Our Take: financial services regulatory update – November 21, 2025

November 21, 2025

Change remains a constant in financial services regulation

Read "our take" on the latest developments and what they mean.

Fed releases supervision memo

What happened? On November 18^th, the Federal Reserve (Fed) released a memo outlining changes to its supervisory operating principles. Separately on November 18^th, Fed Governor Michael Barr gave a speech voicing concerns about the potential risk of changing supervisory policy.

What does the memo say? It sets forth a number of changes that “represent a significant shift from past operating practices.” The changes fall under the following key themes:

Refocusing supervision on material financial risk. The memo directs examiners to prioritize their attention on material financial risks as opposed to “processes, procedures and documentation.” It also extends this focus to the standard for issuing matters requiring attention (MRAs) and matters requiring immediate attention (MRIAs), with examiners empowered to address shortcomings that do not rise to the level of MRAs with nonbinding supervisory observations.
Ratings. It calls for component ratings used to assign a composite rating (e.g., CAMELS and RFI ratings) to be weighted based on their materiality and states that Management (e.g., in CAMELS) and Risk management (e.g., in RFI) components cannot be given more weight than other components such as capital, liquidity and earnings.
MRA remediation and closure. The memo calls for examiners to rely on a firm’s internal audit (IA) function for validation of whether the firm has fully remediated MRAs or requirements in an enforcement action – unless the IA function itself has been found to be unsatisfactory. It also calls for examiners to avoid delaying the termination of a fully remediated deficiency and to monitor sustainability after termination rather than as a precondition to closure. It also states that, before terminating an enforcement action, examiners should not conduct additional reviews or “capstones” on issues not directly related to issues identified in the enforcement action or on risks that are not a material threat to a firm’s safety and soundness.
Horizontal reviews. The memo directs examiners to no longer conduct horizontal reviews for the LISCC and LFBO portfolios unless the Deputy Director of Supervision determines the benefits of such reviews would outweigh the costs. In cases where horizontal reviews are conducted, the assessments should be measured against supervisory expectations rather than best practices within the peer group and the results should be released to institutions on a confidential basis.
Finding specificity. Under the memo, examiners will no longer be permitted to communicate findings in “vague or overbroad language,” and instead they will be expected to communicate “with sufficient specificity so that a person of ordinary intelligence can readily know what the deficiency is and what a non-deficient state would be.” In addition, the memo instructs examiners to promptly respond to questions from the institution, provide clarity when requested, and to listen and invite feedback from an institution as to whether a particular MRA is justified.
Duplicative examinations. It states that examiners should rely to the maximum extent possible on examinations conducted by the primary state or federal supervisor of depository institution subsidiaries, and they should not conduct their own duplicative examinations of such subsidiaries unless it is impossible for them to rely on the primary supervisor.
Enforcement actions. The memo indicates that the Fed’s interpretation of the statutory standard for issuing enforcement actions based on an unsafe or unsound practice will be changing, and that work is “underway” to clarify the standard.
Use of liquidity facilities. The memo instructs examiners to not discourage banks from taking into account liquidity available at the Federal Home Loan Banks to manage liquidity or perform internal liquidity stress tests. It also states that they should not require banks to preposition assets at the discount window.

What did Barr say? Barr argued for forward-looking, well-resourced supervision and cautioned that scaling back horizontal reviews, weakening stress testing, narrowing enforcement levers, and leaning on internal audit to close MRAs/MRIAs would blunt examiners’ ability to spot emerging risks. He also pointed to planned staffing reductions as a practical constraint on timely, consistent oversight. Taken together, he expressed concern that these shifts risk turning supervision from preventive to reactive.

What’s next? The memo indicated that work is underway to 1) amend SR 13-13 to restore supervisory observations, 2) to clarify the standard for issuing MRAs and MRIAs, and 3) to interpret the “unsafe or unsound practice” standard for enforcement actions.

Our Take

Long-awaited clarity with more to come.

Banking organizations will welcome these seismic changes to supervision, which promise to produce far fewer examinations, MRAs and enforcement actions – as well as more prompt closure. To make the changes stick, we expect the Fed will further hard-wire them into supervisory infrastructure – defining “unsafe and unsound practices” and what is “material” for purposes of supervisory criticism, updating SR letters and examiner manuals, and retraining examiners across the Federal Reserve Banks. Fed Vice Chair for Supervision Michelle Bowman is taking concrete steps to reform the Fed’s supervisory culture and this is likely just the beginning of transitioning away from prescriptive requirements towards more focused and transparent oversight. That said, Barr’s remarks serve as a reminder that there remains a possibility that the pendulum swings back toward more invasive oversight if this approach is tested by significant industry stress events or if there are changes in Fed leadership.

As examiners step back, banks must step up.

With the Fed’s call for examiners to focus on material financial risk and deprioritize processes and procedures, the burden of defining what “good” looks like for risk management capabilities now falls squarely on banks themselves. The new supervisory environment will free up investment and team capacity for many banks that have previously focused their resources on remediating MRAs and otherwise responding to supervisory demands. Banks can now focus attention on self-identified issues and prioritize their investments in strategic enhancements to technology and automation to develop a more effective and efficient risk management lifecycle, including identification, assessment, measurement, monitoring and reporting practices.

IA functions will now find their responsibilities significantly increased as the validator-of-last-resort. This may call for additional expertise, particularly in financial risk areas that will be the focus of supervision, in order to successfully manage to the expectations as the main gatekeeper for closing regulatory criticisms and enforcement actions. In this new world, it will be more crucial than ever for IA to maintain independence – and have support from the Board Audit Committee – to defend against premature issue closure despite pressure from the businesses.

What should banks do now? Although there is further clarity to come, banks should not wait to:

·Review current MRAs/MRIAs for alignment to the new standards, identify near-term closure candidates, and assemble IA validation packages to present to their supervisors.
Assess potential changes to escalation and reporting thresholds to align to the new standard which prioritizes material financial risk.
Update MRA/MRIA closure playbooks to establish milestones and documentation requirements to clearly demonstrate full remediation prior to a sustainability period.
Initiate IA self-assessment to evaluate the adequacy of leadership, succession plans, staff resources, skill sets, compensation, testing programs, reporting, and technology to ensure audit teams are enabled to shoulder their new heightened responsibility.
Position IA for future success by having the board audit committee engage with IA on the results of their self-assessment and agree on an appropriate action plan for needed enhancements.
Assess sufficiency of governance, risk and compliance tools to manage both self-identified and regulatory issues, including maintaining transparency into continued sustainability of remediation actions. Ideally, firms should be able to link deficiencies to root causes, owners, compensating controls and triggers for re-testing controls as necessary.
Update regulatory affairs processes and delegations given the new Fed tone and direction, particularly the requirement that supervisory staff should “invite feedback” from institutions.

What’s the bottom line?

The Fed is undergoing a significant shift in supervision – one that checks many boxes on the industry’s wish list. The changes will empower banks to shift resources to their strategic priorities and to decide for themselves where the bar needs to be for sound risk management.

SEC issues 2026 Examinations priorities

What happened? On November 17th, the SEC’s Division of Examinations released its 2026 priorities, covering the next year’s examinations of registered investment advisers (RIAs), registered investment companies (RICs), broker-dealers (BDs), self-regulatory organizations (SROs), clearing agencies, and other market participants such as security-based swap dealers (SBSDs).

What are the priorities for 2026?

Fiduciary Standard of Conduct. Examinations will assess RIA’s fiduciary duties of care and loyalty, with attention to financial conflicts of interest on providing impartial advice, best execution, alternative investments including private credit, complex investments such as leveraged and inverse ETFs, and products that have higher costs of investing. Examinations will also focus on recommendations to older investors and those saving for retirement along with newly launched private funds and products that may be particularly sensitive to market volatility.
RICs: Examinations will focus on the appropriateness of fund fees and expenses and portfolio management practices and disclosures for consistency with statements about investment strategies in fund filings and marketing materials. Examiners will also target compliance with the amended “Names Rule” and RICs that participate in mergers.
Broker-Dealer Financial Responsibility Rule and Trade-Related Practices. BD examinations will focus on compliance with the net capital and customer protections rules along with the timeliness of financial notifications and other required filings. Examiners will also focus on BD’s operational resiliency programs and assess firms’ credit, market and liquidity risk management controls. Examinations will continue to focus on Regulation Best Interest (Reg BI) obligations, including products such as ETFs that invest in illiquid private credit and equity assets, private placements, alternative investments, and cash sweep programs.
Cybersecurity, identity and privacy. Examinations will evaluate information-security and operational-resilience programs; test identity-theft programs under Regulation S-ID (identity theft red flags); and review compliance with amended Regulation S-P (privacy and safeguarding) regarding updated expectations for incident response and customer notification. The priorities also reference AI-related threats, ransomware preparedness and use of threat intelligence. Examiners will also evaluate incident-response decisioning and proper classification and oversight of vendor environments required for Regulation Systems Compliance and Integrity (Reg SCI) entities.
Anti-money laundering (AML). Reviews will test risk-based programs for broker-dealers and certain funds, including independent testing, sanctions controls and suspicious activity reporting. Customer Identification Program (CIP) requirements include identifying customers and, for legal-entity customers, their beneficial owners.

What is different from 2025: The 2026 priorities do not include a stand-alone “crypto assets” section and remove the previous administration’s initiatives in the environmental, social and governance (ESG) space.

Our Take

A new day at the SEC under Chairman Atkins

This year’s priorities reflect a clear shift in emphasis as the SEC recalibrates its examination program under Chairman Atkins, who has stated that “examinations are an important component to accomplishing the agency’s mission, but they should not be a “gotcha' exercise...” The absence of a stand-alone crypto section aligns with a broader policy posture that has moved away from aggressive enforcement in this space and now extends to examinations. At the same time, the SEC is signaling renewed interest in expanding retail access to alternative investments, which is reflected in the examination focus on valuation, liquidity and disclosure practices in private credit and private equity funds, as well as registered funds that hold illiquid and complex products. The priorities also signal a return to focusing on long-standing protections for retail investors, with continued scrutiny of excessive or inappropriate fees, misleading marketing and undisclosed conflicts of interest.

Risk management and operational resiliency also rise in prominence. The SEC ties these expectations to how firms prepare for and withstand periods of market stress and dislocation, reinforcing that resilience is not limited to technology functions but depends on governance, liquidity practices, third-party oversight and the strength of day-to-day controls. Privacy and identity programs similarly move from policy to performance as amended Regulation S-P places greater weight on timely detection, response and customer notification, and Regulation S-ID focuses on whether controls can prevent account takeovers in practice. Market-system oversight widens accountability to vendor environments through Regulation SCI classifications and incident-response expectations, underscoring that resilience extends across a firm’s operating footprint. Technology and innovation also feature throughout the priorities, with AI and automated tools evaluated for what they actually deliver, how governance matches firms’ public descriptions of these tools and whether outcomes are fair to investors.

What’s the bottom line?

The 2026 priorities signal a shift under new leadership toward a program that pulls back where regulatory guardrails are still forming while sharpening expectations around investor protection, operational resiliency and the credibility of firms’ governance and risk-management practices.

California progresses long-term solvency regulation

What happened? On November 14th, the California Department of Insurance (CDI) held a prenotice public discussion on draft regulatory text for a new long-term solvency planning requirement for domestic insurers.

What would be required? The draft text would require insurers writing more than $50 million in U.S. premium to maintain forward-looking solvency analyses that include:

A portfolio of risk-mitigation technologies used by policyholders and analysis of their long-term performance.
A materiality assessment of emerging risks affecting underwriting, investments or operations, including:
- Technology-driven risks such as dataset scale and complexity, data quality, data security and cybersecurity
- Climate-related physical risks, both acute (extreme weather) and chronic (sea-level rise, land-use shifts, water availability, agricultural productivity, temperature extremes)
- Transition risks from economic and technological change, including potential disruptions in access to capital
- Other long-horizon risks whose volatility is expected to increase over the next 20 years.
Analysis of material risks and mitigation strategies with projections for 2030, 2040 and 2050, including:
- Disruption risks related to technology and innovation
- Climate scenario analysis and stress testing
- Assessments of resilience, scenario selection rationale, sensitivity analysis and areas of uncertainty
- Investment concentration and exposure to catastrophic events
- Long-term investment strategy targets, performance metrics and methods of measuring progress
- Opportunities for new insurance products and the technical capabilities needed to support long-term climate and technology risk analysis.

What was discussed at the pre-notice meeting? At the meeting, insurers expressed concerns that the proposal is overly prescriptive, extends projections beyond reliable time horizons, and duplicates existing reporting requirements such as ORSA. Some industry representatives argued that provisions referencing product innovation exceed the scope of solvency oversight. Consumer and climate advocates urged CDI to make the rule more stringent by expanding public disclosures, aligning investment targets with climate science, expanding applicability beyond the $50 million premium threshold, and requiring annual updates to long-horizon projections.

What’s next? CDI will prepare a formal proposal which will include the official regulatory text, an initial statement of reasons, and a full comment period.

Our Take

A longer time horizon and broader risk lens

California’s proposal represents a significant step toward formalizing long-term solvency planning, with detailed expectations for insurers to analyze capital needs, climate exposures, technology-driven risks, and investment strategy over the next several decades. While insurers are concerned about speculation, duplication and the potential blurring of lines between prudential oversight and product design, consumer groups will continue to push for even more prescription, including science-aligned emissions targets, expanded public disclosure and extension of the rule to smaller insurers. The divergence reflects a broader tension shaping insurance regulation: the need for more forward-looking, data-driven solvency frameworks at the same time that the industry faces limits in forecasting, data quality and operational capacity. If CDI advances the proposal, insurers will need to demonstrate that long-horizon risk assessments are grounded in consistent methodologies, credible data and governance structures able to support iterative refinement. The proposal signals where supervisory expectations are moving, even as details are debated, and underscores the growing expectation that insurers integrate climate and technology risks into their enterprise risk management rather than treat them as separate, discretionary exercises.

What’s the bottom line?

California’s proposal marks the early stages of a longer shift toward horizon-scanning solvency supervision, underscoring the need for insurers to build capabilities that can keep pace with climate, technology and investment-related risks.

On our radar

These notable developments hit our radar recently:

Fed’s Miran calls for regulatory reforms to reduce pressure on Fed balance sheet. On November 19^th, Fed Governor Stephen Miran spoke on his view that aspects of the current regulatory framework are impacting the Fed’s balance sheet, particularly by influencing how easily banks can intermediate in Treasury markets. Regarding the pending proposal to reform the enhanced supplementary leverage ratio (eSLR) by reducing it to half the GSIB surcharge, he argued that this approach does not go far enough and called for fully excluding Treasurys and reserves from the eSLR denominator.

OCC clarifies permissible bank activities related to paying crypto-asset network fees. On November 18th, the OCC issued Interpretive Letter 1186 confirming that national banks may pay blockchain network fees and hold crypto-assets as principal in amounts reasonably necessary to cover anticipated network fees. The letter also affirms that banks may hold crypto-assets as principal when testing permissible crypto-asset platforms.

Trump nominates Levenbach, extending Vought’s tenure as acting CFPB director. On November 19th, President Trump nominated OMB official Stuart Levenbach to serve as CFPB director, a procedural step that allows Acting Director Russ Vought to remain in the role under the Vacancies Act. Senate action on the nomination remains uncertain.

Senate Banking advances FDIC nomination. On November 19th, the Senate Banking Committee voted 13 - 11 along party lines to advance President Trump’s nomination of Acting FDIC Chair Travis Hill to continue in his role on a confirmed basis.

Senate Agriculture holds confirmation hearing and advances CFTC nomination. On November 19^th, the Senate Agriculture Committee held a confirmation hearing for President Trump’s nominee to lead the CFTC, Mike Selig. He expressed support for “common-sense, principles-based” regulation that prioritizes clear rules over enforcement-driven supervision. On digital assets, he signalled support for prompt, thoughtful implementation of any congressional mandate and committed to strengthening the CFTC’s rules around segregation of customer funds and disclosures. He also proposed a product-by-product evaluation of extended trading hours and vertically-integrated business models, and flagged concerns that over-regulation can push activity offshore or undermine access to risk-management tools in Treasury markets. The day after his hearing, the Committee voted to advance Selig’s nomination 12 – 11 along party lines.

FDIC to meet on capital and regulatory rules on November 25^th. On November 25th, the FDIC Board will meet in an open session to consider several major actions, including a proposal to revise the Community Bank Leverage Ratio and the finalization of eSLR reform and TLAC/LTD requirements for U.S. GSIBs. The Board will also vote on a package of summary items, including indexing certain regulatory thresholds, setting the 2026 designated reserve ratio, and delaying the compliance date for the FDIC’s signage and advertising rule.

Fed extends comment period on stress test transparency proposal. On November 21st, the Fed extended the comment deadline for its proposal to enhance transparency and accountability in stress test models and scenarios to February 21st, 2026. The extension is intended to give stakeholders additional time to evaluate the proposal. Comments on the separate proposal regarding 2026 stress test scenarios remain due December 1st, 2025. See previous Our Take on this topic here.