On May 8, the CFPB and the OCC each published reports identifying criminal regulatory offenses under their respective jurisdictions, as required by Section 4 of Executive Order 14294, “Fighting Overcriminalization in Federal Regulations.” The executive order directed agency heads to submit to the Office of Management and Budget a list of all criminal regulatory offenses enforceable by the agency or DOJ, along with the range of potential criminal penalties and the applicable “mens rea” standard for each offense.

The Bureau’s report and accompanying worksheet, which follows a June 2025 CFPB policy statement (covered by InfoBytes here), identified dozens of criminal regulatory offenses across several consumer financial protection statutes, listing each provision’s mens rea type, penalty range, and statutory authority. The Bureau noted that it is separately required under the Dodd-Frank Act to refer evidence of potential federal criminal law violations to the Attorney General. The CFPB stated it plans to submit a follow-up report within 30 days assessing whether the applicable mens rea standards are appropriate and, if warranted, presenting a plan for adopting a generally applicable default mens rea standard. The OCC’s report identified a single criminal regulatory offense: the unauthorized disclosure or use of non-public OCC information under 12 CFR 4.37, which carries penalties of up to 10 years’ imprisonment under 18 U.S.C. § 641 and requires an intent mens rea standard.