Dodd-Frank gives the Consumer Financial Protection Bureau (CFPB) the power to enforce and implement federal consumer financial protection laws, including home mortgage and other consumer credit regulations, plus powerful tools to investigate potential violations of those laws. These tools include informal requests for information as part of its examination and supervisory functions, subpoenas for testimony or documents, and the civil investigative demand (CID).
Before initiating any proceeding under a federal consumer financial law, Dodd-Frank authorizes the CFPB to serve a written CID whenever it has "reason to believe" that "any person may be in possession of information relevant to a violation." The CID, which may require the person to produce documents, file written reports, answer questions, furnish materials, or provide testimony, must identify the conduct constituting the alleged violation and applicable law, describe the information requested in sufficient detail to allow it to be fairly identified, and provide a reasonable period of time for the information to be submitted. Within 10 days of receipt, CID recipients are required to meet and confer with the Bureau investigator to discuss and try to resolve any compliance issues.
Documents and information produced in response to a CID must be accompanied by a statement swearing that everything responsive is being produced. Answers to written questions, as well as oral testimony, must be given under oath. The only objections permitted for refusing to provide information are those based on "constitutional or other legal rights or privileges," such as the privilege against self-incrimination. If an entity refuses to provide information, the Bureau can petition the district court for an order compelling the information to be provided. On the other hand, a party who receives a CID only has 20 days to petition the CFPB director, in writing, seeking to modify the demand for information, and the reasons for such request. While such a petition is pending, the recipient is expected to comply with those portions of the request that the party does not seek to modify. The director is under no obligation to grant such petitions.
CIDs are sent out by the CFPB’s enforcement division, and not until the Bureau believes there may have been a violation of consumer law. The CFPB’s enforcement division is more aggressive than its regulatory division, and CIDs issued have been detailed and comprehensive. Indeed, the CFPB’s enforcement orders issued to date typically refer to information obtained through investigations that led to the order.
Unlike discovery requests in litigation, where the requesting party may be required to foot the production bill, there is no provision for reimbursement of costs associated with complying with a CID. Costs include, but are not limited to, those of performing electronic and other searches for information (which may require outside vendors), interviewing employees, attorneys’ fees, and the business costs of lost employee and management time in complying with the CID. Where violations of law have been found, the Bureau has not hesitated to issue administrative orders requiring hundreds of millions of dollars in consumer refunds and penalties.
Given the high cost and potential consequences of responding to a CID, the only effective strategy is to avoid receiving one. Most CFPB investigations have been triggered by a number of consumer complaints against an entity. Entities should focus on establishing adequate systems to assure compliance with consumer financial law, resolve consumer complaints, and closely monitor complaints on the Bureau’s complaint database. Entities better at resolving and/or avoiding consumer complaints are less likely to become targets of a CID.