Last Week, This Morning

April 27, 2026

Below you will find several key developments in the financial services industry, including related developments in information privacy and data security, from the past week. We add an "Amicus Brief(ly)1" comment to each item, where we briefly (see what we did there?) note for friends (and again?) of CounselorLibrary the important takeaways from the developments outlined in the email. Our legal reporters - CARLAW, HouseLaw, InstallmentLaw, PrivacyLaw, and BizFinLaw - provide more comprehensive, real-time updates of federal and state laws, regulations, litigation, and other industry items of interest. For a personal guided tour and free trial of any of these legal reporters, please contact Michael Willer at 614-855-0505 or mwiller@counselorlibrary.com.

FDIC, OCC, and FRB Issue Revised Guidance on Model Risk Management

On April 17, noting that the "[u]se of models within the banking and financial services industries continues to grow in complexity and scope," the Federal Deposit Insurance Corporation, the Office of the Comptroller of the Currency, and the Federal Reserve Board issued revised model risk management guidance, which highlights sound principles for effective model risk management. For purposes of the revised guidance, the term "model" refers to "a complex quantitative method, system, or approach that applies statistical, economic, or financial theories to process input data into quantitative estimates."

According to the FDIC's news release, the revised guidance "clarifies that model risk management should be tailored commensurately to the size, complexity, and model risk profile of a banking organization. To support banking organizations' model risk management practices, the revised guidance highlights sound principles for effective model risk management - in particular, by discussing the factors that influence model risk and the features of effective model development and model use; model validation and monitoring; and governance and controls. The revised guidance also discusses considerations specific to vendor and other third-party products, including validation of these products. The guidance does not set forth enforceable standards or prescriptive requirements, and non-compliance will not result in supervisory criticism."

In connection with the release of this guidance, the FDIC rescinded FIL-22-2017, Adoption of Supervisory Guidance on Model Risk Management, and FIL-27-2021, Bank Secrecy Act: Agencies Address Model Risk Management for Bank Models and Systems Supporting Bank Secrecy Act/Anti-Money Laundering and Office of Foreign Assets Control Compliance.

Amicus Brief(ly): Banks will welcome this updated guidance that allows them to self-direct in the context of model risk management, assessing perceived risks independently and addressing those risks based on their experience and best judgment. This more flexible approach allows banks to determine risk inherent in their use of models in non-uniform ways based on each bank's risk management profile - similar to the CFPB's direction to supervised entities that their compliance management system be designed based on the size and scale of the company. As was the case in the now-rescinded guidance, there is useful material in the updated guidance for banks' model risk management programs that is designed to continue to help banks identify and manage financial and compliance risks introduced by their use of models to suggest outcomes in their core banking functions. But as banks adjust to this new guidance, they'll be watching for the agencies to also adhere to this more flexible guidance in examinations and enforcement, working with the banks to understand their model risk management programs and not holding all banks to a single set of regimented expectations.
Disparate Impact Liability is Not Cognizable Under ECOA

On April 22, the Consumer Financial Protection Bureau issued a final rule that amends provisions of Regulation B, which implements the Equal Credit Opportunity Act. Specifically, the rule amends provisions of Reg. B related to whether disparate impact claims are cognizable under the ECOA, under what circumstances a creditor may be deemed to be making a statement to an applicant or prospective applicant that would discourage, on a prohibited basis, a reasonable person from applying for credit, and under what conditions a creditor may offer special purpose credit programs. The CFPB proposed the rule in November 2025 and has finalized the rule as proposed.

The final rule generally: (1) provides that the ECOA does not authorize disparate impact claims, deletes language in Section 1002.6(a) of Reg. B indicating that disparate impact liability, referred to as the "effects test," may be applicable under the ECOA, and adds language stating that the ECOA does not recognize the "effects test"; (2) amends Section 1002.4(b) of Reg. B's prohibition on discouraging applicants or prospective applicants from applying for credit to clarify that it prohibits statements of intent to discriminate in violation of the ECOA and is not triggered merely by negative consumer impressions and to clarify that encouraging statements by creditors directed at one group of consumers is not prohibited discouragement as to applicants or prospective applicants who were not the intended recipients of the statements; and (3) amends the standards for special purpose credit programs offered by for-profit organizations under Section 701(c)(3) of the ECOA to prevent unlawful discrimination.

The final rule is effective on July 21, 2026.

Amicus Brief(ly): It is no great surprise that the CFPB finalized this rule as proposed. The proposed rule made clear that the CFPB's leadership was not interested in the disparate impact theory of liability, which does not derive from clear evidence of intentional discrimination. There are (unsurprisingly) rumors of at least one lawsuit that will try and slow down this rule's effective date. Ever since the Inclusive Communities case from the U.S. Supreme Court in 2015 specifically allowed disparate impact claims under the Fair Housing Act, industry advocates have pointed out that the FHA includes language that refers to the consequences of the actions of regulated entities and not just to the mindset of actors - but the ECOA does not include similar language notwithstanding its anti-discrimination purpose. So, the challenge to this rule is an uphill climb, but it's a climb advocates appear to be willing to make. In the interim, we have indicia as recently as this morning that there will be increased attention on disparate impact theories from states with ECOA analogs on the books, even if those state laws are not any more express about the disparate impact theory than the ECOA. We will continue to report on these important fair lending developments as they happen.
FHA, Fannie Mae, and Freddie Mac Implement New Credit Scoring Models for Mortgages

On April 22, in an effort to expand access to homeownership and lower mortgage lending costs, "'particularly for creditworthy borrowers who may have been overlooked under older systems,'" the Federal Housing Finance Agency and the Department of Housing and Urban Development announced that the Federal Housing Administration, Fannie Mae, and Freddie Mac are implementing two new credit scoring models for mortgages.

The FHA, Fannie Mae, and Freddie Mac will permit the use of VantageScore 4.0 and FICO Score 10T as eligible credit scoring models for mortgage underwriting. These newer credit scoring models incorporate additional data on consumer creditworthiness, such as rent payment history and trended credit data, which can provide a more complete view of a consumer's creditworthiness and potentially allow more consumers to qualify for mortgages.

These credit scoring updates implement the Credit Score Competition Act of 2018, which directed the FHFA to establish a process for the government-sponsored enterprises to validate and approve alternative credit scoring models.

Amicus Brief(ly): Good for the government agencies here, following the lead of front-line financial services providers in looking for ways to incorporate new kinds of consumer data into credit scoring models as a means to identify creditworthy applicants and to provide more affordable loans to more borrowers. With help from artificial intelligence and machine learning models, credit underwriting and pricing models have been getting increasingly sophisticated at using alternative data to do a better job at identifying good credit risks in consumers whose traditional data (like FICO scores) does not tell the whole story. At a time when mortgage interest rates are still high compared to pre-pandemic interest rates and home prices remain high, homebuyers need a break. This news from the FHA, Fannie Mae, and Freddie Mac is timely and welcome.

South Carolina AG Urges Financial Institutions to Do "Better Job" Detecting Auto Loan Fraud By Small Dealerships

South Carolina Attorney General Alan Wilson recently announced that the South Carolina State Grand Jury returned 125 counts in seven separate indictments alleging that an individual committed nearly $1.4 million in "auto loan scams." Generally, the indictments alleged that the individual used various small dealerships to obtain fraudulent loans from banks for vehicles that were never in the dealerships' or the supposed purchasers' possession. The individual would then allegedly steal the loan proceeds.

According to the AG, "[w]hile accountability for these crimes fundamentally rests on the fraudsters committing them, banking institutions can do a better job of detecting fraud through the loan application process, particularly online. Moreover, more can be done to identify and shut down the various small auto sales dealerships that are used all too often as a mechanism for facilitating millions of dollars of auto loan fraud[.]" The State Grand Jury chief attorney stated that "[i]nstitutions should be more aware that scammers will use small dealerships and VIN information on cars that were never in their possession - much less in South Carolina - to get fraudulent loans[.]"

Amicus Brief(ly): Retired NBA player Vince Carter (known for his exceptional leaping ability) is going to be pretty unhappy when he hears that the attorney general is commandeering one of his best nicknames and calling this investigation "VINsanity." That aside, this South Carolina case turned up allegations of a bold fraud scheme where one fraudster was reportedly responsible for almost $1.4 million in fraudulent deals. The specific details of the fraud case are forthcoming, but the scheme had to be complex to pull off that many fictional transactions, and the indicted fraudster had to have both a sophisticated understanding of vehicle finance underwriting and good contacts at multiple dealerships to pull this off. While we are not a bank or a finance company, this report made us want to revisit the Federal Trade Commission's Red Flags Rule and update a compliance policy.

1 For the unfamiliar, an “Amicus Brief” is a legal brief submitted by an amicus curiae (friend of the court) in a case where the person or organization (the “friend”) submitting the brief is not a party to the case, but is allowed by the court to file the brief to share information or expertise that bears on the issues in the case.