Few regulatory shifts move this fast. What started as a Fair Banking Executive Order1 in August has resulted in a final rule eliminating reputational risk2 from bank supervision that took effect June 9, 2026. And in between, the Office of the Comptroller of the Currency (OCC) released preliminary findings of its investigation into nine of the largest U.S. banks;3 the Federal Trade Commission (FTC) issued warning letters4 to major payment networks; the Small Business Administration issued a mandate to cease debanking, conduct reviews, report findings and reinstate customers; and a growing body of fair access state laws is being proposed despite industry calls for federal preemption.
The executive order targeted the prudential regulators, requiring removal of reputational risk and any other language within supervisory documents that could lead to “politicized or unlawful debanking,” defined as any restriction on access to services based on political or religious beliefs or disfavored, lawful business activities.5 The order underscored that all banking decisions must be made “on the basis of individualized objective and risk-based analyses.”6 The banking industry publicly welcomed the call for removal of reputational risk, noting it is in all “banks’ best interests to take deposits, lend to and support as many customers as possible.”7 Given a recent wave of U.S. Department of Justice (DOJ) subpoenas to banks, it remains important to understand the landscape shift, risks and impacts.
Congress Responds with Proposed Fair Access Legislation
Congress has not prioritized or had a need to codify standards that govern access to the banking system. A bank’s relationship with its customers is primarily one of contract and choice. The supervisory concept of reputational risk is nothing new. It originated in the 1990s as part of the OCC’s introduction of risk-based supervision; and was not publicly reported to be used to influence access to financial services until what later became Operation Chokepoint.8 The concept of “fair access” equally is not new, having first appeared as part of the Dodd-Frank Act, when Congress added to the OCC’s oversight responsibilities “fair access to financial services.”9 Despite prior efforts – including the OCC’s 2021 proposed fair access rule – the OCC never published a final rule implementing its “fair access” mandate until now.
Now however, in the wake of Operation Chokepoint 2.0,10 Congress appears to be moving more quickly towards a permanent solution. Legislatively, two bills would codify the principles of fair access: the Financial Integrity and Regulation Management (FIRM) Act11 through codification of the elimination of reputation risk and the Fair Access to Banking Act,12 which would require impartial, individualized risk-based analysis in decision-making. Of the two, only the FIRM Act has been reported out of committee in both chambers; the Fair Access to Banking Act remains in committee.13 The industry has published its own Federal Fair Access Principles for Congress to consider as part of any legislative solutions, emphasizing the need for banks to continue to have autonomy in pricing, products, risk and business decisions in to remain competitive.14
Agency Rulemakings Remove Reputational Risk and Drive BSA / AML Reform
The OCC and FDIC’s joint final rule wholesale eliminates “reputational risk” from bank supervision.15 The rule defines “reputation risk” as any risk to public perception “not clearly and directly related to the financial or operational condition of the institution” and prohibits both agencies from using it as a basis for any adverse supervisory action. This includes MRAs, examination criticism, or pressure to close accounts. The Federal Reserve removed reputational risk from its examination programs in June 202516 and issued a parallel proposed rule in February 2026.17
The rule goes further than removing a risk category. It bars examiners from requiring or encouraging institutions to terminate customer relationships based on political, social, cultural, or religious views, constitutionally protected speech, or lawful but politically disfavored business activities. The rule also includes an anti-evasion provision: examiners cannot reroute reputational risk concerns through compliance, operational, or other risk categories as a workaround.
Alongside the rule, the OCC and FDIC are also jointly working to finalize a new definition of “unsafe or unsound practice” that would codify, for the first time, a regulatory definition of “unsafe or unsound practice” under Section 8 of the Federal Deposit Insurance Act, tethered to the core concept of material harm to an institution’s financial condition or material risk of loss to the Deposit Insurance Fund.18 The era of supervisory actions grounded in public perception concerns has sunset.
In addition, on April 7, 2026, Financial Crimes Enforcement Network (FinCEN) issued a Notice of Proposed Rulemaking to “fundamentally reform” AML / CFT obligations under the Bank Secrecy Act and Anti-Money Laundering Act of 2020, in what is anticipated to be a significant overhaul of program requirements.19 Aligned with the new “unsafe or unsound” definition, Secretary of the Treasury Scott Bessent stated that the goal is to not measure success “by the volume of paperwork,” but rather by the “ability to stop illicit finance threats.”20
A well-designed BSA / AML program should align with the principles of fair access to banking services, requiring individualized, documented decisions in each instance. The challenge that has arisen is when institutions implemented “de-risking” strategies that resulted in exiting wholesale categories of industries or sectors based on “risks” that were not individual to a particular customer. A 2023 U.S. Department of Treasury report confirmed that many de-risking decisions were “indiscriminate” and “overly broad,” driven by category-level judgments that bore little relationship to actual financial crimes risk.21 The OCC issued guidance in September 2025 further reminding institutions that Suspicious Activity Report (SAR) filings must be grounded in concrete evidence of suspicious activity.22
Active Enforcement Investigations Underscore Need to Understand Impact
A reported wave of recent subpoenas23 issued by the DOJ to financial institutions is a reminder that all institutions should understand how the removal of reputational risk impacts both current operating procedures and documented, historical risk-based decisions. At a minimum, banks should:
(1) Confirm no remnants of reputational risk, categorical or industry-based risk-tiers or escalation requirements exist within policies and procedures (e.g., political, religious, ESG-based criteria) for whether a customer qualifies for bank services;
(2) Update policies and procedures, if needed, to require individualized decisions with a focus on impartial and financial-based metrics and criteria;
(3) Confirm procedures are in place to comply with the Right to Financial Privacy Act24 when responding to government requests for information;
(4) Understand if accounts were closed or services denied historically based on policies and procedures that would not conform with the new rule and updated guidance and evaluate a scoped review that includes customer complaint data and critically evaluating the impact of SAR filing activity on account terminations;
(5) Brief executive management and the board on impacts and risks; the OCC has advised findings related to debanking activity can impact licensing, Community Reinvestment Act evaluations and acquisitions;
(6) Track ongoing state laws imposing heightened fair access standards that may exceed federal requirements.
So, what is the likely subject of the DOJ’s investigation? The DOJ subpoenas follow a task force launched by the U.S. Attorney’s Office, Eastern District of Virginia, to also combat “illegal debanking,” stating the focus was on the denial of financial services for political views, religious beliefs, or lawful activities.25 “Debanking” determinations may result in enforcement actions if determined by regulators to amount to unlawful discrimination practices in violation of fair lending or civil rights statutes, such as Title VI of the Civil Rights Act of 1964, the Equal Credit Opportunity Act (for credit transactions) and the Fair Housing Act (if related to mortgages).[26] The DOJ also has broad, civil enforcement authority for a variety of underlying criminal (fraud) activity under section 951 of the Financial Institutions Reform, Recovery, and Enforcement Act of 1989.27
The investigations likely build from the preliminary findings released by the OCC last year, which stated the OCC’s position on debanking activities undertaken by nine of the nation’s largest banks.28 The OCC found that between 2020 and 2023, each institution maintained policies that restricted or escalated review of customers in certain sectors (e.g., oil and gas, coal, firearms, private prisons, payday lending, tobacco, political action committees, and digital assets). In most cases, the stated basis was reputational risk or values-alignment criteria rather than documented financial or legal risk. The OCC characterized the decisions as inappropriate distinctions drawn among customers on the basis of lawful business activities. The OCC reported that the same or substantially similar policies were in place at every bank it reviewed and stated that it is working through nearly 100,000 pending consumer complaints to identify further instances of political or religious debanking.29
In remarks accompanying the rule, Comptroller of the Currency Jonathan Gould stated the ongoing investigation should “shine a spotlight on the actions of agencies and certain banks.”30 In March 2026, the enforcement perimeter may have extended to payment processing, when the FTC issued public warning letters to the largest payment processors, putting them on notice that facilitating member institutions’ debanking practices may itself violate the FTC Act.31
Judicial and State Law Developments
There has not been much occasion for courts develop precedent on an individual’s “right” to banking services, which exists nowhere in the Constitution or federal statute. The D.C. Circuit Court has previously recognized a due process liberty interest in bank account access in a case brought by payday lender trade associations arising from Operation Choke Point 1.0.32 And in 2024, in a case brought by the National Rifle Association against the Superintendent of the New York Department of Financial Services, the U.S. Supreme Court unanimously held that a government entity’s “threat of invoking legal sanctions and other means of coercion” against a third party, including financial institutions, can violate the First Amendment if used as a means of suppressing disfavored speech.33 Following the U.S. Supreme Court’s decision, it is now likely considered “clearly established” that a regulator cannot use oversight tools such as rating downgrades, fines, or enforcement, to cause an institution to suppress speech protected by the First Amendment through activities such as denying access to banking.
There are pending two “debanking” cases in the Southern District of Florida brought by entities affiliated with the Trump family against Capital One and JP Morgan Chase, neither case has proceeded to a merits determination or resulted in a published opinion.34 The legal claims raised by the plaintiffs in each case pursue a variety of state law theories only: asserting violations of consumer protection statutes in North Carolina, Nebraska, New Jersey, and Minnesota against Capital One, while asserting state law claims of trade libel, Florida’s Unfair and Deceptive Trade Practices Act, enforcement of the Deposit Account Agreement and breach of good faith and fair dealing against JP Morgan Chase. Whether any of the pleaded theories will hold water, survive motions to dismiss, or result in judicial opinions at all (as opposed to arbitrated) remains to be seen.
Meanwhile, in the states: Florida,35 Tennessee, and Idaho36 have each enacted fair-access statutes and several additional states have proposed, or have pending, similar laws.37 For institutions operating nationally, this creates a compliance map that cannot be satisfied by a single federal policy as the state-specific notice and documentation requirements need to be addressed jurisdiction by jurisdiction. Although similar, the three enacted regimes differ in scope and mechanics:
| Covered Scope | Protected Bases | Notice Requirements | |
| Florida: Unsafe and Unsound Practices
(Fl. Ann. Stat. § 655.0323) |
Financial Institutions.
All “services.” |
Political opinions, speech, or affiliations; religious beliefs or affiliations (with exceptions for institutions that claim religious purpose); business sector; a variety of social credit score criteria | Annual attestation of compliance, signed under penalty of perjury |
| Tennessee:
Consumer Protection
(H.B. 2100) |
Financial Institutions with assets over $100 billion; Insurers
Not loans. |
Political opinions, speech or affiliations; religious beliefs and activities (with exceptions for institutions that claim religious purpose); business sector; social credit score criteria | Customer may request a written statement of reasons within 90 days; must respond within 30 days. |
| Idaho:
Transparency in Financial Services
(S.B. 1027) |
Financial institutions & Payment Processors with assets over $100 billion.
“Financial Services.” |
Social-credit scoring tied to religion, speech, or association; refusal to adopt emissions targets or DEI audits; lawful firearms or fossil-fuel activity; abortion- or gender-related services | Written explanation required on customer request; institution must respond within 14 days. |
An Era of Fair Access Begins as De-Banking Sunsets.
The momentum is strong and the path is clear for Congress to codify how access to the banking system is to be determined. Now that “reputational risk” has been sunset, it remains important for institutions to evaluate how operating procedures and account decisions will hold up in the new era of “fair access.”
This blog was drafted by Kirstin D. Kanski and Yana Rusovski, attorneys on the Spencer Fane Banking and Financial Services team. For more information, visit spencerfane.com.
——————
1 Exec. Order No. 14331, “Guaranteeing Fair Banking for All Americans,” 90 Fed. Reg. 38,925 (Aug. 7, 2025).
2 Prohibition on the Use of Reputation Risk by Regulators, 91 FR 18279 (Apr. 10, 2026).
3 OCC News Release 2025-123, OCC Releases Preliminary Findings from Its Review of Large Banks’ Activities, (Dec. 10, 2025).
4 Press Release, Fed. Trade Comm’n, FTC Chairman Andrew N. Ferguson Issues Warning Letters to CEOs of PayPal, Stripe, Visa and Mastercard About Debanking American Consumers (Mar. 26, 2026).
5 Exec. Order No. 14331 at Section 3, “Definitions.”
6 Id. at Section 2, “Policy.”
7 Press Release, Banks Respond to Executive Order to Promote Financial Services Access, American Bankers Association, Bank Policy Institute, Consumer Bankers Association, Financial Services Forum (Aug. 7, 2025).
8 For a detailed history of reputational risk, see “Regulating Bank Reputation Risk,” Julie Andersen Hill, 54 Georgia Law Review 543 (2020); see also U.S. House Oversight Report, “Federal Deposit Insurance Corporation’s Involvement in ‘Operation Choke Point’” (Dec. 8, 2014); U.S. House of Representatives Committee on Oversight and Government Reform, “The Department of Justice’s ‘Operation Choke Point’: Illegally Choking Off Legitimate Businesses?” Staff Report, 113th Congress (May 29, 2014).
9 12 U.S.C. § 1.
10 See Operation Choke Point 2.0: Biden’s Debanking of Digital Assets, Final Staff Report, United States House Committee on Financial Services, Chairman French Hill (December 2025).
11 Financial Integrity and Regulation Management (FIRM) Act, H.R. 2702, 119th Cong. (2025); S. 875, 119th Cong. (2025).
12 Fair Access to Banking Act, H.R. 987, 119th Cong. (2025); S. 401, 119th Cong. (2025).
13 A third bill, Senator Tillis’s draft Ensuring Fair Access to Banking Act, prioritizes a national fair-access standard with federal preemption of conflicting state laws, but it has not been formally introduced and carries no bill number. See Ensuring Fair Access to Banking Act, discussion draft (Oct. 30, 2025) (Sen. Tillis).
14 Position Paper, Federal Fair Access Principles, American Bankers Association, Bank Policy Institute, Consumer Bankers Association, Financial Services Forum (Aug. 7, 2025).
15 Prohibition on the Use of Reputation Risk by Regulators, 91 FR 18279 (Apr. 10, 2026) (effective June 6, 2026).
16 Rating the Adequacy of Risk Management Processes and Internal Controls at State Member Banks and Bank Holding Companies, SR 95-51 (SUP) (June 23, 2025).
17 Prohibition on Use of Reputation Risk or Other Supervisory Tools to Encourage or Compel Banking Organizations to Engage in Politicized or Unlawful Discrimination, 91 FR 9499 (Feb. 26, 2026) (proposed rule of the Bd. of Governors of the Fed. Reserve System, Docket No. R-1884).
18 90 FR 48835 (Oct. 30, 2025). The proposed rule will be codified at 12 CFR §4.92 (OCC) and 12 CFR § 305.1 (FDIC).
19FinCEN Proposes Rule to Fundamentally Reform Financial Institution Programs Designed to Fight Illicit Finance, (Apr. 7, 2026); see also 91 FR 18704.
20 Id.
21AMLA The Department of the Treasury’s De-risking Strategy (Apr. 2023), at 30.
22OCC Bulletin 2025-23, (Sept. 8, 2025)
23 The Department of Justice has not made an official press release; however, issuance of the subpoenas has been widely reported. See, e.g., American Banker, DOJ Subpoenas Banks in Widening Trump Campaign Against Debanking (June 11, 2026); The New York Post, Justice Department Opens Sweeping ‘Debanking’ Probe Into JPMorgan, Bank of America and More (June 10, 2026); Reuters, US Justice Department Subpoenas Major Banks Over Alleged ‘Debanking,’ WSJ Reports (June 10, 2026).
24Right to Financial Privacy Act, 12 U.S.C. §§ 3401–3423; H. Comm. on the Judiciary & Select Subcomm. on the Weaponization of the Fed. Gov’t, 118th Cong., Financial Surveillance in the United States: How Federal Law Enforcement Commandeered Financial Institutions to Spy on Americans (Mar. 6, 2024).
25 Press Release, U.S. Attorney announces launch of a task force to combat illegal debanking in the Eastern District of Virginia, U.S. Attorney’s Office, Eastern District of Virginia (Apr. 28, 2025).
26 See Civil Rights Act of 1964, Title VI, 42 U.S.C. §2000d; Equal Credit Opportunity Act, 15 U.S.C. § 1691(a)(3) (prohibiting credit discrimination on the basis of religion); Fair Housing Act, 42 U.S.C. § 3605; Exec. Order No. 14331, § 5 (directing referral of religion-based debanking to the Attorney General for appropriate civil action). The DOJ Civil Rights Division and the Eastern District of Virginia Equal Access to Banking Task Force have identified ECOA and Title VI of the Civil Rights Act as enforcement vehicles.
27 12 U.S.C. § 1833a (authorizing civil penalties for enumerated predicate offenses affecting a federally insured institution).
28 OCC News Release 2025-123, (Dec. 10, 2025).
29 OCC News Release 2025-84 (Sept. 8, 2025); OCC, Preliminary Findings of Its Review of Large Banks’ Debanking Activities (Dec. 10, 2025). The OCC has stated that debanking findings will inform licensing, merger, and Community Reinvestment Act determinations.
30 News Release 2026-27, Comptroller Statement on Final Rule Eliminating Reputation Risk from Bank Supervision, Apr. 7, 2026.
31 Press Release, Fed. Trade Comm’n, FTC Chairman Andrew N. Ferguson Issues Warning Letters to CEOs of PayPal, Stripe, Visa and Mastercard About Debanking American Consumers (Mar. 26, 2026).
32 See Cmty. Fin. Servs. Ass’n of Am., Ltd. v. FDIC, 132 F. Supp. 3d 98 (D.D.C. 2015).
33 National Rifle Ass’n of Am. v. Vullo, 602 U.S. 175 (2024) (citing and extending analysis in Bantam Books, Inc. v. Sullivan, 372 U.S. 58 (1963)). On remand, the Second Circuit Court of Appeals held that the Superintendent of the New York Department of Financial Services was protected by qualified immunity on the basis that the law was not clearly established prior to the Supreme Court’s opinion. National Rifle Association v. Vullo, 144 F.4th 376, 394-96 (2d Cir. 2025).
34 Donald J. Trump Revocable Trust, et al. v. Capital One, N.A., No. 1:25-cv-21596 (S.D. Fla.); Trump v. JPMorgan Chase Bank, N.A., No. 1:26-cv-21106 (S.D. Fla.).
35 Fla. Stat. § 655.0323. The statute, titled “Unsafe and unsound practices,” was amended in 2024 to prohibit depository institutions from denying, canceling, suspending, or terminating services based on a customer’s political opinions, speech, or affiliations; religious beliefs, exercise, or affiliations; business sector; or social credit score. Id.
36 See Tenn. H.B. 2100 (2024); Idaho S.B. 1027 (2025). Both statutes prohibit state and national banks, credit unions, and mortgage lenders with assets over $100 billion from denying access to services based on political or religious activities.
37 A full analysis of various state proposals is beyond scope, but states that have proposed or are exploring state laws include Arizona, Georgia, Indiana, Iowa, Louisiana, South Dakota, Nebraska, Oklahoma, and West Virginia.
