On Tuesday, September 17, 2019, the CFPB published Director Kathleen Kraninger’s Decision And Order On Petition By Bank of America Corp. To Set Aside Or Modify Civil Investigative Demand issued to it on March 1, 2019 (the “Order”). In CFPB practice, a CID is akin to a subpoena.
BofA’s Petition reveals that it had complied with a CID previously issued by the CFPB. The current CID contains eleven requests for information and documents. The CFPB’s CID to BofA sought the bank’s production of evidence to help the government determine if BofA opened unauthorized consumer credit cards, including proof of electronic or hard-copy authorizations and voluminous emails from dozens of custodians. BofA asserted that the CID should be set aside, or in the alternative, modified, for three reasons.
1) The Burden Arising Out of Redundant Work Already Completed for the CFPB and OCC During Examination Processes.
First, BofA argued in the public petition that the CID was unnecessary and redundant of work already completed by BofA. The March 1, 2019 CID was not the first that had been issued in this investigation. BofA asserted that prior work done by the bank encompassed information sufficient for CFPB to establish that there are no systemic sales misconduct issues. BofA also cited to the horizontal review conducted by the OCC of large and mid-size national banks as a justification for why BofA ought to not be required to duplicate for the CFPB what was done for the OCC. According to BofA’s petition, the March 1, 2019 CID imposed a need to conduct manual file reviews and replicate efforts that would not “meaningfully further the CFPB’s knowledge of the Bank’s practices given that BofA had previously produced data and analyses” based on several methodologies, “including those of the CFPB’s design—over various timeframes.” BofA pushed back on the CFPB approach utilizing the rationale that the CFPB should not be “resistan[t] to the work performed by and for other regulatory agencies.”
In the petition, BofA criticized the CFPB effort, simultaneously referencing Director Kraninger’s involvement in the Task Force on Market Integrity and Consumer Fraud (designed to coordinate cooperation and resources among agencies), and argued that the redundancy in the March 1, 2019 CID was antithetical to the Director’s role in coordination across agencies, in light of the OCC’s horizontal review of sales practices. BofA also reasoned that any inquiry into sales practices should be handled by the CFPB’s Office of Supervision – not through the Office of Enforcement’s CID procedure – because Supervision had greater tools and familiarity with BofA’s business lines to effectively analyze the issues in the matter.
2) BofA Asserted the CID was Unreasonable and Burdensome When Weighed Against the Needs of the Investigation.
Second, BofA contended that the CID was unreasonable and burdensome. In addition to its claim that it had already spent significant time and resources investigating sales practices issues and responding to requests from regulators, including the CFPB, BofA also highlighted that several requests in the CID would implicate privilege issues, initiating the time-consuming process of creating a privilege log when any continued investigation would not yield evidence of systemic misconduct.
3) Alternatively, BofA Argued the CID Should be Modified.
Third, and in the alternative, BofA sought modifications to the CID. BofA requested the Applicable Period be shortened as the current Applicable Period extended beyond the five-year limitations period in the Fair Credit Reporting Act (FCRA), and the three-year statute of limitations under both the Consumer Financial Protection Act (CFPA) and the Truth in Savings Act (TISA). According to BofA, the CFPB had no basis to impose liability for any conduct before that date. BofA also requested the CFPB accept documents and reports previously produced in lieu of a response to an interrogatory, and that the document requests and written report be stricken from the CID completely.
Director Kraninger denied the Petition on July 19, 2019, ruling that BofA had not raised a legal basis sufficient to support a decision to aside the CID. The Director’s reasoning was as follows:
First, she ruled that BofA’s assertion that the CID was unnecessary and redundant, because other documents showed the absence of systemic sales practice issues, was not a legal ground to set aside or modify the CID. The Director double-downed on the CFPB’s position, first decided by the CFPB under former Director Richard Cordray and supported by case precedent involving similar agencies, that an entity’s fact-based arguments that it has complied with the law are not valid bases to nullify a CID.
Second, as to BofA’s assertion that the CID was unduly burdensome, the Director ruled that BofA had not meaningfully engaged in the meet-and-confer process required by the rule on investigations. In particular, the Director held: “[BofA]’s failure to meaningfully engage in the meet-and-confer process is alone sufficient grounds to reject the burden arguments raised in [BofA]’s petition.” Moreover, the CFPB did not find BofA’s burden arguments persuasive as it had not shown how compliance with the CID would “disrupt or seriously hinder normal business operations.” The Director also declined BofA’s request to move any further inquiry into the supervisory process because such a request appealed to the CFPB’s discretion, and was not a legal ground to modify or set aside the CID.
Finally, the Director denied BofA’s request to modify the CID’s Applicable Period, clarifying that the three-year limitations period under the CFPA begins on “the date of discovery of the violation” – and here, BofA had made no arguments that the CFPB has “discovered” any violations that would cause the limitations period to begin running.
Consistent with the CFPB’s recent policy announcement, however, the CFPB took the additional step of modifying the Notification of Purpose in the CID, which BofA had not challenged. The CFPB’s modification “provide[s] even more information about the nature of the conduct under investigation and the applicable provisions.”
As we have reported previously, not much has changed at the CFPB regarding the issuance and enforcement of CIDs since Director Cordray’s departure. Financial services companies should continue to be well-prepared to position themselves favorably before the CFPB, notwithstanding the popular press heralding an era of deregulation. In our view, the perception of deregulation reflects the inactivity of the CFPB press office, as opposed to an actual increase in agency willingness to grant petitions to set aside CIDs.
The BofA Order and other recent cases exemplify the CFPB’s commitment to greater transparency by adding more detail in the CID’s Notification of Purpose box. For practical purposes however, a clearer picture of the reason for a burdensome investigation offers cold comfort in reducing the compliance burden itself, especially when it comes to CIDs. Further, while designed to help recipients of CIDs understand the purpose of the investigation, the policy on increased transparency has the counter-effect of making CIDs more difficult to challenge in court as vague and ambiguous on their face. Ironically, the collective effect of recent CFPB actions is that, moving forward, it’s reasonable to expect that the CFPB will continue to require compliance with CIDs as written by Enforcement staff.
Stay tuned – we will be back shortly to provide an overview of the CFPB’s petition activity this past summer.
BofA’s Petition and the CFPB’s Order can be accessed here.
 Decision And Order On Petition By Bank of America Corp. to Set Aside or Modify Civil Investigative Demand, 2019-MISC-Bank of America Corp.-0001 (Jul. 19, 2019), at 5.
 Id. at 4, 9-11.
 Id. at 11.
 Id. at 8.
 Id. at 7-8.
 Id. at 6-7.
 Id. at 2; see U.S. v. Morton Salt Co., 338 U.S. 632, 652 (1950); In re Sealed Case (Administrative Subpoena), 42 F.3d 1412, 1416 (D.C. Cir. 1994); see also In Re Synchrony Financial, 2017-MISC-Synchrony Financial-0001 (Sept. 7, 2017) at 4; In Re Seila Law, LLC, 2017-MISC-Seila Law, LLC-0001 (Apr. 10, 2017) at 3; In Re Assurant, Inc., 2015-MISC-Assurant-0001(Apr. 10, 2016) at 2; In Re Next Generation Debt Settlement, Inc., 2012-MISC-Next Generation Debt Settlement-0001 (Oct. 5, 2012) at 2.
 Id. at 3.
 Id. at 4.
 Id. at 5, citing 12 U.S.C. § 5564(g)(1).
 Id. at 7.
 CFPB Announces Policy Change Regarding CFPB Civil Investigative Demands (Apr. 23, 2019).