For decades, financial institutions largely structured their compliance strategies around federal regulation. State law always mattered, but federal agencies and federal preemption created a relatively uniform operating framework, particularly for national banks and multi-state institutions.
That balance is shifting. Increasingly, meaningful regulatory momentum is originating at the state level. Legislatures, attorneys general, and state regulators are advancing laws and enforcement initiatives that directly affect banks and credit unions, sometimes in areas traditionally under federal purview.
As states move in different directions, and courts take a narrower view of federal preemption, the regulatory environment becomes less uniform and more operationally complex. Here are some recent examples of this shifting regulatory environment.
Illinois: Interchange Fees & the Limits of Preemption
Illinois’ Interchange Fee Prohibition Act (IFPA) provides a clear example. The law bars card swipe fees on retail taxes and tips. Banking trade groups challenged the statute, arguing that it was preempted by federal law and interfered with national bank authority.
A federal judge upheld the core of the statute, concluding that it was not preempted under the National Bank Act because it regulates the amount that may be collected rather than prohibiting banks from collecting interchange fees altogether. Although certain data-sharing provisions were blocked, the primary fee restriction was allowed to proceed.
The significance of this decision goes beyond Illinois. If other states adopt similar legislation, institutions could face a patchwork of interchange restrictions rather than a consistent national framework. The case also signals that courts may not view all state fee regulation as automatically preempted, even when national banks are involved.
Pennsylvania: State Legislation with Operational Impact
In Pennsylvania, a coalition of community banks and credit unions has opposed HB 2090, a bill proposing to ban swipe fees on the PA sales-and-use-tax portion of a card transaction, arguing that the bill would create confusion and operational disruption for businesses and consumers. Regardless of the outcome, the episode underscores how state-level proposals can require significant compliance and systems adjustments independent of federal action.
For institutions operating in multiple states, legislative developments in one jurisdiction can quickly influence risk exposure elsewhere, either through copycat legislation or through impacts on customers, vendors, and counterparties.
New York: Employment Law as a Financial Institution Issue
The shift toward state-driven regulation is not limited to lending or fee practices. New York restricts most employers from running credit checks on employees and job applicants, subject to narrow exemptions. Financial institutions must carefully assess whether particular roles qualify and ensure that internal hiring policies are aligned with state requirements.
This type of law illustrates how regulatory exposure increasingly extends beyond traditional banking activities. Employment practices, data governance, and operational controls are all becoming areas where state law can directly affect institutional risk.
Narrower Preemption, Broader State Authority
Recent judicial developments have reinforced this movement. Courts are applying a more fact-intensive analysis when evaluating federal preemption, focusing on whether a state law “prevents or significantly interferes” with national bank powers rather than assuming broad federal displacement of state authority.
As that standard is applied more narrowly, federally chartered institutions face greater exposure to state experimentation. Compliance strategies that were built on the expectation of uniform federal rules may no longer provide sufficient protection.
What This Means for Financial Institutions
The implications are structural and require more than incremental compliance adjustments.
- Compliance monitoring and audits must expand beyond Washington: Federal rulemaking calendars are no longer enough. Institutions need structured processes to track state legislative sessions, attorney general activity, and emerging enforcement themes across jurisdictions where they operate, or where their customers and employees are located.
- Product design must be state-aware: Fee structures, interchange practices, small-dollar lending programs, and credit reporting policies may be federally compliant yet create risk under certain state statutes. Scenario analysis and, in some cases, state-specific disclosures or system configurations may be necessary.
- Employment and operational policies require multi-state review: Laws governing credit checks, privacy, data usage, and consumer communications increasingly originate at the state level. Remote employees and digital platforms expand exposure beyond physical branch locations.
- Geographic risk should be reassessed strategically: Regulatory exposure now varies meaningfully by state based on legislative priorities and enforcement philosophy. Boards and executive teams should evaluate which jurisdictions present elevated regulatory risk and incorporate that analysis into growth and product strategy decisions.
- Governance structures may need to evolve: A centralized compliance model built around federal uniformity may no longer be sufficient. Institutions should consider whether they have the internal coordination and state-level expertise necessary to respond quickly to divergent regulatory developments.
- Advocacy: Much of this state-by-state rulemaking is the result of specific, targeted lobbying efforts by industry groups, such as those representing retailers for example. Financial institutions should consider their involvement in industry groups and in their advocacy and lobbying efforts. Sitting on the sidelines while these changes develop around you may present more risk than pro-actively advocating for your interests.
The broader takeaway is that federal compliance remains necessary, but it is no longer sufficient. As regulatory gravity shifts toward the states, institutions must proactively adjust their monitoring, advocacy, governance, and product strategies.
If you have any questions or are interested in learning more, we are here to help. Please do not hesitate to reach out to discuss your specific situation.
This material has been prepared for general, informational purposes only and is not intended to provide, and should not be relied on for, tax, legal or accounting advice. Should you require any such advice, please contact us directly. The information contained herein does not create, and your review or use of the information does not constitute, an accountant-client relationship.
