legalcamp.org

Interagency Guidance: What It Is and Key Regulatory Expectations for Businesses

If you work in a regulated sector like finance, healthcare, fintech, or energy, you’ve likely seen the term “interagency guidance” pop up in regulatory alerts, auditor notes, or industry news. But many business leaders and compliance teams struggle to distinguish this type of guidance from formal, legally binding rules, leading to either overcompliance that wastes resources or undercompliance that triggers costly regulatory scrutiny.

This post breaks down exactly what interagency guidance is, why regulators issue it, what they expect from your business when new guidance is released, and how to build a sustainable process to stay aligned with updates.

Table of Contents#

  1. What Is Interagency Guidance?
  2. Core Purposes of Interagency Guidance
  3. Key Regulatory Expectations for Regulated Entities
  4. Common Misconceptions About Interagency Guidance
  5. Practical Steps to Stay Compliant With Interagency Guidance
  6. Frequently Asked Questions
  7. References

What Is Interagency Guidance?#

Interagency guidance is a formal, public document issued jointly by two or more government regulatory agencies to align oversight of a shared industry, activity, or emerging risk. It is most commonly used by U.S. regulatory bodies, though similar frameworks exist in the EU, UK, and other global regulatory ecosystems.

Key defining traits of interagency guidance include:

  • It is non-binding: Unlike formal rules created under the U.S. Administrative Procedure Act (APA) or equivalent global regulatory processes, interagency guidance does not carry the force of law on its own, and does not require a mandatory public comment period before release.
  • It reflects shared enforcement priorities: Guidance documents clearly state how collaborating agencies interpret existing legal requirements, and how they plan to audit and enforce those rules moving forward.
  • It applies to all entities regulated by any of the issuing agencies: For example, 2023 interagency guidance on crypto asset risk management issued by the Federal Reserve, FDIC, and OCC applies to all banks, credit unions, and fintechs regulated by any of those three bodies.

Common real-world examples of interagency guidance include:

  • CFPB, OCC, FDIC, and FTC guidance on buy-now-pay-later (BNPL) consumer protections (2023)
  • HHS and CDC guidance on HIPAA privacy requirements for patient health data during the COVID-19 public health emergency (2020)
  • FHFA and HUD guidance on fair lending requirements for digital mortgage underwriting tools (2022)

Core Purposes of Interagency Guidance#

Regulators issue joint guidance to solve four key gaps in standard rulemaking processes:

1. Align cross-agency oversight#

Before joint guidance is released, different agencies regulating the same industry may have conflicting interpretations of existing rules, creating unnecessary compliance burden for businesses that have to adhere to multiple conflicting standards. Interagency guidance eliminates this fragmentation by creating a single shared benchmark for all regulators.

2. Address emerging risks quickly#

Formal rulemaking can take 12 to 24 months to complete, making it unfit for responding to fast-evolving risks like new fintech tools, cyber threats, or public health crises. Interagency guidance can be finalized in weeks to give regulated entities clear expectations for managing new risks immediately.

3. Clarify ambiguous existing laws#

Many long-standing regulatory laws were written decades before modern digital business models existed. Interagency guidance explains how regulators apply these older laws to new activities, for example, clarifying how 1970s fair lending rules apply to AI-powered underwriting algorithms.

4. Reduce compliance burden for small entities#

Aligned cross-agency guidance eliminates the need for small businesses (like community banks or independent healthcare clinics) to hire separate compliance teams to track requirements from each individual regulator overseeing their operations.

Key Regulatory Expectations for Regulated Entities#

While interagency guidance is not legally binding, regulators have clear expectations for how regulated entities should respond to new guidance releases:

1. Proactive review and policy alignment within 90 days#

Regulators expect all relevant entities to review new guidance within 30 to 90 days of release, and update internal policies, procedures, and controls to align with guidance recommendations, unless the entity can document a valid reason for deviation. For example, after the 2022 interagency guidance on surprise overdraft fees was released, regulators expected all banks to eliminate non-sufficient funds fees for debit card transactions within 6 months.

2. Documented compliance or deviation rationale#

If your organization chooses not to follow a specific recommendation in guidance, you are required to keep formal, auditable records of the rationale for that decision, and proof that your alternative approach still meets all underlying legal requirements. Lack of documentation is one of the most common triggers for enhanced regulatory scrutiny and enforcement actions.

3. Staff training for all relevant teams#

Regulators expect training on new guidance for all staff impacted by the recommendations, including frontline operations teams, compliance staff, and executive leadership. For example, interagency guidance on cyber incident response requires training for IT teams, risk teams, and even customer service staff who may receive first reports of data breaches.

4. Timely reporting of unintended impacts#

Regulators actively solicit feedback on interagency guidance to refine future updates and formal rulemaking. They expect entities to report any unintended negative impacts of guidance (for example, excessive compliance costs for small businesses, or barriers to access for low-income customers) through official agency feedback channels within the comment window for draft guidance, or within 6 months of final guidance release.

5. No conflict with existing formal rules#

Guidance is intended to clarify, not replace, existing legally binding rules. Regulators expect entities to continue adhering to all formal regulatory requirements, even if guidance does not explicitly reference those rules.

Common Misconceptions About Interagency Guidance#

Misconception 1: Interagency guidance is legally binding#

Fact: Guidance does not carry the force of law, and entities are not required to follow it to the letter. You can deviate from guidance recommendations as long as you have a documented, reasonable basis for the deviation and you still meet all underlying legal requirements.

Misconception 2: Interagency guidance only applies to large enterprises#

Fact: Guidance applies to all entities regulated by the issuing agencies, regardless of size. For example, 2023 interagency guidance on small business lending reporting requirements applies to small community banks and credit unions, not just large national banks.

Misconception 3: Interagency guidance is optional, so I can ignore it#

Fact: While guidance is not legally enforceable on its own, it is used as a benchmark during regulatory audits. Ignoring guidance can lead to enhanced scrutiny, penalties for violations of underlying laws that the guidance references, and reputational risk with customers and industry partners. For example, multiple payday lenders were fined under the Truth in Lending Act in 2021 after ignoring interagency guidance on unfair lending practices, as the guidance proved the lenders were aware their practices violated existing law.

Practical Steps to Stay Compliant With Interagency Guidance#

Follow these steps to build a sustainable process for managing interagency guidance updates:

  1. Set up a regulatory alert system: Subscribe to email updates from all agencies regulating your industry, or use a third-party compliance tool that flags new interagency guidance relevant to your operations.
  2. Conduct a gap analysis within 30 days of release: Compare the guidance’s recommendations to your existing policies, controls, and operations, and document all gaps between your current state and the guidance’s recommendations.
  3. Consult compliance counsel for ambiguous requirements: If you are unsure whether a guidance applies to your business, or how to implement its recommendations, work with a regulatory attorney specializing in your industry to avoid unnecessary risk.
  4. Document all changes and decisions: Keep auditable records of all policy updates, staff training sessions, and implementation timelines. If you choose to deviate from a guidance recommendation, keep formal records of the rationale for that decision and proof of compliance with underlying legal requirements.
  5. Conduct annual guidance alignment audits: Review all active interagency guidance relevant to your business at least once per year to ensure your operations remain aligned with current regulatory priorities.

Frequently Asked Questions#

Q: Do U.S. interagency guidance documents apply to businesses operating outside the U.S.?#

A: They apply to any business that offers services to U.S. customers or operates in a U.S.-regulated sector. For example, a foreign fintech offering BNPL services to U.S. consumers is required to align with U.S. interagency guidance on BNPL consumer protections.

Q: Can I submit feedback on draft interagency guidance?#

A: Yes, most agencies publish draft guidance for public comment for 30 to 60 days before finalizing it, and you can submit feedback through their official public comment portals. Regulators regularly revise guidance based on public input.

Q: How often is interagency guidance updated?#

A: Most guidance is updated every 2 to 5 years as industry risks evolve, though emergency guidance can be released within days during crises like public health emergencies or bank failures.

References#

  1. Administrative Conference of the United States. (2022). Interagency Guidance: Best Practices for Coordination and Transparency. Retrieved from https://www.acus.gov/reports/interagency-guidance-best-practices
  2. Board of Governors of the Federal Reserve System, FDIC, OCC. (2023). Interagency Guidance on Crypto-Asset Risk Management. Retrieved from https://www.federalreserve.gov/supervisionreg/interagency-guidance-on-crypto-asset-risk-management.htm
  3. Consumer Financial Protection Bureau. (2022). Interagency Overdraft Fee Guidance. Retrieved from https://www.consumerfinance.gov/about-us/newsroom/cfpb-federal-regulators-issue-guidance-to-address-surprise-overdraft-fees/
  4. U.S. Department of Health and Human Services. (2020). Interagency COVID-19 HIPAA Guidance. Retrieved from https://www.hhs.gov/hipaa/for-professionals/special-topics/emergency-preparedness/covid-19-guidance/index.html
2026-05

Legalcamp Team

Welcome to Legalcamp, where our team of dedicated professionals brings clarity to the complexities of the law.

Legal Disclaimer

No content on this website should be considered legal advice, as legal guidance must be tailored to the unique circumstances of each case. You should not act on any information provided by Legalcamp without first consulting a professional attorney who is licensed or authorized to practice in your jurisdiction. Legalcamp assumes no responsibility for any individual who relies on the information found on or received through this site and disclaims all liability regarding such information.

Although we strive to keep the information on this site up-to-date, the owners and contributors of this site make no representations, promises, or guarantees about the accuracy, completeness, or adequacy of the information contained on or linked to from this site.