Fight or flight: What’s in store for entities “forgotten” by the CFPB?

Fight or flight: What’s in store for entities “forgotten” by the CFPB?

The arrival of the Consumer Financial Protection Bureau (CFPB) as a financial regulator has taken the consumer finance industry by storm. Never before has the consumer finance industry seen such sweeping reform. While banks have been accustomed to regulation for many years, nonbank lenders and servicers have not only had to become acclimated to regulation, but have been introduced to this environment through unpredictable regulation.

As a relatively new agency, the CFPB is still testing the breadth and depth of its authority. The CFPB, unlike agencies such as the Securities Exchange Commission (which has five bipartisan commissioners appointed by the President who vote on major decisions), has only one director with discretion to implement and enforce rules who is appointed to a five-year term by the President and can only be removed for cause. Many observers believe the CFPB has gone too far in its attempts to regulate: from the breadth of entities (from banks to payday lenders to student lenders) to statute of limitations to clear rule setting.

Statute of limitations

As is the case with the dispute between the CFPB and New Jersey lender PHH Corporation about alleged illegal “kickbacks” the CFPB contends PHH received in violation of the Real Estate Settlement Procedure Act (RESPA), the CFPB’s position is that no statute of limitations applies to its authority. In the PHH case, the CFPB’s charges date back to before the CFPB was in existence and before the CFPB had the administrative power to enforce RESPA.

Regulation by enforcement

Not only does the CFPB contend that it is not bound by a statute of limitations, it also has been committed to “regulation by enforcement,” whereby the CFPB has largely issued rules by way of examination and supervision rather than by clear and specific parameters within the rules themselves. Cordray addressed this issue in March when he spoke to the Consumer Bankers Association. Per his prepared remarks as documented on the CFPB’s website, he stated that:

“…[the CFPB’s] public enforcement actions have been marked by orders, whether entered by our agency or by a court, which specify the facts and the resulting legal conclusions. These orders provide detailed guidance for compliance officers across the marketplace about how they should regard similar practices at their own institutions. If the same problems exist in their day-to-day operations, they should look closely at their processes and clean up whatever is not being handled appropriately. Indeed, it would be “compliance malpractice” for executives not to take careful bearings from the contents of these orders about how to comply with the law and treat consumers fairly.

Some have criticized this approach as regulation by enforcement, but I think that criticism is badly misplaced. Certainly any responsible official or agency charged with enforcing the law is bound to recognize that they should develop a thoughtful strategy for how to deploy their limited resources most efficiently to protect the public. That means working toward a pattern of actions that conveys an intelligible direction to the marketplace, so as to create deterrence that can be readily understood and implemented. The alternative is just a random series of actions that takes a few wild swipes at the bad actors without systematically cleaning up the practices that harm consumers across the marketplace.

Others have framed this criticism as a suggestion that law enforcement officials should think through and explicitly articulate rules for every eventuality before taking any enforcement actions at all. But that aspiration would lead to paralysis because it simply sets the bar too high. Particularly in an area like consumer financial protection, the vast majority of our enforcement actions involve some sort of deception or fraud. And courts have long noted that trying to craft specific rules to root out fraud or untruth is a hopeless endeavor, as they would likely fail to cabin “the ingenuity of the dishonest schemer.” For these reasons, we strive to present specific enforcement orders that meticulously catalogue the facts we have found in our very thorough investigations and set out the legal conclusions that follow from those facts. These specific orders are also intended as guides to all participants in the marketplace to avoid similar violations and make an immediate effort to correct any such improper practices.

For the rest of this year and the next, our rulemaking agenda at the Consumer Bureau will remain quite active. For instance, financial services companies are increasingly devising products that cut across existing regulatory frameworks. Leveling the playing field by treating all competitors equally, regardless of their corporate structure or choice of charter, is a fresh approach that benefits both consumers and providers. Many thousands of nonbank companies offer consumer financial products and services – though unlike banks, they do not take deposits. They all should be subject to the same oversight and enforcement as the banks if they are competing in the same marketplace for the same customers.”

Pushback from the industry

Rather than shirk away from the CFPB’s seeming tyranny, entities are fighting back in increasing numbers. Some entities are filing lawsuits questioning the CFPB’s very constitutionality, while some are issuing public statements.

In 2015, the CFPB roughly doubled its caseload from the prior year. Of its cases reviewed, 59 were settled for allegations of wrongdoing and 11 led to lawsuits. This is seen as a reflection of its growing staff and its maturing policies and procedures. The CFPB is planning to focus on payday lending, debt collection, mortgage servicing, and student loan servicing in 2016.

Struggle to determine applicability

Many nonbank organizations are struggling with deciphering which of the rules apply to them. Because the CFPB appears to be defining its rules through enforcement rather than through written guidance, it is unclear how much organizations that are affiliated with organizations within the CFPB’s purview must do to be in compliance. For example, in December 2015, the CFPB filed actions against two brokers who allegedly sold borrowers’ personal information to payday lenders. In this case, even though the brokers were not engaging in payday lending, an activity that is enforced under the CFPB, the fact that the brokers were affiliated with payday lending brought enforcement actions.

Factors for non-bank entities to consider

Below are five factors for nonbank entities to consider:

1. When considering to which compliance requirements an entity must adhere, management should think not only about entities with which day-to-day business is conducted, but also about the businesses with which the entity affiliates.

2. A compliance management program should be created even the entity is small and the resulting compliance management program is not robust. All financial services companies need a mechanism by which to monitor laws, regulations and regulator enforcement actions.

3. Entities should engage a law firm and an accounting/compliance firm that specializes in consumer credit compliance for advice as compliance requirements are being considered.

4. Entities should incorporate CFPB rules into internal audit procedures.

5. Entities should have dialogue with affiliated companies regarding their compliance management programs to ensure they have plans in place to address compliance with applicable laws and regulations.


The regulatory landscape is constantly in flux. With this high rate of change, banks and non-bank entities should carefully watch regulations, statements, and actions from regulators, particularly the CFPB, for changes that affect their organization.

For more information on this topic, or to learn how Baker Tilly specialists can help, contact our team.

Energy plant
Next up

Contractual commitments and consequences for petrochemical business interruption losses