2026.

Log into Ncomply for the latest updates and interpretations of the rule from Ncontracts’ regulatory compliance experts. Also, be on the lookout for our upcoming webinar.

Credit Unions

NCUA approved a proposed rule that would simplify share insurance regulations by establishing a “trust accounts” category and another that would allow people convicted of certain minor offenses to work in the credit union industry without applying for the Board’s approval.



Subscribe to the Nsight Blog