Articles

May 26, 2026

Consumer Financial Services Bites of the Month - May 20, 2026 - "May You Never."

Justin B. Hosie, Eric L. Johnson and Kristen Yarows

In this month's article, we share some of our top "bites" covered during the May 2026 webinar.

Bite 14: CFPB Plans to Recall Staff to the Office

On May 12, 2026, media outlets reported that the leadership at the CFPB plans to recall staff to the office. Over a year ago, reports circulated that the Trump administration shut the office down and attempted to eliminate a majority of the workforce. The CFPB has not publicly announced the return-to-office plan yet and the timing remains uncertain. In February, the Trump administration canceled the lease on the CFPB's headquarters and handed the property to the General Services Administration. The CFPB's headquarters are now partially occupied by the Office of Management and Budget (also led by Acting Director Vought). It remains unclear whether CFPB staff will return to the headquarters and whether the mandate would include agency staff based outside Washington, DC.

Bite 13: Trump Appeals Order Requiring CFPB to Seek Funding

On May 12, 2026, media outlets reported that the Trump administration appealed a federal court ruling that required the CFPB to seek additional funding from the Federal Reserve to keep operating. On March 13, an order from the U.S. District Court for the Northern District of California marked the second time a federal judge has forced Acting Director Vought to request funding to operate the CFPB. On May 11, the Trump administration filed its intent to appeal the judge's ruling to the Ninth Circuit. The ruling came in a case that consumer groups brought in December over the CFPB's funding. In December, a judge in the U.S. District Court for the District of Columbia ordered Acting Director Vought to seek funding. The CFPB subsequently made two funding requests totaling nearly $221 million to fund the CFPB's operations through June 2026. The Trump administration has said that the CFPB stands to run out of cash as soon as October unless it's cleared to carry out its latest reduction-in-force plan.

Bite 12: Former CFPB Director Finds New Role in California

On May 12, 2026, media outlets reported that California Governor Gavin Newsom plans to appoint former CFPB Director Rohit Chopra to lead the new California Business and Consumer Services Agency ("BSCA"). Newsom announced last year that the BSCA will be split into two agencies, effective July 1, 2026. Newsom's office stated that the new state consumer services agency will focus on eradicating "junk fees," increasing online privacy protections, and overseeing oil companies. BSCA will bring together the Department of Financial Protection and Innovation ("DFPI"), Department of Consumer Affairs ("DCA"), Department of Real Estate ("DRE"), Department of Alcoholic Beverage Control ("ABC"), Department of Cannabis Control ("DCC"), California Horse Racing Board, and related appeals bodies. The other agency will be the California Housing and Homelessness Agency. Former CFPB Director Chopra said that by "bringing together dozens of boards, bureaus, and departments under one roof, California's new agency will work to protect the public in health care, technology, financial services, and more." The California Senate must approve Chopra's appointment.

Bite 11: Senate Rejects Democratic Effort to Restore CFPB Policies

On May 13, 2026, media outlets reported that Senate Democrats planned to force several votes on rule changes and regulatory rollbacks by the CFPB, but the Senate rejected the motions. Since February 2025, the CFPB has rescinded 67 policies, and the series of votes was apparently meant to highlight the dozens of rules and regulations that have been impacted by the Trump administration. Under the Congressional Review Act, senators can file what are known as Joint Resolutions of Disapproval to overturn recently finalized federal regulations. Senator Elizabeth Warren (D-MA) lead the move and said that 20 senators would address "how the Trump administration has hurt American families by rolling back commonsense CFPB rules — and how Congress can make them right." One resolution would have brought back CFPB examinations of payday lenders and other nonbank companies for compliance with the Military Lending Act, another would have increased scrutiny of medical debt collection practices, and a third would have required banks to get consent before enrolling consumers in overdraft programs. The Senate rejected the motions that would have revived policies discontinued by the CFPB.

Bite 10: Judge Rejects DOJ Settlement with Housing Developer

On April 10, 2026, media outlets reported that a federal judge refused to approve a settlement between the Department of Justice and a Texas land developer since the settlement did not provide relief for the harmed consumers. In 2022, the Texas Attorney General filed a lawsuit against the developer for fraud, and in 2023, the CFPB filed a lawsuit against the developer, alleging that it targeted Hispanic families with predatory marketing and lending practices. Earlier this year, the DOJ announced a $68 million settlement with the developer. The settlement allocated $48 million for the developer's improvements to make the land habitable for future sales over the next ten years, including drainage and flood control. The settlement allocated $20 million to build a police and immigration enforcement facility and pay for two additional law enforcement officers allocated to patrol the subdivision for ten years. The U.S. District Judge rejected the proposed settlement and said, "I thought I was dealing with . . .folks who had been defrauded, with allegations of above-market interest rates, improper foreclosures," and now "all of a sudden, I'm being asked to OK increased law enforcement?" Despite the judge's refusal to approve the settlement, the Justice Department said it would proceed without court oversight, using a federal provision that does not require the court's involvement.

Bite 9: CFPB Publishes Final Rule Removing Disparate Impact from ECOA

On April 22, 2026, the CFPB published its final rule that eliminates the use of disparate impact statistical analyses for identifying discriminatory lending practices under the Equal Credit Opportunity Act ("ECOA"). The final rule largely adopts a proposal that was published in November 2025. The CFPB received approximately 64,500 comments in response to the proposed rule, mostly opposing the proposed rule. The final rule will delete language in § 1002.6(a) and its accompanying commentary addressing the "effects test" (which forms the basis for disparate impact liability) and add language stating that the ECOA does not recognize the "effects test." Under this approach, it appears that lenders may only face discrimination claims based on evidence of intentional bias. The final rule which also narrows the scope of Regulation B's prohibition on discouragement, and addresses for profit special purpose credit programs, will take effect after 90 days.

Bite 8: CFPB Finalizes Revised Section 1071 Rule

On May 1, 2026, the CFPB published its revised Section 1071 small business lending data collection rule in the Federal Register. The final rule closely mirrors a November 2025 proposal. The final rule: (1) raises the definition of a "covered financial institution" to 1,000 covered transactions (up from 100); (2) reduces the gross annual revenue threshold for a "small business" to $1 million or less (down from $5 million); (3) removes merchant cash advances, agricultural credit, and loans under $1,000 from definition of "covered credit transaction;" (4) removes discretionary data points that were included in the 2023 final rule to streamline data collection, reduce operational burdens, and simplify discussions with applicants; (5) replaces the tiered compliance schedule with a single compliance date of January 1, 2028, for all covered financial institutions that originated at least 1,000 covered transactions for small businesses in each of calendar years 2026 and 2027; and (6) eliminates several non-statutory requirements for how lenders collected applicant provided demographic and ownership data.

Bite 7: DOJ Takes Action Against Payments Company

On May 12, 2026, the Department of Justice announced a settlement with a payments company to resolve a fair lending investigation into an investment program created for Black and minority-owned businesses. The company started the investment program in 2020, and the DOJ alleged that while it gave a preference to businesses based on race, color, and national origin, it was not implemented to remediate any specific instances of past discrimination. The settlement requires the company to launch a new Small Business Initiative that excludes criteria based on race, national origin, or other protected characteristics. The settlement also requires the company to waive processing fees for $1 billion of transactions (a value of approximately $30 million) for eligible American small businesses that are veteran-owned or engaged in farming, manufacturing, or technology. The company will also designate a director of the Small Business Initiative, conduct an assessment of the needs of American small businesses and determine how the company can support them, submit proposals to the United States, provide training to employees on the Equal Credit Opportunity Act, and report on the initiative annually.

Bite 6: FTC Takes Action Against Health Care Operation

On April 22, 2026, the FTC announced that it had obtained a temporary restraining order and asset freeze over a nationwide operation that was allegedly deceiving consumers seeking health insurance by impersonating the government and large insurance carriers. The complaint alleges that since 2023, six defendants misrepresented material facts about the healthcare-related products they advertised about consumers' existing health insurance coverage. According to the FTC, the defendants sold medical discount plans but lead consumers to believe they sell comprehensive coverage. The complaint alleges that the defendants have taken at least $91 million from consumers in connection with their unlawful practices. According to the complaint, if consumers were already enrolled in health insurance, the telemarketers deceptively told them they were calling from real insurance carriers or the government, and that without immediate payment their policies would be cancelled. The complaint alleges that the defendants violated the FTC Act, the Telemarketing Sales Rule, the Impersonation Rule, and the Gramm-Leach-Bliley Act and seeks refunds for affected consumers.

Bite 5: FTC Takes Action Against Software Company

On May 4, 2026, the FTC announced a settlement with a software company and its subsidiary to resolve allegations that the company shared and sold sensitive location data without obtaining consumers' affirmative express consent. The FTC sued the company in August 2022, alleging that its collection, use, and disclosure of precise location data invaded consumers' privacy by revealing their movements, including visits to sensitive locations such as health facilities and places of worship. The proposed order prohibits the company from selling, licensing, transferring, sharing or disclosing sensitive location data in any products or services unless it obtains a consumer's affirmative express consent and the data is used to provide a service directly requested by the consumer. The proposed order also requires the company to develop and implement a sensitive location data program, implement a supplier assessment program designed to confirm that consumers have provided consent, submit incident reports to the FTC, and allow consumers to request the names of any business or individual to which the data was sold.

Bite 4: FTC and Illinois Take Action Against Company Over Fake Reviews

On May 11, 2026, the Department of Justice, on behalf of the FTC, and the state of Illinois sued a Chicago-based company and its owner over allegations that they fraudulently created thousands of fake online business listings for home repair companies to deceive consumers into thinking they were choosing reputable local companies. The lawsuit also alleged that the company and owner posted fabricated five-star reviews for the fake companies - and used the reviews to dilute legitimate one-star reviews from actual customers (thereby boosting ratings). The complaint alleged that the company pretended to operate an established brick-and-mortar company located near consumers' homes. The complaint alleged violations of the FTC Act by making deceptive claims about being a local home-repair business operating from a specific address, making deceptive claims about sending technicians on a specific date and time from a local business, and making deceptive claims related to fake reviews. The complaint alleged violations of the FTC Act, the Reviews and Testimonials Rule, and the Gramm Leach Bliley Act (by making false, fictitious, or fraudulent statements to obtain consumers' financial information). The lawsuit seeks a permanent injunction, monetary relief, and civil penalties.

Bite 3: DOJ Takes Action Against Home Security Company

On April 14, 2026, the DOJ announced that it reached a settlement with the nation's largest home security services company, over allegations that it violated the Servicemembers Civil Relief Act ("SCRA"). The DOJ alleged that the company had imposed unlawful charges on at least 3,400 servicemembers who terminated their home security services contracts after receiving military relocation orders. The DOJ also alleged that the company illegally imposed a 30-day notice requirement on servicemembers who terminated their home security contracts. The DOJ alleged that this 30-day notice policy violated the SCRA, which allows servicemembers to terminate certain consumer contracts any time after receiving military orders to relocate to a location that does not support the contract. Also, according to the FTC, when a servicemember terminates a contract under the SCRA, companies are not allowed to charge any fees beyond the current billing period. Under the settlement, the company will pay up to $1,260,000 in compensation to the affected servicemembers; pay a $79,380 civil penalty, which is the maximum penalty for a first violation of the SCRA; and make policy and training changes to avoid committing future violations.

Bite 2: FTC Wins Summary Judgment Against Timeshare Exit Operator

On April 20, 2026, the FTC announced that a federal court granted summary judgment to the Department of Justice, on behalf of the FTC, and the state of Wisconsin against the last remaining defendant in a timeshare exit operation. The DOJ, on behalf of the FTC, and the state of Wisconsin brought the lawsuit in 2022, alleging that the company, its owners, and related companies used direct mail and in-person presentations to make deceptive claims to pressure customers into paying for timeshare exit opportunities. The complaint alleged that the company falsely claimed to be associated with timeshare companies, falsely told consumers that they couldn't exit the timeshare without paying their fees, and failed to provide promised refunds. The complaint also alleged that the company forced consumers to sign contracts that they couldn't cancel in violation of the FTC's Cooling-Off Rule, which guarantees consumers the right to cancel a door-to-door sales contract within three business days of the sale. The court granted summary judgment against the last defendant, one of the co-founders, and ordered him to pay $95 million in redress to consumers, imposed a $45 million civil penalty, and permanently banned him from the timeshare exit service industry and from door-to-door sales.

Bite 1: FTC Takes Action Against Licensing Platform over Cancellation Practices

On May 13, 2026, the FTC announced a settlement with an online digital photo and video platform over allegations that it illegally charged consumers for products without their consent and made it challenging to cancel subscriptions. The FTC alleged that the company advertised its on-demand packs as "Best for a one-time project," with "no commitment," but failed to adequately disclose that the packs automatically renewed when the last download in the pack was used and—until early 2024—that they automatically renewed after one year. The FTC also alleged that the "plan section" page of its enrollment flow frequently failed to disclose material terms, including that the plans renewed automatically at the end of each year, and that consumer will be charged a fee to cancel a plan before the end of the term. The FTC alleged that the company often buried denials in difficult-to-find fine print. Under the FTC's proposed order, the company will pay $35 million, which will be used to provide full relief to consumers. The proposed order also prohibits the company from misrepresenting material terms of its subscription offerings, requires disclosure of all material terms, requires simple cancellation mechanisms, requires the company to obtain consumers' express informed consent to charges, and maintain simple cancellation mechanisms for negative option features.s

Still hungry? Please join us for our next Consumer Financial Services Bites of the Month. If you missed any of our prior Bites, request a replay on our website.

Hudson Cook, LLP provides articles, webinars and other content on its website from time to time provided both by attorneys with Hudson Cook, LLP, and by other outside authors, for information purposes only. Hudson Cook, LLP does not warrant the accuracy or completeness of the content, and has no duty to correct or update information contained on its website. The views and opinions contained in the content provided on the Hudson Cook, LLP website do not constitute the views and opinion of the firm. Such content does not constitute legal advice from such authors or from Hudson Cook, LLP. For legal advice on a matter, one should seek the advice of counsel.