Federal Retreat & State Advance: Regulatory Playbook Rewritten in 2025

Auriemma Roundtables General Counsel Missy Meggison recently moderated a virtual panel for more than 400 Roundtable members to provide insights and updates on key developments in government oversight.

Discussion points included a narrowing of supervisory priorities at the Consumer Financial Protection Bureau (CFPB), a growing trend of state agencies stepping in to fill perceived regulatory gaps, and a significant data breach at the Office of the Comptroller of the Currency (OCC).

Below is a summary of the most impactful developments likely to shape financial compliance efforts in the months ahead.

Panelists:

• • • Jedd Bellman, Partner, Orrick
    • Ari Derman, Senior Counsel, Clark Hill
    • Jessica Klander, COO, Bassford Remele
    • John Rossman, Founding Member, Rossman Kirk

Moderator:

• • • Missy Meggison, General Counsel, Auriemma Roundtables

CFPB Focus on Depository Institutions

In a marked pivot, the Bureau announced it will prioritize oversight of larger depository banks. This shift comes amid a backdrop of internal upheaval. The CFPB had recently planned a series of layoffs, before a federal court issued an injunction, citing concerns about how the changes would affect the agency’s ability to fulfill its statutory mission. As a result, the CFPB’s operational scope remains uncertain. The decision to focus on large banks may suggest a more risk-based or resource-constrained strategy—but also raises questions about oversight of the fintech sector, nonbanks, and emerging consumer credit products.

State-Level Regulatory Expansion

With the CFPB’s footprint receding in key areas like collections, recovery, and digital lending, state regulators are moving assertively to fill the void. California’s Department of Financial Protection and Innovation (DFPI) continues to lead the charge, implementing stringent requirements for emerging financial products and nonbank service providers. In parallel, New York’s Department of Financial Services (DFS) is rolling out tighter rules around consumer fees and is expected to expand enforcement efforts in the fintech space.

Maryland and Florida are also poised to take a more active regulatory stance, particularly around data privacy and consumer lending practices. This patchwork of evolving state regulations presents compliance challenges for financial institutions operating across multiple jurisdictions. However, it also reflects a broader trend toward localized regulatory innovation and consumer advocacy in the absence of robust federal oversight.

OCC Data Breach

In April 2025, the Office of the Comptroller of the Currency (OCC) disclosed a major cybersecurity incident involving unauthorized access to an administrative email account. The breach, which dates back to at least 2023, compromised sensitive communications between the OCC and federally regulated financial institutions. The compromised data reportedly includes supervisory insights and confidential internal discussions, prompting concerns about data security and systemic risk.

The OCC is still notifying affected institutions and has commissioned a third-party investigation into the breach. Acting Comptroller Rodney E. Hood acknowledged internal failings that contributed to the incident and committed to overhauling the agency’s cybersecurity protocols. In the meantime, some institutions have curtailed the type of information they transmit electronically to the OCC, citing a lack of confidence in the agency’s security infrastructure, according to media reports.

Get Involved

The regulatory environment in 2025 is marked by transition, with federal agencies narrowing their scope and states stepping forward to assert leadership. Institutions will need to remain agile, reassess compliance strategies, and stay abreast of developments at both the federal and state levels. To learn more about how Auriemma Roundtables can help your team navigate these changes, contact Helga Boughal.