|
|
Consumer Financial Protection Bureau (CFPB)
Statement on Designation of Treasury Secretary Scott Bessent as Acting Director of the Consumer Financial Protection Bureau
The CFPB released a statement that on January 31, 2025, President Trump replaced Director Chopra as Director of the CFPB and designated Secretary Bessant as Acting Director of the CFPB.
As Acting Director, Secretary Bessent send an email to all CFPB staff which puts a freeze on the CFPB’s operations, including:
_____________________________________________________________________________
Washington State Department of Financial Institutions Division of Credit Unions (DCU)
2025 Exam Focus
The DCU released its annual bulletin providing insight into the Division’s exam priorities for 2025. These priorities align with the NCUA’s Supervisory Priorities for 2025.
Key areas of focus for 2025 include:
Succession Planning – During examinations in 2024, DCU examiners noted shortages in key management positions, not just the CEO. Many times, when the examiners reviewed the credit unions’ succession plans the plans only discussed the CEO position and were lacking in detail other than starting a nationwide search when the CEO retired. During the examinations in 2025, examiners will review credit union succession plans, and the activities surrounding succession planning. There are several resources available to assist credit unions with succession planning including:
Balance Sheet Management and Liquidity, Interest, and Credit Risks – Managing credit union balance sheets in the current financial environment presents ongoing challenges for credit unions in 2025. Examiners will focus on overall balance sheet management, and credit union strategies to manage the risks associated with the balance sheet.
Cannabis Reviews – Credit unions that provide services for marijuana-related businesses should expect to see a more in-depth review of their policies, procedures, and monitoring processes for these types of accounts in 2025.
Consumer Compliance – The DCU will continue to conduct standalone consumer compliance exams for state-chartered credit unions with $500 million or more in assets. Compliance exams will focus on:
The compliance reviews that will be conducted as part of the safety and soundness exams will focus on BSA/AML, OFAC, Fair Lending/Reg B, FCRA/Reg V, Reg E (card disputes, overdrafts), Reg CC, TISA, and other consumer compliance areas as needed. The DCU will begin with a more in-depth analysis of complaint trends before exams to identify any areas that warrant more attention.
Information Security & Technology (IS&T) - Financial institutions continue to be the target of cyber threats which makes safeguarding credit unions and their members’ data critical. Credit unions must not only implement an adequate IS&T program, but continuously adjust the program based on the current and evolving risks. A 2023 report from two U.S. cybersecurity companies revealed that 98% of organizations have a relationship with a third-party vendor that experienced a data breach in the previous two years, highlighting the importance of completing third-party due diligence. In 2025, examiners will focus on credit unions’ risk management and oversight practices for third-party service providers. Examiners expect credit unions to have an effective risk management program to identify, measure, monitor, and control risks associated with third-party relationships.
Credit unions must conduct comprehensive initial and ongoing due diligence, including a review of vendors’ financial statements to evaluate their financial stability and (if sensitive data shared) System and Organization Controls (SOC) 2 reports to evaluate information security controls. At least annually, credit unions should provide the summary of the third-party management program to the Board of Directors, including a list of critical vendors and any identified concerns.
________________________________________________________________________________
Microsoft
Microsoft has announced that its Windows 10 operating system will reach end of support on October 14, 2025. After this day, Microsoft will no longer provide security updates, bug fixes, or technical support for Windows 10. Credit unions are encouraged to begin planning for this transition by evaluating their existing systems and preparing to upgrade to Windows 11, which has stricter hardware requirements. It is important to note that some devices currently running Windows 10 may not meet the minimum specifications for Windows 11 and will require replacement.
Microsoft will offer an Extended Security Updates (ESU) program to allow critical security updates for Windows 10 systems beyond the end of support date. Credit unions must ensure that any Windows 10 systems in use on their networks after October 14, 2025, are enrolled in the ESU program to maintain security compliance. Credit unions should prioritize proactive planning to ensure continuity of operations and adherence to cyber security best practices.
|
League InfoSight Highlight |
|
League InfoSight Highlight: InfoSight360
As the regulatory landscape evolves, credit unions need innovative solutions. Enter InfoSight360, a groundbreaking all-in-one platform that combines three industry-leading products to streamline compliance, policy management, and business continuity. With its new artificial intelligence driven search function, InfoSight360 will deliver accurate, comprehensive answers to compliance questions, making it easier than ever to stay on top of both federal and state-specific laws. Ready to elevate your compliance process? Get ready for InfoSight360, coming 1st Quarter 2025!
What will happen with the CFPB and Proposed Regulations?
This past weekend, Rohit Chopra was let go as the Director of the Consumer Financial Protection Bureau (CFPB). While the position has a five-year term, the Supreme Court had ruled that the President could fire the Director at will. This didn’t come as a surprise; this administration took aim at the CFPB during its first term as well. Treasury Secretary Scott Bessent was put in place as the Acting Director of the CFPB. There have been quite a few articles circulating about an email to staff and the suspension of rules/guidance, but what does it really mean for credit unions?
Executive Branch
-
The President issued an Executive Order that requires an agency promulgating a new rule, regulation or guidance to identify at least 10 existing rules, regulations, guidance documents to be repealed.
-
The Acting CFPB Director can unilaterally withdraw guidance, can pause pending rulemaking, and suspend new rulemaking. He cannot withdraw or amend rules already finalized. This would need to be done through the traditional notice and comment process.
Legislative Branch
-
Some rules (those finalized around or after August 1, 2024) are subject to the Congressional Review Act. The House and Senate can pass a joint resolution of disapproval, and if signed by the President, the rule is cancelled, and the promulgating agency is not permitted to issue a new rule in substantially the same form.
-
Congress, of course, can legislatively influence rulemaking. For example, Congress could amend Section 1071 of the Dodd-Frank Act (small business lending data collection) which would require a change to the CFPB’s implementing regulations.
Judicial Branch
-
CFPB would likely be unopposed to a request for an injunction to delay the mandatory compliance date of the upcoming rule while the agency takes time to figure out its position. In fact, this is exactly what happened at the 5th Circuit earlier this week. The CFPB said they would be unopposed to the plaintiffs asking for a stay of the mandatory compliance dates, which is probably necessary since Tier One institutions must begin complying in July of this year (small business lending data collection).
Keep your eye on InfoSight and CU PolicyPro for additional updates and information as we continue to learn more and create resources to assist with compliance:
Glory LeDu
CEO, League InfoSight & CU Risk Intelligence
Michael Christians
Regulatory Compliance Counsel at Michael Christians Consulting, LLC
|
 |
|
ARTICLES OF INTEREST |
|
IRS Offers Top Tips to Make Tax Time Easier
Agencies Announce Second Public Outreach Meeting as Part of Their Review of Regulations
Some Things to Know This Medicare Advantage Open Enrollment Period
The Trump Administration and the Slate of Ever Changing Orders
|
|
|
SCAM UPDATES |
|
Consumer Alert – No Government Agency Will Ask You to Buy Gold or Precious Metals
Scammers Impersonate FTC Officials, Including Chairman Ferguson
|
COMPLIANCE CALENDAR |
|
|
March 2, 2025: CFPB Proposed Rule – Amendments to Regulation V to Limit Data Broker Sales of Personal Information
March 17, 2025: CFPB – Prohibition on Creditors and CRAs Concerning Medical Information (Regulation V)
July 1, 2025: CFPB and FRB – Reg CC Threshold Adjustments
July 18, 2025: CFPB – Small Business Lending Data – ECOA
Oct. 1, 2025: Quality Control Standards AVMs
Oct. 1, 2025: CFPB: Overdraft Lending: Very Large Financial Institutions (Over $10 billion)
Jan. 1, 2026: NCUA – Succession Planning Effective Date
March 1, 2026: CFPB: Residential Property Assessed Clean Energy Financing (Reg Z)
April 1, 2026: Compliance Date – CFPB Personal Financial Data Rights for Credit Union’s over $10 billion in assets
June 19, 2026: NACHA – Fraud Return Reason Code
Dec. 12, 2026: NCUA Simplification of Share Insurance Effective Date
|
|
TOOLS & RESOURCES |
|
|
|
|
|
|
 |
|
Q&A OF THE WEEK |
|
|
Does the credit union have to provide an adverse action notice if it denies membership based on a credit report?
Yes, an adverse action includes any action taken or determination made in connection with an application by any consumer. Therefore, if you deny a consumer’s membership application based on their credit report, you must send them notice of adverse action under the Fair Credit Reporting Act.
In addition, if the determination was based on the member's credit score, you must also provide the member with the credit score from the report that was used in making the determination.
|
|
 |
|
|
For your individualized login, select your state below. |
|
|
|
|
|
|
|
|
|
|
If you have questions about this communication, contact us at 800.546.4465 or via our shared email inbox at compliance@gowest.org.
Have a great weekend!
Your GoWest Compliance Team, |
|
|
|
|
|
David Curtis
CUCE
Director, Compliance Services
P: 206.340.4785 |
|
|
|
|
|
|
Copyright © 2023 GoWest Credit Union Association. All Rights Reserved.
Mailing Address:
GoWest Credit Union Association, 18000 International Blvd Ste. 1102, SeaTac, WA 98188, United States
1.800.995.9064
View in Browser | Manage Your Preferences | Unsubscribe |
|
|
|
|
