BLOG POST

All Things FinReg

LATEST REGULATORY DEVELOPMENTS IMPACTING
THE FINANCIAL SERVICES INDUSTRY

CFPB Proposes Registry to Detect Repeat Offenders

The Consumer Financial Protection Bureau (CFPB or Bureau) has proposed a registry in which certain nonbank financial institutions must deposit copies of certain federal, state, and local orders. The proposed rule would also require a subset of larger nonbank financial institutions already subject to the Bureau’s supervisory authority to designate an individual to attest to compliance with such orders.

The proposal follows on a commitment made by CFPB Director Rohit Chopra at a December meeting of the state attorneys general in Washington, DC, at which he promised not only to partner with the states, but to elevate the states’ work and do all that he can to ensure that it is neither minimized nor preempted.

The proposal would require that covered nonbanks report final agency and court orders and judgments, including consent and stipulated orders (settlements generally) brought under federal and state consumer financial protection laws, primarily state mini–Federal Trade Commission acts (penalizing allegedly unfair and deceptive acts and practices).

The proposal would further require that larger nonbanks, i.e., those subject to direct CFPB supervision, designate a senior executive to sign an annual attestation, certifying compliance with all of the above-described orders.

The probable net impact of these two provisions would be to federalize compliance with state orders, no matter how minor the underlying matter, and to continue to advance Director Chopra’s agenda of individually penalizing senior executives for noncompliance.

Any reporter to the database should understand that any information reported may become public. It also remains to be seen whether the registry, even if nominally nonpublic, would be subject to disclosure under the Freedom of Information Act, and if not, how vigorously the CFPB would defend against disclosure.

Why the proposal matters to nonbank financial institutions if promulgated:

  1. The reporting requirement places an additional compliance burden on affected nonbank financial institutions, even smaller market entrants such as fintechs. They will need to carefully monitor all resolutions, including informal consumer mediation services such as those provided by many state and local agencies, develop a reporting mechanism, and ensure that reports are timely made. The failure to report would be an independent violation of the CFPB regulation and could lead to significant federal penalties against both the entity and individuals.
  2. The reporting requirement, if made public (or if accessible by Freedom of Information Act requests), would provide a centralized database for plaintiffs’ lawyers to launch putative class actions, and could lead to brand damage and relationship issues with customers, investors, and other stakeholders.
  3. For larger institutions under CFPB supervision, the compliance and related attestation obligation with respect to state or local orders and other regulatory actions would effectively be imported into federal law. Compliance failures could lead to CFPB enforcement and regulatory action against both the entity and the designated senior executive who has made the certification. The CFPB’s use of individual executive liability to raise the stakes of compliance is part of an intentional strategy that the agency has been vocal about over the last two years.

The proposal, if promulgated, will almost certainly be challenged as the CFPB exceeding its brief under the authorizing Dodd-Frank Act legislation. Affected businesses and their representative organizations may wish to comment on the proposal, but should do their longer-term planning based on the presumption that these requirements will be put into place in some form in the near to medium term.