Reference: FIL-9-2026
Official publication: Read the full FIL-9-2026 on the agency website
On March 31, 2026, the Federal Deposit Insurance Corporation issued Financial Institution Letter FIL-9-2026 announcing its 2026 Consumer Compliance Supervisory Highlights. The FDIC describes that publication as an annual transparency document addressing consumer compliance issues identified during 2025 supervision of state non-member banks and thrifts, and it states that the contents of the FIL and referenced material apply to all FDIC-supervised financial institutions.
Executive Summary
FIL-9-2026 is significant less because it creates a new legal standard and more because it identifies where the FDIC concentrated supervisory attention and where it found recurring consumer compliance weaknesses during 2025. The agency states that this year’s edition includes three elements: a summary of overall consumer compliance performance of FDIC-supervised institutions in 2025, a description of the most frequently cited violations, and an overview of consumer complaint trends. That combination matters. In practice, supervisory highlights often function as an enforcement-adjacent signal to boards, compliance officers, audit functions, and counsel regarding the issues examiners are likely to test with greater precision in upcoming cycles.
The official notice is concise, and the excerpted source material does not identify the specific statutes, regulations, products, business lines, or citation categories discussed in the attachment. Accordingly, institutions should avoid assuming that the document is merely descriptive or limited to a narrow product set. The FDIC expressly says the material applies to all FDIC-supervised institutions. A prudent reading is that banks should treat the publication as a current supervisory roadmap and use it to validate whether existing compliance management systems, complaint governance, and corrective-action protocols are calibrated to the risks the agency actually observed in 2025.
What the FDIC Issued
The FDIC issued a Financial Institution Letter titled FDIC Issues 2026 Consumer Compliance Supervisory Highlights, designated FIL-9-2026 and dated March 31, 2026. The notice states that the Supervisory Highlights publication is annual in nature and is intended to enhance transparency regarding the FDIC’s consumer compliance supervisory activities. The agency further states that the publication provides a high-level overview of consumer compliance issues identified in 2025 through supervision of state non-member banks and thrifts.
Three stated components frame the publication. First, it summarizes the overall consumer compliance performance of FDIC-supervised institutions in 2025. Second, it describes the most frequently cited violations. Third, it provides an overview of consumer complaint trends. The FDIC also includes a statement of applicability: the contents of the FIL, and material referenced in it, apply to all FDIC-supervised financial institutions. That statement is legally and operationally important because it undercuts any argument that the document is relevant only to institutions with a recent compliance problem, a particular asset size, or a specialized retail product profile.
The source material provided here does not reproduce the attachment itself. As a result, one cannot responsibly identify from this record alone which violations were most frequently cited, whether complaint trends were concentrated in any product area, or whether the FDIC highlighted particular weaknesses in disclosures, servicing, overdraft practices, unfair or deceptive acts or practices analysis, fair lending controls, or complaint escalation. Those details may exist in the attachment, but they are not clear from the source excerpt supplied.
Why It Matters
For regulated institutions, supervisory highlights are not ornamental publications. They are a distilled account of examination experience. Even where they do not announce a rule change, they reveal the agency’s present supervisory posture, the categories of control breakdowns receiving repeated criticism, and the complaint patterns the agency considers sufficiently material to publish. That makes FIL-9-2026 relevant to risk assessment, internal audit scoping, policy governance, management reporting, and remediation prioritization.
The FDIC’s statement that the publication applies to all FDIC-supervised institutions is especially consequential. A bank with satisfactory historical examination results should not assume the notice is directed only at outliers. If the agency has identified recurring violations across its supervised population, institutions that have not recently tested those same risk areas should expect examiners to ask whether management independently reviewed them after publication. In that sense, the memo has evidentiary value: after March 31, 2026, a bank will have difficulty arguing that it lacked notice that the agency had publicly flagged recurring compliance themes.
The complaint-trend component also deserves particular attention. Complaint data frequently serves as an entry point for broader supervisory criticism because it can expose product design defects, scripting problems, servicing inconsistencies, disclosure failures, escalation weaknesses, or vendor-management gaps that formal monitoring failed to capture. When the FDIC chooses to highlight complaint trends, institutions should assume that complaint intake, categorization, root-cause analysis, response timeliness, and management reporting will receive closer scrutiny. Complaint files that are poorly coded, weakly investigated, or closed without documented corrective action can convert a customer-service issue into a compliance-management-system issue.
Finally, the reference to “most frequently cited violations” should be read as a warning against superficial remediation. Where a violation category is common enough to be highlighted nationally, examiners will reasonably expect institutions to demonstrate targeted preventive controls rather than generic policy language. A bank that knows a topic has become a recurring citation theme but cannot show refreshed testing, revised procedures, accountable owners, and verified remediation will be in a weaker position during examination.
Practical Action Checklist
- Obtain and preserve the full FIL-9-2026 attachment in the compliance library, and record the March 31, 2026 issuance date in the institution’s regulatory change log.
- Assign counsel or compliance leadership to extract the specific violation categories and complaint themes from the attachment; do not rely solely on the brief FIL summary.
- Map each identified violation category to the institution’s products, channels, affiliates, and service providers to determine where analogous risk could exist, including legacy portfolios.
- Compare the highlighted issues against the last two years of examination reports, internal audit findings, self-identified issues, and corrective-action plans to determine whether the institution has seen parallel concerns.
- Re-review complaint taxonomy and coding standards so that complaints are categorized by legal issue and product type, not only by operational queue or business unit.
- Test a meaningful sample of closed complaints to confirm that responses addressed the customer’s issue, cited the correct governing documents, and documented any required remediation or reimbursement.
- Escalate repeated complaint themes to a management committee with authority to require product, disclosure, scripting, or servicing changes; trend reports should identify root cause, not merely volume.
- Refresh front-line and second-line procedures where the attachment identifies frequently cited violations, and require line-specific training tied to the revised procedures.
- Verify that monitoring and audit workpapers contain transaction-level testing steps for each highlighted risk area; a high-level control inventory is not enough.
- Review third-party oversight where customer-facing functions are outsourced, including complaint handling, call-center scripts, servicing practices, and consumer disclosures.
- Prepare a board or committee memorandum summarizing the publication, the institution’s gap analysis, accountable owners, and target dates for any remediation items.
- Retain evidence of management review and follow-up so the institution can demonstrate, in the next examination, that it responded concretely to the FDIC’s published supervisory guidance.
Open Questions and Watch Items
The principal open question is substantive: the source excerpt does not disclose which laws or practices the FDIC identified as the most frequently cited violations in 2025. Without the attachment, it is not possible to say whether the agency emphasized disclosure requirements, servicing controls, advertising practices, fair lending, complaint response failures, fee practices, or another category of consumer compliance risk. Institutions should therefore review the primary attachment itself before prioritizing remediation resources.
A second question is how closely the FDIC’s 2025 findings align with themes emerging from other federal consumer-financial regulators. The excerpt provided here does not address interagency convergence or divergence. That issue matters because where supervisory themes align across agencies, expectations tend to harden quickly into examination baselines.
A third watch item is examination follow-through. The legal importance of Supervisory Highlights often becomes clearer in the next examination cycle, when institutions see whether examiners use the publication as a benchmark for transaction testing, complaint-file review, and compliance-management-system assessment. Banks should be prepared for that possibility rather than waiting for a matter requiring board attention or a repeat finding to confirm the agency’s priorities.
My Law Tampa publishes this website memorandum concerning FIL-9-2026 and the FDIC’s 2026 Consumer Compliance Supervisory Highlights.
This memorandum is provided for informational purposes only and does not create an attorney-client relationship.
