Ballard Spahr
Legal Alert

Mortgage Banking Update - March 5, 2026

March 5, 2026

March 5 – Read the newsletter below for the latest Mortgage Banking and Consumer Finance industry news, written by Ballard Spahr attorneys. In this issue, our lawyers discuss New York’s newly published Buy Now, Pay Later rules, the consumerization of small business lending as federal and state regulations accelerate, key employer takeaways from recent federal guidance on remote work policies, and much more.

 

Podcast Episode: The Consumerization of Small Business Lending—Federal and State Regulations Accelerate

On today’s Consumer Finance Monitor podcast, we are releasing an episode about a timely and wide-ranging discussion on one of the most significant and fastest-evolving developments in commercial finance: the rapid “consumerization” of small business lending law.

In this episode, host Alan Kaplinsky welcomes Louis Caditz-Peck, Executive Director of the Responsible Business Lending Coalition (RBLC), for an in-depth conversation about the proliferation of state small business lending protection statutes, the policy debates driving them, and what they mean for lenders, fintechs, banks, and small business borrowers.

From Self-Regulation to State Law: How We Got Here

For decades, commercial lending operated under a fundamentally different regulatory framework than consumer credit. The prevailing assumption was that business borrowers were sophisticated, negotiated their transactions, and did not need standardized disclosures or suitability-type protections.

That assumption has eroded.

As Louis explains, since the financial crisis, and particularly with the growth of online and fintech lending, small business financing has changed dramatically. Community banks have pulled back. Nonbank online platforms have expanded. New products, including merchant cash advances and other revenue-based financing arrangements, have proliferated.

At the same time, concerns have grown about:

  • Opaque pricing structures
  • Misleading “interest rate” representations
  • Broker incentives that steer borrowers into higher-cost products
  • Repeated refinancing of unaffordable obligations

These concerns led to the development of the Small Business Borrower’s Bill of Rights, a set of industry standards first launched in 2015 at the Aspen Institute by a coalition of lenders, small business groups, and nonprofit advocates. What began as a voluntary, self-regulatory effort quickly became a blueprint for legislation.

California’s SB 1235 in 2018 marked the first major small business truth-in-lending law. Since then, according to Louis, 19 small business financial protection laws have been enacted across multiple states, with California and New York leading the way.

The “Consumerization” of Small Business Lending

A central theme of the episode is whether we are witnessing the “consumerization” of small business lending.

Many of the new state laws borrow heavily from consumer credit concepts, including:

  • APR-style cost disclosures
  • Total cost of financing disclosures
  • Payment schedule requirements
  • Prepayment and fee transparency
  • Restrictions on certain contractual provisions

Some states have layered on licensing or registration requirements for small business finance providers. Others incorporate or supplement state UDAP (unfair and deceptive acts and practices) standards, which may apply to certain business-to-business transactions as well as consumer transactions.

The policy rationale is straightforward: many “Main Street” businesses are effectively sole proprietorships or closely held operations without in-house finance or legal teams. Legislators increasingly view these borrowers as closer to consumers than to large corporations with treasury departments and inside or outside counsel.

As Alan and Louis discuss, the regulatory shift raises serious operational and compliance challenges, particularly given the state-by-state patchwork of requirements.

The Compliance Conundrum: Patchwork and Harmonization

A recurring concern is whether the proliferation of state laws imposes disproportionate burdens on smaller lenders and startups, especially compared to large institutions with robust legal and compliance infrastructures.

Louis emphasizes that RBLC has actively worked to promote interstate harmonization, particularly between California and New York. For example:

  • Advocating for standardized disclosure forms that can be used in multiple states
  • Aligning definitions and disclosure triggers
  • Encouraging estimated APR calculations for revenue-based financing

However, not all states have followed a harmonized approach. Some laws, particularly those focused narrowly on merchant cash advances, have created divergent requirements, complicating multi-state compliance.

As Alan notes, the trend presents both risk and opportunity for lenders and their counsel. The regulatory environment is no longer static. Companies offering small business financing must assume that:

  • Cost disclosures will likely be required in more states
  • Registration or licensing may apply
  • Enforcement risk—particularly under state UDAP statutes—will increase

Section 1071 and Federal Uncertainty

The episode also explores the role of the CFPB under Section 1071 of the Dodd-Frank Act, which requires data collection on small business lending to:

  1. Identify potential discrimination, and
  2. Assess whether certain markets are underserved.

The CFPB finalized its 1071 rule in 2023 under then Director Rohit Chopra. Multiple legal challenges followed. Under the current administration, a notice of proposed rulemaking has sought to scale back and slow implementation.

At the same time, the Federal Trade Commission has signaled an interest in using its enforcement authority to address unfair or deceptive acts or practices affecting small businesses—underscoring an intriguing tension within federal regulatory policy.

As Louis observes, the debate is not simply about reducing or expanding government. It is about how government authority will be used and whether transparency and enforcement will be advanced through rulemaking, litigation, or state initiatives.

Merchant Cash Advances and Revenue-Based Financing

A particularly nuanced part of the discussion focuses on merchant cash advances (MCAs) and other sales-based financing products.

These arrangements typically involve:

  • An advance of funds in exchange for a fixed repayment amount
  • Payments tied to a percentage of daily or periodic sales
  • Variable duration depending on business performance

RBLC’s position, as Louis explains, is product neutral. The coalition does not advocate banning product categories or imposing rate caps. Instead, it focuses on responsible practices, including transparent pricing and assessment of ability to repay.

Importantly, none of the major state lending protection laws impose interest rate caps. The emphasis is on disclosure and market transparency rather than price regulation.

Who Is Covered—and Who Is Not?

Most state small business truth-in-lending statutes apply to financing of $500,000 or less (with some variation, such as New York’s $2.5 million threshold following gubernatorial revision).

Coverage often includes:

  • Closed-end loans
  • Open-end lines of credit
  • Sales-based financing/MCAs
  • Factoring (in some states)

Banks are generally exempt from these statutes, though nonbank “providers” presenting the offer of credit may still have disclosure obligations even in bank partnership models.

As Alan highlights, this raises interesting competitive and policy questions about level playing fields across banks and nonbanks.

Looking Ahead to 2026

Both speakers agree: this trend is not going away.

With significant percentages of small business owners reporting difficulty accessing affordable capital, and a substantial minority reporting harm from predatory practices—state legislators remain motivated to act.

The key policy question is not whether regulation will expand, but how.

Well-designed transparency frameworks can:

  • Promote price competition
  • Reward responsible innovation
  • Improve borrower decision-making

Poorly harmonized or overly rigid frameworks, however, risk increasing compliance costs and reducing credit availability.

As Alan notes in his closing remarks, small business finance regulation is becoming a core area of growth for law firms and compliance professionals historically focused on consumer financial services. The line between consumer and commercial finance continues to blur. Alan noted that the Consumer Financial Services Group which he founded and chaired for 25 years has counseled and represented small business lenders for decades.

For lenders, fintechs, banks, and their advisors, understanding these developments is no longer optional, it is essential.

Consumer Finance Monitor is hosted by Alan Kaplinsky, senior counsel at Ballard Spahr, and the founder and former chair of the firm’s Consumer Financial Services Group. We encourage listeners to subscribe to the podcast on their preferred platform for weekly insights into developments in the consumer finance industry.

To listen to this episode, click here.

Consumer Financial Services Group

Back to Top

Podcast Episode: A National Strategy to Prevent Scams—‘United We Stand’

In a recent episode of the award-winning Consumer Finance Monitor podcast, Alan Kaplinsky was joined by Nick Bourke, Kate Griffin, and Ballard Spahr Partner Joseph Schuster to discuss a groundbreaking new report from the Aspen Institute Financial Security Program: United We Stand: A National Strategy to Prevent Scams.

The episode builds on Nick and Kate’s prior appearance on the podcast last July, when the report was still in development. Now finalized, the report offers one of the most comprehensive frameworks to date for addressing what has become a systemic threat to American households and the broader financial system.

The Scope of the Problem: A Systemic Threat

Frauds and scams are no longer isolated consumer protection issues. According to the report, U.S. households are losing an estimated $196 billion annually to scams—roughly $1 billion every couple of days. One in five American adults reports having lost money to an online scam.

As Nick Bourke explained, today’s scams are:

  • Technology-enabled
  • Highly organized and industrialized
  • Often operated by transnational criminal organizations
  • Accelerating due to AI and faster payment systems

The so-called scam “lifecycle” includes four stages:

  1. Lead – Hooking the victim
  2. Deceive – Building trust (often through impersonation or relationship-building)
  3. Bleed – Extracting funds
  4. Clean – Laundering proceeds, often through cryptocurrency or offshore channels

Different sectors see only fragments of this lifecycle; social media platforms may see the “lead,” financial institutions the “bleed,” and law enforcement the “clean.” That fragmentation allows criminals to scale operations while defenders remain siloed.

Why Scams Are Rising Despite Heavy Investment

As Kate Griffin noted, industry and government are investing heavily in prevention. Yet scams continue to grow.

Why?

  • Fragmentation across sectors: No single actor sees the entire attack sequence.
  • Outdated reporting infrastructure: Federal systems at agencies like the FBI and FTC remain manual and technologically antiquated.
  • Regulatory uncertainty: Financial institutions and technology platforms face unclear expectations about what data they can use and share.
  • Speed of modern payments: Faster money movement means faster losses.

Joseph Schuster emphasized that many financial institutions are strongly incentivized to prevent fraud as they often bear reputational and financial risk when scams succeed. But legal ambiguity, especially under statutes like the Fair Credit Reporting Act, can chill data-sharing and innovation.

Core Recommendations from the Aspen Report

The report outlines both high-level national reforms and granular operational improvements with more than 180 specific ideas.

1. Elevate Scam Prevention to a National Priority

The report calls for:

  • A designated federal lead (or czar) to coordinate strategy
  • A whole-of-government approach
  • Clear national goals and metrics

Without centralized leadership, enforcement and regulatory actions remain fragmented.

2. Modernize Law Enforcement Reporting Systems

  • Federal reporting portals, including Suspicious Activity Reports (SARs), the FBI’s complaint systems, and the FTC’s databases, require modernization. The report recommends:
  • Streamlined, automated reporting
  • Backend data interoperability across agencies
  • Advanced analytics and AI tools for enforcement

3. Establish Clear Duties to Act Paired with Safe Harbors

One of the most important themes discussed was the need for:

  • Clear expectations for banks, telecom companies, and digital platforms
  • Safe harbors that protect companies when sharing scam intelligence in good faith

Countries like Australia have already codified such frameworks. The U.S. has yet to establish similarly coordinated standards.

4. Build a Cross-Sector Information-Sharing Ecosystem

  • Effective scam prevention requires:
  • Exchange of scam indicators (malicious URLs, compromised phone numbers, device patterns)
  • Interoperable information-sharing platforms
  • Privacy-preserving architecture
  • Legal clarity to mitigate antitrust and consumer reporting concerns

Joseph noted that industry appetite for collaboration is strong, but clarity and guardrails are essential.

5. Consider a U.S. National Anti-Scam Center

  • The report explores the idea of a centralized “front door”, potentially something like stopscams.gov, that would:
  • Serve as a national reporting hub
  • Provide victim resources
  • Facilitate coordination among law enforcement
  • Support public education campaigns

Social Media and Platform Responsibility

The discussion also addressed the evolving role of digital platforms.

Scam activity frequently originates through:

  • Paid advertisements
  • Dating applications
  • Direct messaging
  • Fake investment websites

Compared to banks, social media companies operate within a less clearly defined regulatory structure. Courts are increasingly developing theories of “platform liability,” but statutory clarity is lacking.

The report urges policymakers to define reasonable expectations for platforms—paired with safe harbors and practical tools that empower prevention rather than merely assign blame.

What Happens Next?

  • The key question: who implements this strategy? Kate Griffin emphasized that this is a whole-of-society problem requiring coordinated action by:
  • Federal leadership
  • Congress
  • Financial institutions
  • Telecom and digital platforms
  • Law enforcement
  • Civil society

There have been encouraging developments, including:

  • Treasury and State Department sanctions targeting transnational scam networks
  • A joint DOJ–FBI–Secret Service initiative targeting Southeast Asian scam operations
    • But much more remains to be done.

Nick Bourke suggested that, one year from now, real success would include:

  • But much more remains to be done.
  • A designated federal anti-scam lead
  • A congressional commission
  • Measurable national prevention goals
  • Corporate adoption of formalized anti-scam strategies

Joseph Schuster added that industry innovation is ongoing, particularly in artificial intelligence, biometrics, and authentication, but warned that fragmented state-level regulation could complicate progress.

Key Takeaways

Alan Kaplinsky closed the episode with several important observations:

  • Fraud and scams are now a systemic threat, not a niche compliance issue.
  • Prevention, not just reimbursement, must be the organizing principle.
  • Coordination matters as much as authority.
  • Good-faith companies need regulatory clarity, not just enforcement pressure.
  • Reducing scams strengthens trust in the U.S. financial system and digital economy.

The Aspen report reframes the debate. Rather than assigning blame, it calls for aligned incentives, shared responsibility, and coordinated national action. If the title of the report, United We Stand, becomes reality, the United States may finally begin to bend the curve on one of the most costly and fast-growing threats facing consumers today.

For more insights on consumer financial services developments, visit Ballard Spahr’s Consumer Finance Monitor blog and explore the full Aspen Institute report here.

Consumer Finance Monitor is hosted by Alan Kaplinsky, senior counsel at Ballard Spahr, and the founder and former chair of the firm’s Consumer Financial Services Group. We encourage listeners to subscribe to the podcast on their preferred platform for weekly insights into developments in the consumer finance industry.

To listen to this episode, click here.

Consumer Financial Services Group

Back to Top

D.C. Circuit Hears En Banc Argument in National Treasury Employees Union v. Vought: A Defining Case for the CFPB’s Future

On February 24, 2026, the full United States Court of Appeals for the District of Columbia (consisting of 11 judges sitting en banc) heard oral argument in National Treasury Employees Union v. Vought (No. 25-5091), a case that could prove pivotal not only for the workforce of the Consumer Financial Protection Bureau (CFPB) but also for the scope of presidential authority over independent agencies more broadly.

The central issues are clear: can the Executive Branch, through operational directives and workforce reductions, effectively disable a congressionally created agency without repealing or amending the statute that created it? If not, what is the appropriate remedy when the appeal is of an interlocutory preliminary injunction issued by the federal district court?

Background

The litigation arises from actions taken by Acting CFPB Director Russell Vought in early 2025 that halted much of the Bureau’s activity and set in motion substantial reductions in force. The National Treasury Employees Union (NTEU), representing CFPB employees, challenged those actions, arguing that they amounted to a de facto dismantling of the agency in contravention of Congress’s mandate in the Dodd-Frank Act.

The district court entered a preliminary injunction blocking broad layoffs. A divided three-judge panel of the D.C. Circuit later vacated that injunction, reasoning in part that the plaintiffs had not identified a reviewable “final agency action” and that employment disputes should proceed through the Civil Service Reform Act’s administrative framework. The full court subsequently granted rehearing en banc.

The Government’s Position

Arguing for the government, DOJ counsel framed the case as one about managerial discretion and jurisdictional limits. The government’s core themes were:

  1. The challenged directives did not constitute “final agency action” reviewable under the Administrative Procedure Act.
  2. Employment-related claims must proceed through the Civil Service Reform Act’s exclusive remedial scheme.
  3. Courts should not constitutionalize disputes over internal resource allocation or agency staffing decisions.

Under this view, even sweeping reductions in force and stop-work orders fall within the lawful discretion of political leadership to determine how an agency executes its statutory responsibilities—so long as Congress has not prescribed specific staffing levels or appropriations mandates.

The Union’s Position

Counsel for NTEU urged a very different characterization. She argued that this case is not about ordinary workforce management, but about whether the Executive may neutralize a statutory agency without congressional participation.

Her principal arguments included:

  1. The combined effect of stop-work orders, funding constraints, mass terminations, and other actions consistent with dismantling the CFPB amounts to a constructive shutdown of the CFPB.
  2. The Administrative Procedure Act (APA) permits review where executive action effectively nullifies statutory mandates.
  3. The Civil Service Reform Act does not displace judicial review of structural constitutional claims.
  4. The separation of powers forbids the President (or an Acting Director of the CFPB) from accomplishing through administrative means what only Congress can do legislatively—abolish or disable an agency.

In short, NTEU framed the dispute as a structural constitutional case with employment consequences, not merely an employment case with constitutional rhetoric.

Themes from the Bench

Several lines of questioning stood out:

1. Reviewability and Finality.

Multiple judges pressed the government on whether there is any limiting principle to its theory of non-reviewability. If an agency head can halt enforcement, supervision, rulemaking, and internal operations indefinitely, what would qualify as reviewable action?

2. CSRA Preclusion.

The court explored whether the Civil Service Reform Act’s remedial scheme truly channels all claims of this nature away from district court, particularly when the alleged injury is institutional and constitutional, not merely individual and employment based.

3. Separation of Powers.

The most probing exchanges focused on whether executive “inaction” or resource withdrawal can violate a statutory command. Judges appeared concerned about a rule that would allow an administration to effectively nullify a disfavored agency without formally defying Congress.

At several points, members of the court suggested the possibility of a narrower path—such as remanding for further factual development or crafting limited injunctive relief designed to preserve core statutory functions pending final resolution.

Why This Case Matters

For lawyers advising financial institutions, fintechs, and other regulated entities, this case goes far beyond internal federal employment disputes.

If the court adopts a broad view of executive authority to suspend or scale back statutory programs, the CFPB’s supervisory and enforcement posture could change dramatically depending on who occupies the White House—even without legislative change.

Conversely, if the court recognizes meaningful judicial limits on executive efforts to disable agencies, it could reinforce the durability of congressionally created independent regulators, even in periods of political hostility.

The implications extend to:

  1. The stability of CFPB rulemaking, supervision and enforcement and statutorily-mandated activities;
  2. The viability of structural APA challenges;
  3. The continued relevance of the D.C. Circuit as a central arbiter of administrative law;
  4. The evolving balance between Congress and the Executive in the administrative state.

What to Watch

The en banc court’s decision will likely turn on how it characterizes the case:

  1. A narrow employment-law dispute governed by the Civil Service Reform Act; or
  2. A structural constitutional challenge implicating the President’s duty to “take Care that the Laws be faithfully executed.”

The answer to that framing question may determine not only the outcome here, but the future resilience of the CFPB itself.

Given the composition of the en banc court and the intensity of the questioning, a fractured decision—with multiple concurrences and dissents—is a distinct possibility. Whatever the result, further review in the Supreme Court’s shadow docket, would not be surprising, particularly if the en banc court were to affirm the district court’s injunction. That is because that injunction goes well beyond ensuring that the CFPB performs its statutorily required functions.

Although it is always hazardous to predict the outcome of any court decision, let alone an en banc appellate court with 11 politically diverse members sitting on the bench, we believe that the en banc court will reverse the district court, but for different reasons than given by the three-judge panel of the Court of Appeals — namely, that the preliminary injunction must be written so that it only requires the CFPB to perform statutorily required functions The case will likely be remanded to the district court so that the preliminary injunction can be revised to conform with the en banc’s court mandate. The district court’s job should be helped immeasurably by the fact that, according to the DOJ attorney arguing the case for the CFPB, the CFPB has already prepared a detailed plan of operation on what it intends to do if the preliminary injunction gets lifted, Since Vought has acknowledged that he cannot shut down the CFPB entirely after the district court ruled that the CFPB was not precluded from being funded by the Federal Reserve Board even though the Federal Reserve Banks were losing money on a combined basis, the CFPB’s plan of operation should be a good starting point for the district court in fashioning a preliminary injunction which requires the CFPB to perform statutorily required functions. The DOJ lawyer has offered to share the CFPB’s operating plan with the court. Hopefully, this may result in the preliminary injunction being converted to a final injunction with which all parties can live. Of particular importance to the industry is that the CFPB finalize many of the proposed rules that were identified in the CFPB’s most recent regulatory agenda, including statutorily-required rules under Section 1033 of Dodd-Frank (open banking) and Section 1071 of Dodd-Frank (data collection related to small business loans) and non-statutorily required rules pertaining to the elimination of the use of the disparate impact theory under the Equal Credit Opportunity Act.

Alan S. Kaplinsky and Joseph J. Schuster

Back to Top

Trump Administration Says CFPB Has Cost Consumers Hundreds of Billions of Dollars

Since its inception in 2011, the CFPB has cost consumers between $237 billion and $369 billion, the Trump administration’s Council of Economic Advisers (CEA) said, in a report.

“Through a combination of regulation, supervision, and the threat of enforcement actions, the CFPB has raised costs for both borrowers and lenders,” the CEA said, adding that the largest component– increased borrowing costs–accounts for $222 billion to $350 billion of this total.

“The regulatory burden imposed by the Consumer Financial Protection Bureau (CFPB) has increased the compliance and liability costs associated with consumer financial products, which financial institutions pass on to consumers in the form of higher prices and reduced product offerings,” the CEA said.

The CEA estimated that for 2024 alone, the combined annual cost of credit for mortgages, autos and credit cards attributable to the CFPB is between $24 billion and $38 billion.

The Trump administration has targeted the CFPB for severe cutbacks—attempting to lay off more than 1,400 Bureau employees. Those efforts have so far been blocked in federal court. Acting CFPB Director Russell Vought has expressed a preference that the Bureau be eliminated and said he is working toward that goal.

Democrats often say that the CFPB has returned $21 billion to consumers, but the CEA said that figure “severely” underestimates the broader burden on the financial system.

The CEA also said that:

  • Annual paperwork requirements exceed 29 million hours. That is the equivalent of employing 14,000 full-time workers focusing on documentation and reporting. Between 2011 and 2024, the paperwork requirements cost businesses $21 billion.
  • After adjusting for inflation, the CFPB has received $8.9 billion in transfers from the Federal Reserve from 2011 through 2024. “Because these funds would otherwise have flowed to the U.S. Treasury, the forgone revenue generates a marginal excess tax burden of $4.4 billion.” “Combined, the fiscal cost of the CFPB since its inception exceeds $13 billion.”
  • “Broken down by loan type, the CFPB’s rulemaking has cost consumers $116-$183 billion in higher mortgage costs ($1,100-$1,700 per originated loan), $32-$51 billion for auto loans ($91-$143 per loan), and $74-$116 billion for credit cards ($80-$126 per loan). “These costs significantly surpass the CFPB’s reported $21 billion returned to consumers (about $15 per borrower).”

The Council also estimated that the higher borrowing costs from CFPB policies significantly reduced loan originations, resulting in an economic efficiency loss of between $1.5 billion to $5.7 billion to consumers.

We endorse the focus on the costs of the CFPB, which we do think have been understated, and the benefits of the CFPB, which we do think have been overstated, and have the following observations.

The reported $21 billion amount returned to consumers does not necessarily represent actual harm to consumers that was redressed through payments made by companies settling CFPB enforcement actions. Companies facing CFPB enforcement actions may reasonably believe they did nothing wrong, yet they elect to settle because it is the more efficient and cost-effective way of dealing with the matter.

With regard to mortgages, the report focuses on loans that did not qualify for the safe harbor under the original general qualified mortgage (QM) provisions of the Truth in Lending Act ability to repay rule because the consumer’s debt-to-income (DTI) ratio exceeded the strict 43% cap that applied under the provisions. However, loans also could have been made under the QM commonly referred to as the “GSE Patch” if the loans (1) complied with the general QM loan characteristic prohibitions and points and fees limits, and (2) were eligible for sale to Fannie or Freddie. Both the DTI-based general QM and GSE Patch QM were available for loans with applications received before October 1, 2022. As a result of its greater flexibility, creditors typically relied much more on the GSE Patch QM than the DTI-based general QM. For loans with applications received on or after March 1, 2021, loans also could be made under the new general QM based on the loan’s annual percentage rate. Finally, there were separate QMs for loans insured by the Federal Housing Administration and loans guaranteed by the Department of Veterans Affairs. Thus, the costs assumed by the CEA for loans that did not qualify for the original DTI-based general QM may not have materialized if the loans were QMs under one of the other QM provisions.

Consumer groups blasted the Administration.

The National Consumer Law Center accused the Administration of making “unfounded claims that consumers are paying billions to have their home and auto loans regulated.

“The White House continues to arm billionaires in their war on ordinary people’s wallets,” said Diane Thompson, Deputy Director and Chief Advocacy officer at the National Consumer Law Center. “A functioning, effective Consumer Financial Protection Bureau is essential in safeguarding people from unscrupulous companies that prey on working families.”

Americans for Financial Reform accused the Administration of using highly inflated compliance cost estimates without considering the enormous economic benefits of the CFPB to people and financial stability.

“The Trump administration has tried for over a year to shut down the CFPB because it worked tirelessly to protect people from junk fees, scams, and widespread financial harm as well as holding financial firms accountable for ripoffs and unfair practices,” said Tom Feltner, Associate Director of Consumer Policy at Americans for Financial Reform. “It is not surprising that this administration is now claiming that people would be better off without the commonsense financial protections that have prevented another financial crisis for the past fifteen years.”

Richard J. Andreano, Jr. and John L. Culhane, Jr.

Back to Top

FinCEN Provides CDD Relief for New Account Openings

On February 13, 2025, FinCEN issued an order granting exceptive relief for covered financial institutions from certain Customer Due Diligence (CDD) requirements for new account openings. The exceptive relief is part of deregulation efforts, consistent with Executive Order 14192, “Unleashing Prosperity Through Deregulation,” and Section 6403(d) of the Corporate Transparency Act (the CTA).

What’s Covered by the Exceptive Relief?

The CDD rule requires covered financial institutions to identify and verify the beneficial owners of legal entity customers at account opening. Under the exceptive relief, FinCEN will now require covered financial institutions to obtain and verify the beneficial owners of legal entity customers:

  1. When a legal entity customer first opens an account;
  2. Any time the covered financial institution has knowledge that would reasonably call into question the reliability of beneficial ownership information that was previously provided; and
  3. As necessary for on-going CDD compliance.

Covered financial institutions must still adhere to other Bank Secrecy Act/Anti-Money Laundering requirements, including all other CDD requirements.

Nothing precludes a covered financial institution from continuing the practice of collecting or verifying beneficial ownership at each new account opening or following the institution’s own risk-based policies and procedures. FinCEN highlights that it is “within the discretion of the covered financial institution” whether to avail themselves of this exceptive relief.

FinCEN’s Previous Guidance and Exceptive Relief Efforts

FinCEN noted that the exceptive relief was due, in part, to the industry’s reactions to previous relief efforts. Ultimately leading FinCEN to provide this broader relief.

FinCEN has previously issued guidance, allowing covered financial institutions to utilize previous beneficial ownership forms or information obtained from legal entity customers at new account openings, provided that the customer certified or confirmed that the information was still accurate and the financial institution had no knowledge calling into question the accuracy of the information. In addition, FinCEN previously provided exceptive relief to legal entity customers who open new accounts as a result of: a certificate of deposit rollover; a renewal, modification, or extension of a loan where there was no underwriting requirement or approval; a renewal, modification, or extension of a commercial line of credit or credit card account that does not require underwriting review and approval; or a renewal of a safe deposit box rental. This current exceptive relief supplements FinCEN’s previous guidance and exceptive relief.

Looking Ahead at the CDD Rule

The CTA promised revisions to the CDD rule to account for the changes made by the beneficial ownership information and access rules. FinCEN’s current rulemaking agenda lists a notice of proposed rulemaking slated for this Spring. Given the changes to the scope of the CTA, it is unclear how the CDD rule will be revised.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch. Please click here to find out about Ballard Spahr’s Anti-Money Laundering Team.

Kaley Schafer

Back to Top

DEI Executive Orders Under Fire: Two Major Appellate Court Challenges Spotlight Legal Ambiguity and Uncertainty

Two cases involving challenges to the Trump administration’s Executive Orders on Diversity, Equity, and Inclusion (DEI) are making waves in the federal appellate courts—each raising fundamental questions about the scope and legality of the administration’s policy direction.

Fourth Circuit: Lifted Injunction

On February 6, 2026, the Fourth Circuit Court of Appeals reversed a district court injunction that had blocked enforcement of President Trump’s executive orders targeting DEI in federal funding. The suit, led by the City of Baltimore, challenged several provisions as unconstitutional and had initially resulted in a nationwide halt to implementation of key provisions, including the DEI certification and termination requirements. We previously reported on the district court litigation and injunction here.

The appellate court vacated the preliminary injunction and remanded the case for further proceedings. The panel found plaintiffs lacked standing to challenge the “enforcement threat” provision of the orders, as they could not demonstrate an injury beyond generalized fear of government retribution. While the plaintiffs did have standing to challenge the termination and certification provisions, the court held they failed to show a “substantial risk that application of the provisions will lead to suppression of speech.” Speculative fears or the mere prospect of future government action, such as completion of an internal report, did not establish the kind of harm required for a justiciable case.

Importantly, the ruling clarified that the President retains broad authority to set funding priorities. As the opinion put it, “Whether that’s sound policy or not isn’t our call. We ask only whether the policy is unconstitutionally vague for funding recipients.” The requirement for federal grantees to certify compliance with federal antidiscrimination laws “gave [the court] some pause, but not enough” to warrant an injunction, especially since no plaintiff had experienced actual funding withdrawal or punitive enforcement. The court underscored that facial constitutional challenges require concrete injury—and organizations may still challenge specific enforcement actions if agencies misapply the policy. As the Fourth Circuit concluded:

Facial invalidation again ‘is, manifestly, strong medicine.’ … Here, it proved too strong. We therefore vacate the district court’s order granting plaintiffs’ motion for a preliminary injunction, and remand for further proceedings.

Seventh Circuit: What Is Illegal DEI?

Meanwhile, in a significant parallel action, the Seventh Circuit recently confronted the Trump administration in oral argument over the same executive orders. This case, brought by Chicago Women in Trades, highlights ongoing anxieties about compliance and definitions. We have been closely tracking this case, discussed here and here.

During argument, appeals judges pressed Deputy Assistant Attorney General Eric McArthur to explain precisely what the administration considered “illegal DEI.” One judge observed, “Programs that have been seen as combating historical discrimination were suddenly characterized as violating anti-discrimination laws, with no definition as to how and when DEI programs will fall on the illegal side of the analysis. What type of DEI activities are still lawful, if any? Are there any?” The pointed question reflects the uncertainty faced by nonprofits, employers, and educational institutions the compliance status of which has been thrown into doubt.

McArthur asserted that the executive orders do not render all DEI activities unlawful and pointed to a Department of Justice memo from July 29, 2025 (see our blog post here), which outlines examples of conduct deemed illegal under federal antidiscrimination laws. However, the panel remained skeptical, noting that neither in court briefings nor in oral argument had the government provided a clear definition—leaving organizations without meaningful guidance.

Common Threads: Uncertainty, Lack of Clear Standards

The issues raised in the Seventh Circuit echo those in the Fourth: both courts are concerned about vague criteria and the absence of actionable guidance. Organizations with DEI initiatives—once encouraged or permitted under prior federal policies—now operate in legal limbo, unsure where the boundaries lie. Broad characterizations of “illegal DEI” are inadequate without concrete criteria and transparent enforcement protocols, and both courts have suggested that, unless the government clarifies the scope, affected entities will continue to navigate an uncertain landscape with potentially significant consequences under the False Claims Act.

Together, these appellate proceedings highlight a growing judicial skepticism regarding the Trump administration’s DEI regulatory climate. Courts are demanding concrete definitions and parameters to ensure organizations working to promote inclusion are not left in the dark about how federal guidelines apply to their work. As the legal challenges progress, the need for policymakers to provide clarity and specificity has never been more urgent. Ballard Spahr’s Labor and Employment Group frequently advises employers on issues related to labor employment and policy. We will continue to monitor the administration’s agenda and the impact of further anti-discrimination laws and interpretation. Please contact us if we can assist you with these matters.

Brian D. Pedrow, Shirley S. Lou-Magnuson, and A.C. Estacio-Heilich

Back to Top

California Court Grants Summary Judgment to OppFi, Rejects DFPI ‘True Lender’ Theory

In a very significant and potentially precedent-setting February 24, 2026 decision, the Los Angeles County Superior Court (Hon. Gary D. Roberts) issued a tentative decision granting summary judgment in favor of Opportunity Financial, LLC (OppFi) and against the California Department of Financial Protection and Innovation (DFPI). The ruling rejects the DFPI’s claim that OppFi was the “true lender” of certain loans originated by Utah-chartered FinWise Bank and therefore subject to California’s 36 percent interest rate cap under the California Financing Law (CFL), as amended by AB 539.

If finalized, the decision will have substantial implications for bank–fintech partnerships, the continued vitality of the “valid-when-made” doctrine, and the scope of state “true lender” theories in the wake of federal interest rate exportation authority.

OppFi now has 30 days to submit to the superior court a proposed final statement of decision and judgment consistent with the court’s tentative ruling. If the judgment is entered, DFPI will have the right to appeal to the California Court of Appeal for the Second District.

Procedural History

OppFi filed suit in March 2022 seeking declaratory and injunctive relief against the DFPI Commissioner after the agency threatened to enforce California’s Fair Access to Credit Act (AB 539) against loans originated by FinWise Bank.

In April 2022, DFPI filed a cross-complaint alleging:

  • Violations of the California Financing Law, and
  • Violations of the California Consumer Financial Protection Law.

DFPI’s theory was that FinWise Bank had merely “rented” its charter to OppFi, and that OppFi was the “true lender” of the loans. Because California caps interest at 36 percent for covered loans between $2,500 and $10,000, DFPI alleged the loans were unlawful and sought injunctive relief, restitution, and penalties exceeding $100 million.

OppFi moved for summary judgment. On January 29, 2026, the court heard argument and took the matter under submission. On February 24, 2026, the court issued its tentative decision granting summary judgment for OppFi.

Notably, although OppFi raised multiple independent grounds for relief, the court granted summary judgment solely on one basis: DFPI failed to create a triable issue of material fact that FinWise Bank was a “mere dummy” lender.

The Legal Framework: Usury at Inception

The court’s analysis was rooted in longstanding California usury principles. Under California law:

  • A contract must be usurious “in its inception” to violate usury law.
  • A loan that is non-usurious when made does not become usurious due to subsequent events, including assignment.
  • Courts look to substance over form—but only where evidence supports a sham or subterfuge.

The court relied heavily on California precedent, including:

  • Sharp v. Mortgage Security Corp. of America
  • Montgomery v. GCFS, Inc.
  • Strike v. Trans-West Discount Corp.

The court emphasized that assignment of loans by a bank, like FinWise Bank, that is exempt from California’s usury laws under the California Constitution, Article XV, Section 1, does not retroactively render a loan usurious. If lawful when made, the loan remains lawful.

Why the Court Found No Triable Issue of Fact

The court concluded OppFi produced overwhelming evidence demonstrating that FinWise Bank—not OppFi—was the lender at inception. The DFPI failed to raise a genuine dispute of material fact.

The court found the following facts particularly important:

1. FinWise Controlled Underwriting

The court emphasized that FinWise:

  • Controlled underwriting criteria.
  • Performed final underwriting from its Utah offices.
  • Had sole authority to approve or reject applications.
  • Independently reviewed and approved changes to underwriting models.
  • Rejected loans that failed to meet its thresholds.

Critically, OppFi was not permitted to alter underwriting criteria unilaterally.

The court rejected DFPI’s argument that OppFi “controlled” underwriting because it owned the intellectual property behind its credit models. Ownership of a model did not equate to authority to approve loans. FinWise had final say.

The court found no evidence that FinWise’s underwriting was a “rubber stamp.”

2. FinWise Funded the Loans with Its Own Money

The court found undisputed evidence that:

  • FinWise used its own funds to originate loans.
  • Funds came from accounts controlled solely by FinWise.
  • OppFi did not supply loan capital.
  • OppFi had neither a possessory nor beneficial interest in the funding accounts.

DFPI’s theory that OppFi’s collateral arrangements effectively funded the loans was described as speculative. There was no evidence OppFi’s funds were used to originate loans.

3. FinWise Retained Ownership and Economic Interest

At origination:

  • FinWise held title to the loans.
  • FinWise retained at least a 5 percent receivable interest throughout the life of each loan.
  • FinWise remained exposed to risk of loss.
  • FinWise received origination-related fees and servicing fees.

The court emphasized that even if FinWise later sold receivables, that fact did not retroactively alter the validity of the loans at inception.

Relying on its earlier preliminary injunction ruling, the court reiterated that Section 27 of the Federal Deposit Insurance Act permits state-chartered banks to export interest rates allowed in their home state.

FinWise, as a Utah state-chartered bank, was permitted under Section 27 to charge Utah-permitted rates to California borrowers. The court cited case authority interpreting Section 27 which holds that transfers of loans or receivables after origination are irrelevant. Most significantly, the superior court did not employ the “predominant economic interest” test which has been codified in some states. This test looks beyond who is named on the loan documents to determine who substantially holds the risk, rewards, and economic benefit. The superior court instead held that the “valid when made” test under California case law combined with the clear exemption of FinWise Bank from California’s usury laws under the California Constitution and preemption of California’s usury laws under Section 27 of the Federal Deposit Insurance Act are controlling

4. FinWise Controlled Marketing and Compliance

The court also highlighted:

  • FinWise approval of all consumer-facing marketing.
  • Required approval for website changes, email campaigns, and new marketing channels.
  • Oversight of vendor relationships.
  • Weekly operational calls and quarterly audits.
  • Monitoring of delinquencies.
  • Board-level reporting.
  • Review and approval of compliance policies.

These facts undermined DFPI’s argument that FinWise was a passive or nominal participant.

The Court’s Rejection of DFPI’s ‘True Lender’ Theory

The court concluded DFPI failed to produce evidence that the relationship was a “sham and subterfuge.”

Importantly, the court framed the key inquiry under California usury doctrine as whether the loan was usurious at inception. Because FinWise was the lender when the loans were made—and because it was legally permitted under federal law to export Utah interest rates—the loans were lawful at origination.

DFPI’s post-origination arguments about receivable sales, collateral mechanics, branding, or warehouse lines did not create a triable issue of material fact.

As the court stated, the Commissioner produced “simply no evidence” that OppFi controlled underwriting or that the structure was a disguised usurious scheme.

What the Court Did Not Reach

Although OppFi raised two additional independent grounds:

  1. That the loans were exempt from the CFL, and
  2. That OppFi was not a “finance lender” under the statute, the court found it unnecessary to analyze those arguments because the “true lender” issue alone disposed of the case.

What Happens Next

The court’s decision is currently tentative.

Under California Rule of Court 3.1590:

  • OppFi has 30 days to submit a proposed statement of decision and proposed judgment consistent with the tentative ruling.
  • If finalized, DFPI may appeal to the California Court of Appeal for the Second District.

An appeal would squarely present federal preemption and true-lender issues to the Second Circuit—potentially producing a major appellate decision affecting bank–fintech partnerships nationwide.

Why This Decision Matters

If finalized and upheld, the ruling reinforces several important principles:

  • Usury is determined at inception.
  • Assignment does not destroy bank interest rate exportation.
  • Section 27 of the FDIA has real preemptive force.
  • A regulator must produce actual evidence—not rhetoric—to survive summary judgment on a “true lender” claim.
  • Bank oversight, funding of the loan, retained risk, and control over underwriting remain central to the true lender analysis.

For institutions structuring bank–fintech partnerships, the opinion provides a roadmap of facts that courts may find dispositive in determining lender status in California and perhaps other states.

Alan S. Kaplinsky and Joseph J. Schuster

Back to Top

South Carolina Enacts New Data Privacy Law Protecting Minors: What Companies Need to Know Before July 1

On February 5, 2026, Governor Henry McMaster signed into law South Carolina’s Age-Appropriate Code Design Act. South Carolina joins California, Maryland, and Vermont in enacting an Age Appropriate Code Design Act that seeks to regulate website design and advertising that appeals specifically to Minors.

The statute applies to online services that conduct business in South Carolina who are “reasonably likely to be accessed” by minors and meet specified revenue or data-processing thresholds-including annual gross revenues exceeding $25 million, processing personal data of 50,000 or more consumers, or deriving at least 50 percent of revenue from data sales.

South Carolina’s act targets website design elements that encourage excessive engagement by minors, including the following specific features:

  • infinite scroll,
  • auto-playing videos,
  • gamification mechanics,
  • visible engagement metrics,
  • notifications,
  • in-game purchases,
  • and appearance-altering filters.

Websites that offer any of these covered features, and either know minors are visiting or contain websites defined under COPPA to target minors must disable these features by default and offer easy to use controls that enable parents to monitor and restrict their child’s usage of the website. The statute also prohibits targeted advertising to minors, restricts precise geolocation data collection, and bans “dark patterns,” or user interfaces designed to subvert user autonomy.

The South Carolina Attorney General holds exclusive enforcement authority, with covered services facing treble damages for violations, and where the conduct is found to be willful and wanton, the corporations directors and officers can be found personally liable. Dark pattern usage triggers additional exposure under the South Carolina Unfair Trade Practices Act. To ensure compliance, Companies must submit annual public reports prepared by independent auditors detailing design features, data practices, and age verification methods. While this statute may ultimately be challenged on First Amendment grounds, companies should not delay compliance. Recommended steps include conducting a threshold analysis, auditing design features against restricted elements, implementing default privacy settings and parental controls for known minors, revising data practices to meet minimization requirements, eliminating targeted advertising and dark patterns, and engaging auditors for the July 1 reporting deadline. Given the immediate effective date and treble damages exposure, affected companies should prioritize compliance.

Nathaniel Cardinal and Gregory P. Szewczyk

Back to Top

Oregon Legislature Reintroduces DIDMCA Opt-Out Legislation—H.B. 4116

In the wake of the Tenth Circuit’s decision in National Association of Industrial Bankers v. Weiser, 159 F.4th 694 (10th Cir. 2025), Oregon legislators have once again introduced legislation that would “opt out” of Section 521 of the Depository Institutions Deregulation and Monetary Control Act of 1980 (DIDMCA), pursuant to the opt-out right conferred by Section 525 of that Act. The proposed legislation would prohibit out-of-state FDIC‑insured, state-chartered banks from making consumer finance loans of $50,000 or less to Oregon borrowers using the banks’ home-state interest rates if those rates exceed Oregon’s 36 percent interest rate cap. This same legislation failed to pass in 2025; this year, the House Committee on Commerce and Consumer Protection has approved H.B. 4116 over the objections of some legislators, who proposed alternative legislation that would allow Oregon to study the proposed law’s impact before enacting it.

Section 521 ensures that FDIC‑insured, state-chartered banks can exercise the same interest rate authority as national banks, which is empowered by Section 85 of the National Bank Act, to charge interest at the rate allowed by the laws of the State where the bank is “located,” regardless of the borrower’s location. See Marquette Nat. Bank of Minneapolis v. First of Omaha Serv. Corp., 439 U.S. 299, 313(1978). As we have discussed previously, DIDMCA leveled the playing field for state-chartered banks by allowing them to make loans at their home-state’s rates, even if the borrower lived in another state that capped interest rates below the banks’ home-state rate.

Supporters of H.B. 4116 hope to prevent state banks chartered in other states from charging interest rates allowable in their home states on loans to Oregon residents. But whether Oregon can dictate the interest rate set by out-of-state state banks (based on their own state’s laws) is an open question.

Litigation is still pending with respect to Colorado’s 2023 opt out from DIDMCA. The district court in Colorado held that “loans made in such State” in Section 525 of DIDMCA encompassed only loans made by state banks located in Colorado, and therefore Colorado’s opt out did not limit the interest that could be charged to Colorado borrowers by state banks located outside Colorado. The district court entered an injunction to prevent enforcement of the Colorado interest rate limits against out-of-state state banks. However, as we have previously reported, in National Association of Industrial Bankers v. Weiser, the Tenth Circuit reversed that ruling in a 2-1 decision, holding that a loan is “made” for purposes of the opt-out provision in Section 525 of DIDMCA in both the state where the bank is located and the borrower’s state, meaning that Colorado’s usury limits will apply to loans made to Colorado borrowers by out-of-state state banks. A petition for rehearing en banc is still pending, so the district court’s injunction against enforcement of the Colorado opt-out statute remains in effect.

Iowa and Puerto Rico are the only jurisdictions, besides Colorado, that are currently opted out from Section 521 of DIDMCA. However, several other states have considered opt-out legislation in recent years, but none have been signed into law. Opting out could displace or erode long-standing legal doctrines that ensure enforceability of loan agreements. Such a legal change could, in turn, impact the ability of Oregon-chartered banks to do business, because of increased risks relating to servicing, securitization, or purchasing of Oregon-originated loans. As demonstrated by the proposed Oregon bill, the Tenth Circuit’s decision is likely to spur a renewed interest in opting-out by some states but that remains to be seen.

As we reported recently, the “American Lending Fairness Act of 2026,” introduced in Congress by Senator Moreno and Congressman Davidson, would effectively reverse the Tenth Circuit’s decision, eliminate future opt outs from DICMCA, and provide that a state’s opt out from DIDMCA cannot be used to limit the interest rates charged by out-of-state state-chartered depository institutions in accordance with their own states’ laws.

Pilar French, Alan S. Kaplinsky, Burt M. Rublin, and Ronald K. Vaske

Back to Top

New York Publishes Buy Now, Pay Later Rules

The New York Department of Financial Services has published proposed rules governing Buy Now, Pay Later (BNPL) financing plans operating in the state.

The proposal, among other things, would require BNPL providers to register with the state. The regulations implement a law signed by Governor Kathy Hochul as part of her FY26 budget plan.

Some states have been studying how to fill a void created in May, when the CFPB said it no longer would prioritize enforcement of BNPL rules. And advocates say that New York law could provide a model for BNPL enforcement.

“Too many New Yorkers have learned the hard way that some ‘Buy Now, Pay Later’ products are designed to trip them up with junk fees and overly burdensome fine print instead of helping them build a stable financial future,” Hochul said, in announcing the rules. “These new nation-leading regulations ensure that lenders know we have clear disclosures, limits on fees and real oversight so families don’t get pushed into a debt spiral while big financial companies cash in.”

“This regulation will govern how ‘Buy Now, Pay Later’ companies operate in the state, protecting New Yorkers from excessive fees and the misuse of personal data, while ensuring transparent loan terms and a fair process for resolving disputes,” New York State Department of Financial Services Acting Superintendent Kaitlin Asrow, said.

The regulations will implement the law by:

  • Establishing a licensing and supervision framework for any businesses engaged in BNPL activity in New York.
  • Prohibiting excessive fees, including convenience charges.
  • Limiting late fees and other penalty fees.
  • Requiring lenders to make it clear if loans will be reported to credit reporting agencies.
  • Establishing rules for timely resolution of consumer disputes.
  • Governing how consumer data can be used, in an effort to limit misuse or exploitation.

A 60-day public comment period will begin when the proposed regulation is published in the New York State Register. The law and regulation will take effect 180 days after a final rule is adopted, with an additional transitional period for those already offering BNPL loans in New York.

John D. Socknat and Joseph J. Schuster

Back to Top

Key Employer Takeaways From Recent Federal Guidance on Remote Work Policies

On February 12, 2026, the Equal Employment Opportunity Commission (EEOC) released new technical assistance document addressing remote work as an accommodation under the Americans with Disabilities Act (ADA). The guidance was issued in response to President Trump’s January 2025 executive order directing federal employees to work in-person and for federal agencies to eliminate remote work arrangements except in limited circumstances.

While the guidance, titled “Frequently Asked Questions from the Federal Sector about Telework Accommodations for Disabilities” (FAQ), is geared toward public agency employers, it is a useful guidepost for all employers crafting in-office work policies and responding to employee requests for remote work as an accommodation for their own serious health condition. This is particularly true as the EEOC is the federal agency that enforces general compliance with ADA requirements.

Here are the key takeaways from the FAQ:

  • Employers are not required to provide remote work solely for an employee’s personal benefit. If remote work prevents an employee from performing critical job duties, it is not a reasonable accommodation. The ADA does not require accommodations “that only mitigate symptoms [of the employee’s disability] without also enabling the performance of essential functions.” Remote work is only required where it enables employees and applicants with disabilities (1) to participate in the application process, (2) to perform the essential function of their job, or (3) to enjoy equal benefits and privileges of employment.
  • With respect to mental health conditions, the FAQ states that the ADA “does not create a general right to be free from all discomfort and distress in the workplace, including anxiety. Instead, [the ADA] entitles disabled employees to a fair shot to do their jobs and enjoy the benefits and privileges of those jobs on comparable footing as their non-disabled peers. When disability-related symptoms arise in the workplace, the question is first whether the symptoms impose a material barrier to the employee’s ability to work in the office . . . common anxiety, without more, is unlikely to impose a material barrier.” If there is a “demonstrated material barrier” to working in the office, then the employer must consider reasonable accommodations, including possible remote work.
  • With respect to medical conditions with unpredictable “flare ups,” “it remains the case that the [employer] may choose between effective reasonable accommodations. For periodic flare-ups, leave can be a reasonable and effective option which the [employer] may choose instead of situational telework [when flare ups occur] . . . [employers] should consider whether the flare-up would materially impair the employee from performing work while teleworking and whether there is a foreseeable operational benefit to having the employee telework in lieu of leave.”
  • The ADA does not require that employers provide remote work to disabled employees with difficult or lengthy commutes. “[I]n most cases, an employer has no duty to help an employee with a disability with the methods and means of [their] commute to and from work, assuming the employer does not offer such help to employees without disabilities.” Employers may be required to provide alternative accommodations such as flexible scheduling or limited term remote work. What accommodations must be explored is an individualized assessment.
  • Employers can “situationally reevaluate” whether a current remote work accommodation remains effective based on individualized circumstances. Reevaluation can occur when “material changes” happen, like changes in job conditions or operational needs. The FAQ suggests some employers may find it helpful to reevaluate significant accommodations, such as full-time remote work, once a year to confirm it remains effective and manageable.
  • Employers cannot take a “blanket approach” to granting or denying remote work accommodations. The ADA requires an individualized assessment of employees’ medical needs and what effective alternatives to remote work exist, if any. “[A] distinction must be made between cases where telework is the only effective reasonable accommodation . . . and cases where telework is just one of several effective options. When there are several reasonable and effective options, an agency may choose an accommodation other than telework.”
  • Employers are generally entitled to medical documentation to support accommodation requests. What “amounts to sufficient information will vary from case to case.” If an employee’s medical circumstances change, employers may request updated documentation to support an employee’s continued remote work. As part of this process, an employer may inquire about effective alternative accommodations other than remote work.
  • Employees should have an opportunity to explain why a proposed alternative accommodation will be ineffective and to provide evidence to back up the assertion. The employer must consider this information. Interactive dialogues should be evidence based and supported by medical documentation – it is not enough for an employee to prospectively claim an in-office alternative is ineffective without any evidence. In these circumstances, the EEOC suggests an employer can insist the employee try out an in-office accommodation. “If the employee has returned to the office, and if their experience having returned convincingly shows that all in-office accommodations are ineffective, then the [employer] should consider placing the employee back on recurring or full-time telework, provided doing so does not remove essential functions or result in a demonstrated undue hardship on the [employer’s] operations.”

While helpful, the EEOC notes the FAQ is not legally binding guidance and “courts might not defer to [the EEOC’s] views.” State and local law may and oftentimes will create additional legal obligations on employers beyond (the EEOC’s interpretation of) the ADA. Given the individualized nature of accommodation requests, employers are strongly encouraged to consult with legal counsel when determining whether its business has an obligation to provide remote work as a reasonable accommodation.

Ballard Spahr’s Labor and Employment Group continues to advise employers on labor, employment, and policy issues. We will keep monitoring developments under the new administration and their impact on employers.

Brenna McLaughlin, Shirley S. Lou-Magnuson, and Brian D. Pedrow

Back to Top 

Connecticut Senate Bill Raises the Stakes on Data Breach Response

A new bill introduced in Connecticut—Connecticut Senate Bill 117, An Act Concerning Breaches of Security Involving Electronic Personal Information—would create mandatory forensic examination requirements for entities that experience a “massive breach of security,” defined as a data breach affecting at least 100,000 Connecticut residents, and imposes substantial penalties for noncompliance.

SB 117 would require entities that experience a “massive breach of security” to:

  • Immediately retain a qualified third-party forensic examiner to conduct a forensic examination of the computer or computer system that was the subject of the data breach and to prepare a detailed forensic report disclosing how the breach occurred and its root causes;
  • Submit the detailed forensic report to the Connecticut Attorney General within 90 days of discovering the breach; and
  • Face civil penalties of $100,000 for small businesses and $500,000 for other entities for noncompliance.

The entity that experiences a massive data breach bears the cost of the forensic examination and report, regardless of whether the entity retains a third-party itself or fails to do so and the Connecticut Attorney General retains a forensic examiner on its behalf. SB 117 would grant the Connecticut Attorney General authority to retain a qualified third-party to perform the forensic examination and prepare the forensic report if an entity fails to comply.

If enacted, Connecticut would be the first state to impose automatic forensic examination and forensic reporting requirements for incidents based on a numerical threshold. It also raises serious issues regarding disclosure of confidential and proprietary information and privileged information.

In any event, given the scale of the potential penalties and the mandatory nature of the new requirements, entities that collect, store, or process personal information of Connecticut residents should closely monitor SB 117’s progress in the Assembly. If it passes, companies should establish protocols for engaging qualified third-party forensic examiners immediately upon discovery of a massive data breach and ensure their incident response plans accommodate the 90-day reporting deadline to the Connecticut Attorney General.

Hayley Steele and Gregory P. Szewczyk

Back to Top 

Fed Requests Comment on Plan to Remove Reputation Risk From Supervision of Banks

The Federal Reserve is requesting comments on a proposal to remove reputation risk from the supervision of banks it oversees. Comments on the Fed proposal are due April 27, 2026.

“We have heard troubling cases of debanking—where supervisors use concerns about reputation risk to pressure financial institutions to debank customers because of their political views, religious beliefs, or involvement in disfavored but lawful businesses,” Vice Chair for Supervision Michelle W. Bowman said in a statement. “Discrimination by financial institutions on these bases is unlawful and does not have a role in the Federal Reserve’s supervisory framework.”

The Fed has defined reputation risk as “the potential that negative publicity regarding an institution’s business practices, whether true or not, will cause a decline in the customer base, costly litigation, or revenue reductions.”

On August 7, President Trump signed Executive Order 14331, “Guaranteeing Fair Banking for All Americans.” This sweeping action provides that financial institutions of any size may not deny services to individuals or businesses based on political or religious beliefs, orientation, or lawful industry involvement.

The executive order directs banking agencies to adopt policies to ensure that financial institutions do not use reputation risk as a basis for restricting access to banking services.

The Fed announced in June 2025 that reputation risk would no longer be a component of its examination programs and that it would train examiners to help ensure that the changes are implemented consistently.

The proposal would ensure that supervisory decisions are based on material and financial risks, according to the Fed. The Fed also states that the proposal is intended to provide greater clarity and “facilitate greater precision in supervisory decision making.”

The Fed added that the proposed change “does not alter the expectation that banks maintain strong risk management to ensure safety and soundness and compliance with law and regulation.”

The proposal would prohibit the Fed from encouraging or compelling Fed-supervised banking organizations to deny or place conditions on the provision of banking or other financial services based on an individual’s or business’s:

  • Constitutionally protected political or religious beliefs, associations or conduct.
  • Involvement in politically disfavored but lawful activities perceived to present reputation risk.

The FDIC, the OCC, and the NCUA have announced their intention to eliminate references to reputation risk in their supervisory materials and have recently requested comments on proposals to codify the removal of reputation risk from their supervisory materials.

Consumer Financial Services Group

Back to Top

NCUA Extends 18 Percent Interest Rate Ceiling for Most Loans

The NCUA board has approved a plan to continue the agency’s temporary 18 percent rate ceiling for most loans made by federal credit unions.

Section 107(5)(A)(vi)(I) of the Federal Credit Union Act, 12 U.S.C. 1757(5)(A)(vi)(I), limits federal credit unions to a 15 percent interest rate ceiling on loans but authorizes the NCUA board to increase rates for up to 18 months after certain required consultations and if certain conditions are met.

One condition of raising the rate ceiling is that money market interest rates must have increased during the preceding six months. NCUA staff concluded that was the case, because there were several occasions during that period when money market rates had risen, and also concluded that certain safety and soundness conditions had been met.

Had the agency not extended the interest rate ceiling, the current 18 percent ceiling would have expired on March 10, 2026, and the interest rate would have reverted to 15 percent. The board’s action extends the temporary 18 percent ceiling through September 10, 2027.

The NCUA set the current 18 percent interest rate level effective May 15, 1987. Since then, the NCUA board has voted 24 times to maintain the current interest rate of 18 percent.

The board’s action also preserves the ability of Federal credit union to charge up to 28 percent for certain payday alternative loans. The payday alternative loan program is designed to allow credit unions to offer loans to their members who otherwise might have to borrow money through payday lenders.

The decisions to extend the 18 percent and 28 percent interest rate ceilings was made by NCUA Board Chairman Kyle Hauptman. It did not require a formal vote of the NCUA board, since the board currently has only one member, Republican Kyle Hauptman. President Trump fired the two Democratic members, Todd Harper and Tanya Otsuka. The two filed suit challenging their firings; the case is pending in federal court.

Consumer Financial Services Group

Back to Top 

Looking Ahead

RESPRO33 | OneHomeSource2026

March 5-6, 2026 | Clearwater Beach Marriott Resort, Clearwater, FL

CFPB Update

March 6, 2026 – 10:15 AM - 10:45 AM

Speaker: Richard J. Andreano, Jr.

MBA – Legal Issues and Regulatory Compliance Conference

May 4-7, 2026 | InterContinental Hotel, Miami, FL

The Do’s and Don’ts of Loan Originator Compensation

May 4, 2026 – 2:00 PM EST

Speaker: Richard J. Andreano, Jr.

Labor Law Issues in the Mortgage Industry

May 6, 2026 – 2:30 PM EST

Speaker: Meredith Dante

Back to Top

Subscribe to Ballard Spahr Mailing Lists

Get the latest significant legal alerts, news, webinars, and insights that affect your industry. 
Subscribe

Copyright © 2026 by Ballard Spahr LLP.
www.ballardspahr.com
(No claim to original U.S. government material.)

All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, including electronic, mechanical, photocopying, recording, or otherwise, without prior written permission of the author and publisher.

This alert is a periodic publication of Ballard Spahr LLP and is intended to notify recipients of new developments in the law. It should not be construed as legal advice or legal opinion on any specific facts or circumstances. The contents are intended for general informational purposes only, and you are urged to consult your own attorney concerning your situation and specific legal questions you have.