Each quarter, our financial institutions experts bring you the top headlines to keep you updated on regulatory compliance matters impacting banks and credit unions. Here’s the latest roundup of information you need to know. The topics covered in this update include:
- Lending compliance
- Other compliance
- Financial crimes, including anti-money laundering/countering the financing of terrorism
Lending compliance
Fannie Mae issues lender letter on AI and machine learning in mortgage origination and servicing practices
On April 8, 2026, Fannie Mae issued a lender letter that requires seller/servicers that use AI and machine learning (AI/ML) in connection with originating loans sold to or guaranteed by Fannie Mae, or servicing loans on Fannie Mae’s behalf, to comply with applicable laws and the lender contract. The lender letter highlights the growing use of AI/ML in mortgage origination and servicing, emphasizing both its benefits and associated risks. Seller/servicers using AI/ML must ensure compliance with applicable laws and contractual requirements, supported by formal policies and procedures governing AI/ML development, use, and risk management. These frameworks should promote transparency, ethical use, regulatory alignment, and ongoing oversight. Institutions must also meet information security standards, manage vendor-related AI/ML risks, and be prepared to disclose AI/ML usage, controls, and safeguards to Fannie Mae upon request.
Treasury announces Community Development Financial Institutions rulemaking and enhanced anti-discrimination oversight
The U.S. Department of the Treasury announced planned rulemaking and reforms affecting the Community Development Financial Institutions (CDFI) Fund on April 9, 2026. The forthcoming proposed rules will clarify that certain CDFI-funded benefits qualify as “federal public benefits” under the Personal Responsibility and Work Opportunity Reconciliation Act of 1996, making them unavailable to nonqualified individuals, including immigrants lacking permanent legal status. Treasury is also introducing new requirements to ensure certified CDFIs comply with federal anti-discrimination laws, including prohibitions on unlawful preferences based on race, ethnicity, or sex. CDFIs will be required to implement and annually certify compliance policies and make them available for review. The CDFI Fund indicated it will enforce compliance through available remedies, including decertification, termination of funds, and recapture of awards where violations occur.
CFPB publishes Regulation B final rule
On April 22, 2026, the Consumer Financial Protection Bureau (CFPB) issued a final rule that amends provisions related to disparate impact, discouragement of applicants or prospective applicants, and special purpose credit programs under Regulation B, the regulation implementing the Equal Credit Opportunity Act. The rule eliminates disparate-impact liability and limits liability to intentional discrimination. It also narrows the definition of “discouragement,” focusing on creditor statements that intentionally signal unfavorable treatment based on prohibited characteristics. Additionally, the rule imposes new restrictions on special purpose credit programs offered by for-profit entities, including prohibiting the use of certain protected characteristics as eligibility criteria and establishing additional documentation requirements, while permitting certain geographically based programs.
CFPB finalizes Section 1071 Small Business Data Collection and Reporting Rule
On May 1, 2026, the CFPB issued a final rule implementing updates to the Equal Credit Opportunity Act under Section 1071 of the Dodd-Frank Act. The amendments revise the scope of covered credit transactions and financial institutions, update the definition of small business, and adjust both the data points to be collected and the methods for collection, as well as the compliance timeline. The CFPB indicated these changes are intended to streamline implementation, reduce complexity for lenders, and improve data quality. The revised rule establishes a uniform compliance date of Jan. 1, 2028, for all institutions.
OCC issues final rules affirming federal preemption of escrow interest laws
On May 15, 2026, the Office of the Comptroller of the Currency (OCC) issued two final rules addressing national banks’ and federal savings associations’ authority over real estate escrow accounts. The first rule codifies long-standing authority, reaffirming that institutions have flexibility in determining whether to pay interest or fees on escrow accounts, providing greater regulatory clarity and supporting lending activity. The second rule establishes that federal law preempts state laws that restrict this flexibility, specifically identifying New York’s interest-on-escrow law and similar laws in other states and territories as preempted. Together, the rules reinforce federal preemption and aim to reduce regulatory burden while promoting consistency in escrow practices.
Other compliance
Treasury issues GENIUS Act proposal on state oversight
The U.S. Department of the Treasury issued a Notice of Proposed Rulemaking on April 1, 2026, seeking public comment on its implementation of the Guiding and Establishing National Innovation for U.S. Stablecoins (GENIUS) Act. Under the GENIUS Act, payment stablecoin issuers with consolidated total outstanding issuance of $10 billion or less may elect to be regulated under a state-level regulatory regime, provided that such regime is “substantially similar” to the federal regulatory framework. The proposal broadly defines a “state-level regulatory regime” to allow states’ discretion in designing their frameworks through a combination of legislation, regulation, and enforceable guidance. The proposal further distinguishes between “uniform requirements,” which must align with federal standards and “state-calibrated requirements,” where states retain discretion so long as outcomes are equally stringent. It also outlines expectations for licensing, supervision, custody, and insolvency, while permitting additional state requirements that don’t conflict with federal law.
Agencies remove reputation risk from supervision and revise interagency guidance
On April 7, 2026, the OCC and the Federal Deposit Insurance Corporation (FDIC) jointly issued a final rule formally eliminating “reputation risk” from their supervisory frameworks. The rule defines reputation risk and prohibits the agencies from citing it as a basis for supervisory criticism or adverse action. It also prohibits the agencies from requiring, directing, or encouraging institutions to terminate customer relationships or take other actions based on a customer’s political, social, cultural, or religious views, constitutionally protected speech, or lawful activities that may be viewed as politically disfavored. Subsequently, on June 2, 2026, the Board of Governors of the Federal Reserve System, OCC, and FDIC jointly updated 15 interagency guidance documents to remove references to reputation risk. The revisions apply across a range of supervisory topics, including asset securitization, subprime lending, customer identification, home equity lending, cybersecurity, operational resilience, and elder financial exploitation.
FDIC rescinds nonsufficient fee guidance
The FDIC rescinded its 2023 supervisory guidance relating to supervised institutions assessing multiple nonsufficient funds fees arising from the re-presentment of the same unpaid transaction on April 10, 2026. The FDIC emphasized that supervised institutions should ensure their disclosures to consumers accurately reflect their practices and are provided in accordance with applicable laws, regulations, and other current legal requirements.
Agencies issue revised model risk guidance
On April 17, 2026, the FDIC, in coordination with the OCC and the Board of Governors of the Federal Reserve System, issued updated interagency guidance on model risk management. The revised guidance reinforces a risk-based approach, emphasizing that model risk management frameworks should be tailored to the size, complexity, and overall model risk profile of each banking organization.
The guidance outlines key principles to support effective practices across the model life cycle, including development and use, validation and ongoing monitoring, as well as governance and control structures. It also addresses considerations related to vendor and other third-party models, including expectations for their validation. Importantly, the agencies clarify that the guidance is principles-based rather than prescriptive, and doesn’t establish enforceable standards. As such, noncompliance with the guidance alone wouldn’t result in supervisory criticism.
NCUA deregulation proposals
The National Credit Union Administration (NCUA) continued its Deregulation Project through several rounds of proposals aimed at reducing compliance burden by eliminating outdated, duplicative, or overly prescriptive requirements while maintaining safety and soundness. On April 7, 2026, the NCUA’s ninth round of proposals would remove the automatic disqualification of associational groups that require the purchase of a product or service as a condition of membership, instead permitting a more holistic eligibility assessment. On April 21, 2026, the 10th round proposes to clarify agency guidance and eliminate duplicative requirements in the Code of Federal Regulations related to credit union conversions and mergers, allowing boards of directors greater flexibility to exercise fiduciary judgment without a rigid, agency-defined process. On May 6, 2026, the 11th round proposes additional updates to reduce outdated and duplicative rules, including increasing the asset threshold for management interlocks under the Depository Institution Management Interlocks Act (DIMIA) to $10 billion and removing 12 CFR 711.6(b)(2), which presumes certain interlocks wouldn’t result in a monopoly or substantially lessen competition.
FDIC updates Q&As related to signs and advertising requirements
The FDIC updated its Questions and Answers (Q&As) for signage and advertising requirements on May 13, 2026. The Q&As respond to questions from various stakeholders, including financial institutions, trade associations, technology companies, vendors, and other entities, and are intended to enhance transparency and support implementation. The amended provisions are effective April 1, 2027.
Executive order on fintech integration and regulatory reform
On May 19, 2026, the White House issued an executive order directing federal financial regulators to streamline regulatory frameworks and promote collaboration among regulators, federally regulated financial institutions, and fintech firms. The order requires the OCC, FDIC, NCUA, CFPB, Securities and Exchange Commission (SEC), and Commodity Futures Trading Commission (CFTC) to conduct, within 90 days, a review of existing regulations, guidance, supervisory practices, and application processes to identify areas that unduly impede fintech firms from partnering with regulated institutions or that could be streamlined for fintechs seeking charters, insurance, or other federal approvals. Additionally, the Federal Reserve is directed to conduct a similar review, including evaluating the legal, regulatory, and policy frameworks governing access to Federal Reserve payment accounts and services for uninsured depository institutions and nonbank financial companies, including digital asset firms and participants in real-time payment networks. The Federal Reserve must also submit a report to the president within 120 days outlining its legal authority to provide such access, potential options to expand access, any existing legal impediments, and whether individual Reserve Banks may independently grant or deny access. If permitted under current law, the Federal Reserve is further directed to establish transparent application procedures and issue decisions on complete applications within 90 days.
FFIEC requests comments on proposed revisions to CAMELS rating system
The Federal Financial Institutions Examination Council (FFIEC) issued a request for public comment on proposed revisions to the Uniform Financial Institutions Rating System (CAMELS), on May 19, 2026. The proposal would strengthen the link between ratings and a financial institution’s safety and soundness by focusing ratings on material financial risks over concerns related to policies, procedures, and documentation. The proposed revisions include removing the current “special consideration” given to the management component in determining composite ratings and establishing a material financial risk threshold for assigning management ratings of 3 or worse. In addition, the proposal would limit the influence of specialty examination findings on CAMELS ratings to those that affect an institution’s overall financial condition or pose material financial risk. It would also eliminate references to “reputation risk” and replace references to “allowance for loan and lease losses” with “allowance for credit losses” to align with current GAAP standards. The public is encouraged to submit comments within 90 days of publication in the Federal Register.
Financial crimes, including anti-money laundering/countering the financing of terrorism
FinCEN proposes rule to fundamentally reform Financial Institution’s Anti-Money Laundering and Countering the Financing of Terrorism programs
On April 7, 2026, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) issued a proposed rule to significantly reform anti-money laundering and countering the financing of terrorism (AML/CFT) programs under the Bank Secrecy Act (BSA). The proposal emphasizes a shift toward assessing overall program effectiveness, including distinguishing between deficiencies in program design and those related to implementation. It reinforces Treasury’s view that financial institutions are best positioned to identify, assess, and manage their own illicit finance risks and encourages more efficient allocation of resources toward higher-risk areas. The proposed rule also clarifies expectations for core AML/CFT program components, such as independent testing and audit functions, with the intent of ensuring that examiners and auditors don’t substitute subjective judgment for a reasonably designed, risk-based program. Additionally, it affirms FinCEN’s central role in AML/CFT supervision by introducing a formal notice and consultation framework with federal banking agencies for significant supervisory actions.
FinCEN reissues FAQs regarding customer due diligence requirements for covered financial institutions
The U.S. Department of the Treasury’s FinCEN updated and reissued its frequently asked questions (FAQs) on customer due diligence (CDD) requirements for covered financial institutions to reflect a recent order that eased beneficial ownership reporting obligations. The FAQs, which were previously issued on July 19, 2016, April 3, 2018, and Aug. 3, 2020, were originally developed to assist institutions in understanding the scope of the Customer Due Diligence Requirements for Financial Institutions final rule issued on May 11, 2016, and amended on Sept. 29, 2017. The reissuance consolidates the prior sets of FAQs into a single document and updates select responses to align with the exceptive relief order issued by FinCEN on Feb. 13, 2026.
Interagency advisory on undocumented immigrants
On May 11, 2026, U.S. Department of the Treasury’s FinCEN, in coordination with the FDIC, OCC, NCUA, and the Internal Revenue Service, issued a joint advisory supporting Executive Order 14406, Restoring Integrity to America’s Financial System, and Treasury’s ongoing efforts to prevent misuse of the U.S. financial system. The advisory highlights identity theft and payroll fraud as common elements in schemes involving complicit employers, particularly within the agriculture, construction, domestic service, hospitality, and similar industries, seeking to conceal violations of U.S. immigration laws. It also notes the involvement of labor brokers who establish shell companies, often operating as unregistered money services businesses, to facilitate off-the-books payroll or payment processing for employers and unauthorized workers. The advisory encourages financial institutions to apply appropriate risk-based customer due diligence procedures when an Individual Taxpayer Identification Number (ITIN) is used. Specifically, when an ITIN is presented in place of a Social Security number or valid employment authorization documentation to open accounts or obtain credit, banks should evaluate whether its use constitutes a relevant risk factor based on the totality of available information.
Executive order on nonwork authorized populations
On May 19, 2026, the White House issued an executive order directing federal agencies to strengthen safeguards against financial fraud, illicit finance, and risks associated with extending financial services to nonwork authorized populations. The order emphasizes the need for enhanced customer identification and due diligence practices to address threats such as money laundering, human trafficking, and tax evasion. The Treasury Department is tasked with issuing guidance identifying suspicious activity patterns and proposing updates to BSA regulations to strengthen CDD and beneficial ownership requirements. Regulators are also directed to consider changes to applicable implementing regulations of the BSA to strengthen risk-based customer identification program requirements for covered financial institutions. Any changes considered should account for the risks foreign consular identification cards pose to the integrity of the U.S. financial system.
