Our Take: financial services regulatory update – May 16, 2025

• What happened? On May 14^th, a federal court granted a motion for the Financial Technology Association (FTA) to intervene in the case against the CFPB’s October 2024 final open banking rule requiring financial institutions to provide consumers and authorized third parties with access to their financial information, as mandated by section 1033 of the Dodd-Frank Act.

Shortly after the final rule was issued, a Kentucky bank and banking industry groups filed a lawsuit arguing in part that the CFPB exceeded its statutory authority by requiring data to be provided to third parties. Since the CFPB’s leadership changed, it agreed to multiple stays of the case and has reportedly planned to ask the court to vacate the rule.

• What did the open banking rule require? Notable specifications and protections in the rule include:
  • Consumer data access. It requires financial institutions to provide consumers, and their authorized third parties, secure and reliable access to data such as transactions, balances, and account details. Consumers may revoke access at any time and firms may deny access based on documented legal or security risks.
  • Third party limitations and requirements. Third parties, including fintechs represented by the FTA, have to certify that their collection, use and retention of data is limited to what is necessary to provide the requested service - specifically not including advertising, cross- selling other products or services, and selling the data. They also need to certify that they have written policies for data accuracy and an information security program.
  • Secure data transfer. Financial institutions are required to share data using a “machine-readable file” in a standardized format with access through a consumer or developer interface.
• What’s next? The latest stay in the litigation expires on May 26^th. The banking industry groups have until May 30^th to file a brief and the FTA and CFPB will have 30 days to respond.

Our Take

Banks vs fintechs. The CFPB’s open banking rule has exposed a widening rift in the financial ecosystem. While fintechs are mobilizing to preserve the rule and unlock greater consumer-permissioned access to data, many banks view it as a mandate with high cost and liability as well as operational and competitive implications. For example, easier transfer of data and consumer accounts between institutions will impact banks’ assumptions about deposit stickiness which will affect their liquidity risk management and overall consumer banking strategies. Although the FTA now can advocate for the rule in this case, the CFPB will likely initiate a rulemaking process to rescind and/or revise it. Given the CFPB diminished resources and focus (e.g., enforcement related to mortgage compliance and servicemember protections), a new rule may be a long way off.

What’s the bottom line? Despite uncertainty about the future of the CFPB’s rule, there is growing pressure for secure, on-demand data access and connectivity as consumer payment platforms continue to evolve and usage increases. Accordingly, banks should continue to prepare for open banking and use it to their strategic benefit:

• Invest in digital infrastructure to support analytics, personalization, and systems integration across existing and planned products and services
• Assess risks of increased data sharing and strengthen governance and controls around privacy, consent and data quality
• Identify opportunities to receive data to enhance customer experience, including through highly personalized, data-driven loyalty programs
• Analyze and plan for the future customer experience, including how consumers will access data and innovative products and services (e.g., account-to-account payments and personalized rewards)

• What happened? On May 12^th, the DOJ’s Criminal Division announced changes to its white collar enforcement that aim to incentivize self-disclosure, streamline the enforcement process, and align efforts to the Administration’s priorities including fraud, transnational crime and drug cartels. In a speech accompanying the announcement, Head of the Criminal Division Matt Galeotti stated that while the goal of the new policy is to encourage firms to “come clean, reform, and cooperate with the government,” the DOJ will “hold accountable those that choose a different path.”
• What are the key changes? The revised policy contains changes in a number of areas including:
  • Self-disclosure. Firms that voluntarily self-disclose misconduct in a timely manner, cooperate, remediate the misconduct and have no aggravating circumstances will receive no adverse consequences.
  • Monitorships. The DOJ plans to reduce the number of monitorships and review existing ones to narrow their scope or terminate them. Under the new policy, costs associated with a monitorship must be proportionate to the severity of the underlying conduct, the profits of the company, and the company’s present size and risk profile.
  • Whistleblower program. The DOJ’s Corporate Whistleblower Awards Pilot Program will be revised to align it with the Administration’s priorities, prioritizing tips related to (1) procurement and federal program fraud; (2) trade, tariff and customs fraud; (3) violations of immigration law; and (4) violations involving sanctions, terrorist organizations, or drug cartels.
• What’s next? Changes to the self-disclosure regime, use of monitorships and whistleblower program are effective immediately. Over the coming months, we expect to see more details as to the implementation of these changes.

Our Take

The DOJ is offering incentives for cooperation but is not turning a blind eye to misconduct. This week’s announcement marks a significant shift in enforcement priorities that aligns with the Administration’s focus on deregulation and efficiency. However, as the DOJ also pledged to hold firms accountable for illicit activity and emphasized the use of its whistleblower program, it is clear that it will not lighten efforts to enforce against wrongdoing that isn’t promptly self-disclosed and remediated. Accordingly, firms should:

• Assess their readiness to comply with the Administration’s priority areas. Most firms have well-establish programs to prevent and detect issues related to sanctions and consumer fraud, but the inclusion of “tariff fraud” as a priority area is new. Firms may need to build capabilities to detect potential tariff circumvention from scratch, which will be complicated and burdensome, especially considering that the definition of what constitutes tariff fraud is not clearly established. Considering the wide range of existing practices by businesses to be assessed at lower tariff levels, they should determine their risk appetite for activities that may fall in a legal gray area.
• Enhance internal whistleblower and ethics programs. Considering the new incentives around self-disclosure of wrongdoing, firms should make clear in whistleblower program training and other ethics training that employees need to flag potential violations and provide instruction on how they can detect wrongdoing in the new priority areas.
• Strengthen screening operations and other technology for early identification. In addition to employee whistleblowing, firms should make sure that their screening and monitoring technology can detect wrongdoing in the Administration’s priority areas. For example, they should determine whether their transaction and screening systems have the most updated threat information and are properly calibrated to detect terrorist financing and cartel activity.
• What’s the bottom line? The DOJ is encouraging firms to self-disclose and promptly remediate wrongdoing, but it will remain focused on rooting out wrongdoing, especially with regard to the Administration’s priorities of federal program fraud, trade and tariff fraud, immigration issues, and sanctions.

• What happened? On May 13^th, President Trump announced at an investment forum in Saudi Arabia that he will “order the cessation of sanctions against Syria.” The announcement follows the establishment of a new Syrian government in 2024 and Interim President Ahmed al-Sharaa requesting sanctions relief from the US.
• What are the existing sanctions against Syria? Syria is one of five jurisdictions subject to comprehensive US sanctions.^[1] It has been subject to sanctions since its designation as a state sponsor of terrorism in 1979 and saw numerous additional sanctions since, culminating with President Obama ordering comprehensive sanctions in 2011 in response to human rights abuses during the Syrian Civil War.
• What’s next? The Administration is expected to issue Executive Orders and work with Treasury’s Office of Foreign Assets Control (OFAC) to provide sanctions relief. It remains unclear whether this relief will come as a step-by-step process, gradually lifting certain sanctions in return for further concessions from Syria, or as a more rapid shift. Certain sanctions, such as those imposed by Congress, would need to be reversed through legislation. Regardless of the approach, the Administration could as an interim step issue licenses authorizing certain transactions with Syria.

Our Take

With sanctions relief coming soon, organizations should determine whether they are ready. As the details of the Syria sanctions relief take shape, global financial institutions, multinational businesses, humanitarian organizations, and all other entities that may conduct business with Syrian entities should assess whether enhancements are needed in this interim period. Importantly, Syria’s persistent money laundering and terrorist financing risks, exacerbated by its diminished infrastructure, institutions and border security, require high levels of customer due diligence and transaction monitoring regardless of sanctions status. Further, firms should consider developing an inventory of policies and procedures that will need modification once sanctions change; determining risk appetite for transacting with Syrian entities; and examining other restrictions imposed by foreign sanctions regimes (e.g., the UK, EU, and UN) to determine where prohibitions overlap and diverge.

What’s the bottom line? Sanctions relief related to Syria is on the way, but money laundering, terrorist financing, and compliance risks will remain. Firms looking to transact with Syrian entities should determine their readiness and proceed with caution.

These notable developments hit our radar recently:

Senate schedules vote on GENIUS Act. On May 12^th, Majority Leader John Thune moved to calendar a procedural vote for May 19th, which if passed, would allow the Senate to begin considering the GENIUS Act on the floor. The motion comes just two weeks after the previous draft of the legislation was rejected by Senate Democrats. A procedural vote on the bill will take place early next week and will require 60 votes to be adopted.

FDIC publishes 2025 Risk Review. On May 13^th, the FDIC published its 2025 Risk Review, highlighting persistent market and credit risks, with particular concern around commercial real estate, elevated interest rates, and unrealized losses on securities. While the banking industry showed resilience in 2024, asset quality in sectors like office CRE and consumer credit weakened. Community banks saw stronger loan growth but faced higher expenses and rising delinquencies. It further says liquidity and capital levels remain stable, but rate volatility and sector-specific stress signal continued pressure ahead.

CFTC Commissioners announce departures. This week saw two CFTC Commissioners announce their impending departures from the agencies. First, on May 14^th, Commissioner Summer Mersinger announced she would be stepping down from her role at the end of the month to pursue new opportunities. Mersinger’s departure will result in a Democrat majority at the CFTC unless a new Republican is nominated and confirmed to replace her. In addition, on May 15^th, Acting Chairman Caroline Pham announced she would also be returning to the private sector once Brian Quintenz is confirmed as Chairman. Then on May 16^th, Christy Goldsmith Romero announced that she would step down from the Commission on May 31^st.

Monetary Policy Task Force examines Treasury market fragilities. On May 15^th, the House Financial Services Committee’s Task Force on Monetary Policy, Treasury Market Resilience, and Economic Prosperity held a hearing entitled “Examining Treasury Market Fragilities and Preventative Solutions.” The hearing examined why the treasury market experienced periods of volatility in April 2025 and members discussed what, if any, regulatory changes could have helped enhance liquidity and mitigate the volatility seen in early April and future episodes.

Atkins speaks at Conference on Financial Market Regulation. On May 16^th, SEC Chairman Paul Atkins spoke on his guiding principles for regulation including rigorous economic analysis, tailored solutions to clearly identified problems, and careful calibration of new requirements to minimize added costs.

FDIC Board to meet. The FDIC Board of Directors will meet on May 20th to discuss a semiannual update on the deposit insurance fund restoration plan. Additionally, the Board will vote on whether to rescind the 2024 FDIC Statement of policy on bank merger transactions and reinstate the prior FDIC bank merger policy.