FHFA Rescinds UDAP Oversight Bulletin and SPCP-Based Renter Protections

The Federal Housing Finance Agency (FHFA) has taken two significant deregulatory steps affecting its oversight of the government-sponsored enterprises, Fannie Mae and Freddie Mac (GSEs). The agency rescinded a 2024 advisory bulletin asserting its authority to regulate unfair or deceptive acts or practices (UDAP) by Fannie Mae and Freddie Mac. Additionally, the FHFA withdrew renter protection requirements—previously scheduled to take effect on May 31—for multifamily loans made through Special Purpose Credit Programs (SPCPs) backed by the GSEs.
UDAP Advisory Bulletin Rescinded
FHFA stated that enforcement of unfair or deceptive acts or practices should remain with the FTC, which is the primary administrator of Section 5 of the FTC Act. The agency emphasized its focus on the safety and soundness of the GSEs, rather than duplicating existing consumer protection authority.
The rescinded bulletin had stated that FHFA would evaluate whether the GSE’s actions or inactions could be considered unfair or deceptive under established standards, and would hold the enterprises accountable if they facilitated or failed to prevent such conduct. It also emphasized UDAP concerns could arise in connection with third-party servicers or counterparties acting on behalf of GSEs. By revoking the bulletin, FHFA clarified that it does not intend to impose separate or parallel UDAP obligations on the enterprises beyond those enforced by the FTC or CFPB.
SPCP-Based Tenant Protections Withdrawn
FHFA has formally reversed course on renter protections that were previously tied to multifamily loans issued through SPCPs backed by GSEs. These conditions, which had been scheduled to take effect on May 31, would have required landlords to implement a five-day grace period before charging late fees and to provide at least thirty days’ notice before modifying lease terms.
The protections were introduced as part of the GSEs’ Equitable Housing Finance Plans and were aimed at improving housing stability for very low-, low-, and moderate-income renters. FHFA’s current leadership characterized the requirements as exceeding the agency’s role and stated that lease-related protections should be governed by state and local law.
Putting It Into Practice: The FHFA’s recission of its UDAP bulletin and SPCP-based renter protections reflects a shift toward a narrower role for the agency, centered on institutional supervision and market stability. Financial institutions should continue look to the FTC, CFPB, and state regulators for UDAP enforcement, tenant protection standards, and other consumer-facing compliance obligations.
Listen to this post

Virginia Governor Vetoes Rate Cap and AI Regulation Bills

On March 25, Virginia Governor Glenn Youngkin vetoed two bills that sought to impose new restrictions on “high-risk” artificial intelligence (AI) systems and fintech lending partnerships. The vetoes reflect the Governor’s continued emphasis on fostering innovation and economic growth over introducing new regulatory burdens.
AI Bias Bill (HB 2094)
The High-Risk Artificial Intelligence Developer and Deployer Act would have made Virginia the second state, after Colorado, to enact a comprehensive framework governing AI systems used in consequential decision-making. The proposed law applied to “high-risk” AI systems used in employment, lending, and housing, among other fields, requiring developers and deployers of such systems to implement safeguards to prevent algorithmic discrimination and provide transparency around how automated decisions were made.
The law also imposed specific obligations related to impact assessments, data governance, and public disclosures. In vetoing the bill, Governor Youngkin argued that its compliance demands would disproportionately burden smaller companies and startups and could slow AI-driven economic growth in the state.
Fintech Lending Bill (SB1252)
Senate Bill 1252 targeted rate exportation practices by applying Virginia’s 12% usury cap to certain fintech-bank partnerships. Specifically, the bill sought to prohibit entities from structuring transactions in a way that evades state interest rate limits, including through “rent-a-bank” models, personal property sale-leaseback arrangements, and cash rebate financing schemes.
Additionally, the bill proposed broad definitions for “loan” and “making a loan” that could have reached a wide array of service providers. A “loan” was defined to include any recourse or nonrecourse extension of money or credit, whether open-end or closed-end. “Making a loan” encompassed advancing, offering, or committing to advance funds to a borrower. In vetoing the measure, Governor Youngkin similarly emphasized its potential to discourage innovation and investment across Virginia’s consumer credit markets.
Putting It Into Practice: The vetoes of the High-Risk Artificial Intelligence Developer and Deployer Act (previously discussed here) and the Fintech Lending Bill signal Virginia’s preference for a more flexible, innovation friendly-oversight. This development aligns with a broader pullback from federal agencies with respect to oversight of fintech and related emerging technologies (previously discussed here and here). Fintechs and consumer finance companies leveraging AI should continue to monitor what has become a rapidly evolving regulatory landscape.
Listen to this post 

Pennsylvania AG Alleges Mortgage Brokers Engaged in Illegal Referral Scheme

On January 17, the Pennsylvania Attorney General filed a civil enforcement action in the U.S. District Court for the Eastern District of Pennsylvania against a group of mortgage brokers and their manager, alleging that they operated an unlawful referral scheme in violation of the Real Estate Settlement Procedures Act (RESPA), the Consumer Financial Protection Act (CFPA), and Pennsylvania’s Unfair Trade Practices and Consumer Protection Law.
According to the complaint, the defendants offered real estate professionals a mix of financial incentives—such as discounted shares in a joint venture mortgage company, event tickets, and luxury meals—in exchange for directing clients to affiliated mortgage brokerages. These referral arrangements were not disclosed to homebuyers.
The Attorney General alleges that the defendants:

Improperly transferred ownerships interests. Real estate agents were offered discounted, nonvoting shares in affiliated mortgage companies to incentivize referrals, in violation of RESPA and state consumer protection law kickback prohibitions.
Provided high-value entertainment. Agents allegedly received event tickets and luxury dinners in exchange for steering homebuyers, conduct the Attorney General contends violates RESPA and constitutes unfair and deceptive acts under the CFPA.
Disguised payments as legitimate business deals. The scheme was structured to appear as stock sales and profit distributions to conceal kickbacks, allegedly violating RESPA and both federal and state consumer protection statutes.
Failed to meet disclosure requirements. The defendants allegedly did not comply with the legal standards for affiliated business arrangements under RESPA, depriving consumers of material information and transparency.

The lawsuit seeks injunctive relief, restitution, civil penalties, and recovery of attorneys’ fees.
Putting It Into Practice: This state enforcement continues the trend of states ramping up regulation and enforcement of financial services companies (previously discussed here and here). As certain states continue to align themselves with the CFPB’s January recommendations encouraging states to adopt and apply the “abusive” standard under the CFPA (previously discussed here), we expect to see more states ramp up their consumer financial protection efforts.
Listen to this post

RIP Overdraft Rule?

Last month, bills were introduced in the House and Senate to overturn the much-maligned CFPB overdraft rule. You can find our previous write-up on the rule here. The rule would redefine “finance charge” under Regulation Z to sweep up overdraft fees charged by “Very Large Financial Institutions” (total assets exceeding $10 billion). Unless covered entities charged a “breakeven” fee (calculated through a head-spinning formula) or a “benchmark” fee ($5), they would have to treat overdraft fees as an extension of credit under the Truth in Lending Act (i.e., issue a bunch of onerous disclosures).
The rule was questioned when it came out in January 2024—an issue we previously addressed. Several banks ran to court as soon as the final rule was promulgated in December 2024. As we explained, the rule carried potentially drastic consequences that would create exposure beyond overdraft fees and beyond Very Large Financial Institutions.
When former CFPB Director Rohit Chopra unveiled this rule at the beginning of an election year, he probably didn’t anticipate a Republican sweep of Congress and the White House. But, given November’s results, yesterday’s outcome shouldn’t be a surprise: The Senate voted 52-48 to eliminate the overdraft rule pursuant to the Congressional Review Act (5 U.S.C. § 801). If the companion measure passes the House, the matter will go to President Trump’s desk for his signature. If both of those things happen, the overdraft rule cannot be resurrected again except by an act of Congress.
That’s what we expect to happen. But it’s not certain. Overdraft fees may draw the ire of populist elements within the Republican Party. Note that Sen. Josh Hawley broke rank to vote against the measure.
Stay tuned. We’ll keep track of this issue.

FDIC Aims to Eliminate Reputational Risk from Supervision

On March 24, acting FDIC Chairman Travis Hill informed Congress that the agency is preparing to eliminate the use of “reputation risk” as a basis for supervisory criticism. In a letter to Rep. Dan Meuser (R-Pa.), Hill explained that the FDIC has completed a review of its regulations, guidance, and examination procedures to identify and remove references to reputational concerns in its supervisory framework.
Hill stated that the FDIC will propose a rule that ensures bank examiners do not issue supervisory findings based solely on reputational factors, which have faced criticism from lawmakers who argue the concept has been used to discourage banking relationships with lawful but politically sensitive industries.
The FDIC is also reevaluating its oversight of digital asset activities. According to Hill, the agency intends to replace a 2022 policy requiring FDIC-supervised institutions to notify the agency and obtain supervisory feedback before engaging in crypto-related activities. The new approach will aim to provide a clearer framework for banks to engage in blockchain and digital asset operations, so long as they maintain sound risk management practices. Hill noted that the FDIC is coordinating with the Treasury Department and other federal bodies to develop this updated framework.
Putting It Into Practice: This initiative closely mirrors the OCC’s recent decision to eliminate reputational risk as a factor in bank supervision (previously discussed here). Both agencies appear to be responding to criticism that reputational concerns have been used to discourage banking relationships with lawful but disfavored industries. Banks should prepare for changes in examination procedures and evaluate how these developments may impact their compliance strategies.
Listen to this post

FTC Orders Fintech Company to Pay $17 Million for Allegedly Deceptive Subscription Practices

On March 27, the FTC announced that a fintech company offering cash advances through a mobile app has agreed to pay $17 million to resolve allegations that it violated the FTC Act and the Restore Online Shoppers’ Confidence Act (ROSCA). The FTC alleged that the company misrepresented the availability and cost of its services and failed to obtain consumers’ express informed consent before charging recurring subscription fees.
According to the FTC’s complaint, the company marketed its services as free and interest-free, but required users to enroll in a paid subscription plan, often without their knowledge. Consumers allegedly encountered barriers to cancellation, including disabled links and unclear steps, which resulted in unauthorized recurring charges.
Specifically, the lawsuit outlines several alleged deceptive practices, including:

Misleading “no-fee” marketing. The company advertised cash advances as fee-free, but consumers were required to enroll in a paid subscription to access the service.
Delayed access to funds. Although the company promoted instant fund transfers, consumers allegedly had to pay an additional expedited delivery fee to receive funds quickly.
Recurring charges without consent. The company allegedly failed to obtain consumers’ express informed consent before initiating subscription charges.
Insufficient disclosure of trial terms. Consumers were automatically enrolled in a paid subscription following a free trial, without clear and conspicuous disclosures.
Obstructive cancellation process. Some users were allegedly unable to cancel within the app, and others encountered unnecessary and cumbersome hurdles when attempting to prevent further charges.
Retention of charges after cancellation. The FTC alleged that the company kept charging users even after they attempted to cancel their subscriptions.

Under the stipulated order, the company must pay $10 million in consumer redress and a $7 million civil penalty. The company is also expressly barred from misrepresenting product features, charging consumers without affirmative express consent, and using designs that impede cancellation.
Putting It Into Practice: While the CFPB and state regulators continue to recalibrate their supervisory priorities, the FTC has remained consistent in its focus on unfair or deceptive acts and practices. This enforcement underscores the FTC’s longstanding commitment to stamping out deceptive marketing practices (previously discussed here, here, and here). While the CFPB has taken a step back, the FTC has continued its aggressive enforcement posture. Companies should review this enforcement action with an eye towards their own marketing practices.

SEC Creates New Tech-Focused Enforcement Team

On February 20, the SEC announced the creation of its Cyber and Emerging Technologies Unit (CETU) to address misconduct involving new technologies and strengthen protections for retail investors. The CETU replaces the SEC’s former Crypto Assets and Cyber Unit and will be led by SEC enforcement veteran Laura D’Allaird.
According to the SEC, the CETU will focus on rooting out fraud that leverages emerging technologies, including artificial intelligence and blockchain, and will coordinate closely with the Crypto Task Force established earlier this year (previously discussed here). The unit is comprised of approximately 30 attorneys and specialists across multiple SEC offices and will target conduct that misuses technological innovation to harm investors and undermine market confidence.
The CETU will prioritize enforcement in the following areas:

Fraud involving the use of artificial intelligence or machine learning;
Use of social media, the dark web, or deceptive websites to commit fraud;
Hacking to access material nonpublic information for unlawful trading;
Takeovers of retail investor brokerage accounts;
Fraud involving blockchain technology and crypto assets;
Regulated entities’ noncompliance with cybersecurity rules and regulations; and
Misleading disclosures by public companies related to cybersecurity risks.

In announcing the CETU, Acting Chairman Mark Uyeda emphasized that the unit is designed to align investor protection with market innovation. The move signals a recalibration of the SEC’s enforcement strategy in the cyber and fintech space, with a stronger focus on misconduct that directly affects retail investors.
Putting It Into Practice: Formation of the CETU follows Commissioner Peirce’s statement on creating a regulatory environment that fosters innovation and “excludes liars, cheaters, and scammers” (previously discussed here). The CETU is intended to reflect that approach, redirecting enforcement resources toward clearly fraudulent conduct involving emerging technologies like AI and blockchain.
Listen to the Post 

CFPB Moves to Vacate ECOA Settlement Against Illinois-based Mortgage Lender

On March 26, the CFPB filed a motion to vacate its recent settlement against an Illinois-based mortgage lender accused of engaging in discriminatory marketing practices in violation of the Equal Credit Opportunity Act (ECOA) and the Consumer Financial Protection Act (CFPA). The lawsuit, initially filed in 2020, alleged that the lender’s public radio advertisements and commentary discouraged prospective applicants in majority- and minority- Black neighborhoods from applying for mortgage loans.
In its original complaint, the CFPB claimed the mortgage lender had violated fair lending laws by making repeated on-air statements that allegedly discouraged individuals in certain predominantly minority neighborhoods from seeking credit, and by failing to market its services in a manner that would affirmatively reach those communities. According to the CFPB, this conduct constituted unlawful discouragement under the ECOA and CFPA, even where no formal credit application had been submitted. That decision was challenged on appeal and later upheld by the 7th Circuit which found that ECOA also applies to prospective applicants. After losing on appeal, the lender settled the action for $105,000. 
Acting Director Russel Vought explained in a March 26 press release that the CFPB “abused its power, unfairly tagged the lender as racist with “zero evidence”, and spent years persecuting and extorting the lender “all to further the goal of mandating DEI in lending via their regulations by enforcement tactics.”
Putting It Into Practice: The CFPB’s order is the latest example of the Bureau reversing course on enforcement actions initiated under the previous administration (previously discussed here and here). This is the rare instance of a federal regulator ripping up an action that was already settled. Perhaps even more noteworthy, the lawsuit against the mortgage lender was filed under the first Trump administration.
Listen to this post

Kryptofonds in Deutschland – Was Verwahrstellen und Kapitalverwaltungsgesellschaften (voraussichtlich) beachten müssen

Das Inkrafttreten des Zukunftsfinanzierungsgesetzes markierte bereits 2023 die Geburtsstunde der „Kryptofonds“ in Deutschland, indem die unmittelbare Anlage in Kryptowerte auch für Publikumsfonds (i.S.d. §§ 221 bzw. 261 KAGB) ermöglicht wurde. Mit dem Ende 2024 in Kraft getretenen Finanzmarktdigitalisierungsgesetz hat man diese Idee vor dem Hintergrund der MiCAR mit einem Verweis auf dessen Kryptowerte-Begriff nun vollendet.
Da ein Investment in Kryptowerte mit neuen, spezifischen Risiken einhergeht, hat die BaFin den ersten Entwurf eines Rundschreibens zu den Pflichten von Verwahrstelle und Kapitalverwaltungsgesellschaft bei in Kryptowerte investierenden Investmentvermögen zur Konsultation (06/25) gestellt. Es soll einen grundlegenden Rahmen an regulatorischen Mindestanforderungen für Direktinvestitionen in Kryptowerte durch Fonds setzen und ist damit höchst praxisrelevant. Als Rundschreiben hat es nicht die Qualität einer echten Rechtsnorm bildet aber die von der BaFin angewandte Verwaltungspraxis ab.
Pflichten der Verwahrstelle
Grundsätzlich gelten die Pflichten der Verwahrstelle, die sich bereits aus dem Gesetz und dem Verwahrstellenrundschreiben ergeben, weiterhin und sollen durch das Rundschreiben ggf. vorrangig ergänzt werden.
Zusätzlich verlangt die BaFin laut dem Rundschreiben außerdem:
• Pflichten bereits vor der Übernahme eines Mandats. Insofern seien – angesichts der hohen Volatilität von Kryptowerten – bereits im Vorfeld Prozesse zu schaffen, die der Verwahrstelle ermöglichen, informiert das Marktrisiko zu erfassen und kontinuierlich zu bewerten.• Ausreichende sachliche und personelle Ressourcen. Dies betreffe grundsätzlich alle Ebenen und in besonderem Maße die fachliche Eignung der Geschäftsleiter. Hier erkennt die BaFin an, dass insbesondere praktische Vorerfahrungen in Bezug auf eine solch junge Asset-Klasse regelmäßig nur eingeschränkt vorhanden seien. Sie ermöglicht daher einen auf theoretischem Wissen fundierten Aufbau über einen Zeitraum von 6 Monaten.• Geeignete organisatorische Vorkehrungen und zwingend technische Vorkehrungen. Dies schließe IT-Systeme und -Prozesse ein und gelte in besonderem Maße, wenn die Verwahrstelle private Schlüssel zu den Kryptowerten verwahrt. Dann bedürfe es eines darauf ausgerichteten speziellen „Kryptokonzepts“.
Außerdem sei, wie auch bei anderen Assets, zu unterscheiden, je nachdem ob die Kryptowerte verwahrfähig i.S.d. §§ 72 bzw. 81 KAGB sind. Maßgeblich wird es hier auf die Einzelfallprüfung ankommen. Insofern fällt auf, dass die BaFin in ihrem Rundschreiben einen weiten „Kryptowert“-Begriff anwendet und etwa MiFID-Finanzinstrumente i.S.d. Artikel 2 Abs. 4 MiCAR nicht bereits von vornherein aussteuert. Die MiCAR unterscheidet hier konsequent zwischen „Kryptowerten“ und (ggf. auch auf DLT-Basis emittierten MiFID-)„Finanzinstrumenten“, für die die MiCAR entsprechend nicht gilt. Die überwiegend aus 2022 stammenden und inzwischen längst überholten Ausführungen der BaFin zu ihrem Verständnis von „Kryptotoken“, auf die die BaFin im Rundschreiben verweist, sind entsprechend wenig hilfreich.
Gleiches gilt mit Blick auf die Ausführungen zur Verwahrung von (BaFin-)Kryptowerten, weil eine begrifflich klare Unterscheidung verdeutlichen würde, dass DLT-basierte MiFID-Finanzinstrumente gleichsam MiFID-Finanzinstrumente und eben keine MiCAR-Kryptowerte sind. Wo das KAGB und die AIFMD auf den Begriff der MiFID-Finanzinstrumente zur Annahme der Verwahrfähigkeit abstellen, hätte es hier keiner Erörterungen bedurft.
Schließlich weist die BaFin darauf hin, dass ggf. zusätzliche Erlaubnisse erforderlich sein können, insbesondere für eine etwaige Erbringung des Kryptoverwahrgeschäfts in Bezug auf MiCAR-Kryptowerte.
Lautet das Ergebnis der Einzelfallprüfung, dass es sich um nicht verwahrfähige (MiCAR-)Kryptowerte handele, träfen die Verwahrstelle entsprechend die Pflichten für nicht-verwahrfähige Assets aus § 81 Abs. 1 Nr. 2 KAGB (bzw. § 72 Abs. 1 Nr. 2 KAGB). Diese umfassen eine Feststellungspflicht bzgl. des Eigentums bzw. einer entsprechenden Rechtsposition, die Prüfung und Sicherstellung der Zuordnung und Zugriffsmöglichkeiten des Kryptowerts (einschließlich etwaiger Rechte Dritter), die Erfassung in einem kontinuierlich gepflegten Bestandsverzeichnis. Zudem sei ggf. vertraglich sicherzustellen, dass die Verwahrstelle Zugang zu den Systemen des Kryptoverwahrers erhält.
Daneben würden die allgemeinen Kontrollpflichten der Verwahrstelle (vgl. §§ 76 und 83 KAGB) gelten. So müsse sie insbesondere prüfen, ob ein Erwerb von Kryptowerten mit den Anlagebedingungen vereinbar und ob die Erwerbsgeschäfte marktgerecht sind.
Pflichten der Kapitalverwaltungsgesellschaft
Die Kapitalverwaltungsgesellschaft („KVG“) muss den gleichen Risiken Rechnung tragen wie die Verwahrstelle, sodass in Bezug auf einen Direkterwerb von Kryptowerten auch ähnliche Konsequenzen folgen.
Zunächst sei ggf. eine Erweiterung der Erlaubnis zu beantragen, die den direkten Erwerb von Kryptowerten umfasst, weil bisherige Erlaubnisse auf andere Vermögensgegenstände lauten dürften. Insofern stellt die BaFin hier klar, dass der Katalog nach ihrem Verständnis statisch sei und Änderungen nicht von einer bisherigen Erlaubnis gedeckt seien. Insofern sei auch zu beachten, dass eine Verwahrung durch die KVG selbst nicht möglich wäre.
Auch in der KVG seien entsprechend hinreichende Ressourcen und Kenntnisse und Erfahrungen des Personals, ggf. unter Einstellung fachkundiger, externer Experten, sicherzustellen. Auch müssten die Geschäftsleiter ausreichende fachliche Eignung haben, wobei die gleiche Frist von sechs Monaten gelte wie für Geschäftsleiter der Verwahrstelle.
Zudem seien die Prozesse der KVG entsprechend anzupassen und zwingend vor der erstmaligen Investition in Kryptowerte ein Neue-Produkte-Prozess durchzuführen. Dieser müsste vor allem die einhergehenden ggf. erhöhten Risiken und deren Management abbilden sowie Vorgaben zur Best Execution und der Marktgerechtigkeitskontrolle und Wertermittlung machen.
Rundschreiben als Leitplanke
Sowohl Verwahrstellen als auch Kapitalverwaltungsgesellschaften, vor allem wenn sie bereits etablierte Prozesse für andere Finanzinstrumente haben, sollten anhand der Vorgaben des Rundschreibens als Leitplanke und unter Berücksichtigung der spezifischen Risiken von Kryptowerten funktionierende und aufsichtsfeste Strukturen für Direktinvestments schaffen können.
Wer Kryptofonds in Deutschland anbieten will, sollte zunächst prüfen, ob die dahingehende Erlaubnis ausreicht. Besonderes Augenmerk ist dann auf die (technischen) Ressourcen und das Know-How der Mitarbeiter zu legen – und darauf, in welcher Form der Entwurf nach Abschluss der Konsultation veröffentlicht wird.

High Court Upholds Use of Omnibus Claims in Mass Motor Finance Litigation

A recent High Court decision in claims brought by thousands of claimants against motor finance providers has reaffirmed the validity of using omnibus claim forms in large-scale consumer litigation. The ruling has implications both for the many motor-finance mis-selling claims pending before the courts and also for mass claims in a variety of other contexts.
Background
The case involved eight omnibus claim forms issued on behalf of over 5,800 claimants against eight defendants. While the claims were at an early stage procedurally, the core allegations were that the defendants had paid undisclosed, variable commissions to motor finance brokers (car dealers), creating conflicts of interest which the claimants argued rendered the ensuing credit agreements unfair under Section 140A of the Consumer Credit Act 1974 (CCA).
Shortly after the claims were issued, and before filing any defence, the defendants objected to the use of omnibus claim forms and invited the court to sever the claims, such that the claimants’ solicitors would need to issue a separate claim form (and pay a court fee) for each claim.
Initially, a County Court judge ruled that the claims should be severed into individual cases, following Abbott v Ministry of Defence [2023] 1 WLR 4002. This would have required a separate claim form to be issued (and court fee paid) for each case. The claimants appealed, arguing that the claims could and should more appropriately be commenced under omnibus claim forms, as contemplated by CPR 7.3 and CPR 19.1.
Key Legal Considerations
CPR 7.3 allows a single claim form to be used for multiple claims if they can be “conveniently disposed of” in the same proceedings. CPR 19.1 provides that any number of claimants may be joined as parties to a claim.
In Morris v Williams & Co Solicitors [2024] EWCA Civ 376 the Court of Appeal clarified that no gloss should be put on the words of CPR 7.3 and 19.1, which should be given their ordinary meaning. The exclusionary “real progress,” “real significance,” and “must bind” tests proposed in Abbott were factors to consider but should not be viewed as exclusionary tests – the omnibus claim form jurisdiction was not as restrictive as the Group Litigation Order regime in CPR 19.21-28, and should not be treated as “GLO-light”. Abbott was overruled.
Factors Supporting Omnibus Claims
The High Court carried out a detailed analysis of the factors to be taken into account in deciding whether the claims could conveniently be disposed of together per CPR 7.3. Key points cited in favour of allowing omnibus claims to proceed included:

The large number of claimants and small number of defendants.
The claims arose from the same or similar transactions, with broadly common allegations and the same legal causes of action, raising a number of common legal and factual issues.
The likelihood that case managing the cases together by way of lead or test cases would likely facilitate the disposal of many or all of the following cases. Whereas if separate claims were issued it would be random chance which claims were heard first and whether they were appropriate test cases.
Managing the claims together would be more efficient and just, in line with the CPR 1.1 overriding objective. Costs would likely be saved overall, and court time would likely be reduced. The imbalance of financial power between individual claimants and defendants would be mitigated. There were advantages to omnibus claims management in terms of the timing and usefulness of disclosure, and the availability of expert evidence.  

Practical Implications
For Defendants facing mass claims this ruling will be a concerning precedent for the use of omnibus claim forms by claimants as a strategy, with obvious advantages for claimant law firms in terms of cost, use of case management applications to gain early disclosure, and selection of common issues and test cases.
For Claimants and their advisers the decision will encourage the use of omnibus claims over the impracticality of litigating individual cases, and the relative restrictiveness of the GLO regime.
For the Courts omnibus claim forms could see large volumes of individual claims taken out of the County Courts and case managed collectively and in a less haphazard fashion than has so far been the case, with potential for many following cases to be settled out of court once lead claims have been determined. This may help with significant delays and backlogs often experienced in the County Courts.
Wider Significance
The significance of this decision in the context of motor finance claims may to some extent be rendered moot by the outcome of the Supreme Court appeal in Johnson v FirstRand and the FCA’s decision on a whether and to what extent to impose a consumer redress scheme. But in reaffirming the broad scope and flexibility of CPR 7.3 and 19.1, the ruling may pave the way for more mass claims in financial services and other contexts.

California Cryobank Hit with Lawsuit over Sperm Donor Databank Breach

California Cryobank, LLC, the largest sperm bank in the country, faces a lawsuit in the U.S. District Court for the Central District of California over an April 2024 data breach. Cryobank provides frozen donor sperm and specialized reproductive health care services, including egg and embryo storage.
Cryobank notified the affected individuals this month that it detected suspicious activity on its network and determined that an unauthorized party gained access to its IT environment and may have accessed files containing personal information.
While sperm is commonly donated anonymously, the information is associated with a donor-assigned ID number. That ID number can then be used by offspring at 18 if they want to learn more about their biological father. Nevertheless, the security incident affected information including, patient names, Social Security numbers, driver’s license numbers, financial account numbers, and health insurance information. The complaint alleges that Cryobank failed to sufficiently protect and secure its patients’ personal and health information. The plaintiff is seeking class certification to include others affected by the data breach.
The complaint states that the individual notifications did not include “the identity of the cybercriminals who perpetrated this Data Breach, the details of the root cause of the Data Breach, the vulnerabilities exploited, and the remedial measures undertaken to ensure such a breach does not occur again.”
The lawsuit asserts claims of negligence, breach of implied contract, and unjust enrichment, as well as violations of the California Unfair Competition Law and Confidentiality of Medical Information Act.

From Seizures to Strategy: The U.S. Government’s Move Toward a National Crypto Reserve

Following President Trump’s March 6 Executive Order establishing a Strategic Bitcoin Reserve, released alongside a White House Briefing, the U.S. government has taken its most formal step yet toward integrating digital assets into national economic and security policy. The order outlines a broader strategy to manage and expand the federal government’s holdings of Bitcoin and other designated cryptocurrencies through the creation of a Strategic Bitcoin Reserve and U.S. Digital Asset Stockpile.
While many details remain forthcoming, existing government practices around crypto asset custody, combined with reporting on the administration’s plans, offer a glimpse into how the reserve may operate in practice.
Bitcoin: The Foundation of the Reserve
The executive order calls for the formation of a Strategic Bitcoin Reserve, leveraging the U.S. government’s existing crypto holdings—estimated to exceed 200,000 BTC based on seizures of crypto in connection with illicit activities. These assets are already under federal control and provide a ready base for the reserve.
The Department of Justice (DOJ) has historically overseen management of some of the U.S. government’s crypto assets under its Digital Asset Forfeiture Program. The U.S. government has also contracted with third-party institutional crypto custodians to provide secure custody, wallet management, and liquidation services for seized crypto assets. The U.S. Marshals Service, a unit of the DOJ, has also periodically offered crypto for sale, just as it does with artwork, vehicles and other assets forfeited to the government in various criminal, civil and administrative cases.
However, the White House Briefing points out shortcomings in the U.S. government’s current crypto asset management protocols, including that assets are scattered across multiple Federal agencies, leading to a non-cohesive approach where options to maximize value and security of crypto holdings have been left unexplored. Additional measures could include multi-signature wallet storage, layered access controls, segregated storage (as opposed to pooling crypto assets in one omnibus wallet), strategic portfolio management, and specialized regulatory oversight via the Presidential Working Group on Digital Asset Markets.
Beyond Bitcoin: The Digital Asset Stockpile
In addition to Bitcoin, the executive order also calls for the creation of a U.S. Digital Asset Stockpile, which will include four cryptocurrencies, reportedly selected for their market relevance, technical resilience, and utility in decentralized finance (DeFi) and cross-border settlement use cases. The rationale, as outlined in a White House briefing, is to ensure the United States maintains influence and optionality in emerging blockchain ecosystems while encouraging domestic innovation.
To date, no details have surfaced regarding a formal acquisition program for these assets or how the crypto asset portfolio will be managed.
Putting It Into Practice: The launch of the Strategic Bitcoin Reserve and Digital Asset Stockpile marks a watershed moment in U.S. crypto policy. This policy signals a clear shift toward legitimizing digital assets as sovereign financial instruments and could prompt other nations to consider similar reserves (for our previous discussions on recent developments in the ongoing shift in U.S. crypto policy, see here, here, here, and here). This development also suggests the U.S. intends to play an active role in shaping global crypto governance—not only through regulation, but also through participation and ownership.