How should financial institutions respond to the federal compliance pullback?

Since the current administration took office in January 2025, federal regulators have pulled back on their oversight of financial institutions, with leaders at the CFPB, in particular, taking a notably different tone from their predecessors.

This has left financial institution leaders wondering whether they can take a cue from Washington and soften their regulatory compliance efforts — with 63% of banking executives and 62% of credit union leaders surveyed by Wipfli reporting that the regulatory environment plays a large role in their overall strategy.

Given the cost and effort involved with maintaining compliance, you may find it tempting to consider pulling back. However, this could be short-sighted. Keep reading to learn why, plus how your institution can adapt to meet the compliance challenges and opportunities of today.

Less oversight doesn’t mean financial institutions should loosen compliance standards

CEOs and CFOs at financial institutions are facing substantial confusion over how to approach compliance. This is largely because oversight expectations are no longer as clear as they used to be.

In recent months, federal officials at the CFPB have rolled back certain regulations. The CFPB has also withdrawn guidance it had previously provided to financial institutions, with the agency pulling 67 guidance documents in May of 2025.

However, it is important to understand that these changes reflect a shift in enforcement priorities, not the law.

Consumer protection, fair lending and UDAP laws remain in effect for financial institutions

Federal fair lending, unfair or deceptive acts or practices (UDAP) and other consumer protection laws remain active. From a legal perspective, little has changed for financial institutions on the compliance front:

• Financial institutions remain accountable to fair lending requirements established under laws like the Equal Credit Opportunity Act (ECOA) or the Fair Housing Act (FHA).
• Likewise, UDAP protections under the FTC’s Consumer Protection Act are still in place.
• And the alphabet soup of consumer protection laws has not been rescinded or rewritten.

What this means is that any pullback in oversight is only a matter of government policy. And as quickly as policies can change, they can also change back.

Today’s enforcement standards may not be tomorrow’s

Just because financial institutions are currently operating in a deregulatory environment doesn’t mean you should change your internal compliance standards. Instead, approach regulatory compliance as a risk management initiative.

The most important thing to understand here is that future administrations may take a different view of regulatory compliance than the current administration does. Because examinations are backward-looking, you’ll need to be able to account for your actions now to regulators and examiners in the future.

What might you need to show during an exam in 2029, for example?

Other oversight and enforcement mechanisms still exist

You should also be aware that regulators at other agencies — like the FRB, OCC, FDIC and NCUA — have not loosened oversight to the same extent as the CFPB. Within the CFPB, there are also likely discrepancies in how individual examiners may choose to interpret compliance standards in the absence of clearer guidance.

Financial institutions also remain as exposed as ever to non-federal enforcement mechanisms, including class-action lawsuits filed under consumer protection, UDAP or fair lending laws. And finally, many of these laws are simply the right thing to do from a moral and ethical perspective, as well as to meet the expectations of your customers or members.

How should financial institutions manage risk and regulatory compliance in 2026?

The current regulatory pullback does offer financial institutions an opportunity to level set. 2026 is a good year to evaluate your current compliance management system (CMS), consider your risks and design a compliance strategy that will protect your institution both now and tomorrow.

1. Maintain a robust CMS

Your CMS will help your financial institution maintain compliance standards and satisfy regulators during exams. An effective CMS has five key components:

• Board and management oversight: Your CEO, CFO and your board need to champion compliance from a high level, dedicating sufficient resources to maintain a compliance process that is consistent with your institution’s size, complexity and overall risk profile. Equally as important: Walk the talk when it comes to compliance with regulatory expectations.
• Robust training: All members of your team need compliance training, based on their roles and responsibilities.
• Clear policies and procedures: Your institution should have clear compliance policies and procedures to guide team members in how to carry out business objectives while complying with regulations.
• Monitoring and auditing: You should regularly perform internal or third-party testing of your compliance efforts to prepare for official oversight and help ensure you are meeting standards.
• Consumer complaints process: Consumers need to be able to file complaints or appeals if they believe they have been wrongly denied access to your products or services, or treated unfairly, in violation of consumer protection, fair lending or UDAP laws.A robust complaint management process ensures that you can address issues timely and identify any potentially problematic trends.

2. Embrace a risk management-based approach to compliance

Embracing a risk-based approach is essential to protecting your institution’s short and long-term interests in any regulatory environment. This starts with your board and senior management discussing the current regulatory environment and deciding how to handle it from a risk management perspective.

Take the time to understand the risk environment at the industry level. Look at what other institutions are doing to get a better sense of how your peers are tackling this moment.

Then assess your own risk tolerance. Within your institution, there should be frank conversations about how your actions today will be scrutinized tomorrow. You should also earnestly consider your own corporate mission and values, as well as the fact that institutions that have a stronger CMS  also generally rate higher on organizational safety and soundness.

Don’t allow your CMS to slip just because it may not appear that regulatory scrutiny is turned up as high as usual.

3. Leverage advisory support

Your internal compliance team knows the inherent compliance risks of your institution, but may not have the bandwidth to keep up with the latest changes in such a fast-evolving policy environment.

Consider leveraging an outside advisor to help supplement the gaps in your institutional capacities, including by helping your team understand the broader regulatory landscape, assessing any gaps in your current CMS and helping support you in making changes when needed to protect your institution’s long-term well-being.

Look for an advisor that combines a deep understanding of risk management, regulatory compliance, government policy and the specific needs of financial institutions.

What are the benefits of a risk management-based compliance strategy for financial institutions?

By maintaining your compliance standards even in a deregulatory moment, you will strengthen your organization as a whole. Here are four key advantages to this risk-based compliance approach:

• Future-proof your organization: If a new administration takes a different attitude towards oversight, you won’t have to scramble to catch up or face penalties for past compliance failures identified during an examination.
• Avoid legal ramifications: Institutional compliance isn’t only enforced by regulators, but also through alternative mechanisms such as consumer lawsuits. By maintaining standards, you protect your institution from litigation or civil penalties under existing regulations, including fair lending and UDAP laws.
• Stay open to M&A opportunities: Future regulators will also be more likely to bless an M&A opportunity if your institution demonstrates a strong CMS focused on consumer protections.
• Protect your reputation: For financial institutions, reputation remains important. Institutions that continue to serve the best interests of their customers or members will maintain the goodwill of their communities.

Learn more about how financial institutions are adapting to meet today’s challenges

How are your fellow financial institution leaders meeting the challenges of today? Wipfli surveyed 345 executives at banks and credit unions to find out how leaders are approaching growth, technology, risk and more:

Read the 2026 banking industry report

Read the 2026 credit union industry report

How Wipfli can help

We help financial institutions to manage risk and maintain compliance. Let’s talk about how we can position you to meet compliance standards and protect your customers or members, now and tomorrow. Start a conversation.

Let’s strengthen your institution’s compliance

Read more

• Is your institution ready for COPPA’s 2026 changes to better protect children’s online privacy?
• Financial institutions must strengthen compliance in this deregulatory era
• A new banking executive order affects financial institutions