CFPB Rescinds Dozens of Regulatory Guidance Documents in Major Regulatory Shift

Today, the Consumer Financial Protection Bureau (CFPB or Bureau) announced the withdrawal of 67 regulatory guidance documents, including interpretive rules, policy statements, and advisory opinions that have been issued since the Bureau’s inception in 2011. The withdrawn guidance documents impact most federal consumer protection laws, including the Consumer Financial Protection Act of 2010 (CFPA), Fair Credit Reporting Act (FCRA), Fair Debt Collection Practices Act (FDCPA), Equal Credit Opportunity Act (ECOA), Truth in Lending Act (TILA), Electronic Fund Transfer Act (EFTA), and Military Lending Act (MLA). This decision marks a significant change in the Bureau’s approach to supervision, regulation, and enforcement under the current administration.

The Bureau notes that the withdrawal is not necessarily final, as further review will continue to identify which guidance documents will ultimately remain withdrawn. However, the Bureau emphasizes that the guidance withdrawn today should no longer be relied upon or enforced during the period of further review.
 
Background
The Federal Register notice indicates that withdrawal of these guidance documents is rooted in the principles outlined in Executive Order 13891, issued by President Trump during his first term, which emphasized that agencies should not use guidance documents to create new rights or obligations outside the Federal Government. Despite former President Biden’s revocation of that Executive Order, the Bureau emphasizes that the principles it expressed “are no less salient today.”

The Bureau’s decision to withdraw the identified guidance documents is driven by three key reasons:

1. Necessity and Compliance Burdens: The CFPB aims to issue guidance only when necessary and when it reduces compliance burdens rather than increases them. The withdrawal allows the Bureau to reassess each document’s statutory basis and impact on compliance costs.
2. Reduction in Enforcement Activities: In line with directives to deregulate and streamline bureaucracy, the CFPB is reducing enforcement activities, focusing only on areas statutorily required. This move is intended to mitigate overlap with other federal and state regulators.
3. Non-Binding Nature of Guidance: The CFPB recognizes that guidance is generally non-binding and does not create substantive rights. The withdrawal reflects a shift towards ensuring that guidance aligns strictly with statutory requirements and reduces unnecessary compliance burdens.

Guidance Withdrawn
Highlights from some of the regulatory guidance withdrawn by the CFPB are set forth below:

Policy Statements

• Policy Statement on No Action Letters, 90 FR 1970 and Policy Statement on Compliance Assistance Sandbox Approvals, 90 FR 1974 (Jan. 10, 2025).
  • These policies ostensibly aim to promote innovation, competition, ethics, and transparency in the consumer financial products and services market. However, the policies also introduce significant restrictions, particularly concerning applications from firms with prior federal or state enforcement actions and those represented by former CFPB attorneys. See prior discussion here.
• Statement of Policy Regarding Prohibition on Abusive Acts or Practices, 88 FR 21883 (Apr. 12, 2023).
  • A policy statement outlining the prohibition of abusive acts or practices under the CFPA, which included actions that materially interfere with a consumer’s understanding or take unreasonable advantage of certain consumer vulnerabilities. This statement aimed to provide an analytical framework for identifying such practices, drawing on examples from past enforcement actions, and invited public comments for potential revisions.
• Statement on Enforcement and Supervisory Practices Relating to the Small Business Lending Rule Under the Equal Credit Opportunity Act and Regulation B, 88 FR 34833 (May 31, 2023).
  • A policy statement under the CFPA, which defined and prohibited abusive acts or practices by covered persons or service providers. This policy aimed to provide an analytical framework for identifying such conduct, focusing on actions that materially interfered with consumer understanding or took unreasonable advantage of consumer vulnerabilities.
• Statement on Supervisory and Enforcement Practices Regarding the Remittance Rule in Light of the COVID-19 Pandemic (Apr. 10, 2020).
  • A statement acknowledging the significant impact of the COVID-19 pandemic on consumers and financial institutions, particularly those involved in remittance transfers. To mitigate potential disruptions, the Bureau announced a temporary supervisory and enforcement flexibility, allowing insured institutions to continue providing estimated disclosures for third-party fees and exchange rates instead of exact figures, from July 21, 2020 to January 1, 2021, after the expiration of a statutory temporary exception.
• Disclosure of Consumer Complaint Narrative Data, 80 FR 15572 (Mar. 24, 2015), Disclosure of Consumer Complaint Data, 78 FR 21218 (Apr. 10, 2013), Disclosure of Certain Credit Card Complaint Data, 77 FR 37558 (June 22, 2012).
  • A series of policy statements aimed at guiding the public disclosure of consumer complaint data through its Consumer Complaint Database. These included a final policy statement for disclosing unstructured consumer complaint narratives with opt-in consent and personal information scrubbing, a rule for disclosing non-personally identifiable consumer complaint data under the Dodd-Frank Act, and a specific focus on credit card complaint data.

Interpretive Rules

• Use of Digital User Accounts to Access Buy Now, Pay Later Loans, 89 FR 47068 (May 31, 2024).
  • An interpretive rule subjecting “Buy Now, Pay Later” (BNPL) transactions to provisions of Regulation Z applicable to credit cards. Among other things, this classification would have required BNPL and other lenders to extend many of the same legal protections and rights to consumers that apply to traditional credit cards, including the rights to dispute charges and demand refunds for returned products, and, potentially, receive periodic statements. The Bureau claimed its authority to issue this interpretive rule — in lieu of a formal rulemaking — stemmed from the TILA and Regulation Z, and its general authority to issue guidance as set forth in the CFPA. See prior discussion here.
• Limited Applicability of Consumer Financial Protection Act’s ‘Time or Space’ Exception to Digital Marketers, 87 FR 50556 (Aug. 17, 2022).
  • An interpretive rule under the CFPA addressing digital marketing providers that commingle the targeting and delivery of advertisements to consumers with the provision of advertising “time or space.” According to the Bureau, when digital marketers are involved in the identification or selection of prospective customers or the selection or placement of content to affect consumer behavior, they are acting as “service providers” subject to the CFPB’s jurisdiction and could be held liable by the CFPB and other law enforcers for committing unfair, deceptive, or abusive acts or practices. See prior discussion here.
• The Fair Credit Reporting Act’s Limited Preemption of State Laws, 87 FR 41042 (July 11, 2022).
  • An interpretive rule encouraging states to enact more laws regulating consumer reporting, arguing that states’ powers are only constrained in limited ways by the FCRA. According to the CFPB, FCRA preemption extended only to state laws with which it is impossible to comply while also complying with the FCRA. Therefore, states had the ability to enact state-level laws that are stricter than the FCRA, including outright prohibitions on reporting many kinds of truthful information about consumers, with only “limited preemption exceptions.” See prior discussion here.
• Authority of States to Enforce the Consumer Financial Protection Act of 2010, 87 FR 31940 (May 26, 2022).
  • An interpretive rule describing states’ authorities to pursue companies and individuals that allegedly violate any of the federal consumer financial laws enforced by the CFPB. It openly invited states to exercise their authority under Section 1042, “Preservation of Enforcement Powers of States,” of the CFPA to not only bring lawsuits in federal court for unfair and deceptive acts and practices (UDAAP) violations under the CFPA, but also bring federal actions for any violations of the “enumerated consumer laws” enforced by the CFPB. See prior discussion here.
• Examinations for Risks to Active-Duty Servicemembers and Their Covered Dependents, 86 FR 32723 (June 23, 2021).
  • An interpretive rule asserting that the CFPB had the statutory authority to conduct examinations, at those institutions that it supervises, regarding the risks to active-duty servicemembers and their covered dependents that are presented by conduct that violates the MLA.

Advisory Opinions

• Truth in Lending (Regulation Z); Consumer Credit Offered to Borrowers in Advance of Expected Receipt of Compensation for Work, 90 FR 3622 (Jan. 15, 2025).
  • An advisory opinion rescinding a previous advisory opinion which the Bureau issued during the first Trump administration in November 2020. The 2020 advisory opinion had described how a specific type of “earned wage” product did not constitute the offering or extension of “credit” under the TILA and Regulation Z. See prior discussion here.
• Fair Credit Reporting; File Disclosure, 89 FR 4167 and Fair Credit Reporting; Background Screening, 89 FR 4171 (Jan. 23, 2024).
  • Two “advisory opinions” addressing the CFPB’s views of the obligations of consumer reporting agencies (CRAs) under the FCRA. First, the CFPB advised that in order to assure “maximum possible accuracy” under § 607(b) of the FCRA, a CRA that provides background check reports must have procedures in place that: (1) prevent reporting public record information that is duplicative or that has been expunged, sealed, or otherwise legally restricted from public access; and (2) include any existing disposition information if it reports arrests, criminal charges, eviction proceedings, or other court filings. Second, the CFPB advised that under § 609(a) of the FCRA, CRAs responding to file disclosure requests must also disclose to a consumer “the sources” of information, including both the original source and any intermediary or vendor sources. See prior discussion here.
• Debt Collection Practices (Regulation F); Deceptive and Unfair Collection of Medical Debt, 89 FR 80715 (Oct. 4, 2024).
  • The opinion emphasized the prohibitions on false, deceptive, or misleading representations, and unfair or unconscionable means to collect or attempt to collect medical debts. According to the Bureau, debt collectors would be strictly liable under the FDCPA and Regulation F for engaging in the following practices when collecting medical bills: collection of amounts not owed because already paid; collection of amounts not owed due to federal or state law; collection of amounts above permitted limits; collection of amounts for services not received; misrepresentation of the nature of legal obligations; and substantiation of medical debts. See prior discussion here.
• Truth in Lending (Regulation Z); Consumer Protections for Home Sales Financed Under Contracts for Deed, 89 FR 68086 (Aug. 23, 2024).
  • An advisory opinion addressing contract-for-deed home financing, also known as a “land contract,” “land installment contract,” “land sales contract,” “bond for deed,” “agreement for deed,” or “buying on contract.” The advisory opinion concluded that form of seller financing, where the seller retains the deed until the buyer completes the payments, generally is “consumer credit” under the TILA and Regulation Z and, therefore, that many providers of the financing must comply with the Ability to Repay and other rules in Regulation Z governing consumer mortgages. See prior discussion here.

Other Guidance

• Consumer Financial Protection Circular 2024-06: Background Dossiers and Algorithmic Scores for Hiring, Promotion, and Other Employment Decisions, 89 FR 88875 (Nov. 12, 2024).
  • In this circular, the CFPB responded to the question, “Can an employer make employment decisions utilizing background dossiers, algorithmic scores, and other third-party consumer reports about workers without adhering to the FCRA?” The Bureau opined that employers that use consumer reports — both initially when hiring workers and for subsequent employment purposes — must comply with FCRA obligations, including the requirement to obtain a worker’s permission to procure a consumer report, the obligation to provide notices before and upon taking adverse actions, and a prohibition on using consumer reports for purposes other than the permissible purposes described in the FCRA.
• Consumer Financial Protection Circular 2024-05: Improper Overdraft Opt-in Practices, 89 FR 80075 (Oct. 2, 2024).
  • Circular 2024-05 addressed whether a financial institution violates the EFTA and Regulation E by charging overdraft fees for ATM and one-time debit card transactions without proof of the consumer’s affirmative consent to enrollment in covered overdraft services. The Bureau’s response was clear: charging fees in these circumstances could indeed constitute a violation of EFTA and Regulation E. See prior discussion here.
• Consumer Financial Protection Circular 2024-04: Whistleblower protections under CFPA Section 1057, 89 FR 65170 (Aug. 9, 2024).
  • A circular warning financial institutions about the potential illegality of nondisclosure agreements (NDAs) that could deter whistleblowing. Specifically, the Bureau addressed whether requiring employees to sign broad confidentiality agreements violates § 1057 of the CFPA. According to the CFPB, the answer was “yes” under circumstances that could lead an employee to reasonably believe that they would be sued or subject to other adverse actions if they disclosed suspected violations of federal consumer financial law to government investigators or a law enforcement agency. See prior discussion here.
• Consumer Financial Protection Circular 2024-03: Unlawful and unenforceable contract terms and conditions, 89 FR 51955 (June 21, 2024).
  • A circular warning covered persons that including unlawful or unenforceable terms and conditions in consumer contracts could violate the prohibition on deceptive acts or practices in the CFPA. According to the CFPB, a representation or omission was deceptive if it was likely to mislead a reasonable consumer and was material, i.e., “involves information that is important to consumers and, hence, likely to affect their choice of, or conduct regarding, a product.” For example, a contractual provision stating that a consumer agrees not to exercise a legal right was deemed likely to affect a consumer’s willingness to attempt to exercise that right in the event of a dispute. See prior discussion here.
• Consumer Financial Protection Circular 2024-02: Deceptive marketing practices about the speed or cost of sending a remittance transfer, 89 FR 27357 (Apr. 17, 2024).
  • According to the circular, providers could be liable under the CFPA for deceptive marketing practices if they market: remittance transfers as being delivered within a certain time frame when transfers actually take longer; remittance transfers as “no fee” when in fact the provider charges fees; promotional fees or promotional exchange rates for remittance transfers without sufficiently clarifying when an offer is temporary; and remittance transfers as “free” if they are not in fact free. See prior discussion here.
• Consumer Financial Protection Circular 2022-04: Insufficient data protection or security for sensitive consumer information, 87 FR 54346 (Sept. 6, 2022).
  • A circular answering the question “can entities violate the prohibition on unfair acts or practices in the CFPA when they have insufficient data protection or information security?” with a resounding “yes.” Specifically, the CFPB pointed to three practices — inadequate authorization, poor password management, and lax software update policies — as examples of data security practices that would likely cause substantial unavoidable injury to consumers without a countervailing benefit and that could trigger liability for financial institutions and/or their service providers. According to the CFPB, failure to comply with these requirements would potentially violate the CFPA’s prohibition on unfair acts or practices. See prior discussion here.

Conclusion
The CFPB’s decision to rescind these guidance documents represents a pivotal shift in its regulatory approach, aligning with its 2025 supervision and enforcement priorities (discussed here), its broader deregulation efforts, and the reduction of compliance burdens. By focusing on statutory requirements and minimizing enforcement activities, the Bureau aims to streamline its operations.