Bank regulatory exams this year likely could be very different in both tone and content, though the most critical issues will still be scrutinized.
“The transition to new leadership in Washington has brought a shift in focus for how community banks can expect to be supervised and how this will manifest in the normal course of routine examination,” says Thomas Grundy, senior director of U.S. Advisory Services for Minneapolis-based Wolters Kluwer Compliance Solutions.
Most notably, the Consumer Financial Protection Bureau (CFPB) has withdrawn almost all guidance, bulletins, circulars and advisory opinions, resulting in minimal supervision or direction from them, says Melissa Blaser, a partner at national accounting and consulting firm Wipfli LLC.
How this will affect prudential regulators remains to be seen, Blaser says. The focus will likely be on basic consumer federal regulations, fair lending and the Community Reinvestment Act.
“The direction from the CFPB and staffing reductions have been staggered and slow, leaving examiners uncertain about their future direction,” she says. “For now, examiners will likely conduct their examinations similarly to previous years until [examiners are trained and] examination manuals are updated to remove any testing that agencies no longer prioritize.”
A change in scope for the CFPB
The CFPB’s reduction in activity and diminished capacity has led to state governments pursuing many issues previously identified by the bureau, Grundy says. In January 2025, the bureau released recommendations to states about ways to update laws and regulations to meet new risks and challenges.
The CFPB’s recommendations cover a broad range of issues, Grundy says, including “junk fees,” abuse of sensitive personal data, and banning “abusive” practices in state law to prevent companies from obscuring product features or exploiting their market power.
Payments and fraud focus
Across other agencies, examiners are increasing their focus on payments modernization and fraud prevention capabilities, says Scott Anchin, ICBA senior vice president of strategic initiatives and policy.
“Banks are increasingly adopting instant payments, so examiners may be interested in the controls being implemented around these rails,” Anchin says. “At the same time, fraud and scams are becoming increasingly complex. Examinations are likely to dive into banks’ prevention, detection and mitigation capabilities.”
In particular, examiners are paying close attention to real-time fraud monitoring capabilities, which are important for stopping fraud in both instant payments and more traditional payment mechanisms like checks. They are also scrutinizing banks’ compliance with Bank Secrecy Act and anti-money laundering laws, which require new approaches in the context of instant payments, Anchin says. Examiners may also be paying attention to any third-party fintech relationships that banks are using to facilitate instant payments or fraud capabilities.
To ensure compliance with safety and soundness regulations, community bankers are investing in fraud detection solutions that can handle real-time decisioning, implementing more robust authentication methods and enhancing staff training on emerging fraud and scam mechanisms, Anchin says. Community banks have also been working to build robust vendor management programs that enable them to effectively oversee third-party relationships.
Risk management during economic volatility
Regulators are stressing the importance of effective credit risk management and ongoing performance analytics, Grundy says. Volatility of economic conditions is driving the focus on how banks are managing the effects of a potential recession and planning for eventual credit defaults.
At the same time, the Trump administration is focusing on what it believes will be an eventual period of significant economic growth—and is mandating that regulations reflect that.
“The regulatory agencies have been tasked with reviewing existing regulations, [regulatory] guidance and manuals with an end goal of ensuring that rules align with a ‘vibrant, growing economy,’” Grundy says.
Newer areas on examiners’ radar
Examiners, Grundy says, are focusing on banks’ cybersecurity risks; controls over third‑party vendors; management of identified vulnerabilities in cloud environments; and whether banks are effectively and appropriately incorporating artificial intelligence (AI) in their day-to-day business activities while controlling for risk related to AI-driven fraud and algorithmic bias.
Some community banks have reported that examiners are focusing on familiar compliance areas, such as the Flood Disaster Protection Act, the Home Mortgage Disclosure Act, Regulation E and overdraft fees for UDAAP/UDAP concerns, Blaser says.
Cutbacks lead to changes in examination quality
“[Some community bankers] have noted that due to the reduction in examiners, examinations are more high level, concentrating on board and management oversight and risk assessments, with minimal detailed testing and interaction with the bank,” Blaser says. “This varies by regulator: The FDIC continues to conduct more transaction testing, while the OCC is more risk-based and focused on compliance management systems.”
She adds that due to regulatory cutbacks in staffing by the Department of Government Efficiency at the direction of the new administration, there will likely be a major change in the frequency—and even the quality—of examinations.
“We are hearing that examination teams are less experienced and [newer examiners are more] eager to find issues [that may not be supported by regulation],” Blaser explains. “Many stories have surfaced about examiners asking strange or unusual questions that reflect their lack of experience.”
For instance, she says, one examiner asked for closing disclosures for commercial real estate loans, which are only required for consumer closed-end mortgage transactions.
With the reduction in the regulatory workforce, she continues, inexperienced examiners lack oversight from more experienced colleagues. This situation has led community banks to try to train the examiners, who may not be willing to reason with the bank.
Uncertain examination cadence
Examiners have informed select banks that compliance examinations may now occur every six years instead of the previous three-year schedule. Some examinations have also been postponed without a new timeline being provided, leaving community banks uncertain about when to prepare for their next examination.
“Compliance officers at community banks are feeling uneasy about the current state of compliance,” Blaser says. “Community banks are continuing to follow their compliance management programs while watching for changes as they occur. We recommend they stay vigilant, [focus on their compliance management systems] and continue to ensure their bank is compliant with all existing laws and regulations.”
Banks will be faced with building new relationships with their regulators due to the reduction in force across the agencies, Grundy says. “On a bank-by-bank basis, particularly for banks that proactively work with regulators, the loss of well-established examiner relationships will take time to rebuild,” he says.
Despite the deregulatory environment, community bankers are largely staying the course on risk and compliance management frameworks, Grundy says. Regulatory change management remains as important during this time as it is during periods of aggressive rulemaking and enforcement activity.
“Time passes quickly, and managing compliance can be a very cyclical process,” he says. “We are seeing that community bankers largely continue to maintain the balance and continuity of their established risk management practices.”
