September 2025 Regulatory Update: ‘Debanking’ Executive Order and More Rollbacks

August 2025 highlighted a clear regulatory trend: significant changes to banking examination and oversight practices. From the anti-debanking executive order to the CFPB reversing firearm fintech enforcement, agencies have eliminated “reputation risk” and disparate impact from exams.

The changes are rippling across regulators, and operational updates — such as simplified FDIC signage and pre-filled customer data — reflect a broader push for flexibility. Combined with Zelle fraud litigation and Corporate Transparency Act (CTA) delays, these developments are reshaping supervision and compliance priorities for financial institutions.

Looking for a more detailed breakdown of this month’s headlines? Tune into the Reg Update podcast for a deeper dive. You will also find additional resources and regulatory analysis in Ncomply to help you stay ahead in this evolving landscape.

Issues Affecting All

President Trump Signs "Debanking" Executive Order

President Trump issued an executive order targeting “debanking” practices, prohibiting financial institutions (FIs) from denying services based on political or religious beliefs rather than objective risk. 

The order directs federal banking regulators to eliminate references to “reputation risk” from exam guidance within 180 days. It also gives regulators 120 days to review supervised institutions for debanking policies and enforce remedial actions, including fines or consent decrees, if necessary.

Key Takeaways

Ensure your FI’s decision-making is grounded in clear, measurable risk assessment criteria. While reputation risk is no longer a formal examination component, maintaining compliance and customer trust is critical to safeguarding your public image and customer confidence in the long-term. 

For more on this update, view the regulation analysis document in Ncomply.

CFPB Drops Enforcement Action Against Firearms and Outdoor Goods-Focused Fintech

In light of the debanking executive order, the CFPB dropped a 2021 enforcement action against a fintech providing buy-now-pay-later financing for firearms and outdoor goods. 

The Bureau began examining the company’s lease-to-own financing structure over concerns that consumers might not fully understand the terms, costs, and obligations compared to traditional credit products. CFPB staff proposed settlement terms that would have ended the company’s firearm leasing business despite its compliance with the Bureau of Alcohol, Tobacco, Firearms, and Explosives’ (ATF) regulations, so the company rejected the proposal. In August, the CFPB officially closed the investigation, citing that it had been "conducted in a biased manner" and "targeted" the company for facilitating constitutionally protected activities.

CFPB Reconsidering Personal Financial Data Rights Rule (Section 1033)

The CFPB is seeking feedback on its Personal Financial Data Rights Rule (Section 1033). Key questions include whether an authorized third party is simply anyone a consumer designates — or if a fiduciary relationship is required — and whether data providers can charge fees for third-party access.

FIs that would like to supply comments must do so by October 21, 2025. For more on this update, view the regulation analysis document in Ncomply.

Appellate Court Overturns Lower Court's CFPB Layoffs Decision

The D.C. Circuit Court of Appeals lifted a lower court injunction that had blocked CFPB layoffs and restructuring. While the case centers on the Bureau, it sets broader rules for how federal agencies can be reshaped — and how those changes can be challenged. 

The ruling clarifies that federal employees challenging a layoff must use the Civil Service Reform Act process rather than pursuing claims in federal court. The plaintiffs argued that the administration had decided to shut down the CFPB, but without a final, written action, the court found there was nothing to review. In dissent, Judge Pillard warned that the ruling could allow presidents to evade oversight by keeping restructuring plans private until completion.

Key Takeaways

A smaller, more narrowed CFPB will most likely focus on traditional banks rather than fintechs. More broadly, it limits legal avenues for challenging federal agency restructuring, giving agencies greater flexibility in personnel decisions while reducing the chance of judicial interference in administrative changes.

Fifth Circuit Pauses Government Appeal Until CTA Final Rule

The Fifth Circuit Court of Appeals has stayed the government’s appeal in Texas Top Cop Shop, Inc. v. FinCEN pending the finalization of the Corporate Transparency Act’s (CTA) implementing rule for beneficial ownership information (BOI) reporting. 

Multiple lawsuits have challenged the CTA’s constitutionality, citing violations of states’ rights to regulate entity formation, and First, Fourth, and Fifth Amendment protections. The plaintiffs previously won an injunction blocking enforcement and staying compliance deadlines. Since then, FinCEN released an interim final rule exempting “domestic reporting companies,” meaning U.S.-based businesses are not subject to the requirements. Both parties acknowledge that the case remains active because the interim rule is temporary. The court concurred that finalization of the rule was required and has stayed the government's appeal until that process is complete.

FinCEN indicated in March that it expects to issue the final rule this year. Be sure to check Ncomply for the latest updates regarding this case. 

Court Rejects Class Action in Automated Lending Discrimination Case

Eight borrowers sued a major bank claiming its automated underwriting system (CORE) systematically discriminated against Black and Hispanic mortgage applicants. They argued that “digital redlining” led to lower approval rates, processing delays, and worse loan terms compared to similarly qualified white applicants. The court denied class action certification, not because the bank was cleared of wrongdoing, but because the hundreds of thousands of individual loan decisions were too varied to combine into a single case.

At the heart of the dispute was whether CORE itself made discriminatory decisions. The plaintiffs argued that biased algorithms automatically assigned minority applicants to lower credit categories, while the bank maintained that CORE is a workflow tool, human underwriters make final decisions, and automated recommendations do not override judgment. Although statistical disparities in denial rates existed, the plaintiffs could not prove that CORE caused these gaps or explain how the system produced racial disparities in approvals.

The ruling represents a procedural win for the bank, though individual borrowers may still pursue separate lawsuits. 

Court Dismisses Racial Bias Claims Against Home Appraiser

Two professors sued an appraiser, alleging racial discrimination after their Baltimore home was initially appraised at $472,000. When the home was “whitewashed” and a white colleague posed as the owner, a second appraisal came in at $750,000 — a $278,000 difference.

The U.S. District Court in Maryland granted summary judgment for Lanham and 20/20 Valuations, finding no evidence of racial discrimination in the 2021 appraisal. The plaintiffs could not show that the appraiser’s methodology masked bias, and the court held that using comparable sales, location, and industry standards was legitimate. Defamation claims were also dismissed under Maryland’s fair reporting privilege.

The ruling coincided with HUD and OMB sunsetting the PAVE Task Force, the federal initiative addressing appraisal bias. 

Key Takeaways

While a procedural win for the appraiser, the case underscores the difficulty of proving discriminatory intent in valuation disputes and does not eliminate scrutiny of potential appraisal bias in the industry.

California DFPI Announces $2.3M Settlement with Former Mortgage Lender

California’s Department of Financial Protection and Innovation (DFPI) reached a $2.3 million settlement with a mortgage servicer for overcharging nearly 5,000 borrowers and violating state trust accounting rules. Between 2012 and 2019, the former mortgage lender and servicer failed to establish required custodial accounts, overcharged per diem interest, and did not comply with escrow documentation requirements.

A self-audit of roughly 65,000 loans uncovered over $550,000 in overcharges, prompting the settlement: $1.8 million in penalties, refunds to affected borrowers, and surrender of California financing and mortgage licenses. 

Key Takeaways

The case underscores the need for strict review processes, thorough documentation, and continuous compliance monitoring to prevent regulatory penalties and protect trust fund management.

Court Allows FCRA Claims in Identity Theft Dispute Case

An individual in California sued a bank after identity theft led to fraudulent credit card accounts being opened in their name. Despite the victim disputing the accounts and providing documentation, the bank continued reporting the debts to credit agencies.

The court allowed Fair Credit Reporting Act (FCRA) claims to proceed, finding evidence that the bank furnished inaccurate information and failed to conduct a reasonable investigation, with a factual dispute over whether agents willfully ignored the plaintiff’s evidence. The Fair Debt Collection Practices Act (FDCPA) claims were dismissed because banks are not “debt collectors” under the statute.

Key Takeaways

Even though the FDCPA does not apply to banks collecting their own debts, its best practices on contact frequency, communication timing, and statements are useful for avoiding Unfair, Deceptive, or Abusive Acts or Practices (UDAAP) violations. The ruling also highlights the need to review procedures, training, and collection policies to ensure compliance with the FCRA.

Issues Affecting Depositories

New York AG Sues Zelle Operator Over $1 Billion in Fraud Losses

On August 13, New York Attorney General Letitia James sued Early Warning Services, operator of Zelle, alleging the platform was built without critical safeguards and enabled over $1 billion in scams between 2017 and 2023. The complaint cites fast sign-ups with minimal verification, instant and irreversible transfers, limited fraud recovery, and slow responses to fraudulent accounts. Highlighted scams include account takeovers, pressure payments such as a fake Con Edison billing account that stole $1,500, and classic schemes like romance scams and emergency pleas.

The case raises a key policy question: should “authorized but tricked” payments receive the same protections as unauthorized fraud? A ruling could shift liability significantly for banks and fintechs. 

Key Takeaways

It is not a matter of whether scams happen — they do. It is whether institutions can prove they took all reasonable steps to prevent them and protect customers. FIs can expect more state-level litigation, strengthen fraud defenses and customer education, and ensure reimbursement policies demonstrate that every reasonable step was taken to protect customers.

Federal Court Invalidates Reg II Debit Interchange Fee Standards 

A federal court struck down Regulation II’s standard for debit interchange fees, ruling that it exceeded what Congress allowed under the Durbin Amendment of the Dodd-Frank Act. 

The court held that only incremental authorization, clearance, and settlement costs can be considered when setting interchange fees, not broader operational expenses. While the current 21-cent cap remains in place during appeal, the decision could force the Federal Reserve to recalculate fee standards under a narrower cost framework, potentially lowering permissible debit interchange fees. 

FDIC Proposes Simplified Digital Sign Requirements After Implementation Issues

The FDIC has proposed amendments to its December 2023 signage rule after banks reported implementation challenges with overly prescriptive requirements. The changes would scale back digital channel obligations by limiting signs to login pages and new account openings, simplify ATM signage by requiring notices only on the initial welcome screen, and narrow non-deposit product warnings to pages primarily dedicated to those products (such as annuities). 

The proposal also expands exemptions for physical ATM signs, including all machines activated before January 2027 and all deposit-only ATMs. Overall, the FDIC aims to reduce operational burden while maintaining consumer protections. 

FIs that would like to supply comments must do so by October 20, 2025. For more on this update, view the regulation analysis document in Ncomply.

FDIC Eliminates Disparate Impact Analysis from Fair Lending Exams

The FDIC has updated its Consumer Compliance Examination Manual to remove all references to “disparate impact,” directing examiners to focus only on evidence of “disparate treatment,” or intentional differences in customer treatment. The move follows President Trump’s April executive order phasing out disparate impact analysis across agencies, with the OCC making a similar update to its fair lending handbook in July.

The Department of Justice still applies disparate impact analysis and retains a five-year lookback period. State regulators in New York, Illinois, and California are also likely to continue enforcement, while plaintiffs’ attorneys may pursue disparate impact claims in court given existing precedent in housing cases. The CFPB and HUD maintain authority to apply disparate impact in their own enforcement programs.

Key Takeaways

FIs should continue to document policies and procedures carefully to demonstrate the absence of discriminatory intent. The DOJ, CFPB, HUD, and state attorneys general can still pursue enforcement grounded in disparate impact theory, so maintaining strong, consistent practices and thorough documentation remains essential.

FDIC Clarifies Pre-Populated Customer Information Allowed Under CIP Rule

The FDIC has clarified that banks under its supervision may use pre-filled information to meet Customer Identification Program (CIP) requirements when opening accounts. This follows FinCEN’s June order permitting banks to source customer information, including Taxpayer Identification Numbers, from third parties — an order now supported by all regulators, including the Federal Reserve, after issuing similar guidance.

Under the FDIC’s clarification, banks may use data from existing accounts, affiliates, or third-party vendors to pre-populate applications, provided customers can review, correct, and confirm all information. The process still allows for reasonable verification with fraud risk controls.

Key Takeaways

For FDIC-supervised institutions, this creates an opportunity to streamline account openings, reduce drop-off rates, and improve customer experience — so long as pre-fill capabilities are integrated into customer identification risk frameworks with strong verification measures in place.

Federal Reserve to End Novel Activities Program, Returns to Standard Supervision

The Federal Reserve Board is sunsetting its Novel Activities Supervision Program, which was launched in 2023 to oversee banks’ crypto and fintech engagements. The Fed says its understanding of those risks has matured enough to fold oversight into standard supervisory processes. The program’s specialized focus — crypto custody, stablecoin issuance, and bank-fintech partnerships — helped build examiner expertise, but the Fed now considers those activities mainstream enough for routine supervision.

Key Takeaways

The shift means crypto and fintech risks will be examined through normal exam cycles rather than a separate program, likely reducing regulatory duplication and making supervision more predictable. That said, this is not a de-risking signal: scrutiny continues, so firms should ensure controls, documentation, and risk frameworks for fintech and crypto activities are integrated into regular compliance and examination-ready processes.

Want to see how Ncomply makes managing compliance easier? 

Take a 5-minute tour to learn how Ncomply centralizes regulatory change, streamlines task management, and keeps your institution exam-ready.