The Roundup: Rohit Chopra Returns as Head of California’s BCSA, NY DFS Tells Lenders Disparate Impact Still Applies, CFPB Funding
Welcome to the PerformLine Regulatory Compliance Roundup, home of the latest news, articles, and reports from our industry, curated for you. Let’s get into it.
In this edition: California appoints Rohit Chopra to lead new Business and Consumer Services Agency; New York DFS issues industry letter affirming disparate impact enforcement remains in effect; CFPB appeals funding ruling as cash crunch worsens; Federal privacy law on secure marketing data.
Do you want to be the first to know when the Regulatory Roundup is released? Subscribe to never miss an email and follow us on LinkedIn for even more updates on marketing compliance.
California Appoints Rohit Chopra to Lead New Consumer Super-Agency
Governor Gavin Newsom announced on May 12 that he is appointing former CFPB Director Rohit Chopra as the inaugural Secretary of California’s new Business and Consumer Services Agency (BCSA). The cabinet-level agency officially launches July 1, 2026, and consolidates dozens of regulatory departments under a single structure, such as the Department of Financial Protection and Innovation (DFPI), Department of Consumer Affairs,Department of Cannabis Control, Department of Real Estate, and Department of Alcoholic Beverage Control.
The BCSA does not itself hold standalone rulemaking authority comparable to the CFPB. Instead, it functions as an umbrella agency coordinating enforcement and policy across departments that do. Chopra’s influence will be most consequential at the DFPI, which already has extensive authority to investigate nonbank financial services, issue administrative orders, seek civil penalties, pursue restitution, and bring civil actions. The appointment is subject to state Senate confirmation. Chopra’s compensation in the role is $254,450 annually.
Newsom framed the appointment explicitly as a counterweight to federal deregulation. Chopra, in his statement, said the new agency would “fire on all cylinders” to prevent markets from being rigged against consumers and small businesses. Governor of California
Why It Matters: This is one of the most consequential state-level regulatory developments in years. Chopra ran one of the most aggressive enforcement eras in CFPB history, recovering nearly $10 billion in consumer refunds and penalties. His priorities at the CFPB, including junk fees, subscription pricing, algorithmic credit decisions, and nonbank supervision, are all squarely within the DFPI’s existing jurisdiction. For financial services companies operating in California, this is a clear signal: expect more coordinated, more aggressive, and more frequent enforcement activity beginning in the second half of 2026. Because many companies apply California compliance standards nationally to avoid maintaining separate operational systems, the BCSA’s posture will matter well beyond state lines.
Significant Stat:
~$10 billion
The amount in consumer refunds and penalties recovered during Rohit Chopra’s tenure as CFPB Director, according to Governor Newsom’s office. That enforcement record — targeting junk fees, nonbank financial services, and algorithmic credit decisions — is now headed to California.
NY DFS Tells Lenders: Disparate Impact Enforcement Is Not Going Away
On April 22, the New York Department of Financial Services issued an industry letter reminding all entities regulated under the New York Banking Law that disparate impact liability in lending remains fully in force under state law. The timing was deliberate: the letter landed the same day the CFPB published its final rule eliminating disparate impact from federal ECOA enforcement — a rule driven by President Trump’s April 2025 executive order directing all federal agencies to deprioritize enforcement of statutes and regulations that include disparate impact liability. In the letter, DFS made clear it holds independent authority to enforce both state and federal fair lending laws, signaling that the CFPB’s rollback does not limit its ability to act.
The DFS cited Section 296-a of the New York Executive Law, which prohibits discrimination in the granting, withholding, extending, or renewing of credit, or in the fixing of rates, terms, or conditions, based on race, creed, color, national origin, citizenship or immigration status, sexual orientation, gender identity or expression, military status, age, sex, marital status, status as a victim of domestic violence, disability, and familial status. The letter imposes no new obligations, but pointed to three prior consent orders against New York-chartered banks as examples of enforcement based on disparate impact analysis. NY Department of Financial Services
Why it matters: For marketing and compliance teams, the key takeaway is direct: audience targeting practices — who you reach, how you segment, and which channels you use — remain fair lending risk areas at the state level even as federal oversight contracts. Lenders operating in New York cannot treat the CFPB’s rule change as a green light to stop monitoring for disparate outcomes in their marketing. The compliance split is real — state enforcement isn’t following the federal retreat.
➤ Build a compliance program calibrated for multi-state enforcement with PerformLine’s Compliance Monitoring Platform
CFPB Files Funding Appeal as Cash Crisis Worsens
On May 11, the CFPB filed a notice of appeal to the Ninth Circuit, challenging a court order requiring the bureau to continue requesting Federal Reserve funding. The administration has argued the One Big Beautiful Bill Act’s reduction of the CFPB’s funding cap — from 12% to 6.5% — makes compliance financially impossible. More than 100 employees face furloughs and the bureau has begun transferring active enforcement cases to the DOJ. Consumer Finance Monitor
Why It Matters: A shrinking CFPB does not mean a shrinking enforcement environment. State AGs, NY DFS, and California’s DFPI — now under Chopra’s direction — are actively filling the void. For marketing and compliance teams, the risk has shifted, not disappeared: state-level scrutiny of advertising practices, fee disclosures, and audience targeting is intensifying precisely as federal oversight contracts.
On the Radar: Federal Privacy Law Could Reshape How You Market
The House introduced the SECURE Data Act on April 22, proposing a single national consumer data privacy standard that would replace the current 21-state patchwork. For marketing teams, the key provisions: consumers could opt out of targeted advertising and data sales; data collected for one purpose couldn’t be reused for unrelated marketing without consent; and third-party data brokers would face new registration requirements. The FTC would be the primary enforcer. The bill has not passed committee and faces the same preemption hurdle that has killed every previous federal privacy bill. House Energy & Commerce Committee
Why It Matters: Not law yet — but the trajectory is clear. Map your targeted advertising and third-party data practices against this framework now so you’re not starting from scratch if it advances.
That’s it for this edition of the Regulatory Roundup. Have questions, tips, or feedback? Reach out to us at performline.com or connect with us on LinkedIn.
