On March 28, Rohit Chopra, the director of the Consumer Financial Protection Bureau, gave a speech at the University of Pennsylvania Law School titled "Reigning in Repeat Offenders." The gist of the speech was that certain firms dominate the consumer financial services marketplace, violate the law repeatedly, and view regulatory penalties as the cost of doing business. More pointedly, Chopra cited the "too big to fail" and "too big to jail" doctrines as a vexing problem for regulators that undermines the public confidence in the rule of law. Chopra acknowledged that smaller companies also violate the consumer financial protection laws and regulations, but, when they do, they often face sanctions that fundamentally alter the ability of the company to continue to do business. For large firms, the penalties do not create such an existential crisis, and, in Chopra's view, do not deter future bad behavior.
Chopra began his speech by referencing his time as a student at Penn's business school and recollecting his view of regulators at that time: "While here—and I was hardly alone on this point—I viewed financial regulators as clueless and often corrupt lawyers and economists. Government officials were often seen as auditioning for a future job in finance to exploit their inside knowledge to help dominant financial firms extract special favors and evade accountability for wrongdoing, even when they violate the law repeatedly."
It could not be clearer that Chopra's perspective on the role of financial regulation has dramatically changed since his days at Penn and that he intends to tackle the problem of repeated violations of law directly. This speech outlined his plan to end what he perceives as rampant corporate recidivism and unfair treatment of smaller firms. In his words, "meaningful penalties become a paper tiger when regulators are not willing to enforce them, entrenching incentives for large companies to engage in repeated misconduct." Chopra noted that, in the decade since Congress transferred the authority to enforce federal consumer financial services laws from the Federal Reserve Board, bank regulators, the Federal Trade Commission, and other agencies, the CFPB has assessed more than $3 billion dollars in penalties against repeat offenders alone.
As an example of failed repeat offender enforcement, Chopra focused on the FTC's recent treatment of Facebook, which he sees as a politically powerful company that has routinely violated the terms of its agreements with the FTC with no real consequences. In 2011-2012, the FTC issued a complaint against Facebook alleging that the company deceived consumers by telling them that they could keep their information on Facebook private and then repeatedly allowing it to be shared and made public. The FTC settled the matter without assessing penalties but required that Facebook cease its deceptive conduct.
In 2018, a few months before Chopra became a Federal Trade Commissioner, it came to light that Facebook had allowed Cambridge Analytica to harvest information from more than 50 million people and use that information for political purposes. Chopra describes this as one of many instances where Facebook broke its promises to employ reasonable safeguards to keep personal information private unless the user gave explicit affirmative consent. In 2019, the FTC prepared a complaint against Facebook that detailed a host of privacy failures and violations of the 2012 order. However, according to Chopra, rather than fully investigating the matter or requiring significant changes to Facebook's data harvesting practices, the FTC reached a settlement with Facebook under which the company would pay a $5 billion fine, but it did not have to make any material changes to its business practices. In addition, Facebook was able to include an immunity clause for its executives.
Chopra publicly opposed the settlement agreement, stating that "the proposed settlement let Facebook off the hook for unspecified violations and it gave Facebook a legal shield of unusual breadth, deviating from standard FTC practice." In retrospect, Chopra identified three key lessons from the FTC's 2019 settlement with Facebook:
- For very large firms, seemingly large fines, even ones that are "record-setting," may appear to be very punitive but may have little effect;
- Corporate boards will go to great lengths to shield top executives from scrutiny, even though they are all bound by agency orders; and
- Committees, paperwork, compliance units, and other procedural requirements have much higher monitoring costs than bright-line structural remedies that meaningfully change business incentives.
At the conclusion of the speech, Chopra focused on the critical need for deterrence against repeat offenders and large financial firms and promised punitive measures that would be more structural in nature than the assessment of fines, including that the CFPB may seek limits on the activities or function of a company for violations of law, including:
- caps on size or growth of firms;
- bans on certain types of business practices;
- divestures of certain product lines;
- limitations on leverage or requirements to raise equity capital;
- revocation of government-granted privileges (such as access to federal deposit insurance); and
- liability against individuals (such as officers and directors).
Subsequent enforcement actions announced by the CFPB in the wake of this speech have made clear that Chopra's pledge to target repeat offenders and their executives was not an idle threat. We anticipate that, under Chopra's leadership, the CFPB will be examining, investigating, and commencing enforcement actions against companies it perceives as having a dominant role in the consumer financial services marketplace and against the executives that manage those companies.