Lending compliance
FDIC proposes regulatory threshold adjustments and indexing to reflect inflation
The Federal Deposit Insurance Corporation (FDIC) board of directors has approved a notice of proposed rulemaking (NPR) to update certain regulatory thresholds, such as those related to annual independent audit and reporting requirements under 12 CFR part 363, to reflect historical inflation. The proposal also introduces a method for future adjustments based on inflation indexing. These changes aim to maintain the relevance of regulatory thresholds over time and avoid unintended policy impacts. This NPR marks the beginning of a broader effort to reassess thresholds across FDIC regulations, with additional proposals expected. Public comments will be accepted for 60 days following its publication in the Federal Register.
Agencies issue joint proposal to rescind 2023 Community Reinvestment Act Final Rule
The FDIC, Federal Reserve Board, and the Office of the Comptroller of the Currency (OCC) have proposed rescinding the October 2023 final rule on the Community Reinvestment Act (CRA) and reinstating the original 1995 CRA regulations with some technical updates. This move aims to reduce regulatory uncertainty amid ongoing litigation and ease compliance burdens for banks, while maintaining their community service obligations. Since the 2023 rule had not yet taken effect, the 1995 regulations remain in use. Public comments on the proposal are due within 30 days of its publication in the Federal Register.
NCUA and OCC remove references to disparate impact liability
On Sept. 4, 2025, the National Credit Union Administration (NCUA) eliminated all references to disparate impact from its Fair Lending Guide and other issuances. The OCC removed disparate impact liability from the “Fair Lending” booklet of the Comptroller’s Handbook. These changes were made in response to White House Executive Order 14281, “Restoring Equality of Opportunity and Meritocracy,” which directs federal agencies to remove the use of disparate impact liability in all contexts.
As a result, the agencies’ examination and supervision processes will no longer include reviews for disparate impact. The agencies will no longer request, review, or conclude on:
- Matters related to a financial institution’s disparate impact risk.
- Internal disparate impact risk analysis.
- Disparate impact risk assessment processes or procedures.
However, the agencies will continue to conduct fair lending examinations and risk assessments and take action if evidence of disparate treatment or other violations are found.
Other compliance
FDIC board approves proposal to amend official signs and advertising requirements
The FDIC board of directors has proposed amendments to simplify how banks display the FDIC official digital sign and nondeposit signage across digital platforms like websites, mobile apps, and ATMs. These changes aim to revise the 2023 final rule by focusing signage requirements on the most relevant screens and pages for consumers. The goal is to make compliance clearer and more practical for banks while maintaining consumer awareness. Public comments on the proposed rule will be accepted for 60 days following its publication in the Federal Register.
Agencies issue joint statement on risk-management considerations for crypto-asset safekeeping
The FDIC’s Interagency Statement on crypto-asset safekeeping, issued jointly with the Federal Reserve and OCC in July 2025, outlines expectations for banking organizations that offer safekeeping services for crypto-assets. It emphasizes that such activities must be conducted in a safe and sound manner, consistent with existing laws and regulations, without introducing new supervisory requirements. The statement distinguishes between fiduciary and nonfiduciary safekeeping, requiring compliance with fiduciary laws when applicable and strong contractual and operational controls otherwise. Key risk management areas include cybersecurity, cryptographic key control, and contingency planning. Institutions must demonstrate exclusive control over crypto-assets and ensure subcustodians meet the same standards. This guidance complements other 2025 updates, including the FDIC’s withdrawal of prior crypto-related statements and clarification that banks may engage in permissible crypto activities without prior approval, provided they manage risks appropriately.
OCC announces actions to depoliticize the banking system
On Sept. 8, 2025, the OCC announced measures to eliminate politicized or unlawful debanking within the banking system.
- The OCC issued a bulletin to banks, clarifying how it evaluates a bank’s past record and current policies to avoid engaging in such practices when assessing statutory and regulatory factors for licensing activities. These debanking considerations are also taken into account when determining a bank’s CRA rating.
- The OCC updated its online customer complaint website to assist consumers in reporting and to help the agency identify any unlawful debanking by its regulated institutions.
- The OCC issued a bulletin to remind banks of their legal obligations to protect their customers’ financial records unless disclosure is required by law under the Right to Financial Privacy Act (RFPA) and the property usage of Suspicious Activity Reports (SARs).
- The OCC is also reviewing its approaches to Bank Secrecy Act/anti-money laundering (BSA/AML) supervision to ensure they don’t contribute to unlawful debanking and will make changes if necessary.
OCC announces updates to organizational structure for bank supervision
Effective Oct. 1, 2025, three distinct lines of business will replace the OCC Bank Supervision and Examination Group: large and global financial institutions; regional and midsize financial institutions; and community banks. Each unit will be led by a senior deputy comptroller who will report to the Comptroller of the Currency. The new structure will better enable the OCC to ensure that national banks and federal savings institutions support their customers, communities, and a thriving economy.
GENIUS Act: America’s bold leap into the digital currency future
On July 18, 2025, President Trump signed the GENIUS Act (S.1582) into law, marking a transformative moment in U.S. financial policy. Designed to establish America as the global leader in digital assets, the legislation introduces the first federal regulatory framework for stablecoins, mandating 100% reserve backing and strict consumer protections. It aligns state and federal oversight, reinforces national security through anti-money laundering compliance, and boosts demand for U.S. Treasurys to strengthen the dollar’s reserve currency status. The Act also fulfills Trump’s campaign promise to make the United States the “crypto capital of the world,” catalyzing innovation, investment, and responsible digital asset growth.
Banking on beliefs: Trump’s crackdown on politicized debanking
On Aug. 7, 2025, President Trump signed an Executive Order titled, “Guaranteeing Fair Banking for All Americans,” targeting what he calls “politicized or unlawful debanking.” The order asserts that no American should be denied financial services due to their constitutionally protected beliefs or affiliations. It directs federal banking regulators — including the SBA and FSOC member agencies — to eliminate the use of “reputation risk” in guidance and exams, and to take remedial action against institutions found to have engaged in politically motivated debanking. SBA lenders are also required to identify and assist clients denied services for political reasons. This move revives the Trump administration’s earlier push for “fair access” rules and signals a renewed effort to insulate banking decisions from ideological bias.
CFPB seeks input on personal financial data rights reconsideration
On Aug. 22, 2025, the Consumer Financial Protection Bureau (CFPB) issued an Advance Notice of Proposed Rulemaking regarding the reconsideration of Personal Financial Data Rights. The CFPB is soliciting comments and data to aid in its evaluation of four key issues related to the implementation of Section 1033 of the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act). These issues include: understanding who can act as a “representative” on behalf of the consumer; determining the best approach for assessing fees to cover the costs incurred by a “covered person” in responding to consumer requests; evaluating the threats and cost-benefit scenarios for data security in compliance with Section 1033; and assessing the threat landscape for data privacy in compliance with Section 1033. The commentary period ends on Oct. 21, 2025.
U.S. Department of the Treasury seeks input on GENIUS Act
On Sept. 18, 2025, the U.S. Department of the Treasury released an Advance Notice of Proposed Rulemaking, inviting public feedback on the implementation of the Guiding and Establishing National Innovation for U.S. Stablecoins (GENIUS) Act. This act directs the Treasury to develop regulations that foster innovation in payment stablecoins while ensuring consumer protection, mitigating potential illicit finance risks, and addressing financial stability concerns. The public is encouraged to submit comments, including data and other relevant information, to aid the Treasury in implementing this law. Responses to the advance notice should be submitted within 30 days of its publication in the Federal Register.
CFPB proposes standard definition of risks to consumers
The CFPB is proposing to establish a standard definition of “risks to consumers with regard to the offering of consumer financial products or services.” This definition will be binding in the bureau’s proceedings for designating nonbank covered persons for bureau supervision. By doing so, the CFPB aims to ensure it operates within its statutory authority and to provide clear standards for the bureau’s operations.
The NCUA removes reputational risk as a component of its examination and supervisory process
On Sept. 25, 2025, the NCUA announced that reputational risk will no longer be a component of the examination and supervisory process, aligning with Executive Order 14331. The agency will continue to assess areas previously categorized under reputational risk, such as litigation and insider abuse, to ensure safety, soundness, and compliance with applicable laws and regulations.
Financial crimes, including anti-money laundering/countering the financing of terrorism
FinCEN issues guidance to financial institutions on cross-border information sharing
The U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) has issued new guidance to support voluntary cross-border information sharing among financial institutions, including foreign entities. This initiative aims to strengthen efforts against money laundering, terrorist financing, and other illicit financial activities. While the guidance reaffirms that sharing Suspicious Activity Reports (SARs) or disclosing their existence remains prohibited, it clarifies that the Bank Secrecy Act and its regulations generally allow for broader cross-border information exchange. Developed in collaboration with the OCC, FDIC, and NCUA, the guidance also aligns with the President’s Working Group on Digital Asset Markets’ goal of enhancing U.S. leadership in digital financial technology through improved information sharing.
Regulatory agencies allow banks to use an alternative method for collecting certain customer identification information
Federal financial institution regulatory agencies, including the FRB and FinCEN, are now allowing banks the flexibility to use alternative methods for collecting certain customer identification information. Specifically, these agencies permit financial institutions to obtain tax identification numbers from a third party, rather than directly from the customer. This flexibility is optional, and financial institutions are not required to adopt these alternative collection methods.
Treasury delays AML rule for investment advisers to reassess regulatory impact
On July 21, 2025, the U.S. Department of the Treasury’s FinCEN announced a two-year postponement of its final rule requiring registered and exempt investment advisers to implement anti-money laundering (AML) and countering the financing of terrorism (CFT) programs and file suspicious activity reports. Originally set to take effect on Jan. 1, 2026, the rule — known as the IA AML Rule — will now be delayed until Jan. 1, 2028. The move reflects Treasury’s intent to revisit the rule’s scope to better balance regulatory costs and benefits, signaling a measured approach to financial crime compliance in the investment advisory sector.
Real estate rule delayed: FinCEN extends AML reporting deadline
FinCEN has postponed the implementation of its anti-money laundering regulations for Residential Real Estate Transfers Rule (RRE Rule) until March 1, 2026. The delay aims to ease the compliance burden on businesses while maintaining safeguards against illicit finance threats. This move gives the industry more time to prepare for the new reporting requirements.