If you were hoping the regulatory chatter would quiet down in March, think again. In this month’s Regulatory Update podcast, Ncontracts’ in-house risk and compliance experts down one of the busiest months in recent memory for financial institutions.
This episode covers a wide range of developments — from executive orders reshaping federal payment processes to CFPB rollbacks and court challenges that paused several major rules. The team also discusses the narrowing of the Corporate Transparency Act, the OCC’s move away from reputation risk in exams, and overdraft fee transparency for credit unions.
Highlights from the podcast follow, but for a deep dive into regulatory change and what they mean for your institution’s compliance strategy listen to the podcast. You can also log into Ncomply for the latest and most-up-to-date regulatory news.
Related: Enforcement Actions Roundup: March 2025
Two recent executive orders — EO 14249 and EO 14247 — signal significant changes in how federal payments are handled, with direct implications for financial institutions.
This order directs Treasury to improve fraud prevention by verifying payment details before disbursement and consolidating payment systems. Agencies must submit payment files earlier, and all payment accounts must be open, valid, and tied to the correct recipient. Financial institutions may face increased pressure to validate account information and respond to customer inquiries about delayed benefits caught in new fraud screening processes.
By September 30, 2025, most federal payments and incoming payments to the government must be made electronically. Paper checks will largely be eliminated. Financial institutions should begin preparing customers — especially older adults and the underbanked — for digital payments, update systems to avoid issuing checks to the government, and reinforce fraud prevention measures as digital volumes increase.
The CFPB has recently shifted its approach, stepping back from some previous regulatory and enforcement actions.
The CFPB announced it will not enforce the Payment Withdrawal and Disclosure provisions of the payday lending rule, instead focusing on more immediate consumer risks, particularly those affecting servicemembers, veterans, and small businesses. The Bureau is also considering narrowing the rule’s scope.
In response to a legal challenge from the Financial Technology Association, the CFPB has agreed to stay enforcement of its interpretive rule on Buy Now, Pay Later (BNPL) products. The agency intends to revoke the rule and will provide monthly progress updates starting June 2.
The CFPB is moving to vacate its redlining case against Chicago-based Townstone Financial, citing insufficient evidence and a politically driven premise. The Bureau will refund the previously paid penalty and dismiss the case. Additionally, the CFPB has dropped its lawsuit against JPMorgan, Bank of America, and Wells Fargo over their handling of Zelle-related fraud claims.
While these reversals suggest a more selective enforcement posture, institutions should not interpret them as a relaxation of expectations. Fair lending, fraud prevention, and consumer protection remain high-risk areas requiring continued attention and strong internal controls.
The CFPB will continue prosecuting a 2022 lawsuit against a lender accused of violating the Military Lending Act (MLA) and engaging in unfair, deceptive, or abusive acts or practices (UDAAP). Allegations include charging fees that pushed APRs above the 36% MLA cap, requiring mandatory arbitration, failing to provide required loan disclosures, and misleading borrowers about membership cancellation rights. A court denied the lender’s request to pause the case, reinforcing the CFPB’s commitment.
Lenders serving servicemembers should carefully review their practices for MLA and SCRA compliance. The CFPB’s actions suggest military-related consumer protections will remain a top enforcement focus.
A federal court has approved a 30-day pause in the lawsuit challenging the CFPB’s Personal Financial Data Rights rule, which requires banks to provide consumer account data to third parties via API. The stay also delays the rule’s compliance deadline by 30 days — shifting the start date from April 1 to May 1 in the applicable year based on institution size. This pause applies to all institutions covered by the rule, not just the plaintiffs.
A Texas judge has granted the CFPB 30 days — from March 24 — to try to settle its lawsuit over the credit card late fee rule. The rule, finalized in March 2024, would have capped late fees at $8 for large issuers, but enforcement was blocked by the court. For now, the stay remains in effect, and late fee practices continue unchanged—though a rollback may be on the horizon.
The House Financial Services Committee has approved a resolution to overturn the CFPB’s overdraft rule under the Congressional Review Act (CRA). The rule, which would limit overdraft fees, has already passed the Senate and now moves to the full House for consideration.
The overdraft rule is one of three CFPB regulations under CRA review, alongside rules on medical debt and automated valuation models (AVMs). Those other resolutions have been introduced but haven’t advanced yet.
FinCEN issued an interim final rule for The Corporate Transparency Act (CTA) that significantly narrows reporting requirements. Most U.S. entities and individuals are no longer required to submit beneficial ownership information (BOI). Now, only foreign entities registered to do business in the U.S. — “foreign reporting companies” — are required to report, and even then, only entity and applicant information must be submitted if all beneficial owners are U.S. persons.
While this interim rule limits the federal scope, some states (like NY, CA, MD, and MA) are considering their own BOI legislation, so compliance conversations aren’t going away. Financial institutions should be prepared to answer customer questions and stay tuned — FinCEN is accepting comments until May 27 and expects to issue a final rule later this year.
OFAC has finalized changes to its Reporting, Procedures, and Penalties Regulations, extending the recordkeeping requirement for certain transactions from 5 to 10 years. This update aligns with the statute of limitations for sanctions violations.
Financial institutions should review and update systems, procedures, and vendor agreements to ensure records are retained for the full 10-year period — especially where automatic purging or third-party storage is involved.
The OCC will no longer examine banks for reputation risk and is removing all related references from its handbook and guidance. Instead, concerns tied to reputation will be assessed through other risk categories — like operational, compliance, or credit — when they directly affect safety, soundness, or customer treatment.
The FDIC is expected to follow suit, aligning with the policy direction of the proposed FIRM Act, which seeks to remove reputation risk from supervisory frameworks altogether. While no longer a formal exam focus, financial institutions should still manage reputational risk internally to safeguard brand trust and business resilience.
The FDIC, Federal Reserve, and OCC have announced plans to rescind the CRA Modernization rule and revert to the prior framework due to ongoing litigation. Banks should pause modernization efforts and continue operating under the existing CRA framework until further guidance is issued.
The FDIC has withdrawn several high-impact proposed rules, signaling a shift toward regulatory relief for financial institutions. Key withdrawals include:
Additionally, the FDIC has proposed reversing its 2024 Statement of Policy on Bank Merger Transactions, aiming to reinstate the previous version and reduce uncertainty in the merger review process. Comments are due by April 10, 2025, with a broader merger policy overhaul planned later.
The FDIC has extended the compliance deadline for certain digital signage and advertising requirements under its updated advertising rule to March 1, 2026. This includes requirements for displaying the FDIC digital sign on websites, apps, and ATMs, as well as related non-deposit disclosures.
Other rule provisions — such as physical branch signage, advertising statements, shared teller restrictions, and false advertising prohibitions — still take effect May 1, 2025. The FDIC is reviewing concerns related to digital implementation and may propose changes ahead of the 2026 deadline.
In a notable policy shift, the NCUA announced that it will no longer publicly disclose individual credit unions’ overdraft and NSF fee income. Instead, this data will be collected privately through supervisory exams.
Dive deeper into how evolving priorities are shaping compliance risks in our Regulatory Expectations and Enforcement Webinar.