At a Glance
- Companies should understand whether and how immigration-related information is considered in underwriting decisions and ensure those practices are supported by appropriate policies, documentation, and controls.
- Fintech companies that rely on automated underwriting models or alternative data sources should be prepared to explain how material risk factors are evaluated and incorporated into credit decisions.
- Fintechs and financial institutions may wish to review their lending, onboarding, compliance, and risk management frameworks in light of these developments.
Recent guidance from the Consumer Financial Protection Bureau (CFPB) and the Financial Crimes Enforcement Network (FinCEN) on June 5, 2026, highlights the compliance challenges that can arise when financial institutions collect or rely on immigration-related information.
On June 5, 2026, the CFPB issued a policy statement addressing how immigration-related considerations may factor into a creditor's ability-to-repay analysis under the Truth in Lending Act (TILA) and Regulation Z. The CFPB emphasized that ability-to-repay determinations are forward-looking and should account for information that may reasonably affect a consumer's future ability to generate income and repay a loan.
According to the CFPB, where a consumer's future ability to earn income depends on continued authorization to work in the United States, immigration-related information may be relevant to a creditor's assessment of repayment risk. The CFPB declined to establish bright-line rules based on specific immigration statuses and instead emphasized individualized underwriting decisions based on the facts and circumstances of a particular application.
Importantly, the CFPB did not authorize blanket denials based on noncitizen status or the use of an Individual Taxpayer Identification Number (ITIN). Creditors remain subject to the Equal Credit Opportunity Act (ECOA), Regulation B, and applicable fair lending requirements when considering immigration-related information.
Separately, FinCEN, in coordination with the federal banking agencies and the Internal Revenue Service (IRS), issued an advisory addressing fraud, payroll, and money laundering risks associated with the unlawful employment of unauthorized workers. The advisory discusses red flags that may indicate suspicious activity and reminds financial institutions of their obligations to maintain effective anti-money laundering (AML) programs and file Suspicious Activity Reports (SARs) where appropriate.
Although the CFPB's statement was issued in the context of mortgage lending, both releases underscore the need for financial institutions, fintech companies, and other financial services providers to understand how immigration-related information is collected, used, and governed across underwriting, fraud prevention, AML, and compliance functions.
Key Considerations for Fintechs and Financial Services Providers
Review underwriting policies and procedures. Companies should understand whether and how immigration-related information is considered in underwriting decisions and ensure those practices are supported by appropriate policies, documentation, and controls.
Evaluate fair lending risk. The use of immigration-related information, citizenship information, or ITINs may create fair lending considerations. Companies should review policies, procedures, and automated decisioning tools to ensure compliance with ECOA and Regulation B.
Assess model governance and documentation. Fintechs that rely on automated underwriting models or alternative data sources should be prepared to explain how material risk factors are evaluated and incorporated into credit decisions.
Review AML and fraud controls. FinCEN's advisory serves as a reminder to assess customer onboarding, transaction monitoring, and suspicious activity escalation procedures, particularly where employment-related information or ITINs may be involved.
Coordinate compliance functions. Underwriting, fair lending, fraud, and AML teams often review overlapping information for different purposes. Companies should ensure that policies are aligned and applied consistently across the organization.
In Conclusion
While neither development creates entirely new compliance obligations, both provide insight into how federal regulators are evaluating underwriting, fraud prevention, fair lending, and AML controls. Fintech companies and financial institutions may wish to review their lending, onboarding, compliance, and risk management frameworks in light of these developments.
