The Office of the Comptroller of the Currency (OCC) and the Federal Deposit Insurance Corporation (FDIC) (together, the agencies) issued a statement to clarify supervisory expectations for OCC-supervised institutions’ and FDIC-supervised institutions’1 compliance with insider lending restrictions and related reporting requirements with respect to certain types of related interests. The statement is effective immediately.2
As we previously reported, on November 10, 2025 the Tenth Circuit rendered its 2-1 decision in National Association of Industrial Bankers v. Weiser. It held that a loan is “made” for purposes of the opt-out provision in Section 525 of DIDMCA in both the state where the bank is located and the borrower’s state, meaning that Colorado’s usury limits will apply to interstate loans made to Colorado residents by out-of-state state-chartered depository institutions.
As we discussed in our prior post on National Treasury Employees Union (NTEU) v. Consumer Financial Protection Bureau (CFPB or Bureau), on August 15 the U.S. Court of Appeals for the District of Columbia issued a decision vacating the district court’s preliminary injunction, which had previously restricted the CFPB’s actions to halt the Bureau’s operations and terminate its employees.
The Consumer Financial Protection Bureau (CFPB) recently released a report examining trends in the buy now, pay later (BNPL) market. The BNPL market—most commonly structured as a four-payment, no-interest loan used for retail purchases—continues to grow, though at a more moderate pace than in prior years. Drawing on data from six large BNPL providers, recent findings highlight how consumer usage and overall market activity evolved during calendar years 2022 and 2023.
California was the first state to enact a data breach notification law in 2003, requiring businesses to notify individuals when their personal information had been compromised. With new guidelines on AI regulations approved on October 1, 2025, followed by updated data breach notification requirements, California appears to be preparing to raise the bar again for data protection standards in the new year.
.jpg)
.jpg)