Financial Regulation

U.S. financial regulation is a multi-layered, multi-agency system — the product of 150 years of regulatory responses to financial crises — governing banks, credit unions, insurance companies, investment firms, mortgage lenders, payment processors, and the full spectrum of financial services through a combination of federal and state authorities with no single unified regulator. The primary federal financial regulators: the Federal Reserve (supervises bank holding companies, state member banks, foreign banking operations, and sets monetary policy); the OCC (charters and supervises national banks); the FDIC (insures deposits and supervises state non-member banks); the CFPB (consumer financial protection, authorized under 12 U.S.C. § 5511); the SEC (securities markets, broker-dealers, investment advisers, mutual funds); and the CFTC (derivatives and futures markets). The Dodd-Frank Wall Street Reform and Consumer Protection Act (2010) — enacted after the 2008 financial crisis — created the Financial Stability Oversight Council (FSOC) to identify systemic risks, established the CFPB, imposed new capital and liquidity requirements on large banks, required derivatives to trade on exchanges, and authorized the Orderly Liquidation Authority for failing systemically important financial institutions. The Trump administration's 2025 regulatory rollback — including proposed CFPB restructuring, OCC and FDIC deregulation, and Basel III capital rule revisions — represents the most significant shift in financial regulatory posture since Dodd-Frank. The Community Reinvestment Act (CRA, 12 U.S.C. §§ 2901–2903) requires banks to serve the credit needs of the communities in which they operate, including low- and moderate-income neighborhoods — a law with significant implications for bank merger approvals.

Current Law (2026)

Financial regulation encompasses banking oversight, consumer protection, securities regulation, and systemic risk monitoring across multiple federal agencies.

Legal Authority

• 12 U.S.C. § 1 — Establishes the Office of the Comptroller of the Currency (OCC) within the Treasury to ensure safety/soundness and fair treatment of customers at national banks
• 12 U.S.C. § 24 — Corporate powers of national banking associations: defines what national banks may do (receive deposits, make loans, discount and negotiate securities, issue circulating notes)
• 12 U.S.C. § 222 — Federal Reserve districts: divides the U.S. into up to 12 Federal Reserve districts
• 12 U.S.C. § 5491 — Establishes the Bureau of Consumer Financial Protection (CFPB) as an independent bureau within the Federal Reserve System
• 12 U.S.C. § 5511 — CFPB purpose: enforce federal consumer finance laws so markets for financial products are fair, transparent, and competitive
• 12 U.S.C. § 5531 — Prohibits unfair, deceptive, or abusive acts or practices (UDAAP) by covered persons offering consumer financial products
• 12 U.S.C. § 5536 — Prohibited acts: illegal to offer consumer financial products that violate federal consumer financial law
• 12 U.S.C. § 5564 — CFPB litigation authority: can sue violators for fines, injunctions, and other relief in its own name
• 12 U.S.C. § 2901-2903 — Community Reinvestment Act (CRA): regulators must evaluate how banks serve their entire community, including low/moderate-income neighborhoods, and consider CRA performance in merger/expansion decisions

Implementing Regulations (CFR)

• 12 CFR Part 1002 (Regulation B) — Equal Credit Opportunity:

  • 12 CFR 1002.4 — General rules (prohibition of discrimination in any aspect of a credit transaction)
  • 12 CFR 1002.5 — Rules concerning requests for information (prohibited bases: race, color, religion, national origin, sex, marital status, age, public assistance income)
  • 12 CFR 1002.6 — Rules concerning evaluation of applications (creditors may not consider prohibited bases in underwriting)
  • 12 CFR 1002.7 — Rules concerning extensions of credit (cannot require co-signer based on sex/marital status)
  • 12 CFR 1002.9 — Notifications (adverse action notice requirements: must state specific reasons or right to request reasons)

• 12 CFR Part 1003 (Regulation C) — Home Mortgage Disclosure Act (HMDA):

  • 12 CFR 1003.4 — Compilation of reportable data (loan-level data on applications, originations, purchases; demographics, pricing, outcomes)
  • 12 CFR 1003.5 — Disclosure and reporting (public access to lending data for fair lending analysis)

• 12 CFR Parts 25/345 — Community Reinvestment Act (CRA) implementation:

  • 12 CFR 25.21 / 345.21 — Evaluation of CRA performance in general
  • 12 CFR 25.31 — Effect of CRA performance on applications (regulators consider CRA ratings in merger/branch approvals)

• 31 CFR Part 1010 — General provisions of the Bank Secrecy Act (BSA):

  • 31 CFR 1010.100 — Definitions (financial institution, monetary instrument, transaction, currency)
  • 31 CFR 1010.210 — Anti-money laundering program requirements (each financial institution must develop and implement an AML program including internal policies/procedures, a compliance officer, ongoing training, and independent testing)
  • 31 CFR 1010.530 — Exemptions (provisions for exempting certain customers and transactions from currency transaction reporting requirements)

• 31 CFR Part 1020 — Rules for banks:

  • 31 CFR 1020.210 — Anti-money laundering program requirements for banks (banks must maintain AML programs with risk-based procedures for customer identification, suspicious activity monitoring, and compliance with BSA reporting requirements)

• 31 CFR Part 1022 — Rules for money services businesses:

  • 31 CFR 1022.210 — Anti-money laundering program requirements for money services businesses (MSBs must develop and maintain AML programs appropriate to their size and risk profile; includes money transmitters, check cashers, currency dealers, and issuers of money orders/traveler's checks)

• 31 CFR Part 1023 — Rules for brokers or dealers in securities:

  • 31 CFR 1023.210 — Anti-money laundering program requirements for broker-dealers (broker-dealers must establish AML programs including customer identification, suspicious activity reporting, and compliance with FinCEN regulations; programs must be approved by senior management)

• 31 CFR Part 1025 — Rules for insurance companies:

  • 31 CFR 1025.210 — Anti-money laundering program requirements for insurance companies (insurance companies covered by the BSA must establish AML programs for products posing money laundering risk; includes policies for customer due diligence and suspicious activity monitoring)

• 12 CFR Part 225 — Bank Holding Company Act (subsidiary bank ownership, nonbanking activities)

• 12 CFR Part 208 — Regulation H: Membership of State Banking Institutions in the Federal Reserve System. Part 208 governs what state-chartered banks that choose Federal Reserve membership (state member banks) must do and what they may do:

  • § 208.20 — Investments in bank premises: a state member bank may not invest in bank premises — owned buildings, furniture, fixtures, equipment — an amount exceeding the bank's equity capital without prior Federal Reserve approval; this prevents banks from tying up depositor-backed capital in real estate rather than lending
  • § 208.22 — Community development investments: state member banks may make investments that would otherwise be impermissible if they qualify as community development activities — investments in CDFIs, community development loan funds, Low-Income Housing Tax Credit equity, or activities that receive positive CRA consideration; the investment must primarily benefit low- and moderate-income individuals or geographies
  • § 208.23 — Agricultural loan loss amortization: banks with significant agricultural loan losses may amortize charge-offs over several years rather than immediately recognizing them in full, providing relief for banks in agricultural communities facing systemic stress
  • §§ 208.120–208.124 — Reduced reporting / FFIEC 051: state member banks with total assets below $5 billion (covered depository institutions) may file the FFIEC 051 Call Report — a streamlined version with fewer schedules than the full FFIEC 041 — reducing the regulatory burden for community banks while maintaining core safety and soundness data

  State member banks (the subset of state-chartered banks that choose Fed membership) are supervised jointly by the Federal Reserve and their state banking regulator. Part 208 represents the Fed's side of that supervisory compact — setting standards for operations, investments, and reporting that apply on top of state law requirements.

• 12 CFR Part 150 — OCC Fiduciary Powers of Federal Savings Associations: establishes when and how federal savings associations (thrifts supervised by the OCC) may exercise trust and fiduciary powers — managing trusts, estates, guardianships, and agency accounts for customers:

  • § 150.10 — Authority under 12 U.S.C. § 1464(n): a federal savings association may exercise fiduciary powers (as trustee, executor, administrator, guardian, conservator, or agent) to the same extent as national banks with OCC approval
  • § 150.20 — Fiduciary capacity definition: fiduciary powers cover any arrangement where the savings association acts for the benefit of another — formal trusts, estate administration, court-appointed guardianships, investment management under written agency agreements, and custody accounts
  • § 150.130 — Multi-state operations: a federal savings association with fiduciary powers may administer trusts or estates in states other than its home state, without registering separately in each state, provided it complies with applicable state law in the jurisdiction where the account is administered
  • § 150.140 — Written policies required: the savings association must adopt written policies governing how it accepts, administers, and terminates fiduciary accounts — covering conflict of interest, investment standards, and record-keeping
  • § 150.150 — Board responsibility: the board of directors must review fiduciary activities at least annually; directors are responsible for the savings association's fiduciary compliance even if day-to-day administration is delegated to trust officers
  • § 150.200 — Pre-acceptance review: before accepting any new fiduciary account, the savings association must review the proposed account to determine that it can properly administer it — checking for conflicts of interest, unusual assets, and whether it has the expertise to manage the account type
  • §§ 150.210–150.220 — Annual review: accounts over which the savings association has investment discretion must be reviewed at least annually to assess whether current investments are appropriate for the account's purpose, terms, and beneficiaries

How It Works

Financial regulation is a multi-regulator system — no single federal agency oversees all of it. Understanding which regulator governs which product is essential for knowing your rights and where to complain.

The OCC and Federal Reserve establish what banks can do and how much risk they can take. Under 12 U.S.C. § 24, national banks may receive deposits, make loans, and invest in certain securities — but anything outside those enumerated powers requires explicit approval. The Federal Reserve (structured under 12 U.S.C. § 222's district system) supervises bank holding companies and sets monetary policy, while the OCC focuses on safety and soundness at the bank level. Capital requirements — currently evolving under the Basel III endgame and the March 2026 proposed modernization rule — dictate how much equity banks must hold as a cushion against losses, directly affecting their capacity and cost to lend.

The CFPB (12 U.S.C. § 5491, created by Dodd-Frank) is the consumer's direct regulator for financial products. Its core legal authority — prohibiting "unfair, deceptive, or abusive acts or practices" (UDAAP) under § 5531 — is intentionally broad. It covers mortgages, credit cards, student loan servicers, debt collectors, payday lenders, and credit reporting agencies. When the CFPB acts, it can impose civil money penalties and order restitution through its litigation authority under § 5564. The CFPB's power has been a target of political and legal challenges: the Supreme Court upheld its funding structure in CFPB v. CFSA (2024), but CFPB enforcement activity slowed significantly under the Trump administration in 2025.

Equal credit and fair lending are enforced through Regulation B (12 CFR Part 1002), which implements the Equal Credit Opportunity Act. Creditors may not consider race, color, religion, national origin, sex, marital status, age, or public assistance income at any stage of a credit transaction — from advertising to underwriting to collection. Critically, 12 CFR 1002.9 requires creditors to issue an "adverse action notice" within 30 days of denial, stating specific reasons (or the right to request them). If you're denied credit and don't receive that notice, or the stated reason doesn't match what you experienced, that's a regulatory violation.

The Home Mortgage Disclosure Act (HMDA) — implemented by Regulation C (12 CFR Part 1003) — requires lenders to report loan-level data including demographics, loan terms, and outcomes on every mortgage application. This data is publicly available and is the primary tool used by government agencies and civil rights groups to identify patterns of discriminatory lending. Lenders above a size threshold (generally $57 million+ in assets) must report; smaller community banks may be exempt.

The Community Reinvestment Act (CRA) (12 U.S.C. § 2901-2903) addresses a specific concern: that federally insured banks might collect deposits from underserved communities but not lend in those same communities. Regulators — OCC, Federal Reserve, and FDIC — must evaluate each bank's CRA performance and consider those ratings in merger approvals and branch expansion applications. A bank with a "Needs to Improve" or "Substantial Noncompliance" CRA rating can have acquisitions blocked.

Anti-money laundering (AML) obligations under the Bank Secrecy Act (31 CFR Part 1010) require every financial institution — banks, broker-dealers, money service businesses, and insurance companies — to maintain formal AML programs: written policies, a dedicated compliance officer, ongoing employee training, and independent testing. Banks must file Currency Transaction Reports (CTRs) for cash transactions over $10,000 and Suspicious Activity Reports (SARs) for transactions that appear to involve criminal activity. FinCEN, within Treasury, collects and analyzes this data. Importantly, the 2021 Corporate Transparency Act added a new dimension: most small business entities must now report their beneficial owners to FinCEN (the BOI rule), dramatically expanding the AML data network beyond banks alone.

See also Credit Unions & NCUA for the parallel framework governing credit unions, and FDIC Insurance Limits for deposit protection details.

How It Affects You

If you're denied a loan or credit card: You have the right to a written adverse action notice explaining why. If the denial seems inconsistent with your creditworthiness — or you suspect discrimination — file a complaint with the CFPB (consumerfinance.gov/complaint) or the OCC. Adverse action notices are required by Regulation B; without one, the lender is in violation.

If you're refinancing a mortgage: HMDA reporting means your application is part of a public dataset. The lending terms offered to you — rate, fees, whether you were approved — are compared against similarly situated borrowers. Fair lending examinations use this data. If you're quoted a significantly higher rate than comparable borrowers with similar credit, it's worth asking competing lenders for quotes and documenting any discrepancies.

If you're banking in a lower-income neighborhood: CRA requirements mean your bank has a regulatory obligation to lend in your community, not just take deposits from it. If your community is underserved, CRA-based advocacy — filing public comments on a merger, for instance — is a real lever. Banks that want regulatory approval for acquisitions have strong incentives to address CRA concerns.

If you use a money transfer service: AML rules require money services businesses (Western Union, MoneyGram, Venmo, PayPal) to verify your identity, monitor transactions, and report suspicious activity to FinCEN. This is why large or unusual transfers can trigger account freezes or identity verification requests — it's a legal obligation, not optional.

If you're a small business owner: The Bank Secrecy Act's new BOI (Beneficial Ownership Information) rule — effective 2024 — required most LLCs and corporations to file beneficial ownership reports with FinCEN. Failure to file is a federal violation. The rule faced litigation and enforcement delays through early 2025, but remains in effect for most entities formed before 2024.

Pending Legislation (119th Congress)

• HR 3318 (Rep. Downing, R-MT) — SEC Modernization Act. Would reorganize several SEC offices, shift reporting lines, and allow regional office consolidations. Status: Introduced.
• HR 2689 (Rep. McClain, R-MI) — Would move oversight of national securities associations to the SEC. Status: Introduced.
• HR 216 (Rep. Sessions, R-TX) — SEC Act of 2025. Sets one standard across four securities laws so related acts can count as a single violation for penalties. Status: Introduced.
• S 658 (Sen. Kennedy, R-LA) — Protecting Investors' Personally Identifiable Information Act. Keeps investors' PII out of routine consolidated audit trail reports. Status: Introduced.
• HR 3690 (Rep. Lucas, R-OK) — Securing Innovation in Financial Regulation Act. Would create SEC FinHub and codify CFTC LabCFTC to centralize fintech engagement. Status: Introduced.

Recent Developments

• Basel III "endgame" capital rules revised (March 2026): OCC, Fed, and FDIC jointly proposed a revised capital modernization rule for large banking organizations (Category I and II) — replacing the controversial 2023 Basel III endgame proposal that had drawn unprecedented opposition from banks claiming it would raise capital requirements by 20%+ and reduce lending. The revised proposal recalibrates market risk, operational risk, and credit risk capital requirements at levels the agencies characterize as more proportionate to actual bank risks. The largest banks (JPMorgan, Bank of America, Goldman, Citi) have been managing to higher capital levels in anticipation; the final rule determines how much capital they must release or retain.
• CFPB deregulatory rollback accelerates (2025-2026): The Trump CFPB rescinded the nonbank enforcement registry (which required non-banks subject to enforcement orders to register), withdrew the small business lending data collection rule (Section 1071 of Dodd-Frank), and dropped multiple enforcement actions against fintechs and consumer lenders. The CFPB's supervisory budget and headcount were also reduced. The practical effect: fintech lenders, payday lenders, and non-bank mortgage servicers face substantially reduced federal consumer financial protection oversight, with state regulators increasingly the primary enforcers.
• Stablecoin and crypto regulatory framework advancing (2025-2026): Congress is advancing the GENIUS Act (Senate) and STABLE Act (House) — bipartisan stablecoin regulatory frameworks that would establish reserve requirements, redemption rights, and licensing for stablecoin issuers. Both bills require stablecoin reserves to be held in cash, Treasury bills, or central bank reserves — preventing the reserve composition risks that caused the TerraUSD collapse in 2022. Trump signed an executive order directing Treasury to evaluate a Strategic Bitcoin Reserve. The crypto market cap recovered to near all-time highs in 2025 as regulatory clarity improved under the friendlier Trump administration posture toward digital assets.