States Are Stepping Up: Why Compliance Still Matters in 2025
Regulatory risk isn’t disappearing - it’s moving to the states. Staying proactive with policies, training, and monitoring is more important than ever.
COMPLIANCE
Laura McShane, CRCM, CERP
9/26/20251 min read
Federal deregulation may ease pressure in Washington, but that doesn’t mean compliance risk is going away. In fact, it’s shifting. States are stepping up enforcement in fraud, collections, AI, UDAAP, and privacy, creating a patchwork of rules that’s harder and costlier for lenders to navigate.
As federal agencies downshift enforcement or reinterpret rules, states see an opening to tighten their own oversight. Already, state legislators are pushing new laws in areas such as:
Collections and debt-servicing practices
Fraud, cybersecurity, and AI/algorithmic governance
Privacy and data protection
Unfair, Deceptive, or Abusive Acts and Practices (UDAAP)
Because states differ in their approach, this patchwork environment is becoming an ever more significant operational burden. Reconciling state-level requirements with federal obligations - and with one another - demands constant diligence.
That’s why a robust Compliance Management System (CMS) is more than best practice - it’s a regulatory expectation. The FFIEC framework outlines the essentials: policies and procedures, training, monitoring, independent review, and issue remediation. Underinvesting in compliance may save money in the short term, but the cost of rebuilding after a breakdown is far greater.