Compliance Solutions quarterly newsletter — September 2025

General

Introducing Compliance Hub Alerts

Compliance Solutions is introducing Compliance Hub Alerts, a new TruStage™ product that allows financial institutions' compliance teams to monitor the ever-changing regulatory landscape and to be able to proactively plan for future work efforts. Compliance Hub Alerts boosts team efficiencies by centralizing regulatory updates so multiple tracking tools are no longer needed to cover the scope of the laws and regulations or heavy reliance on manual tracking mechanisms.

Compliance Hub Alerts is a tool that tracks state and federal laws, agency rules, case law and regulatory guidance in one place that automatically notifies financial institutions of regulatory changes in real-time. With a web-based application that is designed to be easy-to-use, financial institutions gain access to:

• Plain language summary description of the regulatory changes
• Description of its impact to financial institutions and guidance or recommendations that should be considered when implementing the changes within business operations and lines of business
• Reference to the specific legal references and the source material that correlates with the changes
• An "at-a-glance" dashboard for use by compliance teams, stakeholders and others within your financial institution to provide information on what is being tracked, who is responsible for its undertaking and action items that need to be taken on a certain change and action items that have been completed
• A "hub" of other compliance resources

Financial institutions can set parameters to control which alerts they receive within the application itself or in their inbox to ensure that only information relevant to your institution is received.

The use of Compliance Hub Alerts fosters collaboration across your financial institution about important compliance matters and helps to empower your teams to plan for regulatory updates that require action prior to effective dates.

For more information or to request a demo, please reach out to us.

A2P 10DLC text messaging and consent requirements

Many businesses, including financial institutions, are using application-to-person ("A2P") text messaging to communicate with their customers for marketing and non-marketing purposes. Rather than using traditional 5 or 6-digit short codes or toll-free numbers, they send SMS messages using a standard local 10-digit phone number — also referred to as a "10-digit long code" or "10DLC." A2P 10DLC services allow businesses to benefit from higher messaging volumes, lower costs, improved delivery rates, heightened customer trust and enhanced compliance.

Mobile carriers now require businesses using A2P 10DLC services to register their brands (i.e., who is sending the messages) and campaigns (i.e., what are the messages about) with The Campaign Registry™ (TCR). This registration process serves to help ensure the sender's messaging activities are legitimate and the campaigns adhere to established 10DLC standards. A campaign may include, for example:

• Sending payment reminders or overdue notices
• Asking for feedback or reviews from customers
• Sending marketing and promotional messages

Businesses do not register directly with the TCR. Rather, they work with participating Campaign Service Providers to facilitate the registration process on their behalf.

As a part of the registration process and before engaging in text messaging campaigns, businesses must ensure they comply with consent requirements for messages that are subject to the Telephone Consumer Protection Act (TCPA). The TCPA requires prior express written consent for marketing-related messages and prior express consent for non-marketing-related messages.

To assist you in complying with the TCPA's consent requirements, TruStage Compliance Solutions offers options for including "Consent to Contact" provisions in deposit and/or lending documents. You may contact our team to discuss these options.

Agencies issue exemption order for collecting Taxpayer Identification Number information

On June 27, 2025, the National Credit Union Administration (NCUA), Federal Deposit Insurance Corporation (FDIC) and Office of Comptroller of the Currency (OCC) with the concurrence of the Financial Crimes Enforcement Network (FinCEN), issued an order granting an exemption from a requirement of the Customer Identification Program (CIP) Rule. The Board of Governors of the Federal Reserve (Fed) subsequently joined the order on July 31, 2025.

In part, the CIP Rule requires financial institutions to obtain taxpayer identification number (TIN) information from their customers before opening accounts. The exemption, however, permits credit unions, banks and savings associations (and their subsidiaries) that are subject to the jurisdiction of the NCUA, FDIC, OCC and the Fed (collectively "agencies") to use an alternative collection method to obtain TIN information from third-party sources rather than from their customers, as long as they comply with all other requirements of the CIP Rule.

FinCEN and the agencies have observed a significant evolution in the ways financial services may be accessed, coinciding with a rise in customer reluctance to provide their full TIN due, in part, to data breaches and identity theft concerns. Accordingly, this exemption offers flexibility for complying with the CIP Rule. While the agencies have not established specific alternative methods for collecting TIN information, credit unions, banks and savings associations must consider the purpose of the CIP rule and ensure that their processes enable them to form a reasonable belief that they know the true identity of each customer.

Use of this exemption is optional. Credit unions, banks and savings associations are not required to use an alternative collection method and may continue obtaining TIN information directly from their customers.

Lending

Impact of the One Big Beautiful Bill on vehicle loans

On July 3, 2025, H.R. 1, the Budget Reconciliation Bill was passed by both chambers of Congress and signed into law on July 4, 2025.

Section 70203 of this new legislation provides a temporary tax deduction for interest paid on vehicle loans in which lenders receive $600 or more (up to $10,000) during the calendar year effective 2025 through 2028.

Not all vehicles will qualify. Vehicles must be new with final assembly in the United States and secured by a first lien.

Final assembly is defined as the process by which a manufacturer produces a vehicle at, or through the use of, a plant, factory or other place from which the vehicle is delivered to a dealer with all component parts necessary for the mechanical operation of the vehicle included with the vehicle, whether or not the component parts are permanently installed in or on the vehicle.

The National Highway Traffic Safety Administration's Vehicle Identification Number (VIN) Decoder | NHTSA may be utilized to determine the location of final assembly.

If your financial institution collects over $600 in qualified passenger vehicle loan interest on an applicable passenger vehicle loan, you will need to send a form to borrowers based on the following criteria:

• Original use of the vehicle commences with the taxpayer
• The vehicle must be manufactured primarily for use on public streets, roads and highways
• The vehicle must have at least 2 wheels
• The vehicle must be a car, minivan, van, sport utility vehicle, pickup truck or motorcycle
• The vehicle must be treated as a motor vehicle for purposes of Title II of the Clean Air Act
• The vehicle must have a gross vehicle weight rating of less than 14,000 pounds

"Qualified passenger vehicle loan interest" does not include any amount paid or incurred on any of the following:

• A loan to finance fleet sales
• A loan incurred for the purchase of a commercial vehicle that is not used for personal purposes
• Lease financing
• A loan to finance the purchase of a vehicle with a salvage title
• A loan to purchase a vehicle intended to be used for scrap or parts.

To comply with the provision contained in Section 70203, financial institutions will need to file information with the Internal Revenue Service (IRS). The Secretary of the Treasury and the IRS must create the standardized form to be filed.

Lenders must also provide a written notice by January 31, 2026, to borrowers who meet the requirements. Vehicle loans must be consummated after December 31, 2024, and the law is already in effect which means financial institutions will need to retroactively identify vehicles that qualify for the temporary tax deduction.

The IRS requires the following information:

• Name and address of the individual
• Amount of interest received for the calendar year
• Amount of outstanding principal on the vehicle loan as of the beginning of the applicable calendar year
• Date of the origination of the loan
• Year, make, model and vehicle identification number (VIN) of the vehicle securing the loan
• Other information as the Secretary may prescribe

The notification to borrowers will need to contain substantially similar information together with financial institution identification.

In summary, lenders need to find a way to identify those vehicle loans secured by an applicable passenger vehicle to be prepared to provide the correct information to the IRS and to borrowers.

This information is not legal advice; please consult your attorney for steps in complying with this law.

Deposit

Navy Federal Credit Union wins ninth circuit returned check fee case

In a recent decision, the U.S. Court of Appeals for the Ninth Circuit upheld the dismissal of a putative class action challenging a federal credit union's returned check fee ruling that the Plaintiff's state law claims are preempted by federal regulation.¹

Plaintiff Andrew King, a Navy Federal Credit Union customer, challenged the federal credit union's $15 returned check fee under California's Unfair Competition Law (UCL), arguing it was an "unfair" and "unlawful" business practice, especially since the check the Plaintiff deposited was declined without any funds being made available to him and the check's failure to clear was not his responsibility. The case was moved to federal court and the district court dismissed the case, ruling Plaintiff's UCL claim was expressly preempted by 12 C.F.R. § 701.35, which governs federal credit unions.² Plaintiff appealed the district court's dismissal.

In King v. Navy Federal Credit Union, No. 24-1838 (9th Cir. Aug. 1, 2025), the Ninth Circuit affirmed the lower court's dismissal, ruling that the Plaintiff's state law unfair competition claim was preempted by 12 C.F.R. § 701.35, which states expressly that state laws regulating fees charged by federal credit unions do not apply. While the National Credit Union Administration has rulemaking authority over federal credit unions, the Plaintiff argued that the California UCL statute transcended § 701.35(c)'s preemption clause.⁴ However, the Ninth Circuit disagreed, finding that "all state laws that regulate account fees — general, specific or otherwise — have no application to federal credit unions."⁵ Judge Owens, writing for the panel, stated, "It is difficult to imagine preemption language more explicit than this," highlighting the clarity of the regulation's text.⁶ The Ninth Circuit further noted that allowing state laws to govern fee practices would "directly undermine the deregulatory objectives underlying § 701.35(c)" and "overlook the unique role that a federal credit union member plays in the governance of the union."⁷

Overall, this key ruling demonstrates the broad reach of federal preemption concerning fees at federally chartered credit unions, and it establishes the difficulty for consumers to sue federal credit unions under state consumer protection statutes regarding account fees.