Last week, the CFPB issued a Statement of Intent that describes its plans for sharing information about nonbanks with state banking and financial service regulators (“State Regulators”)  and coordinating supervisory and enforcement activity.  In January 2011, the CFPB entered into a memorandum of understanding (MOU) with the Conference of State Bank Supervisors (CSBS) and various State Regulators to establish a general framework for information sharing and supervision and enforcement cooperation.  Subsequently, the CFPB entered into similar MOUs with additional State Regulators.  (According to the CSBS website, as of April 19, 2012, State Regulators in every state except New Mexico have signed MOUs with the CFPB.)   The Statement of Intent supplements the MOUs by detailing the types of information the CFPB intends to share and the cooperative actions the CFPB intends to take.

With regard to supervision, the CFPB intends to coordinate its examination of a nonbank with a State Regulator having supervisory authority over the nonbank and provide examination reports upon such regulator’s request.  With regard to consumer complaints, the CFPB intends to provide such complaints or access to such complaints to State Regulators on an agreed systemic basis and develop a process to  coordinate the handling of consumer complaints to avoid duplication of effort.  The CFPB also plans to provide State Regulators (1) information about registered mortgage loan originators associated with institutions chartered and supervised by the State Regulators (if permitted by the relevant federal prudential regulators), and (2) significant analytical reports derived from national mortgage loan system (NMLS) data as agreed by the CFPB and State Regulators. 

In the enforcement arena, the CFPB intends to provide State Regulators with (1) reasonable notice before initiating a public enforcement action against a nonbank in a regulator’s state, and (2) information, data and analysis about conduct and practices of nonbanks to inform enforcement activity.  The CFPB also intends to (1) consult State Regulators during the enforcement process about mutually beneficial information sharing, (2) regularly consult with State Regulators to identify mutual enforcement priorities, and
(3) support enforcement activity by State Regulators, including through joint or coordinated investigations. 

It is widely known that there have been some bumps in the CFPB’s relationship with State Regulators. The Statement of Intent could represent an effort by the CFPB to improve that relationship by reassuring State Regulators that “sharing information” is not limited to their providing information to the CFPB but instead means that information will flow both ways. 

 In addition, it appears that the CFPB’s plans to provide information to State Regulators about Registered Mortgage Loan Originators employed by institutions supervised by the State Regulators is intended to assist State Regulators by giving them information they could not otherwise access about mortgage loan originators who are not required to hold a state license and instead only must hold a mortgage loan originator registration through the NMLS.  In certain states, subsidiaries and affiliates of state- and federally-chartered depository institutions are subject to licensing and supervision by State Regulators, although their mortgage loan originator employees are not required to hold a state license.  This creates the unusual situation where the employees of a state licensed entity are not subject to licensing by a State Regulator.   Similarly, the CFPB’s plans to share reports derived from NMLS data also appears to be an effort to give State Regulators the benefit of information they cannot access directly. 

The sensitive nature of the information to be shared under the Statement of Intent raises concerns as to the adequacy of the CFPB’s and the State Regulators’ information security systems.  Last month, the Bureau’s Office of Inspector General issued a report criticizing the CFPB’s information security system.  In response to the report, the CFPB said it is taking actions to strengthen its information security system.  Since the shared information will also need to be protected by State Regulators, we hope that before it shares information with a State Regulator, the CFPB will confirm that the State Regulator has an adequate information security system in place.