Colorado recently upended its landmark artificial intelligence legislation, just a month before the bill’s effective date and with days left in the legislative session. Senate Bill 26-189 (SB 189) repeals and replaces Senate Bill 24-205, the 2024 law that first established Colorado’s AI legislative framework, with a substantially narrowed scope, and pushes back the effective date to January 1, 2027. SB 189 contains a restructured …
Chopra Appointed First Secretary of California’s New Business and Consumer Services Agency
On May 12, 2026, California Gov. Gavin Newsom announced the appointment of former Director of the Consumer Financial Protection Bureau (CFPB) Rohit Chopra as the first secretary of California’s newly created Business and Consumer Services Agency (BCSA). Set to launch on July 1, 2026, the new cabinet-level agency is designed to strengthen consumer protection and fairness through the coordination of licensing, enforcement and rulemaking efforts across …
Part 3: Looking Ahead – Novel Cybersecurity Issues and Department Priorities
In prior posts, we discussed the amendments to 23 NYCRR Part 500 (Part 500) ahead of the April 15 deadline to certify compliance with Part 500 and the increasing focus on multifactor authentication (MFA) as a key cybersecurity control. While Part 500 sets out formal cybersecurity requirements, the New York State Department of Financial Services (NYDFS) regularly uses industry letters and guidance to signal how …
CSBS Interpretive Guidance Clarifies Some Stablecoins May Be Included in Tangible Net Worth Calculations for Money Transmitters
The Conference of State Bank Supervisors (CSBS) recently issued interpretive guidance addressing the accounting treatment of stablecoins in the tangible net worth (TNW) calculation under its Model Money Transmission Modernization Act (MTMA). The guidance clarifies that CSBS intends for the definition of TNW under the MTMA to include, as “tangible financial assets,” stablecoins that meet certain criteria. The guidance is nonbinding, and it is uncertain …
Part 2: NYDFS Sharpens Its Focus on Multifactor Authentication
Financial institutions covered by 23 NYCRR Part 500 (Part 500) (covered entities) must annually certify their compliance with these cybersecurity regulations. As the April 15 date for certifying compliance approaches, the New York Department of Financial Services (NYDFS) has been reinforcing its focus on one particular element of the updated requirements – multifactor authentication (MFA). On February 26, 2026, NYDFS hosted a public cybersecurity presentation …
NYDFS Refresher Series – Part 1: What Companies Need to Know Ahead of Annual Certifications of Compliance
Upcoming compliance certification Every year by April 15, financial entities subject to the New York Department of Financial Services (NYDFS) oversight (covered entities) are required to certify their compliance with the NYDFS’ cybersecurity regulations, 23 NYCRR Part 500 (Part 500). This year’s deadline will be the first time covered entities must certify compliance with all of the amendments to Part 500 that were phased in …
New York Leads the Way on Buy Now, Pay Later Regulation
New York has taken a significant step toward comprehensive regulation of buy now, pay later (BNPL) by requiring licensure and disclosures designed for credit cards, even though BNPL transactions are closed end. The New York Department of Financial Services (NYDFS) recently published proposed rules to implement legislation that establishes a licensing and supervision framework for entities that provide BNPL services. The first-of-its-kind legislation, signed by Gov. …
California DFPI Seeks Comment on Potential Registration Requirement for Reporting Agencies
On January 12, 2026, the California Department of Financial Protection and Innovation (DFPI) issued an invitation for comments on a proposed rulemaking concerning registration and reporting for consumer-reporting providers. Background In 2024, the DFPI finalized registration and reporting requirements under the California Consumer Financial Protection Law (CCFPL) for four categories of providers of financial products and services. These regulations, effective February 15, 2025, require providers …
State Attorneys General Step Up Oversight of BNPL Programs
A coalition of seven attorneys general recently requested information from six buy now, pay later (BNPL) providers to evaluate their BNPL programs and whether they comply with consumer protection laws. The coalition is comprised of attorneys general from California, Colorado, Connecticut, Illinois, Minnesota, North Carolina and Wisconsin, with Connecticut and North Carolina leading the inquiry. Company responses are due by December 31. The inquiry follows …
10th Circuit Upholds Colorado’s DIDMCA Opt Out, Deepening States’ Power Over Bank-Fintech Partnership Lending – But Not Without Dissent
On November 10, 2025, the US Court of Appeals for the 10th Circuit issued its opinion in National Association of Industrial Bankers v. Weiser, a closely watched case testing the boundaries of state authority over interest-rate caps for loans made by state-chartered banks over the internet. The decision, which reversed a district court injunction, allows Colorado to enforce its own limits on loans to Colorado …