We have expanded CFPB Monitor. This new blog—Consumer Finance Monitor—includes all the news in the CFPB Monitor. It also features a Federal CFS Monitor for analysis on the many other federal agencies that regulate our industry and a State CFS Monitor,  which covers state agency and attorney general developments. News is segmented by topic and agency on the right. A full compilation is below. Thank you for visiting and we hope you enjoy our new blog.

Tuesday, President Trump released an outline of his FY 2018 Budget entitled “A New Foundation for American Greatness”.  There is good news and bad news for the CFPB, although most of it is bad news.  The good news for the CFPB is that the Administration does not propose to abolish the CFPB.  The bad news for the CFPB is that it proposes to drastically change the way the CFPB is funded and the amount of such funding.

Under Section 1017 of the Dodd-Frank Act, the CFPB is funded by transfers each year of up to 12% of combined earnings of the Federal Reserve System.  During the current fiscal year, the CFPB’s budget is approximately $600,000.

Under the Administration’s proposed Budget, the CFPB’s funding would be supplanted by Congressional and appropriations.  This, of course, would require separate legislative action.  The outline of the Budget provides the following rationale for this change:

“CFPB’s interpretation of the Dodd-Frank Act has resulted in an unaccountable bureaucracy controlled by an independent director with unchecked regulatory authority and punitive power.  Restructuring is required to ensure appropriate congressional oversight and to refocus CFPB’s efforts on enforcing the law rather than impeding free commerce.  The Budget proposes to limit CFPB’s funding in 2018 to allow for an efficient transition period and bring a newly streamlined agency into the regular appropriations process beginning in 2019.”

A separate document released along with the outline of the Budget is entitled “2018 Major Savings and Reforms”.  The document projects that there will be savings from the CFPB funding change of $145 million in 2018, $650 million in 2019, with the savings increasing every year, for a total savings of $6,833,000,000 over a 10-year period.  These numbers are puzzling since they suggest that the CFPB is currently being funded through Congressional appropriations which, of course, is not the case.  I assume that these numbers really represent additional funds that the Fed will be able to send to the Treasury each year if it no longer needs to fund the CFPB.  According to an American Banker article, the “Fed remitted $91.5 billion to the Treasury last year, after providing $600 million in funding to the CFPB.”  Even more puzzling is the fact that these purported savings, beginning in 2019, seems to be almost the entire CFPB budget.  Thus, the Budget seems to propose a de facto abolition of the CFPB.

In any event, I think it will take the enactment of legislation like the Financial Choice Act (which contains a provision requiring Congressional appropriations for future funding instead of Fed payments) or H.R. 2553, The Taking Account of Bureaucratic Spending (TABS) Act (which would eliminate the Fed funding for the CFPB) to accomplish the Administration’s objective.  That will require at least 60 votes in the Senate.  Thus, the Democrats on the Senate should be able to block it.

Adding to the growing body of cases disputing the CFPB’s authority to issue civil investigative demands (“CID”), a U.S. district court judge in the Central District of California, on May 17, rejected multiple challenges and ordered a company to comply with a CID within fifteen days of the decision. The defendant, Future Income Payments, previously attempted a John Doe challenge to the CID in the U.S. District Court for the District of Columbia. The district court rejected the challenge, and the D.C. Circuit rejected an emergency stay pending appeal. The CFPB filed a petition to enforce the CID in the Central District of California.

The opinion is a reminder of the CFPB’s broad authority to issue a CID and the heavy burden a recipient bears of challenging it. The court joined other courts in emphasizing that an agency subpoena is valid unless jurisdiction is “plainly lacking.” Under this standard, a CID will be upheld if “there is some plausible ground for jurisdiction.” The court reasoned that the defendant’s income-stream-advance product may be sufficiently similar to a loan for the CFPB to have plausible jurisdiction. The product essentially consists of an advance on a pension or other income stream, which the individual repays from the future income.

Next, the court rejected the defendant’s arguments that the CID was overbroad or unduly burdensome. The court again emphasized the CFPB’s broad investigatory powers and held that the company failed to provide “a declaration specifying the estimated cost of compliance, the effect on [the defendant’s] operations, the number of responsive documents, or some other indication of the burden of complying.” Without this information, the defendant’s assertions were not supported by evidence sufficient to carry the defendant’s burden.

Finally, the court rejected the defendant’s constitutional arguments and held that the single director, removable-for-cause structure is constitutional. The court prefaced the constitutional analysis with a reference to the doctrine of constitutional avoidance, stating that it was only addressing the constitutional question because the defendant’s other arguments lack merit.

Constitutional issues aside, the primary takeaway is that companies should think strategically when they receive a CID. For many companies, the best course of action is typically to negotiate a modification with the enforcement attorneys by discussing the scope of the investigation, providing specific examples of the burden of compliance, and finding alternative ways to provide relevant information—all done without litigation or public scrutiny. There are, of course, situations in which an acceptable compromise cannot be reached, and the Future Income case may be an example of this situation.

On May 15, 2017, the Federal Reserve Office of Inspector General – which also oversees the CFPB – released a report finding deficiencies in the CFPB Office of Enforcement’s (Enforcement) processes for securing sensitive information.  The evaluation, conducted between February 2016 and July 2016, reviewed Enforcement’s processes for protecting the information it collects from the entities subject to its investigations and litigation activities related to potential violations of federal consumer financial laws, referred to as confidential investigative information (CII).

First, the Report found that access to matters containing CII was not always restricted to employees that required it to perform their assigned duties – during the time period evaluated, the OIG identified 113 individuals with access to matters when they no longer needed it.  Although CFPB policy is to require that access to high-sensitivity information, including CII, be restricted to individuals “with a demonstrated business need;” employees were generally allowed broad access to the network drive containing CII.  To address these issues, the Report offered five recommendations: (1) formalize in policy that employees should be granted access to Enforcement’s review tools and network drive matter folders only when such access is relevant to their assigned duties; (2) update policies and procedures to specify the process for approving and updating matter folder access rights for Enforcement’s review tools and network drive; (3) expand existing training for employees to reinforce guidance on Enforcement’s  interpretation that “demonstrated business need” means relevance to performing assigned duties, and the access approval and updating process for Enforcement’s review tools and network drive; (4) develop and implement a monitoring and testing approach to periodically confirm that Enforcement’s matter folders are appropriately restricted; and (5) coordinate with the Chief Information Officer to ensure that the new cloud environment, which is intended to replace the network drive, includes access approval and monitoring capabilities that meet the current and future needs of Enforcement.

Second, the Report found that Enforcement employees did not consistently follow CFPB guidelines for safeguarding CII, were unaware of certain aspects of the CFPB’s policies, and did not understand how relevant policies applied to their daily work activities.  The Report offered three recommendations to address this issue: (1) develop and implement operational procedures specific to Enforcement for handling printed high-sensitivity information, including but not limited to information labeling requirements and the use of cover sheets; (2) establish a strategy to periodically reinforce handling and safeguarding requirements and establish a monitoring approach to test compliance with information handling and safeguarding policies and procedures; and (3) monitor securable, access-controlled storage space, including but not limited to lockable cabinets and offices, to ensure that it meets the needs of all Enforcement employees.

Lastly, the Report found that Enforcement’s lack of a uniform naming convention hindered its ability to monitor and maintain access to matter folders.  The Report found that matter folder names were not uniform, with several instances of duplicate matters, and matters were inconsistently identified across different systems.  This hindered management’s ability to: (1) locate documents; (2) assign and monitor access to matter folders; and (3) ensure uniform and complete documentation or data for a matter.  The Report recommended developing a policy to establish a standard naming convention for matter folders and other relevant Enforcement folders to be used across all Enforcement applications and internal drives.

The Report raises significant – and continuing – concerns regarding Enforcement’s ability to safeguard the information it collects in the course of its investigations.  The Report follows the OIG’s September 29, 2016, memorandum, which identified information security as an area of improvement for CFPB management (see our prior blog post).  It is also interesting to note that the Report’s review period coincides with Enforcement’s March 2016 consent order with Dwolla, which marked Enforcement’s first – and to date, its only – foray into the data security realm (see our blog post on the consent order).  The Report’s findings highlight Enforcement’s continued struggle to satisfy the same internal data security requirements that it expects companies to maintain.  Enforcement’s failure to restrict access to sensitive information creates a risk of unauthorized disclosure.  Moreover, while the Report notes that former employees do not pose a significant risk due to the fact that they should no longer have access to the CFPB’s network, the fact that their access has not been restricted provides at least some reason for concern that these individuals may be able to misuse this information.

One of the hallmarks of the CFPB’s enforcement actions has been its use of those actions to announce new legal standards. Navient attacks this enforcement strategy in its motion to dismiss a recent case brought against it by the CFPB. On January 18, 2017, the CFPB sued Navient, alleging a number of violations. The chief allegation is that Navient unlawfully “steered” consumers into resolving student loans defaults using forbearance instead of income-driven repayment plans (“IDB”), even in situations where IDB would have been allegedly better for consumers. The motion to dismiss briefing closed on May 15, 2017.

Navient’s main argument is that the CFPB cannot seek penalties against it for the alleged steering because no one had fair notice that steering, if it occurred, violated UDAAP before the enforcement action began.  This is especially so when, as Navient points out, it was governed by the comprehensive rules, regulations, and contractual obligations that never even mention the conduct that the CFPB is suing over.

In addition, Navient argues that the CFPB is required to engage in rulemaking before imposing penalties on industry actors for alleged UDAAP violations. The CFPB is authorized under 12 U.S.C. § 5531(a) to seek fines and penalties against any entity that that engages in “an unfair, deceptive, or abusive act or practice under Federal Law.” Navient argues that “under Federal Law” means the CFPB must declare that conduct violates UDAAP through rulemaking before seeking fines and penalties for alleged violations. This, Navient argues, is supported by § 5531(a)’s placement in the statute immediately before § 5531(b), which allows the CFPB to “prescribe rules . . . identifying as unlawful unfair, deceptive, or abusive acts or practices.” The CFPB disagrees, arguing that “under Federal Law” is a reference to the general prohibition on UDAAPs in § 5536, and that no rulemaking is required prior to a UDAAP enforcement action. No court that we know of has yet addressed this specific issue under Dodd-Frank. How the court resolves this argument could have a substantial impact on how the CFPB does business going forward.

Navient also attacked the premise of the CFPB’s steering claims. For steering to be a violation, Navient argues, the CFPB has to first establish that Navient had some legal duty to counsel consumers on whether IDB or forbearance is better for their individualized situations. In an attempt to manufacture that duty, the CFPB points to general statements on Navient’s website inviting consumers to let Navient help them resolve their student loan defaults. In response, Navient emphasizes that such generalized statements do not create a fiduciary relationship as a matter of law and rightly reminds the court that lenders are not fiduciaries of borrowers.

We will continue to follow this case and keep you posted. Oral argument on the motion has been scheduled for June 27.

At the Auto Finance Risk and Compliance Summit held this week, Calvin Hagins, CFPB Deputy Assistant Director for Originations, stated that the CFPB is increasingly asking lenders about ancillary product programs during examinations, particularly about the percentage of consumers buying these products.

In June 2015, when the CFPB released its larger participant rule for nonbank auto finance companies, it also issued auto finance examination procedures in which ancillary products, like GAP insurance and extended service contracts, received heavy attention.  We commented that by giving so much attention to these products, the CFPB was signaling its intention to give lots of scrutiny to these products in the auto finance market.  Mr. Hagins’s comments confirm that the CFPB is in fact looking closely at these products in exams.

Speaking at the Summit as a member of a regulatory panel, Mr. Hagins indicated that companies should expect to get questions from CFPB examiners about ancillary products.  He indicated that the CFPB specifically looks at how the product is offered to the consumer, when in the contracting process is it offered, how disclosures are being provided to the consumer, and the acceptance rate.  As an example, he indicated that a 95% acceptance rate would cause CFPB examiners to raise questions about how the rate was achieved.

At the Summit, Colin Hector, an FTC attorney, indicated that the FTC is also interested in ancillary products, particularly whether there is a potential for consumer deception in how they are sold.  He commented that, in its enforcement work, the FTC has focused on ancillary product sales that occur at the end of the sales process when consumers may be led to believe they must purchase the products to obtain financing and the seller has increased leverage because the consumer is more invested in completing the transaction.


In a recent Bloomberg interview, Senate Majority Leader Mitch McConnell expressed skepticism about the Senate’s ability to pass meaningful Dodd-Frank reform.  After months of inactivity, the House Financial CHOICE Act finally moved out of committee to the House floor where a vote by the full House is expected in June.

Several other bills aimed at reforming the CFPB have been introduced by various Republican lawmakers in the House and Senate.  This legislative action would seem to suggest that CFPB reform was a real possibility.  Senator McConnell, however, cast renewed doubt on the prospects of reform, to the disappointment of many in the banking and finance industry.

Many factors stand in the way of significant Dodd-Frank reform in the Senate.  As Senator McConnell acknowledged, Republicans would need the support of at least some Democrats on the Banking Committee and in the full Senate.  According to Bloomberg, Democrats and Republicans appear to agree on the need for community banking reform, but little else.  Of course, the two parties do not necessarily agree on what counts as a small, community bank, as both have pushed differing size thresholds in the past.

The slim Republican majority in the Senate is not the only thing standing in the way of meaningful reform.  Even if it passed the House, the revised CHOICE Act was likely to face stiff resistance in the Senate.  Unfortunately, the revised version dropped the proposal for a five-member commission in favor of a single director removable at will.  Industry has long viewed a commission as a more appropriate structure, to bring stability and predictability to the agency over the long run.

Although the more modest Senate proposals, such as reforming the CFPB’s funding mechanism, had a greater chance at passage, the recent turmoil in Washington, of course, will make passage of any legislation difficult, and make grand reforms much less likely.  At the end of the day, meaningful change to the CFPB is more likely to come from within the agency itself when a new director is appointed in July 2018.


The CFPB’s Student Loan Ombudsman has released an update setting forth the CFPB’s “preliminary observations” based on the data it received in response to a voluntary request for information sent to several of the largest student loan servicers in October 2016.  The request, which was sent contemporaneously with the release of the Ombudsman’s 2016 annual report (2016 report), asked servicers to provide information about their policies and procedures related to servicing loans of previously defaulted borrowers.  The update indicates that the CFPB received information from servicers collectively handling accounts for more than 20 million student loan borrowers.

On June 8, 2017, from 12:00 p.m. to 1:00 p.m. ET, Ballard Spahr will hold a webinar, “CFPB Criticism of Student Loan Servicers – What’s Coming Next?”  Click here to register.

In the update, the CFPB makes the following “preliminary observations” regarding the borrowers about whom servicers provided loan performance information:

  • More than 90 percent of borrowers who rehabilitated one or more defaulted loans were not enrolled and making payments under an income-driven repayment (IDR) plan within the first nine months after curing a default.  According to the CFPB, this data reinforces its observations in the 2016 report that “a series of administrative, policy, and procedural hurdles may limit access to or enrollment in IDR for borrowers with previously defaulted federal student loans.”
  • Borrowers who did not enroll in an IDR plan were five times more likely to default a second time.
  • Nearly one in three borrowers who completed rehabilitation and for whom a servicer provided information about two years of payment history redefaulted within 24 months.
  • Over 75 percent of borrowers who default for a second time after completing rehabilitation did not successfully satisfy a single bill, including those who used forbearance or deferment for a period of time before redefaulting.  The CFPB states that it estimates that “as many as four out of five borrowers who rehabilitate a student loan could be eligible for a zero dollar payment under an IDR plan, which suggests that many of these defaults were preventable.
  • Borrowers using consolidation to cure defaulted loans are more likely to have better outcomes.

The CFPB states that the data described in the update provides support for its policy recommendations in the 2106 report. Those recommendations included a reassessment by policymakers of the treatment of borrowers with severely delinquent or defaulted loans and consideration of steps to streamline, simplify or enhance the current consumer protections in place for such borrowers.  The CFPB also urged policymakers and industry to consider various actions, including enhancing servicer communications to borrowers transitioning out of default, such as using personalized communications related to IDR enrollment, and using incentive compensation for debt collectors and servicers that is linked to a borrower’s enrollment in an IDR plan and successful recertification of income after the first year of enrollment.

In the update, the CFPB asks policymakers to “examine whether an extended period of income-driven rehabilitation payments and a complicated collector-to-servicer transition are necessary and whether current financial incentives for [servicers] are in the best interests of taxpayers and consumers.”  It also suggests that policymakers and market participants should “in the near-term” implement the CFPB’s recommendations for improving borrower communication throughout the default-to-IDR transition and streamlining IDR application and enrollment.

Although not mentioned in the update, the CFPB’s press release suggests that the CFPB plans to use the information discussed in the update to support its efforts to establish industrywide servicing standards.  The press release states that such information “will help the Bureau assess how current practices intended to assist the highest-risk borrowers may differ among companies. The Bureau previously highlighted how inconsistent practices across servicers can cause significant problems for borrowers, calling for industrywide servicing standards in this market.”


Based on the President’s executive order 13772 on The Core Principles for Regulating the United States Financial System, the American Bankers Association (ABA) submitted a white paper to Treasury Secretary Mnuchin that criticizes the revised Home Mortgage Disclosure Act (HMDA) rule adopted by the CFPB.

The executive order requires the Treasury Secretary, based on the core principles laid out in the executive order,  to identify the federal laws that promote and inhibit the regulation of the United States financial system.  In the white paper, the ABA “offers these views” to the Treasury Secretary in relation to the executive order’s directive:

  • Expanded data collection adds nothing but volumes of irrelevant data, distracting from achievement of HMDA’s purposes.
  • Regulators have failed to protect expanded HMDA data from breaches of security and privacy.
  • Expanded data collection will feed banker regulatory worries about meeting customer needs outside of the norm.
  • Data expansion should be suspended until security and privacy concerns are fully addressed.
  • Bureau regulatory expansion of data beyond the statute should be rescinded.
  • Dodd-Frank expansion of HMDA data fields should be repealed.

The comment regarding security and privacy addresses industry concerns that (1) the greatly expanded nonpublic personal information on consumers presents data security risks and (2) the public release of various new HMDA data elements will result in nonpublic personal information on consumers becoming readily available to the public.  As we have reported previously, the CFPB has provided little insight into its decision making on what data will be released, and does not appear to be too concerned with data security or privacy issues.  The ABA notes that it is “concerned that the Bureau has not initiated a public rulemaking to address the significant consumer privacy dangers and data protection threats that the expanded HMDA data collection poses.”  The ABA concerns are based on the “probability that manipulation of the expanded data points will make it easier for unfriendly parties to unmask identities of borrowers and their personal financial profiles, and the wholesale risks common to an age where harmful data breaches of government-held information are real, frequent, and therefore must be anticipated.”

We share the ABA’s concerns that the expanded HMDA data categories presents, both with regard to the risk of unauthorized access to the data, and the public release of various data elements by the CFPB.

The New York Department of Financial Supervision (DFS) has filed a complaint in a New York federal district court to stop the Office of the Comptroller of the Currency (OCC) from implementing its proposal to issue special purpose national bank (SPNB) charters to fintech companies.  The lawsuit follows the filing of a similar action earlier this month by the Conference of State Bank Supervisors (CSBS) in D.C. federal district court.

Like the CSBS lawsuit, the DFS lawsuit challenges the OCC’s proposal on the grounds that:

  • The National Bank Act (NBA) does not allow the OCC to charter non-depository financial services
  • The OCC’s decision to issue SPNB charters to fintech companies, by enabling non-depository charter holders to disregard state law, violates the Tenth Amendment of the U.S. Constitution under which states retain the powers not delegated to the federal government, including the police power to regulate financial services and products delivered within a state

In defending its authority to charter SPNBs that do not take FDIC-insured deposits, the OCC has relied on 12 C.F.R. Section 5.20(e)(1) which allows the OCC to charter a bank that performs a single core banking function—receiving deposits, paying checks, or lending money.  Similar to the CSBS lawsuit, the relief sought by the DFS lawsuit includes a declaration that the OCC lacks authority under the NBA to issue SPNB charters to fintech companies that do not take deposits, a declaration that 12 C.F.R. Section 5.20(e)(1) is null and void because it exceeds the OCC’s authority under the NBA, and an injunction prohibiting the OCC from issuing SPNB charters as proposed.

We have commented that because the OCC has not yet finalized the licensing process for fintech companies seeking an SPNB charter, the CSBS is likely to face a motion to dismiss on grounds that include a lack of ripeness and/or no case or controversy.  The DFS is likely to also face a motion to dismiss on similar grounds.  Perhaps anticipating an argument that it lacks standing to bring the lawsuit because it cannot show actual harm, DFS alleges not only that the OCC proposal would undermine its ability to protect New York consumers but also that the OCC’s actions will “injure DFS in a directly quantifiable way.”  DFS alleges that because its operating expenses are funded by assessments levied on New York-licensed financial institutions, every company that receives an SPNB charter “in place of a New York license to operate in this state deprives DFS of crucial resources that are necessary to fund the agency’s regulatory function.”

This allegation does not seem sufficient to overcome the lack of ripeness and/or no case or controversy problem that the DFS lawsuit presents.  Indeed, the DFS filed its lawsuit after the architect of the SPNB charter proposal, former Comptroller of the Currency Thomas Curry, was replaced by Acting Comptroller Keith Noreika.  Mr. Noreika has not yet taken any public position with respect to the SPNB charter.  It will not be until the next Comptroller of the Currency is nominated by President Trump, confirmed by the Senate, and takes a position on the SPNB charter that we will be able to realistically assess whether the OCC will continue to pursue the SNPB charter proposal, let alone finalize it.




The New York Department of Financial Services (DFS) announced last week that it is migrating the administration of its non-mortgage related licenses to the Nationwide Multistate Licensing System (NMLS), joining more than 60 other state financial services regulatory agencies that already administer their non-mortgage licenses via the NMLS.  Effective July 1, new applicants for a money transmitter license will be able to apply via the NMLS, and existing licensees will be able to transition their licenses to the NMLS.  DFS has indicated that ultimately it will manage all non-depository licenses via the NMLS.

The announcement also expressed support for Vision 2020, the Conference of State Bank Supervisors’ recently launched initiative to modernize state regulation for non-banks.

It is no secret that the DFS is not reluctant to launch its own initiatives if it believes that there is a gap in regulation, examination or oversight – their cybersecurity regulations – so the DFS embracing the NMLS is a positive for the industry as it relates to uniformity of the licensing application process.