Cards, Payments, and Consumer Banking Regulatory Trends Summary

March 31, 2026

Cards, Payments, and Consumer Banking - March 2026

LinkedIn Facebook X Send Embed

Looking Ahead to 2026

We expect financial institutions will continue to navigate a fractured regulatory landscape. As the Consumer Financial Protection Bureau (CFPB) continues retreating from regulation, institutions must track divergent state disclosure and fee-regulation regimes while facing closer scrutiny from the Office of the Comptroller of the Currency (OCC) and Federal Reserve. We also expect continued litigation and policy debate over financial institutions’ fraud risk models and fee disclosures.

Key Trends From 2025

Goodwin tracked 12 enforcement actions in the cards, payments, and consumer banking space in 2025, three shy of the 2024 total. Regulators collected more than $372 million in civil money penalties through actions brought by the CFPB, the Federal Trade Commission (FTC), the Federal Deposit Insurance Corporation (FDIC), the U.S. Department of Justice (DOJ), and various state attorneys general and regulators.

Additionally, the CFPB terminated and/or dismissed three different actions in this space in 2025, marking a notable step back from the active enforcement observed in prior years.

Following several years of expansive federal enforcement, the CFPB scaled back its rulemaking reach, including by ending the late fee rule. In its place, the FTC, the OCC, and state regulators assumed a larger share of oversight.

Consumers continued to demand flexible access to financial services, and traditional banks deepened partnerships with technology firms to deliver embedded credit and payment capabilities inside nonfinancial platforms. Regulators are paying attention to this continued growth, as reflected in the OCC’s November 2025 request for information, which sought to understand challenges community banks face with their core service providers, specifically technology service providers, and what potential actions the OCC could take to meet those challenges.

In the News

Digital payment platforms drew regulatory attention. The FTC and DOJ pursued actions against payment processors for data security and unfair practice violations. The CFPB signaled that it may rely on its general unfair, deceptive, or abusive acts or practices (UDAAP) authority — rather than prescriptive rulemaking — to address fintech payment conduct by pursuing an enforcement action against a bankrupt fintech service provider on UDAAP grounds.

Instant Payment Systems and Fraud Liability

Regulators continue to monitor fraud as it relates to platforms and systems providing for instant (or near-instant) payments. While the CFPB refrained from issuing new guidance, in June 2025, the OCC and FDIC issued a joint request for information (RFI) on potential actions to address payments fraud. The OCC and FDIC’s attention to this area is important, including because the FedNow Service, a platform for instant payments, raised its transaction limit from $1 million to $10 million, which allows for larger transactions to be made through the instant payment ecosystem. The RFI asked for commentary on whether standard setting across stakeholders would be helpful and whether “increased collaboration among Federal and State agencies [could] help detect, prevent, and mitigate payments fraud.”

Fair Banking

In August 2025, the Trump administration issued an executive order, “ Guaranteeing Fair Banking for All Americans,” aimed at addressing the administration’s concern that financial institutions were discriminating against certain consumers based on their political or religious affiliations or lawful business activities. This executive order opened the door for substantial policy revisions across banking institutions and resulted in a trickle-down effect throughout multiple agencies. Indeed, in March, the OCC announced the removal of “reputation risk” from its Comptroller’s Handbook, clarifying in December that account closure decisions must be grounded in “objective and risk-based analyses.” Also in December, the OCC released its preliminary findings from its review of large banks’ debanking activities, concluding that between 2020 and 2023, nine banks had “made inappropriate distinctions among customers […] on the basis of their lawful business activities.”

CFPB Consumer Advisory Board Fair Lending Update

At the CFPB’s December 2025 Consumer Advisory Board meeting, participants discussed the impact of the Trump administration’s “debanking” executive order. During the meeting, the CFPB also emphasized its reduction of “unnecessary” fair lending guidance and its current policy to avoid issuing guidance except when necessary and when compliance burdens would be reduced rather than increased.

Deposit and Fee Disclosure

“Junk fee” scrutiny migrated from the CFPB to the states in 2025. In September, Massachusetts finalized regulations mandating that companies disclose the total price of consumer-facing products and include any add-on charges and optional fees prior to collecting personal data from consumers. “Junk fee” is a broad term the CFPB has used to describe a wide range of fees financial institutions may charge consumers, ranging from so-called “surprise” overdraft fees to “pay-to-pay” convenience fees.

Similar transparency initiatives appeared in New York (though the New York State Assembly has not yet approved the Senate-passed bill) and one went into effect in Colorado, creating a state-by-state disclosure regime for account and payment services.

Credit Cards and the End of the $8 Late Fee Rule

In April 2025, the U.S. District Court for the Northern District of Texas granted a joint motion by the CFPB and industry plaintiffs (which included various chambers of commerce and bankers’ associations) to vacate the CFPB’s 2024 credit card late fee rule on the basis that the cap exceeded the agency’s authority under the Credit Card Accountability Responsibility and Disclosure Act and the Administrative Procedure Act. The 2024 late fee rule had capped most late fees at $8 per occurrence. In the absence of new federal limits, issuers are likely to revisit pricing fee models under Regulation Z.

2025 Enforcement Highlights

CFPB Sued Bankrupt BaaS Platform, Signaling Regulator Interest in the Digital Payments Space

In August 2025, the CFPB filed a complaint against a banking-as-a-service (BaaS) platform in the U.S. Bankruptcy Court for the Central District of California, San Fernando Valley Division. The CFPB alleges that the company violated the Consumer Financial Protection Act (CFPA) by “failing to maintain adequate records” of consumers’ funds and failing to match its records with those of its banking partners. The complaint alleges that this failure resulted in a $60 million to $90 million shortfall for the platform’s banking partners. Due to this shortfall, consumers were unable to access their money “for weeks or months” while the platform’s partner banks “reconciled their records.” The complaint further alleges that consumers may not have received all of their account balances.

Along with the complaint, the CFPB and the company entered into a stipulated final judgment and order that enjoins the platform from participating in or assisting others in transmitting funds or acting as a custodian of funds. The stipulated final judgment and order also imposes a $1 civil money penalty.

New York AG Sues Large Payment Processor for Inadequate Fraud Controls

In August 2025, New York Attorney General (AG) Letitia James filed a complaint against Early Warning Services LLC, a prominent industry payment processor, alleging that the platform was designed without critical safety features and exposed users to a heightened risk of fraud and scam activities. The lawsuit comes after the CFPB voluntarily dismissed its action against the company on substantially similar grounds in March 2025.

DOJ Settles With Credit Card Provider, Resolving Allegations of Deceptive Marketing Practices

In January 2025, the DOJ announced that it settled with a global financial services corporation serving as a bank holding company to resolve allegations that the company violated the Financial Institutions Reform, Recovery, and Enforcement Act of 1989. The DOJ alleged that the company misled small businesses by falsely representing credit card rewards and fees during sales calls. Other allegations included providing inaccurate financial information to potential customers and misleading financial institutions into approving credit card applications without required employer identification numbers. As part of the settlement agreement, the company agreed to pay a civil money penalty of $108.7 million.

CFPB Settles With Payments Company Over EFTA and CFPA Claims

Also in January 2025, the CFPB announced that it had entered into a consent order with Wise, an international remittance company, regarding the company’s alleged violation of the Electronic Fund Transfer Act (EFTA) and use of deceptive advertising under the CFPA. According to the CFPB, the UK-based company engaged in deceptive advertising to its US customers by sending out mass advertisements allegedly stating that 80% of its customers would pay lower ATM and other fees but failed to disclose that few, if any, of those customers were in the US. The CFPB also alleged that the company misrepresented the number of free ATM withdrawals and/or failed to refund certain fees within the required time frame. Pursuant to the consent order, the company agreed to pay a civil money penalty of $2.025 million and approximately an additional $450,000 for redress to impacted consumers. In May, the CFPB amended the consent order to reflect a civil money penalty of only $44,955.

CFPB Retreats From Enforcement

As part of its retreat from the regulatory space, the CFPB voluntarily dismissed one pending payments-related lawsuit and terminated two consent orders early.

In May 2025, the CFPB voluntarily dismissed with prejudice its lawsuit against a major retailer and a fintech company in the U.S. District Court for the District of Minnesota. The lawsuit was one of the last actions filed during the Biden administration. The complaint alleged that the retailer opened accounts with a fintech company in delivery drivers’ names using their sensitive personal information, such as Social Security numbers without knowledge or consent, predicating drivers’ access to their earnings on consent to the fintech company’s terms and conditions. The CFPB also alleged that the fintech company made misrepresentations about its account capabilities, such as instant access to earnings or same-day pay.

In July 2025, the CFPB announced the termination of its October 2024 consent order with a Florida-based credit union, in which the credit union agreed to pay a $1.5 million civil money penalty and committed to a series of remedial actions. The original order alleged that the credit union had engaged in unfair practices related to its online and mobile banking services. The CFPB’s termination order confirms that the credit union fulfilled its obligations (i.e., paying the civil money penalty and taking steps to verify compliance through internal auditing mechanisms). The CFPB also waived any alleged noncompliance and lifted any remaining obligations under the original order.

In October 2025, the CFPB terminated a 2023 consent order with a major bank. The consent order, which addressed claims that the bank had discriminated against credit card applicants of “Armenian national origin in violation” of the CFPA and Equal Credit Opportunity Act, included $24.5 million in fines and compensation. It also required the bank to take remedial steps to prevent future discrimination. In the order terminating the consent order, the CFPB stated that the bank had “fulfilled certain obligations,” including paying the civil money penalty and redress and taking steps to prevent future violations. The CFPB also waived any alleged noncompliance.

[View source.]

Send Print Report

Latest Posts

• Hospitality OpCo Investments: Opportunities and Challenges
• Supreme Court Scales Back Copyright Contributory Liability for Online Services
• Mortgage Origination and Servicing - March 2026
• Student Lending - March 2026
• Credit Reporting - March 2026 See more »

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.
Attorney Advertising.

©
Goodwin
2026

Written by:

Goodwin Contact + Follow Marie Barakov + Follow Collin Grier + Follow Viona Harris + Follow Courtney Hayden + Follow Christina Hennecken + Follow CC Jiao + Follow Jackie Odum + Follow Kelsey Pelagalli + Follow Angelica Rankins + Follow Matthew Riffee + Follow Sabrina Rose-Smith + Follow W. Kyle Tayman + Follow more

PUBLISH YOUR CONTENT ON JD SUPRA

• ✔ Increased readership
• ✔ Actionable analytics
• ✔ Ongoing writing guidance Join more than 70,000 authors publishing their insights on JD Supra

Start Publishing »

Published In:

Consumer Financial Protection Bureau (CFPB) + Follow Department of Justice (DOJ) + Follow Enforcement Actions + Follow FDIC + Follow Federal Reserve + Follow Federal Trade Commission (FTC) + Follow OCC + Follow Payment Systems + Follow Regulatory Oversight + Follow State Attorneys General + Follow Administrative Agency + Follow Consumer Protection + Follow Finance & Banking + Follow more

Goodwin on:

Solve with 2Captcha

Solve with 2Captcha