Alston & Bird Consumer Finance Blog

Consumer Financial Protection Bureau (CFPB)

The California Financial Protection Bureau? California Moves to Fill the CFPB Void

By

What Happened?

On May 12, 2026, California Governor Gavin Newsom announced the appointment of former Consumer Financial Protection Bureau (“CFPB”) Director Rohit Chopra as Secretary of the newly created California Business and Consumer Services Agency (“BCSA”).

The BCSA is a cabinet-level reorganization that will officially launch on July 1, 2026, consolidating a wide range of licensing, regulatory, and enforcement functions across numerous consumer-facing sectors of the California economy. These include oversight bodies such as the Department of Financial Protection and Innovation (“DFPI”), Department of Consumer Affairs, and other key regulators impacting financial services, real estate, and technology markets.

Governor Newsom framed the move explicitly as a response to the federal government’s retrenchment in consumer financial protection under the Trump administration, positioning California to “strengthen the state’s efforts to protect consumers and honest businesses” as federal enforcement is scaled back.

Chopra, who previously led the CFPB and served as a Federal Trade Commission commissioner, is widely known for aggressive enforcement initiatives targeting “junk fees,” repeat offenders, and unfair or abusive practices in consumer finance.

Why Does It Matter?

The creation of the BCSA—and the selection of Chopra to lead it signals a deliberate effort by California to function as a state-level analogue to a weakened CFPB. As federal consumer protection oversight contracts, California is positioning itself to step into the resulting regulatory vacuum.

This mirrors broader state-level trends, where states are expanding their authority and enforcement posture to address unfair, deceptive, and abusive acts and practices (“UDAAP”) in the absence of robust federal oversight. For example, as we have noted in prior posts, New York has moved to modernize its UDAAP framework in anticipation of increased enforcement and oversight of the financial services industry. California now appears poised to follow a similar path, albeit through a different structural approach.

Unlike a single regulator the BCSA is structured as a coordinating “umbrella” agency that brings together dozens of previously fragmented entities. This consolidation is designed to align enforcement priorities, streamline supervision, and enable coordinated rulemaking across industries that increasingly intersect (e.g., fintech, payments, and digital platforms).

For financial services companies, the most significant implication is the integration of the DFPI into a broader enforcement framework. The DFPI already exercises expansive authority over mortgage banking and finance lending activities and, under the California Consumer Financial Protection Law (“CCFPL”), supervises a broad spectrum of nonbank financial products, including lending, payments, and emerging fintech offerings. The new structure allows California to pursue cross-sector enforcement strategies, particularly where financial products intersect with technology platforms, data practices, or broader consumer marketplaces.

Chopra’s appointment strongly suggests that California enforcement will reflect the priorities and philosophy that characterized his tenure at the CFPB. During that time, the Bureau emphasized:

  • Aggressive enforcement against “junk fees” and pricing practices;
  • Scrutiny of repeat offenders and systemic compliance failures;
  • Focus on unfairness and abusiveness theories, not just deception; and
  • Increased attention to digital platforms, data usage, and algorithmic decision-making.

Expect these same themes to shape California’s enforcement agenda, with a particular emphasis on identifying “pattern and practice” violations affecting broad segments of consumers, rather than isolated compliance issues.

What Do You Need to Do?

In light of California’s evolving regulatory posture, financial services companies should take proactive steps to reassess their compliance frameworks with an eye toward increased state-level scrutiny.

First, companies should assume that CFPB-style UDAAP standards will remain highly relevant and ensure that policies and controls are calibrated to address unfair and abusive practices, not just deception.

Second, institutions should evaluate their operations holistically, recognizing that California regulators may take a “full lifecycle” view of consumer interactions. This includes:

  • Product design and pricing;
  • Marketing and disclosures;
  • Servicing and communications; and
  • Complaint handling and remediation practices.

Third, companies should prepare for greater inter-agency coordination within California, which may lead to:

  • More complex and multi-dimensional investigations; and
  • Parallel scrutiny across licensing, conduct, and consumer protection regimes.

Finally, organizations should closely monitor developments from the BCSA and its component agencies, particularly the DFPI, as enforcement priorities and rulemaking agendas begin to take shape under Chopra’s leadership.

CFPB Rescinds Registry for Covered Nonbank Entities

By

What Happened?

In the October 29 Federal Register, the Consumer Financial Protection Bureau issued a final rule rescinding its previous rule relating to the Registry of Nonbank Covered Persons Subject to Certain Agency and Court Orders Final Rule, which imposed obligations on nonbank entities that offer or provide a consumer financial product or service. As a result, covered nonbanks will no longer be required to registered with the Bureau or provide information about certain public Federal, State, or local written orders imposing obligations on the nonbank based on violations of certain consumer protection laws (among other obligations we discussed in a previous post).

In the same Federal Register issue, the Bureau also issued notice of its intent to rescind: (a) amendments to its rules of practice governing adjudication proceedings; and (b) a proposed rule regarding the registry of supervised nonbanks that use form contracts to impose terms and conditions that seek to waive or limit consumer legal protections.

DEI in Lending: Are Special Purpose Credit Programs About to DIE?

By ,

For the last several years, federal agencies, including the Consumer Financial Protection Bureau (“CFPB”), have been strongly encouraging financial institutions to implement and offer targeted credit assistance to historically underserved communities as one way to remedy the effects of redlining. Not surprisingly, in accordance with the prior Administration’s Combatting Redlining Initiative, every one of the 16 settlements by the CFPB and the U.S. Department of Justice (“DOJ”) against both bank and non-bank lenders have mandated that these lenders offer targeted credit assistance based on the race or ethnicity of the borrowers or the predominant race or ethnicity of their neighborhoods. To satisfy the terms of these settlements, the lenders often work with state and local agencies to help market and administer their targeted loan subsidies to eligible borrowers based on protected characteristics. And still more redlining cases, brought by fair housing organizations that receive funding through the U.S. Department of Housing and Urban Development (“HUD”) Private Enforcement Initiative (“PEI”), have been resolved via partnerships with federal- and state-funded entities to provide preferential treatment to Black and Hispanic borrowers and neighborhoods. However, given the current Administration’s stated goal of abolishing preferential treatment in favor of “colorblind equality,” it seems that preferential treatment in lending – even where beneficial to underserved and historically redlined communities – is on the chopping block.

DEI in the Current Political Climate

Only a couple of weeks into the new Administration, the message is clear: diversity, equity, and inclusion (“DEI”) initiatives are out. On January 22, 2025, President Trump signed an Executive Order terminating DEI initiatives in the federal workforce and in federal contracting and spending. Specifically, the Executive Order directs all departments and agencies to take strong action to end private sector “DEI discrimination,” including civil compliance investigations, and requires the Attorney General and the Secretary of Education to issue joint guidance regarding the measures and practices required to comply with the U.S. Supreme Court’s June 2023 decision in Students for Fair Admissions v. Harvard. As a reminder, the Supreme Court’s decision in Harvard effectively ended race-conscious admission programs at colleges and universities across the country.

Shortly after the President’s Executive Order, on January 31, 2025, Texas governor Greg Abbott issued his own Executive Order directing all Texas state agencies to eliminate any forms of DEI policies and to treat all people equally regardless of race. In particular, the Executive Oder requires all state agencies to comply with a “color-blind guarantee,” including by ensuring that “all agency rules, policies, employment practices, communications, curricula, use of state funds, awarding of government benefits, and all other official actions treat people equally, regardless of race.” Similarly, West Virginia governor Patrick Morrisey issued his own Executive Order prohibiting DEI efforts by any entity receiving state resources, and there are likely more of such state executive actions to come.

Are SPCPs a form of DEI?

The above federal and state executive actions cast significant doubt on the current legality and permissibility of special purpose credit programs (“SPCPs”), which have been recognized for years as an exception to the Equal Credit Opportunity Act (“ECOA”) prohibition on differential treatment in lending. SPCPs, by definition, provide credit assistance to borrowers via some preferential treatment, often on the basis of borrower race or ethnicity or the predominant race or ethnicity of the residents in the neighborhood. While there may be no agreed-upon definition of DEI, it is safe to say that a SPCP that provides credit assistance, or more favorable credit terms, to borrowers based on race or ethnicity is a form of DEI.

To that end, where the requirement for a lender to implement a SPCP is baked into the terms of a settlement with a federal government agency, and such agency conducts ongoing monitoring of the lender’s activities to ensure the SPCP is being properly carried out, one could argue that the government is effectively mandating differential treatment based on race or ethnicity – in violation of the new DEI prohibition. The same could be said where state agencies and non-profit organizations that receive federal and state funds assist lenders in marketing and administering their SPCPs. Even the HUD-funded Fair Housing Initiatives Program, which includes the PEI program, could be problematic from a White House perspective, given that federal and/or state funds are currently being spent on furthering alleged redlining remediation through differential treatment.

It is even possible that SPCPs offered voluntarily and proactively by lenders may be scrutinized, particularly if the lender receives any government funding or grants. Currently, both Fannie Mae and Freddie Mac offer SPCPs where borrowers receive down payment or closing cost assistance grants from both the government-sponsored enterprise (“GSE”) and the lender. It is unclear whether such GSE programs would fall within the scope of the President’s Executive Order.

Other Uses of DEI in Lending

Setting aside SPCPs, which are often imposed on lenders by the government as a way to remediate alleged redlining, federal and state agencies essentially expect lenders to engage in race-based action and differential treatment in an effort to manage fair lending risk. Indeed, when assessing whether a lender may have engaged in redlining against a particular racial or ethnic group, the CFPB and DOJ, as a matter of course, employ quota-based metrics to evaluate the “rates” or “percentages” of a lender’s activity in majority-minority geographic areas. These federal agencies also consider a lender’s failure to specifically target neighborhoods based on race or ethnicity to be evidence of potential redlining. In other words, the government’s approach to date has not been “colorblind.” It will be interesting to see whether the agencies’ approach to redlining cases will change as a result of this shift away from DEI.

Takeaways for Lenders

Lenders that offer their own SPCPs or participate in GSE SPCPs should ensure that their written plans continue to meet the requirements of Regulation B, which implements ECOA. As always, the justifications for lending decisions that could disproportionately affect consumers based on their race, ethnicity, or other protected characteristic should be well documented and justified by legitimate business needs.

More importantly, lenders that are worried about their fair lending compliance or are subject to a government inquiry for potential redlining should consult with counsel regarding the best approach for presenting evidence of their minority-area lending. These lenders also should strongly consider whether a government-mandated SPCP is the best way forward. While an SPCP, such as loan subsidies or other pricing or underwriting flexibilities may benefit underserved communities and likely expedite settlement of an enforcement matter, the risk of running afoul of DEI prohibitions is not immaterial.

CFPB’s “Overdraft Lending” Rule Faces Immediate Legal Challenge

By ,

What Happened?

On December 12, 2024, the Consumer Financial Protection Bureau (CFPB) issued its final “overdraft lending” rule aimed at curbing overdraft fees charged by banks and credit unions with more than $10 billion in assets, also known as very large financial institutions (VLFIs). The CFPB characterized the rule as closing “an outdated overdraft loophole that exempted overdraft loans from lending laws.” This is the most recent development in the CFPB’s effort to address so-called junk fees.

That same day, a group of banks and financial trade associations—including the Mississippi Bankers Association, the Consumer Bankers Association, the American Bankers Association, and America’s Credit Unions—filed a lawsuit against the CFPB challenging the rule and seeking an injunction.

Why Does it Matter?

Key Provisions

Under the final rule, Regulation Z will apply to overdraft credit provided by VLFIs unless the VLFI provides such overdraft credit at or below costs and losses. As a result, VLFIs will have to choose one of the following options in connection with fees for overdraft credit: (1) capping fees for overdraft credit at the greater of $5 or at an amount that covers their costs and losses; or (2) disclosing the terms of overdraft credit in accordance with the Truth in Lending Act (TILA) and its implementing regulation, Regulation Z.

The CFPB’s final rule amends the definition and exemptions related to “Finance Charges” under Regulation Z and establishes new definitions related to “Overdraft Credit.” Currently, most overdraft fees are generally excluded from the definition of “Finance Charge”, and, therefore, overdraft services are not covered by TILA and Regulation Z The final rule amends this exclusion by creating a new defined term, “Above Breakeven Overdraft Credit,” and excludes such overdraft credit from the exemption for “charges imposed by a financial institution for paying items that overdraw an account.”

“Above Breakeven Overdraft Credit” is defined as “overdraft credit extended by a very large financial institution to pay a transaction on which, as an incident to or a condition of the overdraft credit, the very large financial institution imposes a charge or combination of charges exceeding the average of its costs and charge-off losses for providing non-covered overdraft credit.” The charges will be deemed to exceed the average costs and charge-off loses if they exceed the greater of: (1) the pro rata share of the very large financial institution’s total direct costs and charge-off losses for providing non-covered overdraft credit in the previous year; or (2) $5. A charge that exceeds this amount will be considered a finance charge and, therefore, imposing such charge on overdraft credit will result in the overdraft credit being considered “Covered Overdraft Credit.”

VLFIs should prepare to comply with this new rule by its effective date of October 1, 2025.

The Challenge to the Rule

A group of financial trade associations and banks filed suit in the Southern District of Mississippi challenging the final rule as improperly imposing an expansive and complex new regulatory regime on overdraft services offered by VLFIs, replete with de facto price caps and significant restrictions on the terms under which overdraft services can be offered.

The plaintiffs bring four challenges to the rule under the Administrative Procedure Act (APA), TILA, and the Consumer Financial Protection Act (CFPA).

First, they allege that the CFPB exceeded its statutory authority under TILA by interpreting “Credit” as encompassing overdraft services, and amending “Finance Charge” to include “Above Breakeven Overdraft Credit.” This, they argue, implicates the major questions doctrine—which bars agencies from making major policy decisions without clear congressional authorization—because the final rule will likely impact millions of Americans and billions of dollars of transactions.

Second, the plaintiffs allege the CFPB exceeded its statutory under TILA by imposing substantive credit restrictions when TILA is merely a disclosure statute. They argue this, too, implicates the major questions doctrine.

Third, the plaintiffs allege that the CFPB exceeded its statutory authority under the CFPA by imposing an unlawful fee cap on discretionary overdraft services because the CFPA itself expressly prohibits this kind of fee cap: the CFPB is prohibited from “establish[ing] a usury limit applicable to an extension of credit offered or made by a covered person to a consumer.”

Finally, the plaintiffs allege that the rule is arbitrary and capricious in violation of the APA because, among other things, it: (1) contains an inadequate cost-benefit analysis; (2) does not explain the change in the CFPB’s interpretation of TILA—namely, the CFPB’s reinterpretation of the definition of “Credit” as encompassing overdraft services; and (3) targets large institutions by imposing a $10 billion asset threshold, but ignores smaller financial institutions that similarly charge overdraft fees.

What Do I Need To Do?

VLFIs should consider what changes they need to make to their overdraft services to comply with the new rule by October 1, 2025, assuming that the new rule survives legal challenge.

That said, the legal challenge here has a meaningful chance of success. Recently, courts have been more willing to strike down rules under the major questions doctrine. It is also unclear how much genuine resistance the CFPB will put up in response to this challenge given the forthcoming change in administration. Assuming the new administration does not support this rule, it would likely be more efficient for the CFPB to allow the rule to be challenged and struck down than for it to attempt to repeal the rule, which will require a formal notice-and-comment rulemaking.

CFPB Proposes to Include Coerced Debt in the Definition of “Identity Theft”

By

What Happened?

On December 9, the Consumer Financial Protection Bureau (“CFPB”) issued an advance notice of proposed rulemaking(“ANPR”), seeking stakeholder input regarding amending the definitions of “identity theft” and “identity theft report” in Regulation V, which implements the Fair Credit Reporting Act (“FCRA”).

Specifically, the CFPB is proposing to expand the definition of “identity theft” to include actions taken “without effective consent,” which would prevent credit reporting agencies from refusing to block any type of debt obtained through coercion (such as through domestic abuse or elder abuse) from credit reports.

Why Does It Matter?

This proposed rulemaking started as a petition submitted to the CFPB by the National Consumer Law Center and the Center for Survivor Agency and Justice through the CFPB’s public petition procedures. In requesting the rulemaking, the petitioners cited relevant research and statistics, to support its request, including that:

  • between 94 and 99 percent of domestic violence survivors experienced economic abuse; and
  • a majority of domestic violence survivors remained in abusive relationships in part because of the coerced debt.

Based on public responses to this petition, the CFPB determined that the issue of “coerced debt” warrants rulemaking activity with the expectation that abuse survivors will experience significant increases to their credit scores. According to the CFPB’s blog post accompanying the ANPR, one study found that one third of survivors of abuse who managed to remove coerced debt from their credit report saw their credit score improve at least 20 points.

Specifically, the CFPB is soliciting feedback on the following questions:

  1. What information exists regarding the prevalence and extent of harms to victims of economic abuse, particularly coerced debt? How does the consumer reporting system, including provisions relating to identity theft, currently contribute to or reduce those harms?
  2. To what extent do protections under the FCRA or other Federal or State laws exist for victims of economic abuse with respect to consumer reporting information? What barriers exist that may prevent survivors of economic abuse from availing themselves of existing protections?
  3. Does coerced debt reflect the survivor’s credit risk independent of the abuser? Why or why not? Is there any data addressing the relevance of coerced debt to the survivor’s credit risk independent of the abuser?
  4. What are the costs and benefits of the proposed amendment outlined by the petition for rulemaking?
  5. The petition defines “coerced debt” as “all non-consensual, credit-related transactions that occur in a relationship where one person uses coercive control to dominate the other person.” What alternatives to that language should the CFPB consider?
  6. Comments to the petition identify survivors of intimate partner violence, domestic abuse, and gender-based violence as groups that would benefit from explicit inclusion of coerced debt as a form of identity theft. Commenters noted specific vulnerabilities for older Americans, children in foster care, and survivors of color.
    1. What barriers do these groups face as a result of coerced debt?
    2. How would the proposed amendments outlined in the petition for rulemaking reduce those barriers?
    3. Are there other populations who experience problems with coerced debt and whose experiences should be considered in the proposed rulemaking?
    4. How would the proposed amendments outlined in the petition for rulemaking address the needs of these other populations?
  7. Should the CFPB propose the amendments outlined by the petition for rulemaking? What alternatives should the CFPB consider? For instance:
    1. What documentation should a person be required to produce to show that their debt was coerced?
    2. What self-attestation mechanisms could be considered for meeting the standard for an identity theft report?
    3. Are there circumstances that should give rise to a presumption of coercion?
    4. Should the CFPB propose general protections related to coerced debt, specific protections for survivors of domestic or intimate partner violence, or a combination?

What Do I Need To Do?

Any party that would like to submit a comment may do so until March 7, 2025. Any interested party should identify comments by Docket No. CFPB-2024-0057, and should submit them through the Federal eRulemaking Portal, via email at ANPR-Coerced-Debt@cfpb.gov, or through the mail sent to the CFPB’s Legal Division.