Last fall, I suspect that most regulatory compliance professionals in the U.S. consumer lending market anticipated 2017 would be more of the same. This meant a continued focus on implementation of recently adopted rules, while bracing for a wave of new regulations from the federal banking agencies. Everything changed on November 8. The unexpected election of Donald Trump resulted, in many cases, in a 180-degree course correction. The Trump administration, bolstered by the reelection of a Republican majority in both houses of Congress, has fostered a new environment that is expected to promote de-regulation. While I won’t ever be mistaken for Nostradamus, amidst this regulatory sea change, I feel (relatively) confident in sharing with you my top regulatory compliance predictions for 2017. A little-known law will have big impact on regulation. Haven’t heard of the Congressional Review Act (CRA)? You are not alone. This obscure statutory provision was adopted in 1996 as part of the Small Business Regulatory Enforcement Fairness Act. Under the CRA, before a new regulation takes effect, Congress can take action (through a simple majority vote) on a joint resolution disapproving of the rule. If approved in both houses, the resolution is sent to the President for signature or veto. To date, the CRA has only been used successfully one time. In fact, on several occasions during the past two years, Congress passed joint resolutions disapproving of a new regulation only to have President Obama veto the resolutions. Republicans did not have the 2/3 vote majority needed to override the President’s veto. All of this changed with the election of Donald Trump. President Trump would likely sign any such resolution adopted by the Republican Congress. This means that the future fate of controversial rulemaking, such as the CFPB’s arbitration and small dollar lending proposals that began under a Democratic administration, will be subject to the Republican Congress’ potential use of the CRA. How this will change the content of future regulations is anyone’s guess, but it now must be factored into the equation when federal agencies issue final rules. A patchwork quilt of cybersecurity rules will emerge. As the federal government races to address growing cybersecurity concerns, financial institutions will likely have to navigate through a growing number of federal and state cybersecurity regulations in the upcoming year. We’ve already seen several early indications of this. The FDIC, Fed and OCC recently initiated the process for drafting new cybersecurity regulations for banks with assets exceeding $50 billion. Also in 2016, federal agencies like the Commodity Futures Trading Commission and the Department of Defense issued cybersecurity-related rules. However, perhaps the most noteworthy development was the issuance of a first-of-its kind cybersecurity regulatory proposal by the New York Department of Financial Services, which regulates banks, insurance companies and other financial services entities. As I’ve blogged previously, this has the potential to be a game changer, by requiring regulated entities to adopt the most prescriptive requirements seen to date. While New York has recently revised its cybersecurity rule in an effort to address widespread industry concerns (public comments are due at the end of January with an effective date of March 1, 2017), its actions will likely spark more activity in this area from other states. New FCC leadership will provide much-needed TCPA relief. As I have previously written, the Federal Communications Commission has not provided much relief for those seeking legal clarity when using modern technology to communicate important non-telemarketing messages to customers’ mobile phones (e.g., fraud alerts) in accordance with the 1991 Telephone Consumer Protection Act (TCPA). Under Chairman Tom Wheeler’s leadership, FCC actions have been widely criticized as further chilling the use of text and automated messagi