Fintech 5 Newsletter - March 2026

1) CFPB Issues Advisory Opinion on Earned Wage Access Services

While no longer breaking news, on December 23, 2025, the Consumer Financial Protection Bureau (“CFPB”) issued an advisory opinion clarifying that certain qualified earned wage access (“EWA”) services (“Covered EWA”) do not constitute “credit” under the Truth in Lending Act (“TILA”) and Regulation Z.  The CFPB concluded that Covered EWA transactions that meet the following criteria fall outside the scope of Regulation Z’s: (1) the amount advanced does not exceed the cash value of accrued wages; (2)  the transaction uses a payroll-based repayment mechanisms; (3) the provider gives a clear and conspicuous disclosure that the provider has no claim against the worker and will not engage in any debt collection activities; and (4) the provider will not assess credit risk.  The opinion also states that, irrespective of whether an EWA product constitutes credit, optional expedited delivery fees and voluntary tips associated with these services are not “finance charges” when workers can obtain funds without paying them.  The CFPB was also careful to note that it was not opining on EWA products that fell outside the scope of the opinion, but offered that many such products were likely not subject to TILA in light of its interpretation of finance charges and because EWA in general is not repayable in more than four installments. In conjunction with this advisory opinion, the CFPB formally withdrew its July 2024 proposed interpretative rule that would have treated many EWA products as credit.  The clarifications provided by the advisory opinion regarding which EWA transactions are explicitly exempt from Regulation Z and what constitutes a finance charge, may help reduce compliance and legal burdens for EWA providers.

What is new are the preliminary reactions to the advisory opinion by courts who have grappled with motions to compel arbitration or motions to dismiss in the current spate of class actions targeting the sector. While acknowledging the CFPB’s position, they have raised questions as to what retroactive effect it may have on already-filed suits and thus far declined to address the issue or allowed it to affect the outcome of these early motions. See, e.g., Moss v. Cleo AI Inc., No. C25-879-MLP, 2025 U.S. Dist. LEXIS 174845 (W.D. Wash. Sept. 8, 2025); Golubiewski v. Activehours, Inc., No. 22-CV-02078, 2025 U.S. Dist. LEXIS 167308 (M.D. Pa.  Aug. 28, 2025); Johnson v. Activehours, Inc., No. 1:24-cv-02283-JRR, 2025 U.S. Dist. LEXIS 152809 (D. Md. Aug. 8, 2025); Orubo v. Activehours, Inc., 780 F. Supp. 3d 927 (N.D. Cal. 2025)

2) Michigan Financial Regulator Issues AI Compliance Guidance

On January 14, the Michigan Department of Insurance and Financial Services (“DIFS”) issued a bulletin reminding banks and other Michigan-licensed financial service providers, including lenders, installment sellers, installment sales finance companies, debt management companies, and deferred presentment companies  that the use of artificial intelligence must comply with existing consumer protection, anti-discrimination, and risk management requirements. The bulletin broadly defines AI (with Machine Learning as a subset) as computer science that uses data processing systems that perform functions normally associated with human intelligence, such as reasoning, learning, and self-improvement, or the capability of a device to perform similar functions. The DIFS highlighted the need for robust governance frameworks, including board and senior management oversight, documentation of AI development and deployment processes, and ongoing monitoring for bias or discriminatory outcomes. The bulletin further notes that examiners may request information regarding an institution’s development, acquisition, and use of AI systems during supervisory examinations or investigations. Fintech companies that are licensed financial service providers in Michigan should closely review the expectations outlined by the DIFS and be prepared to demonstrate compliance. Companies that are not Michigan-licensed, should treat this bulletin as a bellwether regarding evolving regulatory expectations and consider implementing AI governance and risk management frameworks even in the absence of AI-specific statutory requirements.

3)  Nationwide Focus on AI Policy Framework Development

State and federal policymakers are increasingly emphasizing the need for governance frameworks for AI technologies as their use expands across industries. In late 2025, the Attorneys General of North Carolina and Utah announced the creation of a nationwide bipartisan task force focused on identifying emerging risks associated with AI technologies and developing safeguards to protect the public. The task force, which will work with technology companies and other stakeholders, aims to help state attorneys generals develop safeguards for AI developers, track developments, and coordinate timely responses as new AI issues emerge. Approximately one month later, the White House issued an executive order titled “Ensuring a National Policy Framework for Artificial Intelligence,” with the policy goal of ensuring a “minimally burdensome national policy framework” intended to support innovation. In part, the executive order established an AI Litigation Task Force to challenge State AI laws that may be inconsistent with its stated policy goal. Together, these developments reflect a growing focus by both federal and state policymakers on regulating AI technologies while balancing innovation. Fintech companies deploying AI in areas such as lending, payments, and fraud detection should anticipate continued scrutiny of AI governance, transparency, and compliance practices as regulatory approaches evolve. In light of the universal and evolving focus on AI regulation, fintech companies should evaluate whether their internal AI governance framework algin with emerging regulatory expectations and recognized standards, such as the NIST AI Risk Management Framework.

4) Regulators Increase Scrutiny of Buy Now, Pay Later and Similar Products

Regulators at both the state regulatory and enforcement levels have recently intensified scrutiny of Buy Now, Pay Later (“BNPL”) products. In March 2026, the New York Department of Financial Services (“NYDFS”) proposed comprehensive regulations implementing the state’s BNPL law that would establish a licensing and supervisory framework for BNPL providers operating in New York. The proposed rules would require BNPL providers to register with the state and comply with a number of consumer protection measures, including disclosure requirements, limits on certain fees, dispute resolution standards, and data privacy protections. The proposal would also require lenders to disclose whether BNPL loans will be reported to credit reporting agencies.

Previously in 2025, a coalition of seven state attorneys generals launched a multistate inquiry into major BNPL providers, seeking information regarding their pricing structure, repayment practices, consumer contracts, and disclosures. These developments reflect a growing state-level interest in regulating the rapidly expanding BNPL market, particularly as states consider how to address potential regulatory gaps and evaluate the consumer protection implications of these financing arrangements. Fintech companies offering products similar in structure or purpose should evaluate whether they fall into New York’s proposed regulations or have products sufficiently similar to those offered by companies subject to the multi-state investigation to consider the potential impacts to strategy. Compliance functions should also monitor these developments closely and assess whether their compliance programs, disclosures, and consumer protection practices align with emerging regulatory expectations.

5) Federal Court Blocks CFPB Open Banking Rule Pending New Rulemaking

On October 29, 2025, a federal judge in the U.S. District Court for the Eastern District of Kentucky issued a preliminary injunction blocking enforcement of the Consumer Financial Protection Bureau’s Personal Financial Data Rights Rule, commonly referred to as the open banking rule, while the agency revisits the regulation through a new rulemaking process.  The rule, finalized in 2024 under Section 1033 of the Dodd-Frank Act, would have required financial institutions with more than $850 million in assets to provide access to certain consumers data upon receiving a request from an authorized third party.  The court’s order pauses enforcement until the CFPB completes its reconsideration of the rule, which began back in August 2025.  The timeline remains uncertain as the CFPB reviews thousands of public comments submitted after issuing an advance notice of proposed rulemaking in August.  Banking groups that challenged the rule welcomed the decision, citing compliance and operational concerns, while fintech organizations criticized the injunction, arguing that delays to the rule could slow the development of open banking services and consumer data portability.

This article is for general information purposes and is not intended to be and should not be taken as legal advice.

‍ ‍

Download a PDF copy of our monthly Fintech 5 Newsletter here.

Questions?

If you’d like to discuss any of these issues or have any questions, please reach out to Partner and head of the Fintech group, Chris Napier.

SIGN UP FOR UPDATES

Never miss our news, insights or events.

FEATURED NEWS