(Note - all views are those of Fintech Compliance Chronicles/my personal views and not affiliated with any other organization)

Happy New Year! I hope everyone had a great time off. As folks make their way back from vacations and holidays, we will begin attacking our queue of promised writeups, with our first bit of coverage being a 2025 preview (which will likely require several parts).

Today in part 1 - our first order of business is to look at what we can expect from the Trump Administration as it prepares to take office, given the change of administration will have an impact on numerous regulatory bodies and pending regulations, which in turn will have an impact on a number of established fintechs, fintech startups, banks and other institutions. There are some great pieces that have touched upon what we can expect, but today we plan to take a different and potentially controversial angle at this question of “What’s next” that has been asked quite a bit since November - using the Project 2025 playbook to inform us on what we could see. Trump himself has denied links to the initiative, but many of the authors were in his past administration and many will be involved in the new administration.

Disclaimer: I fully recognize and acknowledge that we live in divisive times, and that many folks are currently concerned and even worried about what to expect with the next administration beyond just fintech compliance - with immigration, government benefits, and more on top of people’s minds. I want to let those readers know I hear your concerns and in no way trivialize them. This piece today is not to dismiss those concerns at all - but our focus here is on consumer banking/fintech regulation and so while we dig into the playbook to try and make sense of what to expect, we don’t do this to offer any position on the administration or agenda. Our goal is to try and help you the reader - whether you are an operator, investor, compliance professional, or consumer - by breaking it down.

What is Project 2025?

In a nutshell, Project 2025 is an ambitious initiative by The Heritage Foundation to lay out a game plan for the next conservative presidential administration. Think of it as a giant roadmap covering everything from economic policy to regulatory shake-ups, aimed at reshaping how the U.S. government operates.

According to their materials, it includes a policy guide called “Mandate for Leadership” and a training program for future appointees—essentially a way to get conservative-minded people ready to step into government roles on day one. They’ve also built a network of over 75 conservative organizations to back the whole thing.

Who is the Heritage Foundation?

The Heritage Foundation is a conservative think tank that advocates for limited government, free enterprise, and traditional American values. Founded in 1973, it’s one of the most influential voices in conservative politics, credited with crafting Reagan-era policies like tax cuts and defense strategies.

What makes Heritage stand out is how it packages its ideas. Instead of just churning out dense academic papers, they aim to deliver actionable policy blueprints, like Mandate for Leadership, which has seen nine versions, culminating in Project 2025. The first version became a key playbook for Reagan’s administration and around 60% of the proposals were implemented in the first year he was in Office. There have been various versions released over the years, with the last one coming out in July 2020 assuming Trump would be re-elected. The latest edition has been labeled as Project 2025, essentially the eighth follow-up to the original Mandate.

When was it published?

The playbook was published on April 21, 2023, setting the stage for a conservative administration long before the outcome of the 2024 election was decided. When Trump won in November, the playbook transitioned from strategy to action, with nearly 20,000 vetted personnel profiles ready to staff key roles across the government.

Interestingly, Kevin Roberts, Heritage’s president and a driving force behind the project, delayed his book, Dawn’s Early Light: Taking Back Washington to Save America, until after the election. One could argue that the timing wasn’t just strategic—it was deliberate, keeping the focus on the plan rather than the personalities behind it. On November 12, 2024, it was released.

Why does this matter now?

Because it’s no longer just a think tank idea—it’s about to become the playbook for Trump’s administration. Trump’s win, particularly with voters who’ve historically leaned Democratic, could push his administration to lean into their view of this as a mandate and give this agenda more room to operate than anyone expected.

At the same time, the project is facing plenty of pushback. Awareness jumped massively before the election, but the policies themselves aren’t exactly popular—especially with younger voters and women. Some see it as a power grab or a threat to democracy. For fintech, the big question is whether this public opposition slows down or derails parts of the agenda, especially the pieces tied to regulation and oversight.

How is it relevant to fintech compliance?

For fintech compliance, this could mean some big changes. For instance, Project 2025 talks about rolling back regulations from agencies like the CFPB and FTC, which could directly impact how fintechs handle compliance and oversight.

It’s not just about fewer regulations—it’s also about how fintechs adapt to a potentially new way of doing business. For example, if agencies like the CFPB face restructuring or reduced enforcement power, the responsibility for consumer protection and risk management might shift more heavily onto the fintechs themselves. This could mean less oversight in some areas but also more scrutiny in others, particularly as state regulators or private litigators step in to fill the gaps. Fintech companies might need to rethink their compliance strategies entirely, balancing innovation with an increased focus on self-regulation and risk mitigation. Whether all of this is good or bad depends on your perspective - regardless, something to keep an eye on if you’re in the space.

Who are the key authors involved, and what is their background?

There are a number of names that were involved in crafting the full document, but the two names to focus on are David Burton and Robert Bowes.

Burton is one of the biggest players involved in crafting the entire document, having the distinction of being the only person who authored more than one chapter/section of this document, with his co-contribution coming in the Treasury section/chapter and his solo contribution being the section on the SEC and “related agencies” (excluding the CFPB). He works directly for the Heritage Foundation and has been with them for over 11 years, focusing on securities regulation, tax policy, entrepreneurship, financial privacy, and even climate-related financial risks. He’s not just about theory—he is an attorney with a background including time as General Counsel for the National Small Business Association and leadership roles in business and tax policy at the U.S. Chamber of Commerce.

A look at his Linkedin reveals advocacy around a fairly consistent set of conservative principles - lower taxes, less government, pro-free market - but there are some interesting publications/events in there, like his Newsweek piece from nearly 8 years ago, “No Get-Out-of-Jail-Free Card for Bankers” and going after AML regulation from the angle of Financial Privacy, which is a common regulatory clash that frequently comes up when evaluating how to be a compliant institution.

Bowes is a bit more on-the-nose and what one might expect from the Trump Administration, in terms of a heavy presence on Twitter and actively and publicly engaging on all the major focus points of MAGA-world that are unrelated to banking/fintech policy (i.e. Hunter Biden, illegal immigration, election fraud, etc). His past positions give him credibility - he brings a mix of legal, financial, and political expertise to the table. During the Trump administration, he served as Senior Counsel for the Senate Judiciary Committee and later as Senior Advisor at HUD, where he worked on policy initiatives and advised key figures like Stephen Miller. His career also includes time at heavyweights in finance like Chase Manhattan Bank and Fannie Mae.

Bowes is no casual observer of Trump-era politics. He was a Field Director for Trump’s 2016 campaign and played a significant role in advancing the administration’s deregulatory agenda, including his advocacy for abolishing the CFPB (which is the chapter that he focuses on). Unfortunately for him, he’s also pretty well known for controversy stemming from dubious stock trades that emerged at the time he was nominated to head the CFTC - at a minimum, this seemed like day trading which raised questions about what he was doing at HUD on the taxpayer’s dime.

Where in the Project 2025 playbook do we find details about Fintech Compliance?

As stated earlier, there are two key sections where we get into our usual area of focus, consumer fintech compliance and regulation. The first is Section 4 - The Economy, specifically in Part 22 - talking about Treasury (which for us is honed in on FinCEN and the OCC). What stands out is the following:

• A statement laying out the intent to reform the AML and beneficial ownership systems - digging deeper into this, there isn’t much on AML itself but the real target is FinCEN and how it operates. The playbook calls FinCEN out for a few things - 1) having no consideration for the economic effects of its work - exactly what this is, isn’t described 2) no cost benefit analysis on its work, including operations and penalties/revenues 3) lax oversight by Congress and Treasury 4) they demand transparency but they are opaque, with their recent cessation of annual reporting and not providing CTR data. For beneficial ownership, rules were implemented as part of the PATRIOT Act in 2001 with the onus being on financial institutions needing to identify this as part of Customer Due Diligence (CDD). In 2021, Congress passed the NDAA which included the Corporate Transparency Act (CTA). This puts the onus on a number of businesses to report their beneficial ownership identity information directly to FinCEN. This rule is called out as “poorly drafted” although it’s unclear if the playbook is referring to the CTA or the original rule in 2001.

• There is also a proposal to merge the OCC, FDIC, NCUA and FRB. This is interesting - each of these agencies performs different functions and has different focus areas - however, by merging them there is a likely risk that the informed oversight and technical focus will become diluted. On the flip side, this is probably a good thing from the perspective of banks that have to work with 1, 2, 3 or more regulators at the national level. There isn’t any reason or justification given for why this is proposed.

In Section 5 - Financial Regulatory Agencies - Burton continues by focusing on the SEC. Two things that stand out which are pretty massive:

• A proposal to get rid of the PCAOB - remember, this organization came into being as a direct response to the Enron and Arthur Andersen scandals in the early 2000s, along with having oversight over public accounting firms. There is no reasoning given behind this proposal either, and the assumption is that the authors think that whatever the state of the accounting profession and public company financial statement compliance was, the risks no longer require dedicated focus on this. I will say, with respect to Sarbanes Oxley compliance this could be something to rally behind, but I’d argue the ethical and independence requirements that it imposes and the general oversight are still valuable and should be concentrated in a dedicated body, as opposed to just rolling its functions into the SEC which is what is proposed, which would yet again pack an already crowded organization with even more work.

• The playbook proposes that the SEC affirmatively state that digital assets are not a security. While this has been a common ask floating around the crypto space and beyond ever since Bitcoin exploded in the mid-2010s, the exchanges like Binanace, Coinbase, and so many others and how they handle trading activity reveals the challenge with this argument. Crypto traders almost never buy digital assets directly from the issuer and directly into their wallets. Most of the time, crypto purchased on exchanges will sit on the exchange until withdrawn, at which point it becomes an asset/commodity. While this is a compelling argument/ask, there really isn’t much dedicated to discussing this point other than stating the demand.

Bowes then closes the focus on regulatory bodies and fintech consumer compliance by focusing on the CFPB, going straight for the jugular by saying it should be abolished altogether (and not replaced, just done away with). Given the playbook was published before the CFSA decision from the Supreme Court that basically affirmed the Bureau’s funding and in turn all but says it has a right to exist, this passage likely won’t apply. However, Bowes does throw in a caveat that basically says “If you can’t get rid of it, then here’s all the other stuff you could do” with the following proposed:

• Funds not paid out to consumers and collected as penalties from CFPB consent orders should go to the Treasury department and not to the CFPB itself

• Section 1071, which was an enhancement to Reg B/ECOA to collect information about and provide opportunities to obtain credit for minority-owned, women-owned and small business, is proposed to be repealed. This is almost certainly based on ideology, as the playbook (and modern conservatism in general) pushes back hard against what they see as “woke philosophy” getting mixed into regulations and governance. The rule has seen publication in a final format, so this would require Congress to vote to repeal it. Congress in fact did try this in 2023, only to be vetoed by President Biden with an attempt to overturn the veto unsuccessful. GIven the full control of Congress and the White House by the Republicans, and given the Republican-led House has shown its hand by trying to repeal this in the past, we expect this rule to be overturned pretty early into the Trump Administration.

• Funds spent on enforcement actions should only be spent on those that tie to rulemaking that complies with the Administrative Procedures Act. This is a direct reference to interpretative rules, advisory opinions, CFPB circulars, and compliance aids (click for examples of each).

• The last bit relevant to us is focused on UDAAP - with the ask to specify exactly what this means in the context of CFPB’s enforcement. This does align with some criticism regarding UDAAP enforcement, that the interpretation of it by the Bureau at times is so broad and nebulous that it could refer to any instance of anything a customer doesn’t think is fair.

Further Reading

There isn’t really much else directly relevant in the playbook to Fintech Compliance per se, but here is some further reading on this and other topics that we think you’ll find useful or are written by folks way smarter than me:

• Project 2025 - Mandate for Leadership - The full text of the Playbook

• Project 2025 Assistant

• The CFPB in 2025: What to Expect Following the Election | Husch Blackwell

• Trump's appointment of Sacks bodes well for smarter fintech regulation | American Banker

• Trump's First 100 Days: Banking & Financial Services: Stinson LLP Law Firm

Next time, in part 2 of our 2025 preview - a look at expected big moves in the industry in the upcoming year, with the Discover/Cap One potential merger at the top of the list. Thanks for joining us!