Skip to Content
Business professionals working together.
Article

Q2 2025 compliance updates for financial institutions

July 30, 2025 / 3 min read

Our experts cover the top headlines each quarter to keep you apprised of regulatory compliance matters impacting banks and credit unions. This quarter, we highlight several proposed rulemakings and other supervisory guidance to help navigate the current regulatory environment.

Each quarter, our financial institutions experts bring you the top headlines to keep you updated on regulatory compliance matters impacting banks and credit unions. Here’s the latest roundup of information you need to know.

The topics covered in this update include:

Lending compliance

CFPB extends compliance dates for Section 1071 rule again amid ongoing litigation

The Consumer Financial Protection Bureau (CFPB) issued an interim final rule on June 18, 2025, extending the compliance deadline dates set forth in the small business lending data collection rule required under Section 1071 of the Dodd-Frank Act. The compliance dates were extended by approximately one year.

CFPB update on Buy Now, Pay Later rule

On May 6, 2025, the CFPB announced that it’ll not prioritize enforcement actions related to the final rule titled, “Use of Digital User Accounts to Access Buy Now, Pay Later Loans,” 89 Fed. Reg. 47,068 (Buy Now, Pay Later). The CFPB also indicated that it’s considering appropriate action to rescind the “Buy Now, Pay Later” rule.

Regulators release list of underserved and distressed middle-income geographies

The Federal Deposit Insurance Corporation (FDIC), Federal Reserve Board (FRB), and the Office of the Comptroller of the Currency (OCC) released the 2025 list of distressed or underserved nonmetropolitan middle-income geographies where certain banking activities are eligible for Community Reinvestment Act (CRA) credits. These designations reflect local economic conditions such as unemployment, poverty, and population changes. Activities in these geographies are eligible to receive CRA consideration for 12 months after publication of the current list. An updated methodology was utilized by the agencies to designate the census tracts in the list, and, as a result, the urban influence codes have been consolidated from 12 to nine categories.

Other compliance

Agencies withdraw joint statements on crypto-assets

On April 24, 2025, the Federal Reserve and FDIC joined the OCC in withdrawing guidance regarding banking organizations’ crypto-asset-related activities. These statements addressed risks associated with crypto-assets, including potential liquidity vulnerabilities. The withdrawal is intended to clarify that banking organizations may engage in permissible crypto-asset activities and provide products and services to persons and firms involved in such activities, provided they do so in a manner consistent with safety and soundness principles and applicable laws and regulations. 

CFPB rescinds interpretive rule on states’ enforcement

On May 15, 2025, the CFPB rescinded the interpretive rule that declared essentially no limits on the states’ ability to enforce provision of the Consumer Financial Protection Act (CFPA). The CFPB stated that the limitations on the bureau’s enforcement authority outlined in the CFPA also apply to states, even though Section 1042 of the act doesn’t explicitly state this.

CFPB rescinds three proposed rules

The CFPB withdrew three proposed rules on May 15, 2025, which included the following: “Protecting Americans From Harmful Data Broker Practices” (Regulation V); “Prohibited Terms and Conditions in Agreements for Consumer Financial Products or Services” (Regulation AA); and “Electronic Fund Transfers Through Accounts Established Primarily for Personal, Family, or Household Purposes Using Emerging Payment Mechanisms.”

CFPB rescinds 67 guidance documents

The CFPB has rescinded 67 guidance documents issued since 2011, following a directive from acting Director Russell Vought. This included eight policy statements, seven interpretive rules, 13 advisory opinions, and 39 “other” guidance documents (circulars, bulletins, policy guidance). The bureau indicated it will review these documents to determine if any should be retained, and the rescinded guidance shouldn’t be enforced during this review.

The Fed removes reputational risk as a component of examination programs

The FRB announced on June 23, 2025, that reputational risk will no longer be a component of examination programs in its supervision of banks, following suite with the OCC. This policy change doesn’t modify the board’s expectation that supervised institutions maintain robust risk management frameworks to ensure safety, soundness, and compliance with applicable laws and regulations.

Financial crimes, including anti-money laundering/countering the financing of terrorism

Agencies issue exemption to Customer Identification Program (CIP) requirements

The FDIC, National Credit Union Administration (NCUA), and OCC, with the concurrence of FinCEN, issued an order granting an exemption for all accounts at banks under the jurisdiction of the OCC, FDIC, and NCUA from the requirement to obtain Taxpayer Identification Numbers (TINs) information directly from a customer before opening an account. Instead, banks will be permitted to use an alternative method to collect TIN information from a third-party source. Banks must still comply with the CIP rule by having risk-based, written procedures that enable the bank to obtain TIN information prior to opening an account. The exemption is optional and doesn’t require institutions to use an alternative collection method to obtain a customer’s TIN information.

Related Thinking