CFPB Enforcement 2026: Analyzing Wise, FirstCash, Medical Debt & Auto Repossession Cases

Introduction: The CFPB's Heightened Focus on Consumer Protection

As we move through 2025 and look toward 2026, the Consumer Financial Protection Bureau (CFPB) has demonstrated an increasingly aggressive enforcement posture across multiple consumer finance sectors. From remittance transfers and military lending to medical debt reporting and auto repossession, the CFPB is leveraging its authority to address what it perceives as systemic consumer harms. This heightened focus comes amid broader regulatory trends, including the EU's AI Act taking full effect in August 2026 and various state privacy laws expanding across the U.S. For financial institutions and fintech companies, understanding these enforcement patterns is no longer optional—it's essential for maintaining compliance and avoiding significant penalties.

This article analyzes four key areas where the CFPB has taken recent action: Wise's $2.5 million settlement for illegal remittance practices, FirstCash's Military Lending Act violations, state-level efforts to ban medical debt from credit reports, and concerning trends in auto repossession rates and costs. Each case study reveals specific compliance gaps and offers actionable recommendations for organizations navigating this complex regulatory landscape.

Case Study 1: Wise's $2.5 Million Settlement for Illegal Remittance Practices

On May 15, 2025, the CFPB issued a modified Amended Consent Order requiring Wise to pay $2.5 million for illegal remittance practices, superseding an earlier January 30, 2025 order. This enforcement action underscores the CFPB's scrutiny of financial service providers in the money transfer and electronic payments space, particularly those operating in the fintech sector.

Regulatory Breaches and Compliance Gaps

While the specific details of Wise's violations weren't fully disclosed in the available evidence, the CFPB's action likely centered on failures to comply with the Remittance Transfer Rule under Regulation E. This rule mandates specific consumer protections for international money transfers, including:

• Accurate Disclosures: Providers must clearly communicate exchange rates, fees, and the amount expected to be delivered to recipients.
• Timely Transfers: Funds must be made available to recipients by the disclosed date.
• Error Resolution Processes: Consumers must have clear pathways to dispute errors and receive refunds when appropriate.

Wise's settlement suggests potential gaps in one or more of these areas, highlighting how even established fintech players can face significant penalties for compliance oversights.

Actionable Compliance Recommendations

For companies offering remittance services:

1. Conduct Regular Audits: Review all disclosure materials, transfer timelines, and error resolution procedures against Regulation E requirements.
2. Implement Automated Compliance Checks: Use technology to verify that exchange rates, fees, and delivery dates are accurately calculated and communicated before transactions are finalized.
3. Train Customer Service Teams: Ensure staff understand error resolution requirements and can guide consumers through the proper channels.
4. Monitor Regulatory Updates: The CFPB frequently issues guidance and rule changes that affect remittance providers. Staying current requires dedicated resources.

Platforms like AIGovHub's fintech compliance monitoring tools can help organizations track CFPB announcements and assess whether their remittance processes align with current requirements.

Case Study 2: FirstCash Settlement for Military Lending Act Violations

On July 11, 2025, the CFPB reached a settlement with FirstCash, Inc. and its nineteen subsidiaries resolving allegations of Military Lending Act (MLA) violations dating back to October 3, 2016. The case highlights the particular risks facing servicemembers and the CFPB's commitment to enforcing financial protections for military personnel.

Key Violations and Penalties

The CFPB alleged that FirstCash made pawn loans to covered borrowers with:

• Excessive Interest Rates: Annual percentage rates exceeding the MLA's 36% cap.
• Prohibited Arbitration Requirements: Including arbitration clauses in loan agreements, which the MLA generally forbids for covered borrowers.
• Missing Disclosures: Failure to provide mandatory loan disclosures required by the MLA.

The settlement included a $5 million redress fund for harmed servicemembers and their families, plus a $4 million fine to the CFPB's victims relief fund. Notably, the CFPB also terminated a 2013 consent order against FirstCash's predecessor entity, Cash America International, Inc., which had previously paid a $5 million penalty and provided consumer redress.

Compliance Implications for Lenders

The FirstCash case demonstrates that the CFPB will pursue enforcement even when previous settlements have been reached, particularly when violations continue or new issues emerge. For lenders serving military communities:

1. Implement Robust MLA Screening: Use the Department of Defense's MLA database or other reliable methods to identify covered borrowers before extending credit.
2. Cap All Costs at 36% APR: Ensure that interest rates, fees, and other charges don't exceed the MLA's limit for covered borrowers.
3. Review Loan Agreements: Remove arbitration requirements and other prohibited terms for military borrowers.
4. Provide Complete Disclosures: Include all MLA-required information about loan terms, rights, and protections.

This case also intersects with broader regulatory trends, such as the EU AI Act's classification of HR and recruitment AI as high-risk starting in August 2026—reminding organizations that different regulatory regimes may target similar vulnerable populations.

Case Study 3: CFPB Support for State Bills Barring Medical Debt from Credit Reports

The CFPB has actively encouraged state-level action to prohibit medical debt reporting on credit reports, most notably through letters supporting Washington State's SB 5480 and HB 1632. This support comes despite the CFPB's own January 2025 regulation banning medical bills from credit reports nationwide, which currently faces legal challenges in Texas.

Regulatory Context and Preemption Issues

The CFPB's position, clarified in a 2022 interpretive rule, is that state laws providing additional consumer protections beyond the Fair Credit Reporting Act (FCRA) are generally not preempted by federal law. This creates space for states to enact stronger medical debt protections, as seen in:

• Colorado, New York, Maine, and Nevada: States that have already implemented restrictions on medical debt reporting.
• South Dakota and Washington: States currently considering similar legislation with CFPB support.

The CFPB justifies this approach by citing research showing medical debt is less predictive of credit risk than other types of debt and often contains unreliable information due to billing complexities and insurance disputes.

Compliance Recommendations for Credit Reporting and Collection

For organizations involved in credit reporting or debt collection:

1. Track State Legislation: Monitor medical debt bills in all states where you operate, as requirements may vary significantly.
2. Review Reporting Practices: Assess whether medical debt is being reported separately from other debt and whether current practices align with both federal and state requirements.
3. Update Dispute Processes: Ensure systems can handle medical debt disputes efficiently, given the higher likelihood of billing errors.
4. Prepare for Federal Rule Changes: Despite legal challenges, the CFPB's January 2025 regulation signals a clear direction—reducing or eliminating medical debt reporting is becoming the norm.

This area exemplifies how compliance increasingly requires monitoring multiple regulatory layers, similar to the challenges faced with e-invoicing mandates like Italy's FatturaPA (mandatory since 2019) or Poland's KSeF (delayed to February 2026).

Case Study 4: Auto Repossession Rates and Compliance Risks

The CFPB's report on auto repossession trends reveals concerning patterns that could trigger increased regulatory scrutiny. By December 2022, 0.75% of outstanding vehicle loans were assigned for repossession—a 22.5% increase from pre-pandemic levels in December 2019. In a $1.64 trillion auto loan market, these numbers represent significant consumer harm and potential compliance risks.

Key Findings and Consumer Impacts

The CFPB's research identified several troubling trends:

• Increased Third-Party Involvement: Use of repossession forwarders rose from 31% in January 2018 to 66% in December 2022, typically leading to higher costs for borrowers.
• Substantial Post-Repossession Debt: Average outstanding balances after repossession exceeded $11,000 in December 2022, up from over $10,000 in December 2019.
• Broader Financial Consequences: Repossession often leads to loss of transportation, credit score damage, and difficulty securing future credit.

For servicemembers specifically, these trends compound existing vulnerabilities addressed by the MLA and other military consumer protections.

Compliance Recommendations for Auto Lenders

To mitigate repossession-related risks and potential CFPB enforcement:

1. Enhance Loss Mitigation Options: Develop more flexible payment plans, loan modifications, and other alternatives to repossession.
2. Limit Third-Party Costs: If using repossession forwarders, negotiate agreements that minimize additional fees passed to consumers.
3. Improve Disclosure Practices: Clearly communicate repossession risks, costs, and consequences during loan origination and delinquency.
4. Monitor Portfolio Trends: Track repossession rates, costs, and outcomes to identify potential compliance issues before they trigger regulatory action.

These measures align with broader regulatory principles seen in other domains, such as the NIST Cybersecurity Framework 2.0's emphasis on governance and risk management or the EU's Digital Operational Resilience Act (DORA) requirements for financial entities effective January 2025.

Key Takeaways and Strategic Compliance Recommendations

The CFPB's 2025-2026 enforcement actions reveal several consistent themes and compliance priorities:

• Vulnerable Populations Are a Priority: Servicemembers, medical debt holders, and financially stressed borrowers receive particular attention from regulators.
• Process Matters as Much as Outcomes: Proper disclosures, error resolution, and compliance procedures are essential even when consumer harm might seem minimal.
• State and Federal Regulations Interact: As with medical debt reporting, organizations must navigate both layers of regulation, similar to how companies face both GDPR and US state privacy laws.
• Historical Settlements Don't Guarantee Future Immunity: The FirstCash case shows the CFPB will pursue new violations even after previous settlements.

For fintechs, lenders, and financial service providers, building a robust compliance program requires:

1. Continuous Monitoring: Track CFPB announcements, enforcement actions, and regulatory guidance across all relevant areas.
2. Vendor Risk Assessment: Evaluate whether third-party providers (like repossession forwarders or remittance processors) maintain adequate compliance controls.
3. Cross-Functional Training: Ensure that legal, compliance, customer service, and operations teams understand regulatory requirements and their practical implications.
4. Technology Integration: Implement systems that automate compliance checks where possible, from MLA borrower screening to remittance disclosure verification.

Platforms like AIGovHub's fintech compliance tools can help organizations monitor CFPB developments, assess vendor risks, and maintain the comprehensive compliance programs needed in today's regulatory environment. As regulations continue to evolve—from the EU AI Act's full implementation in August 2026 to expanding state privacy laws—proactive compliance management becomes increasingly essential for sustainable business operations.

This content is for informational purposes only and does not constitute legal advice.