Under the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (Dodd-Frank), the Consumer Financial Protection Bureau (CFPB) has authority to require reports and conduct examinations with respect to large depository institutions and three categories of nonbank financial services companies:
- Those designated by CFPB rulemaking as “larger participants” in nonbank markets for consumer financial products and services (authority the CFPB has exercised with respect to consumer reporting agencies and debt collectors, among others);
- Those providing a category of product or service that Dodd-Frank specifically designated for CFPB supervision (e.g., mortgage companies, private education lenders, and payday lenders); and
- Those the CFPB has “reasonable cause to determine” (by order and after providing notice and opportunity to respond) pose risks to consumers with regard to the offering or provision of consumer financial products.
To date, the CFPB has not exercised its “reasonable cause” supervisory authority under item (3) above. However, that appears to be changing. On April 25, 2022, the CFPB announced it will use this dormant authority to bring nonbank financial services companies into the supervisory fold. The CFPB characterized the initiative as an attempt to level the playing field between banks and fintechs, many of which operate nationally and without federal supervision. Additionally, the CFPB indicated that it expects expanded fintech supervision to enable it to respond more effectively to emerging risks.
When the CFPB makes its first reasonable cause determination, it will be working from a blueprint set out in a procedural rule issued in June 2013. The rule requires the CFPB to first provide the target nonbank with a notice containing a description of the basis for the reasonable cause determination and a “summary of the documents, records, or other items relied on.” The target then has 30 days to respond in writing and may also request to provide a supplemental oral response (though there is no right to a hearing on the record). A nonbank that is brought under supervision may petition for termination of supervision after two years.
In making a reasonable cause determination, the CFPB may rely on both consumer complaints, which it collects with respect to a wide range of consumer financial products and services, and “information from other sources.” In commentary to the 2013 procedural rule, the CFPB indicated such “other sources” could include a wide range of material, including judicial opinions and administrative decisions. Factors the CFPB will consider in making a determination may include, among others, “the nature of the problematic conduct relating to the complaints or other information, the severity of risk alleged, the number of consumers potentially affected, and the number of complaints or amount of information from other sources received.”
Notably, the CFPB may base a reasonable cause determination on both past and current conduct of the target nonbank, and there is no limit on the lookback period. However, the CFPB has said that, in considering past conduct, it will consider how much time has elapsed.
In connection with its April 25 announcement, the CFPB is soliciting comments on a change to the 2013 procedural rule. In its current form, the rule provides that materials and correspondence exchanged in connection with a reasonable cause determination will be treated as confidential supervisory information. In a proposed amendment published April 29, 2022, the CFPB reverses course, outlining a procedure it could use to make public all or part of a reasonable cause order.
Under the proposed rule amendment, target nonbanks could request continued confidentiality of reasonable cause orders within seven days after service. However, the commentary to the proposed rule suggests that such requests will be granted sparingly. The CFPB declines to specify the criteria it will apply in confidentiality determinations, mentioning only trade secrets, financial information, and sensitive medical and personnel files as items it would likely keep confidential.1
The CFPB provides two justifications for publishing reasonable cause determinations. First, doing so would advance the public interest in transparency regarding significant CFPB rulings. Second, publicly-available orders could serve as precedent for future proceedings.
This second point is significant. If the Bureau can use the streamlined process for issuing reasonable cause determinations to create precedent, it can quickly set guardrails for emerging products while avoiding the cumbersome and expensive processes involved in rulemaking and enforcement. This would doubtless advance the CFPB’s goal of a more nimble and responsive agency. However, we expect that it will also attract criticism as an imposition of prospective limitations on covered persons without either the public oversight of a rulemaking or the procedural protections of enforcement and adjudication.
The CFPB’s plans to expand nonbank supervision align with the agency’s increased vigor under the Biden Administration as well as concerns on the part of regulatory agencies, legislators, and consumer advocates about the risks emerging financial products pose to consumers. Given the agency’s ambitious agenda and current workload, it remains to be seen whether the CFPB will implement its plans in the near term.
However, nonbank financial services companies that are not currently subject to CFPB supervision should use any intervening time to review and shore up their compliance management systems. Given the CFPB’s March announcement that its examination process will explicitly include evaluation of discrimination as a potential unfair practice, fintechs should turn a critical eye on their processes for handling complaints and preventing and detecting discrimination. Additionally, any new products or planned updates to existing products should be subjected to enhanced evaluation against the standards for unfair, deceptive, or abusive practices as well as compliance with the requirements of federal consumer financial protection laws, including the Equal Credit Opportunity Act.
_____
1The proposed rule solicits comment on whether the CFPB should establish criteria for use in confidentiality determinations.
[View source.]
