The CFPB’s release this week of its first “Supervisory Highlights” report reinforces concerns I previously voiced that, instead of establishing industry-wide standards through the rulemaking process, the CFPB plans to use its supervisory and enforcement authority to impose such standards.  

The report discusses “the most critical” issues and problems detected by CFPB examiners during examinations conducted between July 2011 and September 30, 2012.  According to the CFPB, the document is intended to “signal to all institutions the kinds of activities that should be carefully scrutinized for compliance with the law” and “will help providers of financial products and services better understand the CFPB’s supervisory expectations so that they can take action to comply with Federal consumer financial laws.”  The CFPB states that it expects to periodically publish additional “Supervisory Highlights” and “[t]hrough these supervisory reports, CFPB will provide financial institutions with clear guidance about the standards of conduct expected of them.” 

In discussing problems and issues it found at “financial institutions,”  the CFPB did not distinguish between banks and nonbanks over which it has supervisory authority such as payday and private student loan lenders. The issues and problems described in the report include the following: 

  • Comprehensive deficiencies in compliance management systems, such as failures to adopt and/or follow compliance policies and procedures. The CFPB notes that, in compliance exams, it “evaluates both the understanding and application of the financial institutions’ compliance management programs by its managers and employees.”
  • Failures to establish a comprehensive service provider management program or to effectively manage service providers to ensure compliance with Federal consumer financial laws.
  • A lack of any formal fair lending compliance system or the implementation of systems that do not provide compliance oversight for all major lending products.  The CFPB notes that in some cases where fair lending violations have been found, “financial institutions have been directed to expand their internal fair lending regression analysis, monitor compliance through special reports and certifications, or take other steps to address the potential existence of discrimination against applicants on a prohibited basis and to verify full compliance with ECOA.”
  • In addition to the violations by the three card issuers that were the subject of the CFPB’s public enforcement action, CARD Act violations by other issuers have resulted in non-public supervisory action by the CFPB.  Those violations consisted of increases in credit limits on accounts issued to consumers under the age of 21 based on the ability to pay of a co-applicant age 21 or older without the co-applicant’s written authorization and failures to perform a rate review of an acquired portfolio within 6 months or to establish written policies for rate reevaluations.
  • FCRA violations consisting of failures to (1) communicate appropriate and accurate information to consumer reporting agencies, (2) indicate when a consumer had disputed account information, and  (3) delete information upon completion of dispute investigations.
  • Significant TILA and RESPA violations by residential mortgage lenders, such as inadequate or improper completion of the Good Faith Estimate and HUD-1 Settlement Statement, inaccurate TILA disclosures.  The CFPB also identifies HMDA compliance as an area of concern, noting that its examiners found several financial institutions had significant error rates in their HMDA data.   

The report is yet another example of the CFPB’s continued focus on fair lending.  As Chris Willis commented about the CFPB’s appeals procedure bulletin that was released concurrently with the “Supervisory Highlights” report, fair lending was the only substantive area mentioned in the bulletin. Similarly, in the report, fair lending compliance programs were the only specific compliance programs mentioned by the CFPB in its discussion of the deficiencies it found in compliance management systems.