On May 9, 2025, the Federal Trade Commission (FTC) voted unanimously to delay enforcement of most portions of its amended Negative Option Rule by 60 days, shifting the compliance deadline for those portions from May 14 to July 14, 2025. Once fully enforced, the rule will impose sweeping new requirements on businesses offering subscription-based services, including enhanced consent, disclosure and cancellation obligations. Read more ›
Latest Articles
CFPB Issues Interim Final Rule Extending Small Business Lending Rule Compliance Deadlines
The Consumer Financial Protection Bureau (CFPB) recently issued an interim final rule delaying compliance deadlines for a second time for its small business lending data collection rule, which amended Regulation B pursuant to Section 1071 of the Dodd-Frank Act. The interim final rule extends compliance deadlines for the small business lending rule by roughly one year across all origination tiers. The CFPB states in the …
Click to Cancel Just Got Cancelled: Eighth Circuit Vacates Entirety of FTC’s Negative Option Rule
On July 8, 2025, the US Court of Appeals for the Eighth Circuit vacated the entirety of the Federal Trade Commission’s new Negative Option Rule – popularly known as the Click-to-Cancel Rule – just days before it was scheduled to take full effect. While the rule has been vacated, the FTC can still police unfair and deceptive subscription practices under existing statutory authority. Companies also must continue …
CFPB Withdraws Guidance Documents in Shift From Nonbinding Policymaking
The Consumer Financial Protection Bureau (CFPB) withdrew nearly 70 interpretive rules, policy statements and advisory opinions as part of its shift away from “regulation by guidance.” The rescinded documents impact nearly all consumer protection laws, including the Fair Credit Reporting Act, the Truth in Lending Act, the Consumer Financial Protection Act’s prohibition on unfair, deceptive, or abusive acts or practices, and the Electronic Fund Transfer …
California DFPI Issues Annual Report Detailing Key Consumer Protection Accomplishments
On May 29, 2025, the California Department of Financial Protection and Innovation (DFPI) issued its annual report highlighting its activities and accomplishments in 2024 under the California Consumer Financial Protection Law (CCFPL). The DFPI reported that it issued regulations with new registration requirements for providers of earned wage access products, private postsecondary education financing, debt settlement services and student debt relief services – all of …
CFPB Announces Plan to Review Offenses Carrying Criminal Penalties
On June 27, 2025, the Consumer Financial Protection Bureau (CFPB) issued a policy statement that outlines its plan to address criminal regulatory offenses within its jurisdiction, as directed by the May 2025 Executive Order (EO) 14294. The CFPB notes that it will publish a report to include a list of “all criminal regulatory offenses enforceable by the Bureau or the Department of Justice,” along with …
Trump CFPB Asserts Narrower Role for State Enforcement of Federal Consumer Law
On May 15, 2025, the Consumer Financial Protection Bureau (CFPB) issued an interpretive rule that rescinded a Biden-era interpretive rule regarding the extent of states’ enforcement authority under Section 1042 of the Consumer Financial Protection Act (CFPA). While states may continue to bring actions to enforce provisions of the CFPA, the new interpretive rule suggests that states may not bring actions arising under any enumerated …
Executive Order Seeks to Eliminate Federal Deployment of Disparate Impact Theory of Discrimination
The Trump administration issued an executive order declaring that federal agencies are to discontinue use of disparate impact liability to administer antidiscrimination statutes. The executive order directs agencies to conduct a review of regulations and other guidance that contemplate disparate impact liability. Notably, the directive applies across the entire government – meaning that this order will significantly impact litigation, compliance and enforcement priorities for federal …
Rhode Island Enacts New Financial Institutions Cybersecurity Law With Immediate Effect
More states are advancing prescriptive cybersecurity standards and requirements for financial institutions, many of which align with regulations from New York’s Department of Financial Services. Rhode Island’s legislature passed Senate Bill 603, effective immediately, which requires specific cybersecurity controls and notice to the Department of Business Regulation within three business days of determining a security event has occurred. North Dakota’s new law, House Bill 1127, …
CFPB Moves to Vacate Its Own Open Banking Rule, Citing Legal Deficiencies and Overreach
On May 30, the Consumer Financial Protection Bureau (CFPB) filed a motion to vacate its own open banking rule, arguing that the rule exceeds its authority under Section 1033 of the Dodd-Frank Act. The CFPB asserts that the rule exceeds its legal authority by requiring data sharing with authorized third parties, unlawfully prohibits data providers from charging fees, inadequately addresses consumer data and security risks, …