Bloomberg

It may feel like financial institutions are catching a regulatory break — but the smarter ones know better than to get too comfortable.

Across Washington, we’re witnessing one of the most aggressive deregulatory waves in years in the form of a fast-moving reversal of many Biden-era reforms affecting fintech partnerships, consumer protection, enforcement priorities and reputational risk.

For banks and fintech companies, the instinct may be to celebrate and view the moves as a green light with fewer constraints, fewer reporting requirements and more room to experiment. After years of what some viewed as regulatory overreach, it feels like the guardrails are coming down.

Astute leaders know this moment demands something different. Everyone should remain vigilant about possible future shifts and the changing risk environment.

Deregulation doesn’t erase risk. It means that risk has changed — and in many cases, become harder to spot, measure and prepare for. Leadership requires a recognition that regulatory easing simply shifts how and where risk shows up.

The deregulatory push has been swift and wide-ranging. The Consumer Financial Protection Bureau suspended major enforcement initiatives, withdrawing proposed caps on overdraft and late fees and relaxing scrutiny of buy now/pay later providers. Meanwhile, the Office of the Comptroller of the Currency and the Federal Deposit Insurance Corp. struck reputational risk from their supervisory frameworks — signaling greater autonomy for banks in selecting their clientele and partners.

Notably, regulators have also relaxed requirements around crypto-related activities, no longer mandating prior approval before engagement. While not an outright endorsement, it opens doors for banks to explore digital asset custody, tokenized payments and blockchain-based operations previously constrained.

These moves reflect a philosophical shift favoring market-based decisions over prescriptive oversight — a change small and midsize banks have long advocated. However, greater freedom brings greater responsibility and possibly more accountability.

Relaxed federal regulations don’t eliminate institutional risk; rather, they transfer more oversight responsibility directly to bank leadership and boards of directors. Financial institutions must strengthen internal corporate governance, ensure robust internal controls, align product innovation with compliance capabilities and risk, and reinforce the connection between strategic planning and regulatory expectations.

Fintech partnerships particularly warrant fresh evaluation. Although federal scrutiny might ease, core compliance concerns around liquidity risk, cybersecurity and BSA/AML controls will persist. Institutions should avoid interpreting reduced oversight as acquiescence or approval of those activities.

Institutions should brace for heightened state-level regulatory actions, realizing that federal deregulation shifts the locus of regulatory intensity. State lawmakers and supervisors, particularly in California and New York, have already moved aggressively.

California’s Department of Financial Protection and Innovation recently took action against a banking-as-a-service sponsor bank over AML compliance deficiencies. The New York attorney general filed a lawsuit against Capital One for allegedly deceptive marketing — a case the CFPB dropped. These actions underscore the risk of institutions relying solely on federal trends to guide institutional strategy.

This evolving regulatory landscape demands difficult questions in boardrooms and management meetings. Are existing internal controls robust enough to sustain growth without stringent federal guidance? Do current fintech or BaaS relationships stand up to potential regulatory shifts and increased state-level scrutiny? Are directors adequately versed in emerging risks and compliance challenges posed by deregulation?

Bank leaders should leverage this regulatory breathing room thoughtfully. Now is the time to modernize core systems, invest in regtech and compliance automation, and refine scalable compliance frameworks. Scenario planning around emerging risks — such as biases from artificial intelligence, synthetic identity fraud, data breaches and privacy violations — should become routine practice for management teams and boards of directors, preparing institutions for potential future enforcement focuses.

Ultimately, this is an opportunity for practical banks to modernize their risk infrastructure while peer firms relax. The gap between proactive and reactive banks may only widen. Remember that, while deregulation might help your bank, it could also provide a boost to your bank and nonbank competitors.

Active and ongoing communication with federal and state regulators remains critical. Institutions that engage regularly with examiners build trust, demonstrate responsibility, and reduce potential surprises during exams or future political shifts. In a deregulated environment, proactive dialogue with regulators positions banks and fintechs as conscientious actors, enhancing long-term resilience.

Leadership matters. You should be asking if your strategic decisions, partnership models, and capital planning reflect the current regulatory mood — and how they will hold up if the pendulum swings, because it likely will. All it takes is a crisis or a high-profile implosion such as FTX, Synapse or Silicon Valley Bank to spur regulators to tighten oversight.

Regulators are certainly open to easing oversight, but the fundamentals of good governance remain constant — and perhaps are even more critical.

For banks, this environment tests strategic judgment: Can institutions grow without overreaching? Can they innovate without losing control or increasing risk? Can they build trust with stakeholders amid looser rules yet persistent scrutiny from state regulators, media and investors?

For fintechs, it’s a test of alignment and scalability: Are partnerships still strategically sound? Do internal controls match growth ambitions? And are compliance frameworks future-proof against inevitable market shifts?

For the regulators themselves, it’s a test of consistency: How can they balance innovation with stability, support flexibility without sacrificing transparency, manage oversight effectively across a more fragmented regulatory environment, and provide a regulatory framework that is appropriately tailored to a bank’s size, risk, complexity and business model?

The banks that use this deregulatory window to bolster resilience, upgrade compliance infrastructure and proactively engage regulators — rather than simply chasing short-term gains — will emerge stronger, more trusted and better prepared for future market and regulatory shifts.