CFPB 2025 Enforcement Lookback

CFPB Enforcement Framework 2026: What Changed, What It Means, and the First Test Case

Brian Reiss Board Chairman and Co-Founder
June 4, 2026 | 10 min read

On May 28, 2026, the CFPB released a coordinated set of updates across its Enforcement section, including its 2025 Enforcement Lookback, Enforcement Principles, Supervision and Enforcement Priorities, and Life Cycle of an Enforcement Action.

Together with the Bureau’s recent Semi-Annual Report, these updates give the clearest view yet of how the CFPB is applying its revised enforcement and supervision framework.

This is not a broad retreat from oversight. It is a narrower, more structured set of priorities, with the enforcement standard itself changed in practical terms.

The Bureau says it closed roughly 40% of pending investigations during 2025. It also dismissed or withdrew from 19 public enforcement actions, terminated or modified 22 pending orders, resolved 7 actions, and had 8 actions still pending at year end.

While the CFPB is clearly pulling back in some areas, it is also telling the market where it still intends to focus.

Timeline

The strategic timeline: this did not happen in one day

The May 28 release was not an isolated update. It followed a longer sequence of CFPB actions that pointed in the same direction: fewer broad investigations, narrower enforcement priorities, more emphasis on measurable consumer harm, and a stronger focus on documentation and remediation.

April 2025

New supervision and enforcement priorities emerge

The Bureau outlined a major shift in supervision and enforcement priorities, including a planned 50% reduction in supervisory exams, a renewed focus on depository institutions, and named priority areas such as FCRA and Regulation V data furnishing violations.

March 2026

Draft 2026–2030 Strategic Plan published

The CFPB released its draft strategic plan for fiscal years 2026 through 2030, framing its next phase around pressing threats to consumers, reduced regulatory burden, and internal governance reform.

April 2026

Fair lending approach narrowed

The Bureau issued Regulation B amendments removing the effects test and stating that ECOA does not recognize disparate-impact liability, while other legal standards outside ECOA remain separate.

May 2026

CFPB blog archived

The Bureau archived its public blog in May 2026, another sign that the agency was changing how it communicates public guidance, updates, and policy signals.

May 28, 2026

Enforcement framework becomes operational

The CFPB published its Enforcement Principles, Supervision and Enforcement Priorities, Life Cycle of an Enforcement Action, and 2025 Enforcement Lookback at the same time, turning the earlier signals into a clearer public framework.

June 2, 2026

The Bilt case shows the framework in action

Five days later, the CFPB described its response to Bilt as an example of its Enforcement Principles in action: direct engagement, consumer redress, documentation, and continued monitoring instead of a prolonged public enforcement action.

Taken together, these events tell a clearer story. The Bureau is not only describing a new approach. It is putting that approach into practice.

Standard

The Enforcement Standard Is Changing

The CFPB’s updated Enforcement Principles represent one of the clearest shifts in how the Bureau now approaches enforcement. The new framework centers on actual consumer harm, due process, collaboration, and efficiency.

For institutions, this does not make the risk go away. It changes what needs to be proven, how quickly issues need to be addressed, and how clearly teams need to document the response.

Principle 1

Actual Consumer Harm

The Bureau says it will focus on real and meaningful consumer harm with identifiable victims, rather than theoretical or speculative harm.

Principle 2

Due Process

Enforcement will rely on clearly established statutory authority, with less emphasis on novel legal theories or expansive interpretations.

Principle 3

Collaboration

The Bureau explicitly encourages self-reporting and says institutions will not be unnecessarily punished for their candor.

Principle 4

Efficiency

The Bureau is prioritizing consumer redress and faster resolution over prolonged litigation where practical remediation is available.

What institutions now need to show

The Bureau has also said it will reduce duplication with states and other federal regulators, and will avoid pursuing enforcement where another regulator is better positioned to act.

If an issue arises, teams need to be able to show:

  • What happened
  • Who was affected
  • Whether there was actual, measurable harm
  • How the issue was identified
  • What corrective action was taken
  • How the investigation and response were documented

That is where process and documentation matter.

Bilt Case

New Approach in Action: The Bilt Case

On June 2, 2026, five days after publishing its updated Enforcement Principles, the CFPB released a case study showing the new framework in practice.

Following Bilt’s transition from Wells Fargo to a new bank partner, Column Bank and Cardless, a limited number of customers incurred overdraft, late, and NSF fees tied to operational issues during the changeover.

Instead of initiating a formal enforcement action, the Bureau engaged directly with Bilt and required full redress. The CFPB described the response as an example of its Enforcement Principles in action.

The outcome

  • Bilt contacted affected customers and offered to reimburse transition-related fees.
  • More than 500 newly identified customers were expected to receive remediation by June 4.
  • Bilt submitted documentation showing its systems were back on track.
  • The CFPB accepted the documentation and committed to continued monitoring.

Why this matters for financial institutions

The Bilt case shows what the Bureau now expects during operational transitions: rapid identification of impacted consumers, documented remediation, and clear evidence that systems are functioning correctly. Resolution occurred within weeks, not years.

For institutions navigating conversions, portfolio changes, or system migrations, the standard is now clear: identify the harm, fix it quickly, document everything, and engage proactively.

If your team navigates system conversions, portfolio migrations, or platform changes, our structured free trial is designed to surface data quality and documentation gaps before they become regulatory issues.
Learn more about the Free Trial Program →

Priorities

Where the CFPB Is Still Focused — and Where It Pulled Back

The updated materials name specific enforcement and supervision priorities.

Named priorities

  • Servicemembers, veterans, and their families
  • Mortgages
  • FCRA and Regulation V data furnishing violations
  • FDCPA and Regulation F violations
  • Fraudulent overcharges and fees
  • Inadequate controls resulting in actual consumer loss

Areas the Bureau has pulled back from

  • Student loans
  • Medical debt, following the vacatur of the Medical Debt Rule
  • Remittances
  • Digital payments
  • P2P lending
  • Consumer data, following withdrawal of the Data Broker proposed rule

For credit reporting, furnishing, and dispute teams, the most important item on the priority list is FCRA and Regulation V.

The CFPB may be narrowing its approach, but credit reporting accuracy and data furnishing risk remain explicitly in scope.

Comparison

CFPB Enforcement Framework: Before vs. After

This side-by-side comparison shows the most important changes in the CFPB’s enforcement framework, including how the Bureau is narrowing its focus, changing its enforcement standard, and placing more weight on documentation, redress, and measurable consumer harm.

Area Prior framework Updated framework What this means
Enforcement focus Broad consumer protection mandate, with potential, systemic, or theoretical harms often pursued. Focus on actual fraud and tangible, measurable harm involving identifiable consumers. Less emphasis on theoretical-harm cases, but more pressure to prove what happened, who was affected, and how the issue was resolved.
Supervision approach Expanding exams and broad supervisory activity, including 1,946 open Supervisory Actions. More than 50% reduction in exams, with 76% of Supervisory Actions closed. Fewer exams overall, but institutions in named priority areas should expect more targeted scrutiny.
Institutional focus Heavy focus on nonbank institutions, with roughly 60% of supervision directed toward nonbanks. Shift back toward depository institutions, closer to historical supervisory levels. Nonbanks may see less federal exam pressure, while banks and credit unions should be prepared for closer attention.
Legal theories Greater willingness to advance novel or expansive interpretations of statutory authority. Reliance on clearly established statutory authority, with less emphasis on novel legal theories. Enforcement may become more predictable, but core FCRA, Regulation V, FDCPA, and Regulation F obligations remain unchanged.
Enforcement outcomes Significant civil money penalties, broad injunctive relief, and lengthy enforcement actions. Consumer redress prioritized, with collaboration and self-reporting explicitly encouraged. Documentation, remediation, and proactive engagement now matter more in how institutions show control.
Complaint and documentation risk Complaint growth treated mainly as a consumer response and compliance monitoring issue. Credit reporting complaints now dominate Bureau complaint volume, with increasing concern around bulk complaints, automation, and misuse. Complaint volume is now a data quality, furnishing accuracy, dispute handling, and documentation challenge.

Enforcement focus

Prior frameworkBroad consumer protection mandate, with potential, systemic, or theoretical harms often pursued.

Updated frameworkFocus on actual fraud and tangible, measurable harm involving identifiable consumers.

What this meansLess emphasis on theoretical-harm cases, but more pressure to prove what happened, who was affected, and how the issue was resolved.

Supervision approach

Prior frameworkExpanding exams and broad supervisory activity, including 1,946 open Supervisory Actions.

Updated frameworkMore than 50% reduction in exams, with 76% of Supervisory Actions closed.

What this meansFewer exams overall, but institutions in named priority areas should expect more targeted scrutiny.

Institutional focus

Prior frameworkHeavy focus on nonbank institutions, with roughly 60% of supervision directed toward nonbanks.

Updated frameworkShift back toward depository institutions, closer to historical supervisory levels.

What this meansNonbanks may see less federal exam pressure, while banks and credit unions should be prepared for closer attention.

Legal theories

Prior frameworkGreater willingness to advance novel or expansive interpretations of statutory authority.

Updated frameworkReliance on clearly established statutory authority, with less emphasis on novel legal theories.

What this meansEnforcement may become more predictable, but core FCRA, Regulation V, FDCPA, and Regulation F obligations remain unchanged.

Enforcement outcomes

Prior frameworkSignificant civil money penalties, broad injunctive relief, and lengthy enforcement actions.

Updated frameworkConsumer redress prioritized, with collaboration and self-reporting explicitly encouraged.

What this meansDocumentation, remediation, and proactive engagement now matter more in how institutions show control.

Complaint and documentation risk

Prior frameworkComplaint growth treated mainly as a consumer response and compliance monitoring issue.

Updated frameworkCredit reporting complaints now dominate Bureau complaint volume, with increasing concern around bulk complaints, automation, and misuse.

What this meansComplaint volume is now a data quality, furnishing accuracy, dispute handling, and documentation challenge.

Impact

Five Things That Changed for Your Compliance Program

1. Self-reporting is now explicitly encouraged

The Enforcement Principles state that institutions that self-report will not be unnecessarily punished for their candor. The Bilt case reinforces that point: direct engagement, no formal enforcement action, and resolution within weeks.

2. Documentation is now central to the defense

The Bilt outcome depended in part on documentation showing that systems were back on track. The ability to prove data quality, remediation, and operational control now matters as much as the corrective action itself.

3. FCRA and Regulation V furnishing remain in scope

Credit reporting and data furnishing are not side issues in the Bureau’s updated priorities. FCRA and Regulation V violations are named directly, which means furnishers remain clearly exposed to focused CFPB attention.

4. Fair lending exposure has narrowed, but not disappeared

The Bureau has moved away from ECOA and Regulation B disparate-impact enforcement, but that does not create a broad safe harbor. Other fair lending standards, including Fair Housing Act standards, still need to be considered separately. The Regulation B final rule takes effect July 21, 2026, but is already facing legal challenge. On May 27, the National Fair Housing Alliance and a coalition of advocacy organizations filed suit in federal court in Washington, D.C., arguing the rule unlawfully eliminates disparate impact protections under ECOA and restricts Special Purpose Credit Programs. The outcome of this litigation could affect whether the rule stands as written.

5. Deprioritized does not mean deregulated

Student loans, medical debt, remittances, digital payments, and P2P lending may no longer be named CFPB priorities, but state attorneys general, the FTC, private litigation, and existing federal rules still matter. States are already responding. In May 2026, the Illinois Department of Financial and Professional Regulation launched a new consumer complaint portal, citing federal cutbacks in consumer protection and a sharp decline in CFPB mediation success rates as the motivation.

Not sure where your organization stands on these five areas? A baseline review can identify gaps in furnishing accuracy, dispute documentation, and operational control before the next exam cycle. Request a Free FCRA Baseline Review →

Complaints

Complaint Volume: What the Bureau Is Saying About the Surge

The CFPB’s 2025 Consumer Response Annual Report showed how concentrated complaint activity has become. Credit or consumer reporting accounted for the overwhelming majority of complaints submitted to the Bureau in FY2025.

The Bureau has also pointed to credit repair activity, social media-driven advice, and AI-assisted complaint activity as contributors to complaint growth.

That creates a practical challenge for financial institutions. Teams have to separate real consumer issues from growing noise, while also identifying whether complaints and disputes point to deeper furnishing, documentation, or process issues.

That is why pattern visibility matters. In a higher-volume complaint environment, institutions need to see not only individual complaints, but the trends behind them.

Furnishing & Disputes

What This Means for Furnishing and Dispute Teams

For credit reporting and dispute operations, the takeaway is that a more focused CFPB still creates real risk in the areas it chooses to prioritize. The Bilt case also shows what “focused” looks like in practice: rapid identification, documented remediation, and clear operational control.

That means institutions need stronger visibility into:

This is especially important in an environment where complaint activity is becoming more automated, regulators are using data-driven methods to identify patterns, and the ability to document the process is now part of the enforcement standard.

The institutions that are better positioned will be the ones that can show consistent monitoring, strong documentation, and clear operational control.

Frequently Asked Questions

What is the CFPB’s 2025 Enforcement Lookback?
The 2025 Enforcement Lookback is a CFPB report covering enforcement activity from January 31 through December 31, 2025. It shows that the Bureau closed roughly 40% of pending investigations, dismissed or withdrew from 19 public enforcement actions, terminated or modified 22 pending orders, resolved 7 actions, and had 8 actions still pending at year end.
What are the CFPB’s enforcement priorities in 2026?
The CFPB has named several enforcement and supervision priorities, including servicemembers and veterans, mortgages, FCRA and Regulation V data furnishing violations, FDCPA and Regulation F violations, fraudulent overcharges and fees, and inadequate controls resulting in actual consumer loss.
How has the CFPB changed its approach to enforcement?
The updated Enforcement Principles focus on actual consumer harm, due process, collaboration, and efficiency. The Bureau is placing more emphasis on identifiable harm, clearly established authority, consumer redress, self-reporting, and avoiding duplicative enforcement.
What is the CFPB’s position on self-reporting violations?
The Bureau has stated that institutions that self-report compliance issues will not be unnecessarily punished for their candor. The Bilt case shows this approach in practice through direct engagement, consumer remediation, documentation review, and continued monitoring without a prolonged public enforcement action.
What happened to the CFPB’s disparate impact enforcement?
The CFPB’s April 2026 Fair Lending Final Rule narrowed ECOA and Regulation B disparate impact enforcement. However, that does not create a broad safe harbor, because other fair lending standards, including Fair Housing Act standards, remain separate and still need to be evaluated.
What should furnishers do after the CFPB’s May 2026 enforcement updates?
Furnishers should review Metro 2® data quality controls, dispute investigation practices, documentation, root-cause analysis, and corrective action tracking. The updated standard puts more weight on showing what happened, who was affected, how the issue was resolved, and how the response was documented.
How did the CFPB handle the Bilt transition?
The CFPB engaged directly with Bilt after its bank partner transition caused customer fee issues. Instead of a formal enforcement action, the Bureau required redress, reviewed documentation showing systems were back on track, and continued monitoring the issue.
Political durability

A Note on Political Durability

These framework changes reflect current Bureau leadership priorities. A change in administration could result in a substantially revised strategic plan, enforcement posture, or supervision strategy.

As of early June 2026, the Bureau has begun a leadership transition. Mark Paoletta, the CFPB's Chief Legal Officer who played a central role in designing the updated enforcement framework, has been named Deputy Director. Under the Federal Vacancies Reform Act, Paoletta is expected to succeed Acting Director Russell Vought when his term expires on August 1, 2026. This suggests continuity in the enforcement approach outlined above through at least the current administration.

But the core obligations do not change with CFPB leadership. FCRA accuracy requirements, Regulation V furnishing standards, FDCPA compliance, and the duty to investigate disputes properly remain in place regardless of the Bureau’s current enforcement posture.

That is why data quality, documentation, and operational control still matter. Institutions that can identify issues, document decisions, remediate affected consumers, and show consistent oversight are better positioned under any regulatory environment, whether it becomes more aggressive or more collaborative.

Data and AI

The Role of Data and AI

The Bureau has referenced the use of data analytics, cohort reviews, and data visualization to identify complaint trends and statistical anomalies.

If regulators are using data-driven methods to identify patterns, institutions should be using stronger data-driven controls to find and fix issues earlier.

AI can support this, but only with the right guardrails. In credit reporting and dispute handling, AI should support review, prioritization, evidence assembly, and documentation. It should not replace human judgment or make final dispute decisions on its own.

The Bilt case reinforces this point. The Bureau accepted documentation showing that systems were functioning correctly. Institutions that can generate that evidence systematically and on demand will be better positioned when issues arise.

The right model is practical AI with guardrails: better triage, better evidence, better consistency, and human review at the center.

Bottom line

Bottom Line

The CFPB’s May 28 enforcement framework update is not just a story about fewer investigations. It is a story about a different enforcement standard, one that rewards collaboration, prioritizes redress, and expects documentation.

The Bilt case, published five days later, shows this is not theoretical. The Bureau engaged directly, required remediation within weeks, accepted documentation as evidence, and continued monitoring instead of moving through a prolonged public enforcement action.

For financial institutions, the real question is whether the organization can operate at that speed: identify issues, document them, remediate affected consumers, and show the process behind the outcome.

If your team cannot clearly demonstrate how it monitors credit reporting accuracy, reviews affected populations, documents disputes, identifies repeat issues, and tracks corrective action, now is the time to tighten that process.

Is Your Team Ready for the CFPB's New Enforcement Standard?

The CFPB's updated enforcement framework rewards institutions that can identify issues early, document remediation clearly, and engage proactively. Whether it is furnishing accuracy, dispute oversight, or operational control during transitions — the ability to show your process is now part of the standard.

Tell us where you want to start.

We do not sell or share your information.

Resources

Sources and Related Resources

Continue reading on CFPB enforcement priorities, complaint trends, credit reporting accuracy, furnishing review, dispute oversight, and practical data-quality controls.

CFPB Sources

2025 Enforcement Lookback Read
Enforcement Principles Read
Supervision and Enforcement Priorities Read
Life Cycle of an Enforcement Action Read
CFPB Works to Ensure Bilt Consumers Are Made Whole Read
2025 Consumer Response Annual Report Read

Bridgeforce Data Solutions Resources

Furnishing Module: Metro 2® review and data-quality controls Explore
Disputes Module: Full-population dispute oversight and response-quality review Explore
AI Resolution Engine: AI-assisted dispute decision support Explore
Data Quality Scanner Walkthrough View
Free Trial for Conversion & Migration Events Explore
Q1 2026 Social Media Trends in Credit Repair Read
Metro 2® Compliance: Everything You Need to Know Read
AI Credit Reporting Guide Read
FCRA Litigation Trends 2026 Read
FCRA Complaints & Litigation Quarterly Series Read
Spring 2025 CFPB & FCRA Update Read
Brian Reiss on LinkedIn Connect
Newsletter Subscribe to The Scanner Get credit reporting, disputes, compliance, data quality, and AI updates from Bridgeforce Data Solutions. Subscribe