The CFPB: 2024 Lookback and 2025 Predictions for Compliance
With 23 public enforcement actions, 19 finalized rules, 7 proposed rules, 4 supervisory highlights, 5 consumer protection circulars, over 2.2 million consumer complaints, and one crucial Supreme Court ruling—2024 was an exceptionally busy year for the Consumer Financial Protection Bureau (CFPB).
As we look ahead to a new year and a new administration, we sat down with industry experts Doreen Ghusar, a governance & regulatory advisor with 20+ years experience at leading lenders, and Chris Hilliard, a seasoned compliance professional with 20+ years experience at major financial institutions and lenders, to reflect on everything that happened in 2024 and discuss what compliance teams can expect as we head into 2025.
Key areas of focus for the CFPB in 2024
UDAAP takes center stage
One of the most prominent marketing compliance themes in 2024 has been the CFPB’s heightened focus on Unfair, Deceptive, or Abusive Acts and Practices (UDAAP) violations.
This increased scrutiny can be seen in several actions by the Bureau, one of which was a circular that addressed deceptive marketing practices. The circular focused on concerns with using fine print to hide promotional conditions and marketing “free” services.
The Bureau has also published four supervisory highlights in 2024, three of which have focused on UDAAP. Among these, there have been several cases involving deceptive advertising practices by financial service providers. Common issues included failing to clearly disclose fees and misrepresenting product benefits.
There have been a few notable enforcement actions involving UDAAP this year as well.
One was against a for-profit school that misled students about the cost of their loans and exaggerated how many graduates actually got jobs post-graduation. Their marketing materials claimed that 86% of graduates found jobs, but their internal data showed that the real rate was closer to 50%, and sometimes as low as 30%.
The CFPB also took action against a fintech company for deceptively advertising their loans as “zero-interest” or “0% APR,” when in reality, many of these loans carried an average APR of 36% or higher.
The increased focus on UDAAP has forced companies to rethink how they disclose fees and terms, ensuring that they are not misleading to consumers. Many financial institutions are investing in additional compliance staff, external expertise, and marketing compliance technology to avoid such pitfalls and ensure transparency in their marketing efforts.
The CFPB reinforced their commitment to consumer protection, and it really prompted a significant number of companies to review their marketing practices more carefully and potentially bring on additional resources in the form of either new employees or outsourced reviews.
Chris Hilliard
Emerging products, like buy now, pay later (BNPL), have also faced increased UDAAP scrutiny.
The CFPB issued many warnings to BNPL providers about deceptive practices, like doubling the cost of the credit, failing to disclose penalty fees, late payments, and so on.
Doreen Ghusar
Heightened activity after the Supreme Court ruling
The long-awaited Supreme Court ruling that confirmed the CFPB’s constitutionality led to a more emboldened Bureau and, subsequently, an uptick in regulatory activity and enforcement actions.
After the pivotal decision, Director Chopra said that the agency will be “firing on all cylinders” and will “forge ahead with law enforcement work.”
The CFPB followed through on its commitments, with 83% of enforcement actions, 63% of finalized rules, and 72% of proposed rules occurring post-Supreme Court ruling.
This surge in enforcement has placed additional pressure on financial institutions to be vigilant and proactive in their compliance programs.
But now, with the recent election and upcoming changes in administration, CFPB activity and priorities could shift.
The future of CFPB oversight and priorities
Continued focus on UDAAP
Regardless of the administration, the CFPB tends to prioritize its core principles—transparency, accountability, and consumer protection.
Even with potential regulatory adjustments, the CFPB’s emphasis on consumer protection, particularly for emerging financial products, will likely persist.
Companies will still be required to ensure that consumers clearly understand the terms, fees, and conditions of the financial products they engage with.
Deceptive practices—such as hidden fees or misleading product descriptions—will continue to attract scrutiny, even if the regulatory framework evolves to allow for greater flexibility in enforcement.
A potential shift towards principles-based regulation
Looking to 2025, there’s speculation that the CFPB could shift back to a principles-based approach, focusing on setting broad principles and desired outcomes rather than outlining very specific rules.
This can provide financial institutions with more flexibility in how they achieve compliance and allow more innovation with their products.
But—this doesn’t come without risk.
That type of innovation-friendly regulation gives flexibility to companies trying to innovate. But, at the same time, you have to worry about what that outcome may be, and it certainly can be negative.
Chris Hilliard
Even with increased flexibility, there are still compliance risks, and consumer protection should remain top-of-mind.
State-level scrutiny remains a key consideration
Even if the CFPB lessens its regulatory burden, state-level regulators are expected to continue enforcing consumer protection laws with vigor.
Despite the administration and CFPB’s federal stance, there’s always this constant push and pull from the state level as well. Even when the CFPB seems more lenient, there’s often pressure from states that can create a conflicting dynamic.
Doreen Ghusar
For example, states like California have been at the forefront of regulating emerging products like digital currencies and AI-driven lending. If the CFPB shifts focus, these states may intensify their oversight, creating a more complex regulatory landscape for financial institutions.
While this can create additional protections for consumers, it could also deter innovation from companies developing new technologies. Especially for those states that have a heavy hand in regulatory oversight, this could inadvertently create an environment where companies hesitate to innovate out of fear of fines or enforcement actions.
While increased state activity might benefit consumers in some ways, it could also slow down advancements in the financial space, which is something to be prepared for in 2025.
Emerging technologies like AI and machine learning
The rise of AI and machine learning presents new challenges for financial institutions. The CFPB’s increasing scrutiny of these technologies is likely to continue, particularly in areas like algorithmic lending and data privacy.
Financial institutions using AI for underwriting, marketing, or servicing need to ensure that their algorithms are transparent, unbiased, and compliant with fair lending laws.
AI has the potential to create a more inclusive credit environment if used responsibly.
If you’re going to use AI, if you’re going to be on that forefront of innovation, use AI as an additive approval. Don’t use it to deny loans. Don’t use it to make a negative decision. Use it to add to your book of business, your approvals, your credit box, and other things like that.
Chris Hilliard
Doreen suggests ongoing quality control (QC) checks of your credit models—whether they’re approving or declining loans—and ask:
- Are these models meeting regulatory requirements?
- Are they unbiased?
- Are they compliant with applicable laws?
Regularly revisiting and auditing your models will ensure they remain aligned with evolving regulatory expectations and consumer protection standards.
Potential regulatory rollbacks and delays
Another prediction is that some of the current regulatory initiatives led by the CFPB may face delays, rollbacks, or be completely stalled under a new administration.
Particularly, Chris expects delays or halts in these specific areas:
- Overdraft fees
- Medical debt in underwriting
- Open banking rules
Best practices for managing compliance risks
Stay in the know and be proactive
Tracking regulatory activity and enforcement actions is crucial for understanding evolving industry standards and ensuring your organization is compliant.
Enforcement actions from agencies like the CFPB, Federal Trade Commission (FTC), Federal Deposit Insurance Corporation (FDIC), Office of the Comptroller of Currency (OCC), and state regulators offer valuable insights into common issues and penalties, which can be applied to your internal compliance processes.
I always advise being proactive, not reactive. Don’t wait for an auditor or examiner to tell you what’s wrong. Build internal processes, from cradle to grave, that ensure you’re always proactive. Take these circulars, enforcement actions, and guidance from regulators and perform regular checks.
Doreen Ghusar
Take the time to analyze enforcement actions and assess how they impact your organization and your compliance program.
Embed compliance into regular processes
Compliance should also be embedded into regular company processes.
For example, during compliance committee and board meetings, review supervisory highlights every quarter. Identify trends and hot topics and ensure your compliance program addresses them, says Doreen.
When you don’t address potential risks, especially those flagged in other companies’ enforcement actions, it’s only a matter of time before it comes back to your organization.
Invest in compliance tools
Investing in compliance technology can help streamline compliance processes.
These tools can help institutions track regulatory changes, automate monitoring, and ensure that all marketing materials are compliant.
The cost of compliance is real, but investing in the right resources now will always be less expensive than dealing with enforcement actions later.
Allocating a budget for compliance tools can often stretch your dollars further than simply hiring more staff or engaging outside counsel.
Make sure you have a solid compliance budget in place to ensure you’re able to meet your goals over the next 12 to 24 months. This will be extremely important.
Doreen Ghusar
Collaborate across teams and departments
Compliance should not be siloed in a single department.
Collaboration between compliance, legal, marketing, and IT teams is essential to ensure that all aspects of a financial institution’s operations align with regulatory requirements, particularly for UDAAP, says Doreen.
It’s especially important to work closely with marketing teams—trends in consumer complaints often start with marketing, so organizations should monitor and adjust based on that feedback.
Make your voice heard
Getting involved in the rulemaking process is crucial for shaping financial regulations that work for everyone. Whether it’s joining an industry group or simply sending an email to your Congressperson, your voice matters, says Chris.
During comment periods, when new rules are being discussed, make sure you’re heard. If you don’t speak up, decisions are made without input from those affected. This could lead to regulations that don’t serve your business or your customers well.
Regulators and lawmakers listen to feedback, and by sharing yours, you can help shape the rules that govern the industry. Getting involved now helps ensure the rules are fair and make sense for everyone.
Get more insights
As 2025 is filled with regulatory uncertainty, your organization can never be too prepared.
Access more expert insights on this topic here.