On December 19, 2025, New York Governor Hochul signed the Fostering Affordability and Integrity Through Reasonable (“FAIR”) Business Practices Act. The FAIR Business Practices Act adds prohibitions against “unfair” and “abusive” acts or practices to the state attorney general’s arsenal, which otherwise expressly addressed only such acts or practices that are “deceptive.”

The state Attorney General Letitia James’ office advanced the legislation last summer, proclaiming that it is necessary to protect consumers from a wide array of harms, including deed theft, junk fees, hard-to-cancel subscriptions, data breaches, and other unfair, deceptive, or abusive practices (“UDAAPs”). Attorney General James described the legislation as a direct response to the federal government’s “retreat” from protecting consumers. The legislation’s statement of purpose provides that prohibiting only deceptive business acts and practices has proven insufficient to protect the state’s residents and economy. It also refers to court-imposed limits on the attorney general’s enforcement authority based on a strict reading of the current law.

The New York FAIR Business Practices Act broadly provides that unfair, deceptive, or abusive acts or practices in the conduct of any business, trade or commerce or in the furnishing of any service in the state are unlawful. The Act adopts standards that the Consumer Financial Protection Bureau (“CFPB”) previously established for what constitutes unfairness and abusiveness. Then the Act clarifies that the attorney general may bring an action or proceeding to enjoin any UDAAPs committed by any individual, firm, corporation, company, partnership, or association, or agent or employee of such a person, that is conducting any business in the state. The Act emphasizes that a UDAAP is actionable regardless of whether it is “consumer-oriented,” reportedly to ensure the protections extend to businesses and nonprofit organizations as well as individuals. The Act even strikes the word “consumer” from the heading of the statutory article. The Act becomes effective on February 17, 2026.

Conventional wisdom holds that as the federal CFPB under the Trump administration sets narrower enforcement priorities, state regulators will fill that gap. Pennsylvania and California, among others, have prioritized consumer financial protection in 2025. We have definitely seen New York State continue certain enforcement efforts that the CFPB has dropped. The New York FAIR Business Practices Act indicates that the state is prepared to fill any perceived consumer protection vacuum.

Litigation involving Colorado’s opt-out from the interest exportation provisions of the Depository Institutions Deregulation and Monetary Control Act of 1980 (DIDMCA) has taken an adverse turn for the financial services industry. On November 10, the United States Court of Appeals for the Tenth Circuit issued a ruling reversing a preliminary injunction imposed by the United States District Court for the District of Colorado in June 2024 that prevented enforcement of Colorado’s usury restrictions against parties to the litigation, including any members of various industry association parties—the National Association of Industrial Bankers, American Financial Services Association and American Fintech Council—with respect to loans in which the lender was not located, for interest exportation purposes, in Colorado. Subject to further proceedings, the Tenth Circuit’s ruling re-opens the door for loans originated by state-chartered banks and similar financial institutions to be subject to Colorado usury restrictions when either: (i) the borrower is located in the state; or (ii) subject to certain exceptions, the lender is located in the state, regardless of the location of the borrower. The ruling will become effective, if at all, only after issuance of the Tenth Circuit mandate, which may be stayed pending further appellate proceedings as discussed below.

As addressed in our prior discussion of the Colorado DIDMCA opt-out and related litigation, DIDMCA provides the basis, under federal banking law, for state-chartered, FDIC-insured banks and certain similar financial institutions to “export” the interest-related requirements of their home or, in certain cases, branch office (host) states when lending elsewhere. Both national banks and state-chartered banks have such authority, but DIDMCA conditions state-chartered banks’ authority on the ability of individual states to opt out of the interest exportation regime under 12 U.S.C. § 1831d. Iowa and Puerto Rico have had longstanding opt-outs; certain other states initially opted out but later repealed such opt-outs; and Colorado enacted an opt-out that would have become effective July 1, 2024 but for litigation by industry participants that resulted in the June 2024 preliminary injunction. 

Continue Reading DIDMCA Opt-Out Update — Tenth Circuit Reverses Colorado Preliminary Injunction

Around Christmas 2024, the Ohio Division of Financial Institutions (“DFI”) left a lump of coal in marketplace consumer lenders’ proverbial stockings by issuing guidance that asserted a license under the Ohio Small Loan Act (“SLA”) was required to arrange consumer loans of $5,000 or less in exchange for compensation—even if those loans were issued by federally insured banks pursuant to their authority under federal banking law. Expanded guidance and FAQs issued in January 2025 further supported DFI’s position that a license would be required for many parties engaged in arranging or brokering Ohio loans. Combined, the issuances left some market participants—particularly those operating under bank partnership models—scrambling to determine whether their programs were subject to the SLA under the DFI’s new position, whether to apply for a license, and whether obtaining a license would then impose material substantive limitations on affected lending programs.

In a positive development for consumer lending platforms (among other industry participants), the DFI appears to have withdrawn the 2024 guidance, albeit subject to the regulator’s ongoing consideration of underlying issues.

As of October 31, 2025, the DFI has updated its guidance on the application of the SLA to bank partnerships, reversing course from its earlier interpretation of the statute. The updated guidance states that the DFI will not require any non-bank entity that is compensated for arranging bank loans in any amount to obtain a license under the SLA or to otherwise engage in such activity.  Critically, the guidance also provides that the DFI does not intend to pursue enforcement action against any entity for engaging in such activity in calendar year 2025 without a valid license (whether or not such entity pursued a license application following the December 2024 and January 2025 guidance issuances).

Continue Reading Ohio Walks Back Prior Small Loan Act Guidance, Eases Licensing Position for Bank Partnerships

On October 1, 2025, the interagency final rule implementing quality control standards for automated valuation models (“AVMs”) became effective. The rule requires the adoption and maintenance of policies, practices, procedures, and control systems for the use of AVMs by mortgage originators in making credit decisions, and by secondary market issuers that use AVMs in certain securitization determinations. The requirements apply not just to consumer-purpose transactions, but to business-purpose transactions secured by a principal dwelling. Read about it in Mayer Brown’s Legal Update.

The new California Combating Auto Retail Scams (CARS) Act, which Governor Newsom signed on October 7, 2025, mirrors the thwarted efforts of the Federal Trade Commission (“FTC”) to address concerns about unfair or deceptive acts or practices among motor vehicle dealers. The California CARS Act will become effective on October 1, 2026, and will prohibit dealers from making misrepresentations about the costs or terms of purchasing, financing, or leasing a vehicle, or about any costs, limitation, benefit, or other aspect of any add-on product or service.

Applicability

The California CARS Act will constitute a new title within the state’s Civil Code[1] and will apply generally to motor vehicle dealers in the state. However, the new protections will not apply to “commercial purchasers” of vehicles, meaning those that purchase five or more vehicles from the dealer per year for use primarily for business or commercial purposes. They also will not apply to vehicles with a gross vehicle weight rating of 10,000 pounds or more.

Total Price

One of the key aspects of the California CARS Act (as with the FTC’s fallen CARS Rule) is the requirement to disclose the “total price.” Specifically, the Act will require dealers to disclose, clearly and conspicuously in connection with the sale or financing of a vehicle, the vehicle’s total price. That total price includes the total sales price of the vehicle, excluding taxes, fees, and charges; any dealer price adjustment; and the cost of any item installed on the vehicle at the time of the advertisement or communication. It does not include any deduction for a rebate. The total price must be included in any advertisement of a specific vehicle for sale, or that represents any monetary amount or financing term for a specific vehicle. In addition, the total price must be included in the first written communication with a consumer about a specific vehicle, such as the dealer’s first response to a consumer regarding the vehicle. The total price disclosure requirement does not, however, apply to used vehicles sold at auctions.

Other Disclosures

In addition to the disclosure of the total price of specific vehicles in advertisements and communications, dealers must disclose in any written representation during a negotiation to purchase or lease a specific vehicle that any add-on products or services the dealer mentions are not required. The disclosure must be clear and conspicuous and in writing. If the negotiation is taking place primarily in Spanish, Chinese, Tagalog, Vietnamese, or Korean, the disclosure that the consumer may purchase or lease the vehicle without the add-on product or service must also be provided in that language.

When making any written representation about the amount of monthly payments to purchase or lease a specific vehicle, the dealer must disclose in writing the amount the consumer will pay after making all those monthly payments. If the dealer makes written comparisons between payment options that include lower monthly payments, the dealer must explain that those lower payments often increase the total amount the consumer will pay.

Continue Reading New California CARS Act

On October 2, 2025, HUD, through FHA and Ginnie Mae, issued a Request for Information (RFI) seeking public input on the current and future roles of the Home Equity Conversion Mortgage (HECM) and HECM Mortgage-Backed Securities (HMBS) programs.  Stakeholders are invited to comment by December 1, 2025 (Docket No. FR-6551-N-01) via regulations.gov or mail.  Federal Register :: Future of the HECM and HMBS Programs and Opportunities for Innovation in Accessing Home Equity

The RFI spotlights several priority areas: program performance and emerging risks to FHA’s Mutual Mortgage Insurance Fund and Ginnie Mae; identifying the reasons behind declining consumer demand despite rising senior home equity; borrower understanding and safeguards; and barriers to lender participation.  On HMBS, HUD and Ginnie Mae are probing investor demand, issuance volumes, and structural features that could improve issuer operations and liquidity.  Potential HECM program changes under consideration include updates to servicing tools, HECM refinance policies (e.g., net benefit test), use of note sales, Life Expectancy Set Asides (including possible mandates), underwriting/financial assessment refinements, asset resolution and claim processes, monitoring for deferred maintenance, and whether statutory or administrative adjustments—such as renewed interest in HECM Lender Insurance—are warranted. Notably absent from the RFI is any mention of Ginnie Mae’s preliminary “HMBS 2.0” term sheet published in November 2024, which had outlined a proposed HMBS program featuring broader eligibility for pooling active and nonactive HECM buyouts.

For lenders, servicers, issuers, investors, and consumer advocates, this is an opportunity to potentially shape reverse mortgage policy and improve secondary market liquidity.  We encourage clients and partners to assess how potential changes to HECMs and HMBS may affect origination economics, pipeline execution, servicing timelines, regulatory compliance obligations and risk management, and to consider submitting data-driven input responsive to HUD’s questions.

The Securities and Exchange Commission (SEC) has published a concept release inviting public comment on potential reforms to disclosure requirements for residential mortgage-backed securities (RMBS) in the registered asset-backed securities (ABS) market. The initiative aims to address longstanding concerns that current rules, particularly those under Item 1125 of Regulation AB, have stifled public issuance of private-label RMBS by imposing overly burdensome asset-level data requirements (including providing protected private information) as well as whether the public disclosure framework of Regulation AB prevents dissemination of important borrower-level information to investors. The SEC is also considering whether to harmonize the definition of “asset-backed security” in Regulation AB with the broader Securities Exchange Act of 1934 (Exchange Act) definition.

For more, check out this Mayer Brown client alert, authored by James J. Antonopoulos, Amanda L. Baker, Julie A. Gillespie, Haukur Gudmundsson, Paul A. Jorissen, Brian L. Kuhl, Michelle M. Stasny, Angela M. Ulum, and Tameem A. Zainulbhai

Illinois continues to move forward in regulating “shared appreciation agreements.” On August 15, 2025, the Illinois Department of Financial and Professional Regulation proposed regulations implementing the Residential Mortgage License Act of 1987 to govern “shared appreciation agreements.” The term “shared appreciation agreements” is generally interpreted to include products commonly known as home equity contracts,” “home equity investments,” or “home equity agreements. The proposed regulations provide originators of these products with a roadmap for compliance with the Residential Mortgage License Act. Please read our Legal Update for a full discussion these proposed regulations.

While federal regulatory agencies retreat from enforcing disparate impact discrimination, at least one state agency has stepped forward. Massachusetts Attorney General Andrea Joy Campbell announced on July 10, 2025 a settlement with a student loan company, resolving allegations that the company’s artificial intelligence (“AI”) underwriting models resulted in unlawful disparate impact based on race and immigration status.

The disparate impact theory of discrimination in the lending context has been controversial. It has been 10 years since the Supreme Court held in Inclusive Communities that disparate impact is available under the Fair Housing Act if a plaintiff points to a policy or policies of the defendant that caused the disparity. In the fair lending context, then, disparate impact applies to mortgage loans. However, for other types of consumer credit – like auto loans or student loans – a plaintiff or government enforcer claiming discrimination would need to rely on the Equal Credit Opportunity Act (“ECOA”). While ECOA prohibits discrimination against an applicant with respect to any aspect of a credit transaction, there has been much debate over whether it applies to discrimination in the form of disparate impact. The federal government for years relied heavily on ECOA to bring credit discrimination actions. The Biden Administration pursued a vigorous redlining initiative against mortgage lenders. The government used the vast amount of data obtained under the Home Mortgage Disclosure Act (“HMDA”) and compared the activities of various lenders within a geographic area to determine whether a lender was significantly lagging its peers in making loans to certain protected groups. The government then looked to the lender’s branch locations, advertising strategies, the racial/ethnic make-up of its loan officers, and other factors to assert that the lender had discouraged loan applicants from protected classes. Through that redlining initiative, the government settled dozens of cases, resulting in well over $100 million in payments.

HMDA data provides extensive, if imperfect, demographic data on mortgage lending activities and has been key to building claims of lending discrimination, particularly disparate impact. However, that level of data is not generally available for other types of lending, like student loans. Without such data, the Office of the Massachusetts Attorney General (“OAG”) in this case reviewed the lender’s algorithmic rules, its use of judgmental discretion in the loan approval process, and internal communications, which the Attorney General described as exhibiting bias.

Disparate Impact Based on Race, National Origin

In that review, the OAG looked back to the scoring model the lender used prior to 2017, which relied in part on a Cohort Default Rate – the average rate of loan defaults associated with specific higher education institutions. The OAG asserted that use of that factor in its underwriting model resulted in disparate impact in approval rates and loan terms, disfavoring Black and Hispanic applicants in violation of ECOA and the state’s prohibition against unfair or deceptive acts or practices (“UDAP”). The public settlement order did not provide the level of statistical disparities. In addition, until 2023, the OAG asserted that the lender also included immigration status in its algorithm, knocking out applicants who lacked a green card. That factor “created a risk of a disparate outcome against applicants on the basis of national origin,” and as such violated ECOA and UDAP according to the OAG. The settlement order prohibits the lender from using the Cohort Default Rate or the knock-out rule for applicants without a green card (although it appears the lender had discontinued those considerations years ago).

Continue Reading Massachusetts AG Settles Fair Lending Action Based Upon AI Underwriting Model

On June 30, California Governor Newsom signed Assembly Bill No. 130 (“AB130” or the “Bill”). Effective immediately, the Bill added a new section to the California Civil Code to codify that certain actions constitute unlawful practices when taken by a “mortgage servicer” in connection with a subordinate mortgage. The Bill also adds a number of certification and disclosure requirements that mortgage servicers must adhere to in connection with nonjudicial foreclosures of subordinate mortgage loans.  

At the outset, it is important to note that the Bill defines the term “mortgage servicer” broadly to include the current mortgage servicer and any prior mortgage servicers. Thus, the Bills’ requirements—including certifications that a mortgage servicer is required to record in connection with certain foreclosures—cover the activities of both the current servicer of a subordinate mortgage and any prior servicer of that mortgage.

Unlawful Practices for Subordinate Mortgages

Under the newly created Section 2924.13, a “subordinate mortgage” is defined to include a security instrument in residential real property that was, at the time it was recorded, subordinate to another security interest encumbering the same residential real property. The new section does not distinguish between loans for a consumer or business purpose. Pursuant to the new section, the following conduct constitutes an unlawful practice in connection with a subordinate mortgage:

Continue Reading California Enacts Servicing Requirements for Subordinate Residential Mortgages