.svg)
A Shifting Consumer Protection Landscape
The current structure of consumer protection enforcement in the United States largely took shape in 2010 with the passage of the Dodd-Frank Wall Street Reform and Consumer Protection Act. Although many consumer protection laws already existed, they were not consistently enforced, and most federal regulators focused primarily on safety and soundness. Before the 2008 financial crisis, consumer protection was often seen as a secondary risk-based consideration, not a core examination priority.
That changed when the crisis revealed the cost of that gap in oversight. Millions of Americans entered into complex loan agreements and financial products they did not fully understand, and regulators were not positioned to intervene in time. Dodd-Frank aimed to correct that by:
- Creating the Consumer Financial Protection Bureau (CFPB) as a centralized federal consumer watchdog.
- Expanding the authority of state attorneys general and regulators to act when federal enforcement fell short.
- Limiting the use of federal preemption by banks to sidestep state consumer laws.
Over the following decade, financial institutions experienced a significant increase in both state and federal oversight, which many in the industry, including the American Bankers Association, viewed as burdensome. But now, under a new wave of deregulatory policy, we are seeing that framework begin to shift again.
Recent actions by the Trump administration suggest a move to reduce the federal footprint and empower states to take the lead in consumer protection enforcement. This shift, combined with efforts to promote innovation in fintech and digital assets, could fundamentally reshape who oversees consumer protection and how it is enforced in the years ahead.
Deregulation Reshaping Financial Services and Moving Consumer Protection Oversight to the States
Could the current wave of deregulation be transforming the financial services landscape, accelerating the rise of fintechs and digital assets, and gradually transferring consumer protection oversight from federal to state regulators? That is the critical question many are now asking as the Trump administration doubles down on efforts to reduce federal regulatory influence and promote innovation in financial services.
Early in his second term, President Trump issued two major executive orders that have set the tone for his administration’s regulatory agenda.
The first, Executive Order 14192: Unleashing Prosperity Through Deregulation, limits federal agencies’ rulemaking authority by requiring that for every new regulation proposed, at least ten existing ones must be repealed.
The second, Executive Order 14178: Strengthening American Leadership in Digital Financial Technology, signals strong support for the growth of digital assets, blockchain and financial innovation, placing an emphasis on “responsible” development across all sectors of the economy.
Although these actions align with the President’s campaign promises to champion free markets and economic competitiveness, the scope and speed of deregulation have surprised even seasoned industry leaders. Unlike more gradual approaches seen in previous administrations, this one is moving quickly to dismantle regulatory structures, especially those put in place during the Biden era.
In financial services specifically, there has been a flurry of changes since the start of 2025. These include a rollback of several consumer protection and financial crime rules, a dramatic restructuring of the Consumer Financial Protection Bureau (CFPB), and public statements from prudential regulators that appear to prioritize innovation over enforcement.
All of this has raised a key concern regarding whether the administration is aiming not just to lighten the federal regulatory load, but also to shift primary consumer protection responsibilities to the states.
This line of thinking is not farfetched. The administration has been vocal about returning other areas, such as education, to state control. It now seems that financial services regulation, particularly consumer protection, could be on a similar path. If so, a patchwork of state-led regulatory frameworks may soon emerge, just as fintechs and digital assets become more deeply embedded in the banking ecosystem.
In short, the administration’s deregulatory push may be doing more than streamlining oversight; it may be rewriting the rules of who is ultimately responsible for protecting consumers.
A New Era of Consumer Protection Enforcement
The shift toward deregulation is already reshaping how consumer protection is enforced. A leaked internal memo from April, sent by CFPB chief legal officer Mark Paoletta, suggests the agency is actively stepping back from certain enforcement areas to give states more authority. The memo emphasizes a commitment to federalism, noting the CFPB will deprioritize overlapping enforcement efforts where states already have strong regulatory and supervisory frameworks. Key focus areas where supervision is being scaled back include digital payments, peer-to-peer (P2P) platforms, consumer data privacy, medical debt, student loans and remittances.
Instead, the CFPB is now concentrating on more traditional consumer risks, particularly those affecting service members and their families, and is shifting supervision efforts toward depository institutions rather than fintechs or nonbanks. This pivot not only reflects a philosophical change in how the CFPB sees its role, it also signals an openness to innovation by reducing regulatory pressure on emerging financial technologies.
This hands-off approach aligns with broader Trump administration priorities and seemingly confirms speculation that the federal government is creating space for fintech and cryptocurrency growth by removing compliance friction. Back in January 2025, then CFPB director Rohit Chopra anticipated this shift in his “Strengthening State Level Consumer Protections” report. He outlined a framework that states could adopt to step into the enforcement gap, including sample legislative text to address junk fees, abusive lending practices and data privacy concerns using authority granted under the Dodd-Frank Act.
But this raises an important question: Are state regulators truly stepping up as a temporary bridge until the pendulum swings back, or are we witnessing a long-term transfer of enforcement power to the states?
Although that answer is still unfolding, and there are many things left to consider such as preemption, it is clear that some states, such as New York, are not waiting for clarity. New York attorney general Letitia James proposed the FAIR (Fostering Affordability and Integrity through Reasonable) Business Practices Act, designed to create stronger consumer protections at the state level, especially for small businesses and underserved communities, which passed in June 2025.
Meanwhile, as predicted, President Trump has set his sights on restructuring the CFPB itself. Acting directors Scott Bessent and Russell Vought have significantly scaled back the bureau’s workforce, paused pending rules, dropped enforcement actions and suspended effective dates for final regulations. These moves have weakened the agency’s enforcement capabilities and redirected attention away from emerging financial technologies, creating a more permissive environment for fintech innovation.
This brings us full circle. With federal enforcement scaled back and state-level legislation still developing, is this regulatory vacuum clearing the path for fintechs and cryptocurrencies to embed more deeply into the mainstream financial system? That is the next frontier where innovation meets opportunity, and the rules of the road are still being written.
Digital Asset Regulation: A New Gateway for Fintechs and Cryptocurrencies
As federal agencies scale back traditional consumer protection enforcement and encourage state-level leadership, another transformation is quietly unfolding: the U.S. is laying the groundwork for fintechs that use technology to offer or enhance financial services and digital assets to move from the margins into the heart of the banking system. This shift is not accidental; it is a deliberate strategy driven by Executive Order 14178, Strengthening American Leadership in Digital Financial Technology, issued on day three of President Trump’s second term.
The order aims to establish a unified federal regulatory framework that supports innovation while easing the path for digital asset firms and fintech companies to enter the U.S. banking system. Days before the executive order was issued, the Securities and Exchange Commission’s (SEC) acting chairman, Mark Uyeda, formed a crypto task force to start defining clear regulatory boundaries, and the Senate Committee on Banking launched a new Subcommittee on Digital Assets to accelerate legislative clarity.
The message from Washington is clear: it is no longer a matter of if, but when digital assets and fintechs will become an integral part of the regulated financial landscape. Despite their disruptive impact offering decentralized services, instant payments and novel lending models, fintechs and cryptocurrencies have long operated in a gray area, lacking consistent regulatory support. That has started to change. The Office of the Comptroller of the Currency (OCC) has taken critical steps in recent years to welcome these innovators into the fold.
One landmark moment came in 2021, when Anchorage Digital Bank became the first federally chartered digital asset bank, after it was granted a national trust bank charter that allowed it to operate under one regulatory umbrella rather than a patchwork of state rules.
Soon after, SoFi received a full national bank charter, signaling the federal government’s willingness to bring established fintechs into the traditional system. These moves were seen as breakthroughs, but then momentum stalled, primarily due to fintechs viewing the process as cumbersome and lengthy.
In the four years since Anchorage’s charter, few others have followed. Digital asset firms argue that the bureaucracy of traditional banking oversight has slowed innovation, while some Republican senators have accused federal agencies of “debanking” crypto by discouraging banks from doing business with them.
Responding to these concerns, regulators have taken steps to reassure the industry. One significant change includes the removal of reputational risk as a factor in supervisory examinations, a long-standing concern for banks working with crypto clients.
More recently, in March 2025, the OCC doubled down by issuing updated guidance, Interpretive Letter 1183, confirming that national banks and federal savings associations can engage in a broad range of crypto-related activities, including custody of digital assets and certain stablecoin transactions without needing prior approval. Interpretive Letter 1183 frames this shift as a way to “reduce burden, encourage responsible innovation, and enhance transparency.” That same month, fintech firm SmartBiz Loans received conditional approval to acquire CenTrust Bank, making it one of the latest examples of a fintech gaining a foothold in traditional banking.
However, as promising as these developments are, they raise a critical question: will fintechs and digital asset firms be held to the same standards as traditional banks? Or, will the current regulatory approach fueled by deregulatory executive orders and internal CFPB policies deprioritizing oversight create an uneven playing field?
So, why does this matter to traditional banks or digital asset companies?
In short, because the rules of engagement in financial services are being rewritten. For banks, it means adapting to a market where fintechs can gain competitive advantages with lighter-touch regulation, faster product rollout, and more consumer protection enforcement from states. For digital asset firms, it is a potential golden window, one that opens the door to legitimacy, scale and access to the broader U.S. financial system; however, a window that comes with increased scrutiny and expectations in a heavily regulated industry.
The Shift Toward State-Led Consumer Protection Enforcement
As federal regulators recalibrate their priorities under a second Trump administration, a noticeable shift is underway: state governments are stepping into the consumer protection void. With the federal government increasingly embracing deregulatory policies, states are responding in two distinct but complementary ways: by creating their own consumer-focused laws and regulations; and by challenging federal rollbacks through litigation and political advocacy.
Proactive State Regulation: Filling the Federal Gap
States such as New York, California and Massachusetts are leading the charge with aggressive consumer protection agendas. These states are not just reacting, they are setting new standards:
- New York has proposed sweeping rules in 2025 targeting overdraft and non-sufficient funds (NSF) fees, algorithmic price discrimination and “junk fees” associated with buy now, pay later (BNPL) products and AI tools used in lending.
- Massachusetts has enacted robust regulations that ban junk fees and deceptive billing practices.
- California passed 18 consumer-focused laws in late 2024 covering everything from hidden fees and auto-renewing subscriptions to removing medical debt from credit reports.
These efforts reflect a broader trend that is also being seen in other states such as Illinois, Pennsylvania and Maryland: as federal regulators pull back, states are stepping up to enforce consumer protection through legislation tailored to the needs and risks of their local populations.
New York, in particular, appears positioned to become a de facto national standard-setter in this emerging decentralized regulatory landscape. New York has a very active attorney general’s office that has enforced existing consumer protection laws, proposed new legislation, and taken legal action against businesses engaging in unfair or deceptive practices. The Fostering Affordability and Integrity through Reasonable Business Practices Act (FAIR Business Practices Act) has passed this year which will protect New Yorkers from unfair and abusive business acts. The New York State Department of Financial Services (NYDFS) has the manpower to enforce consumer protection laws and it recently hired a former deputy enforcement director.
Reactive State Litigation: Pushing Back on Deregulation
In addition to passing new laws, states are taking a stand through coordinated legal action. Attorneys general from multiple states are challenging what they view as the dismantling of federal consumer protection frameworks, especially the weakening of the CFPB.
- In early 2025, a coalition of 23 state attorneys general filed amicus briefs in support of preserving the CFPB’s role, warning that eliminating it could leave consumers vulnerable to fraud, abuse and a lack of recourse.
- These efforts are not just symbolic. States are pressing Congress to preserve federal protections, such as the CFPB’s overdraft fee rule, and are signaling their willingness to litigate where necessary to fill the gap.
Although it is still unclear as to whether these legal actions will succeed in court, they represent a new model of state-federal friction, where states become the primary defenders of consumer rights in a deregulated environment.
What This Means for Financial Services
The regulatory landscape is shifting from a centralized federal model to a more fragmented, state-driven one. For traditional banks, this shift introduces complexity: compliance teams will need to monitor and adapt to a growing patchwork of state-level laws, regulations and enforcement priorities. What was once a streamlined national approach could now resemble a mosaic of overlapping requirements, increasing both compliance risk and operational burden. This fragmented supervision model could also result in a new layer of regulatory burden with regard to launching new products and innovation for traditional banks. As more states issue legislation on innovative topics like BNPL, artificial intelligence, digital assets, and open banking, rather than a national approach to these topics, banks will have to ensure compliance with each state within their footprint.
For fintechs and digital asset companies, the implications are nuanced. The current deregulatory environment may offer more flexibility, particularly in areas such as innovation and product development. However, that flexibility comes with a new kind of risk: inconsistent oversight across jurisdictions and an unpredictable enforcement landscape.
As consumer protection enforcement begins to fragment, financial institutions, whether traditional banks or digital-first platforms, must prepare for a world where state-level regulation becomes the new frontline. Those that build adaptable compliance frameworks, invest in regulatory intelligence, and engage proactively with state regulators will be best positioned to thrive in this evolving landscape.
Key States Positioning to Be Mini CFPB: Recent Consumer Protection Related Activity
|
How California Has Stepped Up |
Date |
Summary |
|
7/1/2024 |
SB 478 made it illegal for most businesses to advertise or list a price for a good or service that does not include all required fees or charges other than certain government taxes and shipping costs. |
|
|
9/19/2024 |
SB 942 imposed requirements on AI systems to ensure transparency, accountability, and broader consumer protection. |
|
|
9/24/2024 |
Suite of enacted bills tackled consumer protection issues related to overdraft and non-sufficient funds (NSF) fees, medical debt on credit reports, automatic renewals, and more. |
|
|
9/29/2024 |
AB 1934 toughened existing disclosure and compliance requirements for digital asset businesses, as well as approving stablecoins under the licensing regime. |
|
|
11/8/2024 |
Proposed California Privacy Protection Agency (CPPA) regulations would establish requirements for businesses to complete annual cybersecurity audits and risk assessments, as well as implementing consumer rights to access and opt-out of businesses’ use of automated decision-making tools. The request for comment period closed on June 2, 2025. |
|
|
1/8/2025 |
The Department of Financial Protection and Innovation (DFPI) reached a $20m multi-state settlement with Bayview Asset Management over deficient cybersecurity practices and non-cooperation following a significant data breach. |
|
|
1/13/2025 |
The Attorney General's office highlighted how existing state consumer protection laws apply to companies’ use of AI. |
|
|
1/15/2025 |
The Department of Financial Protection and Innovation (DFPI) reached a $17m multi-state settlement with Edward Jones over supervisory failures. |
|
|
1/15/2025 |
The Department of Financial Protection and Innovation (DFPI) reached a $80m multi-state settlement with Block over Bank Secrecy Act (BSA) and anti-money laundering (AML) violations. |
|
|
4/4/2025 |
Proposed Department of Financial Protection and Innovation (DFPI) regulations would clarify existing licensing requirements and identify when digital asset activity may qualify for money transmission exemptions. |
|
|
4/28/2025 |
Department of Financial Protection and Innovation (DFPI) reached a $106m multi-state settlement with Vanguard over tax and investor remediation failures. |
|
How New York Has Stepped Up |
Date |
Summary |
|
5/30/2024 |
The Department of Financial Services (DFS) issued guidance directing regulated virtual currency businesses to maintain and implement effective policies and procedures to promptly address customer service requests and complaints. |
|
|
10/16/2024 |
The Department of Financial Services (DFS) issued guidance assisting regulated financial institutions in mitigating cybersecurity risks stemming from AI, such as theft of nonpublic information and third-party vulnerabilities. |
|
|
12/24/2024 |
S 2659B amended existing data breach laws by mandating that businesses notify affected individuals within 30 days of a breach, as well as expanding the list of entities that must be informed of a breach impacting state residents to include regulated financial institutions. |
|
|
1/8/2025 |
A 117 was introduced, and if passed would require banks to report annually on the amount of revenue earned from overdraft fees, prohibit banks from imposing overdraft fees during a ten-day grace period, and generally regulate the imposition of overdraft and non-sufficient funds (NSF) fees. |
|
|
1/8/2025 |
S 363 passed the Senate, if enacted would require clear and conspicuous pricing practices regarding junk fees, and would eliminate hidden junk fees by requiring sellers to display the total price of a good or service, inclusive of all mandatory fees. |
|
|
1/8/2025 |
A 773 was introduced, if passed, would restrict the use of AI tools by banks regarding their lending decisions, as well as allowing loan applicants to consent to or opt out of the use of such tools. |
|
|
1/8/2025 |
A 768 was introduced, if passed, would prevent AI from perpetuating discrimination against protected classes by requiring AI systems to comply with numerous consumer safeguards. |
|
|
1/14/2025 |
Governor Hochul proposed several new laws surrounding buy now, pay later (BNPL) and algorithmic price discrimination, among others. |
|
|
1/22/2025 |
Proposed Department of Financial Services (DFS) regulations would eliminate exploitative and deceptive banking fees, limit overdraft and non-sufficient funds (NSF) fees, strengthen customer communications, and implement stricter transaction processing requirements. |
|
|
1/23/2025 |
The Department of Financial Services (DFS) reached a $2m settlement with PayPal over deficient cybersecurity practices. |
|
|
2/12/2025 |
S 4728 would establish the New York State Cryptocurrency and Blockchain Study Task Force. |
|
|
4/10/2025 |
The Department of Financial Services (DFS) reached a $40m settlement with Block over Bank Secrecy Act (BSA) and anti-money laundering (AML) violations. |
|
|
6/19/2025 |
The Attorney General's office introduced legislation that would expand state consumer protection laws to address, among other things, predatory lending and hidden fees, as well as granting the Attorney General greater authority to penalize businesses engaging in harmful practices. Passed the House in June 2025. |
|
How Massachusetts Has Stepped Up |
Date |
Summary |
|
2/14/2024 |
Governor Healey signed an executive order establishing the Massachusetts Artificial Intelligence Strategic Task Force. |
|
|
4/16/2024 |
The Attorney General's office highlighted how existing state consumer protection laws apply to companies’ use of AI. |
|
|
1/2/2025 |
H 4840 required domestic payment apps to obtain a money transmitter license and comply with corresponding state regulations, including relevant consumer protection measures. |
|
|
1/8/2025 |
The Division of Banks (DOB) reached a $20m multi-state settlement with Bayview Asset Management over deficient cybersecurity practices and non-cooperation following a significant data breach. |
|
|
1/15/2025 |
The Division of Banks (DOB) reached a $80m multi-state settlement with Block over Bank Secrecy Act (BSA) and anti-money laundering (AML) violations. |
|
|
2/27/2025 |
H 88 would establish a special commission on cryptocurrency and blockchain technology. |
|
|
2/27/2025 |
H 94 would impose requirements on AI systems to ensure accountability, transparency, and broader consumer protection. |
|
|
2/27/2025 |
H 78 would create a comprehensive state consumer data privacy law. |
|
|
3/3/2025 |
The Attorney General's office issued regulations prohibiting businesses from charging junk fees and engaging in other deceptive billing practices. Comes into effect September 2, 2025. |
|
How States Are Stepping Up Together |
Date |
Summary |
|
2/13/2025 |
A multi-state coalition of attorneys general argued that the Department of Government Efficiency (DOGE) and many of its actions are unconstitutional. |
|
|
2/20/2025 |
A multi-state coalition of attorneys general argued in Baltimore v CFPB that efforts to dismantle the CFPB could prevent consumers from reporting issues of fraud or deception, and that reduced oversight of large financial institutions would further harm consumers. |
|
|
2/21/2025 |
A multi-state coalition of attorneys general argued in National Treasury Employees Union v Russell Vought that efforts to dismantle the Consumer Financial Protection Bureau (CFPB) could prevent consumers from reporting issues of fraud or deception, and that reduced oversight of large financial institutions would further harm consumers. |
|
|
4/9/2025 |
A multi-state coalition of attorneys general urged Congress against overturning the final rule on overdraft fee limits promulgated by the CFPB. |
|
|
Coalition of Regulators' Comment Letter on CFPB Restitution Delays |
5/6/2025 |
A coalition of state regulators urged the CFPB to process delayed victim restitution payments, which were allocated in 2024 after an enforcement action against Prehired, LLC for predatory sales practices. |
