Shifting federal priorities are reshaping regulation for financial institutions

Over the past year, federal deregulatory actions and evolving agency priorities have shifted the U.S. financial regulatory environment. Meanwhile, some state agencies have increased their regulatory activity in areas such as consumer protection, data privacy and the governance of emerging technologies.

Central to this shift are leadership transitions, stated policy priorities and actions at key federal agencies, including the Consumer Financial Protection Bureau (CFPB), Office of the Comptroller of the Currency (OCC), Federal Deposit Insurance Corp. (FDIC) and Federal Reserve Board.  Similarly, executive actions and public statements from the administration have signaled a deregulatory posture in certain areas.

Recent federal regulatory signals

Examples of recent federal regulatory changes include:

• Public indications of rollback or reconsideration of multiple CFPB rules related to overdraft fees, small business data collection under section 1071 of the Dodd-Frank Act, credit card late fees, open banking under Dodd-Frank section 1033, and digital payments oversight
• Withdrawal of the CFPB bulletin addressing “buy now, pay later” products, which some market participants view as reducing near-term regulatory pressure
• FDIC withdrawal of the proposed brokered deposits rule, maintaining existing interpretations and providing short-term operational continuity for banks that rely on third‑party deposits
• OCC initiatives framed as reducing supervisory burden for community banks, while keeping core safety and soundness expectations in place
• Executive order 14331 addressing “debanking,” which removes references to reputational risk from certain federal frameworks and directs federal agencies to review account access and termination practices, drawing increased attention to how financial institutions document such decisions, particularly in sensitive contexts
• Executive order 14281, which directs federal banking agencies to remove references to disparate impact from supervisory materials, altering how certain fair lending concepts are referenced in examination and enforcement frameworks

Changes in or elimination of federal guidance have, in some cases, reduced formal interpretive clarity for financial institutions in areas such as digital privacy and the responsible use of artificial intelligence in credit decisions. As a result, institutions may face greater reliance on state-level rules and enforcement activity, which can vary significantly by jurisdiction.

How state-level rules are reshaping compliance expectations

For banks and credit unions, federal deregulation does not necessarily translate into fewer compliance obligations overall; instead, it often requires additional effort to identify, interpret and reconcile state-level requirements. This landscape is important to understand for financial institutions operating across multiple states.

At the state level, recent activity suggests several emerging trends:

The use of technology in financial services, whether at banks, credit unions or other organizations, is receiving increased attention at the state level, particularly around algorithmic bias, data privacy and consumer protection in lending and servicing. Several states are developing their own governance frameworks, which in some cases impose requirements that go beyond federal supervisory guidance.

In the table below, we highlight recent state-level rulemaking and enforcement activity to show priority examination areas and emerging themes shaping state agendas.

Examples of how state regulators are shaping examination priorities for banks and credit unions

How can financial institutions adapt?

Adoption of a compliance-first mindset and strong governance culture can help financial institutions respond to this evolving environment. Legacy compliance models anchored primarily to federal oversight may encounter blind spots in risk identification, monitoring and regulatory response.

To navigate these changes, regulatory, compliance and risk leaders may consider the following actions:

• Prioritize regulatory mapping efforts: With rulemaking diverging among states, organizations may need to invest in horizon scanning capabilities and regulatory intelligence tools.
• Reassess compliance risk management frameworks: Financial institutions may need to update monitoring processes to ensure risk assessments can adapt to rapidly evolving state-level expectations.
• Reinforce AML and other financial crimes controls: Despite deregulation in some aspects of banking, AML remains a priority. Banks and credit unions may want to invest in advanced analytics and real-time monitoring tools to bolster AML defenses and align with evolving expectations of the Financial Crimes Enforcement Network as well as Financial Action Task Force global standards.
• Strengthen consumer protections: Organizations may want to monitor state-level consumer protection rules and update monitoring and compliance tools to identify risks of prohibited unfair, deceptive, or abusive acts or practices.
• Improve third-party risk management: Bank-fintech partnerships, digital transformation efforts and reliance on cloud-based platforms have the potential to increase third-party risk and threats to operational resilience. Financial institutions may want to revisit third-party risk management frameworks continually to account for related regulatory compliance changes.
• Develop clear governance for AI tools: Applicable state requirements may play an important part in how organizations incorporate and govern AI-enabled tools that apply to credit decisions, customer qualification and other areas.

The current regulatory landscape places a premium on adaptability and proactive risk management. A third-party advisor can help financial institutions build, run and protect their compliance programs. Organizations that adapt quickly and comprehensively may be better positioned to manage regulatory complexity and sustain defensibility as oversight evolves.