To keep you informed of recent activities, below are several of the most significant federal and state events that have influenced the Consumer Financial Services industry over the past week.
Federal Activities
State Activities
Federal Activities:
On October 10, the European Banking Authority (EBA) released two opinions addressing the European Commission’s (EC) proposed amendments to the draft Regulatory Technical Standards (RTS) under the Markets in Crypto-Assets Regulation (MiCA). The EBA expressed concerns that the EC’s amendments, which include allowing investments into non-highly liquid financial instruments and relaxing certain concentration limits, are inconsistent with MiCA’s prudential framework. These changes could introduce significant liquidity risks and potentially lead to regulatory arbitrage. The EBA’s opinions emphasize the importance of maintaining strict oversight on the liquidity, credit, and concentration risks associated with asset-referenced and e-money tokens to ensure financial stability. For more information, click here.
On October 10, the Financial Stability Board (FSB) released a report advising authorities on monitoring the adoption of artificial intelligence (AI) within the financial sector. The report identifies various indicators to track AI adoption and related vulnerabilities, emphasizing the challenges posed by data gaps and the lack of standardized taxonomies. It highlights the critical role of third-party service providers in AI deployment, noting the risks associated with reliance on a few key suppliers for generative AI technologies. The report includes a case study on these dependencies and proposes indicators to assess the criticality and systemic relevance of third-party AI providers. The FSB encourages national authorities to enhance their monitoring strategies using these indicators and aims to facilitate international cooperation to align taxonomies and indicators. For more information, click here.
On October 9, bipartisan negotiations in the U.S. Senate over a crucial crypto market-structure bill were halted following the circulation of a new Democratic proposal titled “Preventing Illicit Finance and Regulatory Arbitrage Through DeFi Platforms.” This draft seeks to classify individuals involved in the design, deployment, operation, or profit from a DeFi front-end as “digital asset intermediaries,” potentially subjecting them to U.S. Securities and Exchange Commission (SEC) or Commodity Futures Trading Commission regulations. Additionally, it proposes granting the Treasury authority to assess the decentralization of protocols. Industry leaders have expressed concerns that this proposal could effectively prohibit decentralized finance, wallet development, and other related applications in the U.S. The impasse highlights ongoing tensions and the complexity of achieving bipartisan consensus on regulating digital assets. For more information, click here.
On October 8, the Office of the Comptroller of the Currency (OCC), in collaboration with the Financial Crimes Enforcement Network (FinCEN), the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation (FDIC), and the National Credit Union Administration, released a set of frequently asked questions (FAQs) concerning Suspicious Activity Reports (SARs). These FAQs aim to clarify regulatory requirements related to SARs, assisting financial institutions in fulfilling their compliance obligations while optimizing resources for activities that provide the greatest value to law enforcement and other government users of Bank Secrecy Act (BSA) reporting. Among other things, the FAQs clarify that a SAR is not required solely based on the transaction amount. Instead, a SAR must be filed if the institution knows, suspects, or has reason to suspect that the transaction is designed to evade CTR reporting requirements. The FAQs also confirm that there is no requirement under the BSA for financial institutions to document decisions not to file a SAR. While documentation is encouraged, it should be concise and tailored to the institution’s internal policies, procedures, and controls. For more information, click here.
On October 7, the OCC and the FDIC unveiled two significant notices of proposed rulemaking (NPRs) designed to reshape the regulatory landscape for financial institutions. The first NPR aims to eliminate the use of reputation risk as a basis for regulatory actions, thereby reducing subjectivity in supervisory programs. This proposed rulemaking responds to concerns expressed in Executive Order 14331, “Guaranteeing Fair Banking for All Americans,” that the use of reputation risk can be a pretext for restricting law-abiding individuals’ and businesses’ access to financial services on the basis of political or religious beliefs or lawful business activities. The second NPR seeks to establish a clear definition of “unsafe or unsound practice” and revise the framework for issuing Matters Requiring Attention (MRAs) and other supervisory communications, with a focus on material financial risks. As of now, “unsafe or unsound practice” is not defined in the statute. For more information, click here.
On October 7, the North American Securities Administrators Association (NASAA) sent a letter to Senate Banking Committee leaders, Chairman Tim Scott and Ranking Member Elizabeth Warren, urging opposition to certain provisions in the Responsible Financial Innovation Act of 2025. Signed by 28 academic leaders in securities and financial regulation, the letter argues that the bill would weaken state securities regulators’ ability to combat fraud, particularly by redefining the investment contract test in a way that could benefit bad actors. The scholars emphasize the importance of maintaining state registration and licensing laws, which serve as critical safeguards against fraud, and preserving state anti-fraud authority to protect investors. They caution that the proposed changes could undermine investor protections and make it more difficult for regulators to address emerging frauds, urging Congress to ensure that state rights and authorities remain intact in the evolving securities market landscape. For more information, click here.
On October 7, the SEC announced plans to formalize an “innovation exemption” to provide regulatory clarity and supervision for crypto and fintech startups. SEC Chair Paul Atkins highlighted the need for this exemption, citing past regulatory approaches that pushed innovation abroad. The proposed framework aims to replace ad hoc enforcement with a structured regulatory environment, allowing decentralized finance projects to operate under temporary, supervised conditions. This move is seen as a significant shift from enforcement to engagement, potentially bridging the gap between innovation and regulation in the U.S. market. Industry leaders have expressed optimism, noting that the exemption could lower barriers to experimentation and encourage compliant innovation. However, they caution that the rules must align with how crypto systems function to avoid becoming prohibitively expensive to navigate. For more information, click here.
On October 6, the OCC announced a series of significant actions aimed at reducing the regulatory burden on community banks. In Bulletin 2025-24, the OCC announced that it is eliminating fixed examination requirements for community banks, effective January 1, 2026. Instead, the examination scope and frequency will be tailored to align with risk-based supervision. Bulletin 2025-25 states that the OCC will no longer use the comprehensive procedures in the Retail Nondeposit Investment Products (RNDIP) booklet for examining community banks. Instead, it will rely on the core assessment standards in the Community Bank Supervision booklet. This shift is intended to relieve unnecessary examination burdens and allow community banks to focus on mitigating material financial risks. Bulletin 2025-26 encourages community banks to tailor their model risk management practices according to their risk exposures and business activities. The OCC clarified that annual model validations are not mandatory, providing banks with greater flexibility in managing model risks. The OCC also proposed rescinding the Fair Housing Home Loan Data System regulation, which imposes duplicative data collection requirements on national banks. This move is expected to reduce regulatory burdens without affecting the availability of necessary data for fair housing-related supervisory activities. Comments will be accepted for 30 days after publication of the notice in the Federal Register. Lastly, the OCC proposed a new definition of “covered community bank or covered community savings association” and to provide such institutions access to expedited or reduced filing procedures. The goal of the proposed rulemaking is to reduce regulatory burden and tailor requirements to the size and risk-profile of the institution. Comments will be accepted for 60 days after publication of the notice in the Federal Register. For more information, click here.
On October 2, the Federal Housing Finance Agency (FHFA) announced the withdrawal of several proposed rules concerning enterprise liquidity requirements, Federal Home Loan Bank System boards of directors and executive management, and unsecured credit limits. These proposals, initially published between January 2021 and October 2024, aimed to establish minimum liquidity requirements for Fannie Mae and Freddie Mac, update corporate governance regulations, and modify unsecured credit limits for Federal Home Loan Banks. The FHFA has decided not to issue final rules on these matters but may consider future regulatory actions by issuing new proposed rules consistent with the Administrative Procedure Act. For more information, click here.
On October 2, the Department of Housing and Urban Development (HUD) issued a notice seeking public comments on the future of the Home Equity Conversion Mortgage (HECM) and HECM mortgage-backed securities (HMBS) programs. This request for information aims to gather insights on enhancing these programs to better facilitate access to home equity for senior homeowners. HUD is particularly interested in feedback on program performance, market roles, emerging risks, consumer interest, origination volumes, liquidity, and potential program improvements. Comments are invited until December 1, 2025, and can be submitted electronically or by mail. For more information, click here.
On October 1, the Department of the Treasury and the Internal Revenue Service (IRS) issued Notice 2025-49, providing interim guidance on the Corporate Alternative Minimum Tax (CAMT) under §§ 55, 56A, and 59 of the Internal Revenue Code. This guidance precedes the final regulations and includes adjustments to Adjusted Financial Statement Income (AFSI) for various scenarios. Notably, the interim guidance expands beyond AFSI hedges to include certain items measured at fair value for Financial Statement Income (FSI) purposes, such as digital assets, trading securities, and non-hedging derivatives. This allows CAMT entities to adjust AFSI to disregard unrealized gains and losses not included in regular tax income. However, the guidance excludes certain investments and hedging transactions. This approach aims to provide taxpayers with flexibility in determining AFSI while addressing the complexities of fair value measurements. For more information, click here.
On October 1, the Nationwide Multistate Licensing System (NMLS) began accepting applications for two new licenses. The District of Columbia now requires student loan servicers to obtain an “Automatic Student Loan Servicer License” through NMLS, which includes annual reporting and certain exemptions. Meanwhile, Indiana has introduced an “Earned Wage Access License” for entities providing Earned Wage Access (EWA) services, mandating applications by December 31 to avoid delinquency after April 30, 2026. For more information, click here.
On September 30, the Office of the Chief Counsel of the SEC’s Division of Investment Management issued a no-action response (the No-Action Letter) stating that it would not recommend enforcement against registered investment advisers (RIAs) or certain regulated funds (i.e., registered investment companies and business development companies) for maintaining crypto assets and related cash and cash equivalents with certain state-chartered financial institutions (state trust companies) so long as particular conditions are met. In doing so, the No-Action Letter permits regulated funds and RIAs to treat state trust companies as “banks” for purposes of the custody requirements of Investment Company Act of 1940, as amended, the Investment Advisers Act of 1940, as amended (the Advisers Act) and the rules thereunder. For more information, click here.
On September 30, the U.S. District Court for the Central District of California granted a motion to dismiss filed by Yuga Labs, Inc. and several associated defendants, in a case concerning digital assets. The plaintiffs, who had purchased digital assets such as NFTs from Yuga Labs, alleged that these assets were marketed as securities without proper registration. The court found that the plaintiffs failed to adequately demonstrate that the digital assets met the criteria of a “common enterprise” under the Howey test, which is essential for classifying them as securities. Consequently, the Second Amended Complaint was dismissed, but the plaintiffs were given leave to amend their complaint to address the deficiencies identified by the court. The court emphasized that any future motions to dismiss should focus on whether the digital assets qualify as securities under the law. For more information, click here.
On September 25, House Committee on Financial Services Chairman French Hill (R-AR) appeared on IntraFi’s Banking with Interest podcast to outline the Committee’s fall agenda. Key topics included the “Make Community Banking Great Again” initiative, which aims to tailor federal supervision regulations for community banks, and the CLARITY Act, focusing on digital asset market structure legislation with bipartisan support. Chairman Hill also discussed housing priorities, emphasizing reforms to HUD’s HOME program and collaboration with Treasury Secretary Bessent on secondary mortgage market stability. Additionally, he highlighted goals for capital markets legislation, inspired by the JOBS Act, to enhance investor access and reduce costs for public companies. For more information, click here.
State Activities:
On October 10, Troutman Pepper Locke announced its role in advising the Bank of North Dakota on the launch of the pioneering Roughrider coin, a stablecoin developed in partnership with Fiserv. This initiative marks North Dakota as the first state to introduce a state-backed stablecoin, aimed at enhancing bank-to-bank transactions, facilitating global money movement, and encouraging merchant adoption. The Roughrider coin, set to be available to North Dakota banks and credit unions in 2026, is expected to revolutionize financial transactions within the state. The advisory team from Troutman Pepper Locke was led by James Stevens, showcasing the firm’s experience in guiding financial services businesses through complex legal and regulatory landscapes. For more information, click here
On October 8, Governor Gavin Newsom signed the California Opt Me Out Act (AB 566), marking a significant milestone in privacy legislation by making California the first state to mandate that web browsers offer users a straightforward, built-in mechanism to prevent websites from selling or sharing their personal information. Sponsored by the California Privacy Protection Agency, this act addresses a critical gap in privacy protections by requiring browsers to implement opt-out preference signals (OOPS), enabling users to easily communicate their privacy preferences. This legislation simplifies the process for Californians, who previously had to manually opt out on each website or rely on limited browser options. The law, effective January 2027, aims to empower consumers by making privacy rights more accessible and effective, allowing them to protect their data across the internet with minimal effort. For more information, click here.
On October 6, Newsom signed into law the California Combating Auto Retail Scams (CARS) Act. The CARS Act introduces several stringent requirements, including: dealers are prohibited from misrepresenting material information about vehicle sales, including costs, financing terms, and the benefits of add-ons; dealers are required to provide clear disclosures regarding, among other things, the “total price” and the voluntary nature of add-ons; dealers are barred from charging for add-ons that do not benefit the purchaser, such as unnecessary warranties or services; for used vehicle sales under $50,000, the Act provides consumers with a three-day right to cancel, offering a cooling-off period; and dealers must retain records demonstrating compliance with the Act for two years. For more information, click here.
On October 6, the California Department of Financial Protection and Innovation issued a Desist and Refrain Order against Coin Time, LLC, a company operating Bitcoin ATMs in California. The order alleges that Coin Time violated several provisions of the California Consumer Financial Protection Law and the Digital Financial Assets Law by engaging in unlawful practices, such as charging excessive fees and failing to provide required disclosures and identity verifications. The commissioner has also announced a claim for ancillary relief, ordering Coin Time to pay restitution to affected customers, and has given notice of intent to assess penalties for these violations. The enforcement action underscores the state’s commitment to regulating digital financial asset transactions and protecting consumers from predatory practices. For more information, click here.
On October 3, Senate Bill No. 446 was approved by Newsom and filed with the secretary of state, amending Section 1798.82 of the Civil Code concerning personal information and data breach notifications. The bill mandates that businesses and individuals conducting business in California must disclose data breaches affecting personal information within 30 calendar days of discovery, with allowances for delays due to law enforcement needs or to assess the breach’s scope. Additionally, if a breach affects over 500 California residents, a sample notification must be submitted to the attorney general within 15 days of consumer notification. The bill aims to enhance transparency and expedite consumer protection in the event of data breaches. For more information, click here.
