April 2025 Regulatory Update: A Blizzard of Executive Orders, Agency Actions & Compliance Deadlines

If you were hoping the regulatory chatter would quiet down in March, think again. In this month’s Regulatory Update podcast, Ncontracts’ in-house risk and compliance experts down one of the busiest months in recent memory for financial institutions.

This episode covers a wide range of developments — from executive orders reshaping federal payment processes to CFPB rollbacks and court challenges that paused several major rules. The team also discusses the narrowing of the Corporate Transparency Act, the OCC’s move away from reputation risk in exams, and overdraft fee transparency for credit unions.

Highlights from the podcast follow, but for a deep dive into regulatory change and what they mean for your institution’s compliance strategy listen to the podcast. You can also log into Ncomply for the latest and most-up-to-date regulatory news.

Related: Enforcement Actions Roundup: March 2025

Executive orders impact financial institution payment processes

Two recent executive orders — EO 14249 and EO 14247 — signal significant changes in how federal payments are handled, with direct implications for financial institutions. 

EO 14249: Preventing Fraud in Federal Payments

This order directs Treasury to improve fraud prevention by verifying payment details before disbursement and consolidating payment systems. Agencies must submit payment files earlier, and all payment accounts must be open, valid, and tied to the correct recipient. Financial institutions may face increased pressure to validate account information and respond to customer inquiries about delayed benefits caught in new fraud screening processes. 

EO 14247: Going Fully Digital

By September 30, 2025, most federal payments and incoming payments to the government must be made electronically. Paper checks will largely be eliminated. Financial institutions should begin preparing customers — especially older adults and the underbanked — for digital payments, update systems to avoid issuing checks to the government, and reinforce fraud prevention measures as digital volumes increase. 

CFPB scales back regulatory and enforcement initiatives

The CFPB has recently shifted its approach, stepping back from some previous regulatory and enforcement actions.

Reduced oversight for small-dollar lenders

The CFPB announced it will not enforce the Payment Withdrawal and Disclosure provisions of the payday lending rule, instead focusing on more immediate consumer risks, particularly those affecting servicemembers, veterans, and small businesses. The Bureau is also considering narrowing the rule’s scope.

Pause on Buy Now, Pay Later Rule

In response to a legal challenge from the Financial Technology Association, the CFPB has agreed to stay enforcement of its interpretive rule on Buy Now, Pay Later (BNPL) products. The agency intends to revoke the rule and will provide monthly progress updates starting June 2.

Pullback on CFPB enforcement cases

The CFPB is moving to vacate its redlining case against Chicago-based Townstone Financial, citing insufficient evidence and a politically driven premise. The Bureau will refund the previously paid penalty and dismiss the case. Additionally, the CFPB has dropped its lawsuit against JPMorgan, Bank of America, and Wells Fargo over their handling of Zelle-related fraud claims.

Takeaways for financial institutions

While these reversals suggest a more selective enforcement posture, institutions should not interpret them as a relaxation of expectations. Fair lending, fraud prevention, and consumer protection remain high-risk areas requiring continued attention and strong internal controls.

CFPB focused on protecting servicemembers

The CFPB will continue prosecuting a 2022 lawsuit against a lender accused of violating the Military Lending Act (MLA) and engaging in unfair, deceptive, or abusive acts or practices (UDAAP). Allegations include charging fees that pushed APRs above the 36% MLA cap, requiring mandatory arbitration, failing to provide required loan disclosures, and misleading borrowers about membership cancellation rights. A court denied the lender’s request to pause the case, reinforcing the CFPB’s commitment.

Takeaways for financial institutions

Lenders serving servicemembers should carefully review their practices for MLA and SCRA compliance. The CFPB’s actions suggest military-related consumer protections will remain a top enforcement focus.

Stays and compliance deadlines

30-day pause in CFPB Open Banking Rule lawsuit 

A federal court has approved a 30-day pause in the lawsuit challenging the CFPB’s Personal Financial Data Rights rule, which requires banks to provide consumer account data to third parties via API. The stay also delays the rule’s compliance deadline by 30 days — shifting the start date from April 1 to May 1 in the applicable year based on institution size. This pause applies to all institutions covered by the rule, not just the plaintiffs.

30-day pause in Credit Card Late Fee Rule lawsuit

A Texas judge has granted the CFPB 30 days — from March 24 — to try to settle its lawsuit over the credit card late fee rule. The rule, finalized in March 2024, would have capped late fees at $8 for large issuers, but enforcement was blocked by the court. For now, the stay remains in effect, and late fee practices continue unchanged—though a rollback may be on the horizon.

Congressional Review Act & overdraft fees

The House Financial Services Committee has approved a resolution to overturn the CFPB’s overdraft rule under the Congressional Review Act (CRA). The rule, which would limit overdraft fees, has already passed the Senate and now moves to the full House for consideration.

The overdraft rule is one of three CFPB regulations under CRA review, alongside rules on medical debt and automated valuation models (AVMs). Those other resolutions have been introduced but haven’t advanced yet.

FinCEN narrows CTA scope

FinCEN issued an interim final rule for The Corporate Transparency Act (CTA) that significantly narrows reporting requirements. Most U.S. entities and individuals are no longer required to submit beneficial ownership information (BOI). Now, only foreign entities registered to do business in the U.S. — “foreign reporting companies” — are required to report, and even then, only entity and applicant information must be submitted if all beneficial owners are U.S. persons.

While this interim rule limits the federal scope, some states (like NY, CA, MD, and MA) are considering their own BOI legislation, so compliance conversations aren’t going away. Financial institutions should be prepared to answer customer questions and stay tuned — FinCEN is accepting comments until May 27 and expects to issue a final rule later this year.

OFAC doubles record retention requirement to 10 years

OFAC has finalized changes to its Reporting, Procedures, and Penalties Regulations, extending the recordkeeping requirement for certain transactions from 5 to 10 years. This update aligns with the statute of limitations for sanctions violations.

Financial institutions should review and update systems, procedures, and vendor agreements to ensure records are retained for the full 10-year period — especially where automatic purging or third-party storage is involved.

OCC stops examining for reputation risk

The OCC will no longer examine banks for reputation risk and is removing all related references from its handbook and guidance. Instead, concerns tied to reputation will be assessed through other risk categories — like operational, compliance, or credit — when they directly affect safety, soundness, or customer treatment.

The FDIC is expected to follow suit, aligning with the policy direction of the proposed FIRM Act, which seeks to remove reputation risk from supervisory frameworks altogether. While no longer a formal exam focus, financial institutions should still manage reputational risk internally to safeguard brand trust and business resilience.

Agencies pause CRA Modernization

The FDIC, Federal Reserve, and OCC have announced plans to rescind the CRA Modernization rule and revert to the prior framework due to ongoing litigation. Banks should pause modernization efforts and continue operating under the existing CRA framework until further guidance is issued.

FDIC rolls back proposed rules

The FDIC has withdrawn several high-impact proposed rules, signaling a shift toward regulatory relief for financial institutions. Key withdrawals include:

• Brokered Deposits Rule: Proposed limits on brokered deposits by troubled banks have been dropped.
• Corporate Governance Standards: A proposal to impose minimum governance requirements on banks with $10B+ in assets has been rescinded.
• Change in Bank Control Act (CBCA): A proposal to tighten filing requirements and oversight of ownership changes has been withdrawn, preserving current exemptions.
• Executive Compensation: The FDIC also stepped back from issuing a rule on incentive-based pay that could have restricted certain compensation practices.

Additionally, the FDIC has proposed reversing its 2024 Statement of Policy on Bank Merger Transactions, aiming to reinstate the previous version and reduce uncertainty in the merger review process. Comments are due by April 10, 2025, with a broader merger policy overhaul planned later.

FDIC extends digital signage compliance deadline to 2026 

The FDIC has extended the compliance deadline for certain digital signage and advertising requirements under its updated advertising rule to March 1, 2026. This includes requirements for displaying the FDIC digital sign on websites, apps, and ATMs, as well as related non-deposit disclosures.

Other rule provisions — such as physical branch signage, advertising statements, shared teller restrictions, and false advertising prohibitions — still take effect May 1, 2025. The FDIC is reviewing concerns related to digital implementation and may propose changes ahead of the 2026 deadline.

NCUA to keep overdraft and NSF fee data private

In a notable policy shift, the NCUA announced that it will no longer publicly disclose individual credit unions’ overdraft and NSF fee income. Instead, this data will be collected privately through supervisory exams.

Dive deeper into how evolving priorities are shaping compliance risks in our Regulatory Expectations and Enforcement Webinar.