Compliance Solutions quarterly newsletter — June 2025

General

CFPB’s overdraft rule overturned

On May 9, 2025, President Trump signed a Congressional Review Act (CRA) resolution overturning the Consumer Financial Protection Bureau’s (CFPB’s) overdraft rule, which was slated to take effect in October 2025. The rule would have required financial institutions with at least $10 billion in assets to 1) cap overdraft fees at $5 or determine such fees according to a “breakeven standard” based on the institution’s actual costs and losses; or 2) treat courtesy overdraft services as covered credit subject to the requirements of the Truth in Lending Act.

While the CFPB is barred under the CRA from issuing another rule in substantially the same form in the future, financial institutions should be aware that some states have begun to take legislative action which would impose new restrictions and prohibitions on overdraft services and fees. TruStage™ Compliance Solutions will continue to monitor such activity.

CFPB at the crossroads: The future of financial consumer protection

The transition of leadership at the Consumer Financial Protection Bureau in late February 2025 has brought significant changes to its operational policy. The CFPB’s priorities under its new leadership have recently been made public and, as of the date of this article, include the following areas of focus:

• A shift/renewed focus on prioritizing banks over nonbanks.
• Reduce regulatory burdens.
• Enlisting individual states to conduct supervision and enforcement over nonbanks vs. reliance on CFPB enforcements.
• A significant focus on mortgages (highest priority), consumer reporting, debt collection, fraudulent overcharges, and fees.
• A de-prioritization of peer-to-peer platforms, which operate and serve in the lending marketplace, consumer data space, remittances and digital payment marketplace.

After establishing these new priorities, the CFPB has dismissed 21 enforcement cases and has sought to amend or eliminate already agreed to settlements. Furthermore, acting director Russel Voight issued a significant revocation of previously issued guidance and existing rule interpretations on May 12, 2025. In totality, 134 guidance documents, interpretive rules, bulletins and circulars were affected and repealed. For specific information regarding these repeals, please see the link at the end of this article of the formal public release provided by the CFPB.

In May of 2025, the CFPB took swift action to elevate the aforementioned priorities and shift supervisory designation and oversight to banks vs. nonbanks, as well as eliminate excessive regulatory burdens by rescinding its supervisory designation and authority over installment lenders and digital service providers. Moreover, the CFPB issued a notice of proposed rulemaking affecting “non-covered persons” as defined by the Dodd-Frank Act. If finalized, this action would remove CFPB oversight and supervisory designation from uninsured depository entities, or “nonbanks,” as prescribed by the Dodd-Frank Act, and effectively rescind the existing Nonbank Enforcement Action Registry.

In addition to reducing regulatory constraints, the CFPB has taken action to reduce their 1700-member workforce down to 200, as well as reduce their enforcement unit human capital from 198 to 50. Furthermore, CFPB’s examination unit has been tasked to focus on examination efforts of traditional banks specifically, as well as reduce examination events by 50% as part of a cost-saving mechanism.

Industry uncertainty continues to exist as many federal court filings remain unresolved as it relates to recent actions taken by the CFPB and the implementation of new policies as it continues to re-baseline its priorities. For additional information on recent CFPB actions mentioned above, please see the below:

• Interpretive Rules, Policy Statements, and Advisory Opinions; Withdrawal: 2025-08286.pdf
• Official Press Releases February 1 – June 5, 2025: Newsroom | Consumer Financial Protection Bureau
• CFPB Guidance Tracker: Rescinded & Active Documents | Morgan Lewis

Lending

Small Business Administration news

The Small Business Administration (SBA) has experienced adjustments like many other federal agencies. On February 20, 2025, Kelly Loeffler, a former U.S. Senator from Georgia, was named as the new Administrator of the SBA. Administrator Loeffler and team immediately began implementing changes with a Day One Priorities Memo outlining intentions to support the America First Agenda, eliminate wasteful spending and empower small businesses.

Over the coming months, the SBA announced revised requirements for citizenship verification for loan applications and the relocation of regional offices from Atlanta, Boston, Chicago, Denver, New York City and Seattle. In March, Administrator Loeffler revealed the SBA’s new Made in America Manufacturing Initiative. As part of the Initiative, the SBA will expand the use of the 7(a) Working Capital Pilot Program, reduce barriers to the 504-loan program and deploy the new Office of Manufacturing and Trade.

On April 21, 2025, a new SBA Standard Operating Procedure, SOP 50 10 8, was issued. This new procedure would replace SOP 50 10 7.1 issued in 2023 under the previous administration. SOP 50 10 8 has an effective date of June 1, 2025, and will apply to all applications that are issued an SBA loan number on or after that date.

SOP 50 10 8 reimplements requirements that were in place before January 2021, including:

• Reinstating 7(a) underwriting criteria,
• Eliminating the “do what you do” philosophy, and
• Restoring the SBA Franchise Directory.

Although SOP 50 10 8 contains instructions for using the SBA Franchise Directory, the procedures discussed in SBA Information Notice 5000-866746 should be used until July 31, 2025. This will allow instruction during a transition period while the SBA restores the SBA Franchise Directory and works in collaboration with franchisors to update the listings that were available when the Directory was discontinued.

Administrator Loeffler declared that the procedural changes will help preserve access to capital for America’s small business owners and correct the rise in defaults and delinquencies recently experienced across the programs.

Other notable changes from SOP 50 10 8 include:

• SBA Lenders are now required to enter into E-Tran 100% of direct and indirect owners of the applicant’s business,
• The 7(a) Standard loan amount starts at $350,000 instead of $500,000, which effectively adjusts the threshold for 7(a) Small loans, and
• The processing of loans under the Preferred Lender Program (PLP) delegated authority.

SOP 50 10 8 will bring about different changes to different folks and the SBA is advising users to fully read it to ensure their understanding of all changes. See SBA Information Notice 5000-868665 detailing the issuance of SOP 50 10 8 with technical updates.

Deposit

Funds availability compliance updates

Financial institutions are reminded that amendments to Regulation CC (“Reg CC”), which implement inflation-based adjustments to funds availability dollar thresholds, take effect July 1, 2025.

The amendments to the dollar thresholds impact both funds availability disclosures and deposit hold notices. Financial institutions must ensure they are using documents that include the adjusted dollar thresholds no later than the effective date. They must also notify existing customers of the changes to their funds availability disclosures as required by Reg CC and ensure that corresponding system updates are made to align with the changes.

Please refer to our Compliance Alerts issued in May 2024¹ and April 2025¹ for more information about the Reg CC amendments, document impacts and notice requirements.

Question of the quarter

Question: Our financial institution was advised to include “voice biometrics” in the “What?” section of the federal privacy disclosure. Is this a change that is required to comply with requirements for use of the model privacy form?

Answer: No. The General Instructions in the Appendix to Part 1016 (Regulation P) set out requirements for the design, content and use of the regulation’s model privacy form. They state: “The model form is a standardized form, including page layout, content, format, style, pagination and shading. Institutions seeking to obtain the safe harbor through use of the model form may modify it only as described in these Instructions.”

The Instructions for the content of the model form’s “What?” section require a financial institution to display a bulleted list that identifies the types of personal information it collects and shares. Along with “Social Security number,” the financial institution must use five descriptive terms from a prescribed list in the Instructions (e.g., account balances, payment history, credit scores, etc.). Voice biometrics is not an option appearing on that list.

A financial institution that does not follow the model form instructions, whether pertaining to this or any other section of the disclosure, could jeopardize its safe harbor protections.