U.S. Office of the Comptroller of the Currency Proposes Comprehensive Supervisory Framework for Payment Stablecoins Under GENIUS Act
On February 25, 2026, the U.S. Office of the Comptroller of the Currency (OCC) issued a Notice of Proposed Rulemaking (NPRM) that would establish a federal framework for issuance and administration of payment stablecoins by permitted payment stablecoin issuers (PPSIs). The NPRM would implement the Guiding and Establishing National Innovation for U.S. Stablecoins Act (GENIUS Act) by, among other things, establishing approval requirements, permissible and prohibited activities, reserve standards, redemption obligations, capital and operational safeguards, and reporting expectations for permitted payment stablecoin issuers. PPSIs also would be integrated into the OCC’s broader prudential framework, including its capital, assessment, and enforcement authorities.
The State of Play in Banking and Digital Assets: Welcome Developments from the Banking Agencies
The environment has never been more favorable for existing banking organizations launching a digital asset business and those Fintech and other nonbank companies considering acquiring or chartering a full-service or limited-purpose bank in order to operate a digital asset business. At the end of 2025, U.S. banking regulators continued to take major steps signaling a considerably more open supervisory posture regarding digital asset activities.
Data Protection in Financial Services Week 2025 – Webinar Recordings Now Live
Data Protection in Financial Services (DPFS) Week 2025 consisted of a series of webinars featuring industry leaders who offered invaluable insights on balancing AI with privacy, cybersecurity, and regulatory challenges within the financial services industry. DPFS Week was relevant to all those in financial services, including those in banking, insurance, fintech, funds, payments, private equity, securities, wealth management, and other sectors.
New York Department of Financial Services (NYDFS) Clarifies Expectations for Third-Party Cybersecurity Risks Under its Cybersecurity Regulation, and Additional Amendments Go into Effect on November 1, 2025
On October 21, 2025, NYDFS, the New York State agency responsible for regulating financial services and products, issued an Industry Letter clarifying how “Covered Entities”[1] should manage cybersecurity risks arising from Third‑Party Service Providers (TPSPs) under the NYDFS Cybersecurity Regulation (23 NYCRR Part 500).
Consumer Financial Protection Bureau Releases Proposed Rule on Fair Credit Reporting Act
On December 3, 2024, the U.S. Consumer Financial Protection Bureau (the CFPB) announced a notice of proposed rulemaking that seeks to significantly expand the scope of the Fair Credit Reporting Act and its implementing regulation, Regulation V (collectively, the FCRA), and to impose new requirements on covered parties, such as data brokers (the Proposed Rule).1 If implemented as currently drafted, the Proposed Rule would increase the amount of information defined as a “consumer report” and the number of persons defined as a “consumer reporting agency.” Moreover, it would create new requirements in relation to certain permissible purposes for which a consumer reporting agency may furnish a consumer report to a party.
New EU Cyber Law for the Financial Services Industry with Significant Impact on ICT Service Providers
The new EU Regulation on Digital Operational Resilience for the Financial Sector (DORA) recently entered into force. DORA establishes cybersecurity requirements for information and communication technology (ICT) systems supporting the business processes of financial entities and represents a paradigm shift for the ICT sector. Critical ICT third-party service providers, who are providing services to regulated financial entities, will also be directly regulated under DORA and subject to regulatory supervision by a regulator to be established under DORA (a so-called ‘Lead Overseer’).
