ORLANDO, Fla.—In what has become a popular annual tradition–even if it does involve potential liabilities and compliance–four attorneys offered updates to credit union and CUSO leaders on legal and regulatory issues as well as other developments they need to be giving attention, with the focus this year on digital assets, AI, presidential executive orders, the CFPB and Reg B and more.
The comments came during the opening session on “Hot Topics” in CUSOs during the NACUSO Reimagine 2026 meeting in Orlando, with the attorneys all representing Messick Lauer & Smith, which has a long relationship with the trade association as general counsel.
Here’s a look at some of what was shared:
Update on GENIUS, CLARITY Acts, Stablecoins
Federal legislation and proposed regulations governing stablecoins are moving quickly, but key questions remain for credit unions and their CUSOs, according to Mike Mulvey, who attendees that the recently enacted GENIUS Act establishes a federal framework for payment stablecoin issuers and directs regulators to finalize detailed rules later this year.
Under the law, Mulvey said, agencies including the National Credit Union Administration, Federal Deposit Insurance Corporation and Office of the Comptroller of the Currency must outline licensing, operational and compliance requirements for institutions seeking to issue payment stablecoins.
He said the statute requires stablecoins to be fully backed by reserves, along with monthly disclosures, audits and clear redemption rights for holders.
NCUA’s Propose Rule
In February, the NCUA issued a proposed rule addressing licensing for payment stablecoin issuers, Mulvey said. The proposal outlines who may apply—typically the issuing entity and, in some cases, an investing credit union—and emphasizes detailed application requirements, including management background, operational structure and a comprehensive business plan.
“The focus is on demonstrating how the issuer will operate from inception, how coins will be issued, and how reserves—such as cash or short-term Treasuries—will be managed,” Mulvey said.
He added that applicants would have opportunities to meet with regulators during the process and could reapply if initially denied. The NCUA is also expected to release an application manual ahead of a statutory deadline to finalize rules by mid-July, allowing the framework to take effect next year.
Mulvey noted that, for federal credit unions, participation in stablecoin issuance is expected to occur through a credit union service organization, or CUSO, if they choose to invest in or support such entities.
Unresolved Issues
Meanwhile, broader digital asset legislation remains unresolved. Mulvey said the proposed CLARITY Act—which would clarify oversight roles for the Securities and Exchange Commission and Commodity Futures Trading Commission—has stalled in the Senate.
A central sticking point is whether stablecoin holders should be allowed to earn yield. Banking groups have raised concerns that yield-bearing stablecoins could draw deposits away from traditional institutions, while nonbank advocates argue yield is essential for adoption, Mulvey said.
He added that Tom Tillis has предложed a compromise that would limit yield for passive holders but allow it for active, business-related use.
Effects from the Midterms
With midterm elections approaching, Mulvey warned that failure to resolve the issue soon could delay passage of the CLARITY Act until a future Congress.
“Timing is becoming a real factor,” he said, noting that regulatory clarity for digital assets remains a priority for the industry.
AI Needed to Keep Up With AI’s Ramifications
ORLANDO, Fla.—Credit unions and their service organizations must take a disciplined, governance-first approach to artificial intelligence to manage growing legal and compliance risks, Mike Heller told the meeting, remainding that while AI introduces new challenges, traditional risk management principles still apply, beginning with clear accountability, defined decision-making authority and ongoing oversight.
“Governance really starts and stops with accountability and oversight,” Heller said, emphasizing that boards should be actively involved in setting expectations and establishing centralized frameworks for AI use.
Heller urged credit unions to closely scrutinize vendor relationships, particularly around how AI models are trained. Institutions should confirm that vendors have legal rights to use underlying data—whether through ownership or licensing—and that those rights extend to training and refining models.
What Courts are Doing
Courts are increasingly distinguishing between lawfully obtained data and improperly sourced or compromised data, he noted, creating potential liability not only for vendors but also for institutions that deploy those tools.
Employee training is another critical area, Heller said, warning against rushing AI implementation without a clear strategy. Staff must understand both how to use AI tools and the guardrails governing their use, particularly around sensitive information.
He pointed to risks including employees entering confidential or proprietary data into public AI systems, which could result in loss of confidentiality protections or even attorney-client privilege in certain cases.
Heller added that institutions must also address member data privacy, ensuring proper consent and compliance with applicable regulations when using personal information in AI systems.
Keeping a Human in the Loop
From a regulatory standpoint, he said, maintaining a “human in the loop” is essential to validate outputs, monitor for bias or discrimination, and ensure appropriate escalation when issues arise.
He also highlighted emerging concerns such as “poisoned data”—low-quality, biased or malicious inputs that can distort AI outputs—as well as cybersecurity risks tied to third-party vendors. Institutions should implement detection methods and incident response processes to mitigate those threats.
The Need to Adapt
Given the rapid evolution of AI-related laws, regulatory guidance and court decisions, Heller said governance frameworks must be designed to adapt continuously.
“Best practices are changing quickly,” he said, adding that institutions should actively monitor legal developments and update internal policies accordingly.
Heller also addressed employee use of AI tools outside the workplace, noting that institutions should establish clear policies and communication around acceptable use to prevent so-called “shadow AI” risks while still allowing for controlled experimentation.
Making Sense of Executive Orders
A wave of executive orders from the White House is driving a broad federal push to ease regulatory burdens on credit unions, with early efforts focused largely on what one attorney described as “housekeeping” changes, according to, Jennifer Winston, who said a January 2025 executive order titled “Unleashing Prosperity Through Deregulation” has prompted agencies, including NCUA, to review and revise existing rules (see related coverage).
Winston said the NCUA has proposed changes to roughly 30 regulations and interpretive rulings as part of a broader Deregulation Project to eliminate requirements deemed obsolete, duplicative, overly burdensome or more appropriately treated as guidance.
“The goal is to allow credit unions to innovate and better serve members while still maintaining safety and soundness,” she said.
Modest Beginnings
Many of the initial changes are modest, she noted, reflecting both the early stage of the effort and the limitations of the agency’s current single-member board. More substantive reforms could follow once additional board members are in place.
Among the proposed changes is a revision to rules governing indirect auto lending. Current regulations limit how much a federally insured credit union can invest in loans serviced by a third party, capping purchases at 50% of net worth before allowing an increase after a period of experience. The proposal would remove those caps, giving credit unions greater flexibility to align investment levels with their size, complexity and risk tolerance.
Relocation Taking Place
Winston also highlighted plans to relocate certain guidance—such as appendices related to safeguarding member information and disaster response—out of formal regulations and into separate agency communications, such as letters to credit unions. While the expectations would remain, she said, the change is intended to reduce confusion over what constitutes binding requirements.
In addition to deregulation efforts, Winston pointed to a separate executive order aimed at expanding access to mortgage credit. That directive calls on federal financial regulators to ease compliance burdens tied to laws such as the Home Mortgage Disclosure Act, with a focus on helping smaller lenders, including credit unions, compete more effectively in the mortgage market.
The order reflects concerns that regulatory requirements stemming from laws such as Dodd-Frank Act and the Truth in Lending Act have disproportionately affected community-based institutions.
Much Remains Unknown
A related executive order targeting barriers to affordable housing construction focuses primarily on reducing environmental and infrastructure-related regulations that can increase costs and delay development, Winston said.
Overall, she said, the administration’s approach signals a shift toward reducing compliance burdens, though the ultimate impact on credit unions will depend on how far regulators go beyond the initial round of changes.
The CFPB & Reg B
A recent rulemaking tied to a White House executive order could significantly reshape fair lending standards under Regulation B, shifting enforcement toward intent-based discrimination and away from outcomes, Amanda Smith told the meeting
The resulting proposal—expected to take effect July 21 but likely to face delays and possible litigation—drew approximately 64,500 public comments, an unusually high level of feedback for a rulemaking of its kind, Smith said.
At the center of the changes is the elimination of the “disparate impact” standard, which previously allowed enforcement actions when a neutral policy disproportionately affected a protected class. Under the new rule, Smith said, that concept is removed entirely, and the bureau has explicitly stated that the Equal Credit Opportunity Act does not recognize an “effects test.”
“That means courts cannot reinterpret the rule to bring disparate impact back in,” Smith said, adding that the framework will remain in place unless rewritten through a future rulemaking.
Narrowing of Prohibition
The rule also narrows the long-standing prohibition on discouraging applicants from seeking credit. Previously, lenders could face enforcement for statements or practices that might dissuade a reasonable person from applying. The revised standard limits liability to spoken or written statements directed at applicants or prospective applicants and tied more directly to credit decisions.
“It’s a shift away from broad interpretations and toward intent,” Smith said.
The changes also raise the liability threshold, requiring that a lender knew or should have known a statement would lead a reasonable person to believe they would be denied credit or receive less favorable terms based on a protected status.
Stricter Requirements
In addition, the rule imposes stricter requirements on special purpose credit programs, which are designed to extend credit to underserved or protected groups. Institutions using prohibited bases to define such programs would now face heightened documentation and evidentiary standards, potentially limiting their use.
Overall, Smith said, the revisions mark a significant pivot in fair lending enforcement.
“This is a move away from judging outcomes and toward focusing strictly on intent,” she said, noting that credit unions should monitor developments.
