CFPB Enforcement, A Cautionary Tale

By Brian Smith, MPD Managing Director

Since it’s creation, the CFPB has been clearly announcing its range of regulatory authority and enforcement intentions. Nonetheless, many in the industry seem to have been taken by surprise in the last few months when the CFPB announced its investigations of, and then settlements reached with, leading card issuers. Perhaps, it was the size of the customer restitutions ordered (in the $100s of millions) or the fines imposed on the institutions (in the $25 million range) or perhaps it was the speed with which the CFPB struck or the third-party liability imposed on the card issuers for the actions of their agents (call center marketing operators or debt collectors) or one or more of these unsettling outcomes.

Whatever got the industry’s attention, it is now clear that the CFPB is a regulatory force to be reckoned with and a risk to be planned for and managed.

There is a very different and challenging regulatory dynamic at work here that ought not be overlooked. First, the CFPB is the only (and first) financial regulator with the protection of the consumer as it’s sole objective (not joined with a financial institution’s safety and soundness, for example). Second, its statutory mandate has an entirely new emphasis on the prevention of “abusive” practices (whereas, “unfair and deceptive practices” were previously key) when dealing with customers. Third, central to the CFPB approach is the solicitation and investigation of reports from consumers that they were the “victims” of abusive practices by financial institutions subject to CFPB oversight. Fourth, the CFPB has examination and enforcement authority, which sets the CFPB exams up as a quasi tribunal for the institution to explain the customer complaints and the findings already reached by the CFPB’s investigation prior to the examination.

Add to this new dynamic several more facts. For one, the CFPB has regulatory oversight over segments of the financial industry previously insulated from direct federal regulation and examination (e.g., mortgage servicing, consumer credit reporting and credit bureaus, etc., money transmitters, etc.). Also, the CFPB relies on learnings from the new-fangled field of behavioral economics model for setting its rules and making compliance determinations.

Take all this together and you have a formula for serious dislocation in the industry and a compliance frenzy over the next 12 to 18 months as these newly included institutions join the more traditionally regulated in facing new standards, new examination protocols and new enforcement strategies. I note that the leading nonbank providers of these newly included institutions are receiving notices that they will soon be visited by CFPB examiners. From the urgent calls we are getting, there is widespread unease over what that means, how to prepare for it and what might result.

Some ideas for self-help in facing these potentially daunting regulatory challenges:

  • Do a self diagnosis of your consumer facing operations – and importantly, that of your third party agents – from the perspective of the consumer first and technical legal compliance second. It’s not going to be enough to say you were in technical compliance and problems were few in number. The new test is consumers: confused, misled, do they misunderstand, were they abused! You may not be the best tester of these elements and outside help may be needed.
  •  

  • Get line and senior management to sign on to a rigorous compliance standard, with detailed policies, procedures, responsibility and reporting.
  •  

  • Run a tutorial for your people on what a consumer compliance exam looks like and the have a “mock” exam done by knowledgeable consultants who can make efficient, effective and actionable recommendations for improvement. By the way, do this now! Before you are examined by the regulators.
  •  

  • Set up a protocol for an audit of your compliance posture. It’s not going to be enough to identify areas needing improvement, a pattern of correction must be in place to forestall a finding of “willing” violation.
  •  

  • Change your third party service agreements to foster a compliance mindset and performance standard at the third party. Audit rights, shared liability, termination rights, etc., might be considered foundational.
  •  

All of the above fit what we view as best practices. Why chance being found deficient? The financial, regulatory, and customer relations, and general repetitional costs are just too great. The cost of preparation, timely correction and satisfactory internal controls over this important business function are much, much more manageable.

Click here for more information on MPD’s Payments Litigation and Regulation Practice.


Brian Smith is a Managing Director at Market Platform Dynamics and advises firms in the payments and financial services industry on business and regulatory matters. Now a nonpracticing lawyer, he previously headed the financial regulatory practice at Latham & Watkins and did tours of duty as the general counsel of MasterCard and the Office of the Comptroller of the Currency.