A new CFPB Bulletin provides guidance on “responsible conduct” the CFPB will consider in deciding how to exercise its enforcement discretion.

The Bulletin states that the CFPB principally considers four categories of conduct “when evaluating whether some form of credit is warranted in an enforcement investigation.”  Those categories consist of: self-policing, self-reporting, remediation and cooperation during an enforcement investigation.  The CFPB will also take into consideration other types of activities “particular to [a company’s] situation that is both substantial and meaningful.”

In the Bulletin, the CFPB discusses the factors it will consider in determining how much credit to award for each category of conduct.  Such factors include the following:

•             For self-policing conduct (which the CFPB also describes as “self-monitoring” or “self-auditing”), the CFPB will consider (1) how the violation or potential violation was detected and who uncovered it, (2) what compliance or self-policing mechanisms were in place to prevent, identify, or limit the conduct that occurred and to preserve relevant information, (3) whether a company’s self-policing activities were previously examined by the CFPB or other regulators and, if so, what were the results of such examination and what changes followed, and (4) whether the company had a culture of compliance.

•             For self-reporting conduct (which the CFPB indicates it gives special emphasis in its evaluation of a company’s overall conduct), the CFPB will consider (1) how thoroughly and promptly a company disclosed the violation or potential violation to the Bureau (and any justifications for delayed reporting), and (2) whether the company proactively self-reported or waited until discovery or disclosure was likely to happen anyway.

•             For remediation, the CFPB will consider (1) how long after the misconduct was uncovered it took to implement an effective response, (2) whether any consequences were imposed on the individuals responsible for the misconduct, (3) whether the company promptly and effectively identified the extent of harm to consumers and appropriately compensated victims, and (4) what changes have occurred to prevent a recurrence of the misconduct.

•             For cooperation (which the CFPB indicates must consist of “substantial and material steps above and beyond what the law requires” for the CFPB to award credit), the CFPB will consider whether a company (1) cooperated promptly and completely with the CFPB during the course of the investigation, (2) took proper steps to develop the truth quickly and completely and to fully share its findings with the CFPB, such as a thorough review of the nature, extent, origins, and consequences of the misconduct and related behavior, (3) promptly made the results of its review available to the CFPB and provided sufficient documentation reflecting its response to the situation,
(4) provided evidence that would facilitate enforcement actions against others who violated the law, and (5) voluntarily disclosed material information the CFPB had not directly requested or that otherwise might not have been uncovered.

While seeking to encourage “responsible conduct” by potential enforcement targets, the CFPB also makes clear that the guidance is not intended to tie its hands.  It cautions that “the fact that a party may argue it has satisfied some or even all of the elements set forth in this guidance will not foreclose the Bureau from bringing any enforcement action or seeking any remedy if it believes such a course is necessary and appropriate.”  It also notes that “there may be circumstances where the misconduct is so egregious, or the harm inflicted so great, that no amount of cooperation or other mitigating conduct could justify a decision not to bring an enforcement action, or even to forgo seeking the imposition of a civil money penalty.”