In his prepared remarks to the Consumer Bankers Association yesterday, Director Cordray attempted to defend the CFPB’s “regulation by enforcement” approach that has been widely criticized by industry.

Director Cordray’s remarks included the surprising acknowledgment that despite indications by his colleagues to the contrary, the reach of CFPB consent orders is not limited to the parties involved.  Rather, Director Cordray indicated that consent orders are intended to have precedential effect for other industry members.  More specifically, he stated that consent orders are “intended as guides to all participants in the marketplace to avoid similar violations and make an immediate effort to correct any such improper practices.”  He called it “compliance malpractice” for companies “not to take careful bearings from the contents of these orders about how to comply with the law and treat consumers fairly.”

Director Cordray asserted that criticism of the CFPB’s approach as “regulation by enforcement” is “badly misplaced.”  He defended the CFPB’s approach as “a thoughtful strategy for how to deploy [the CFPB’s] limited resources most efficiently to protect the public.”  According to Director Cordray, the CFPB’s strategy is one of “working toward a pattern of actions that conveys an intelligible direction to the marketplace, so as to create deterrence that can be readily understood and implemented.”

He also rejected the “suggestion that law enforcement officials should think through and explicitly articulate rules for every eventuality before taking any enforcement actions at all,” stating that such an approach “would lead to paralysis because it simply sets the bar too high.”  According to Director Cordray, “the vast majority of our enforcement actions involve some sort of deception or fraud” and “courts have long noted that trying to craft specific rules to root out fraud or untruth is a hopeless endeavor.”  He observed that because of the impracticality of drafting specific rules, the CFPB strives in consent orders to “meticulously catalogue the facts we have found in our very thorough investigations and set out the legal conclusions that follow from those facts.”

Director Cordray’s comments ignore the reality that consent orders often result from CFPB pressure on targets to settle and, particularly for entities subject to CFPB supervision, a desire to avoid hostile litigation that might damage their ongoing relationship with the CFPB.  (Indeed, consent orders generally state that a company has consented to the order “without admitting or denying any findings of fact, violations of law or regulations” or “without admitting or denying any wrongdoing.”)  Thus, the legal conclusions set forth in a consent order only reflect the CFPB’s unilateral view of the law which a court might reject as incorrect.

Moreover, because they are tied to specific facts, consent orders rarely provide useful guidance for companies with different practices that are seeking to avoid violations.  For example, the CFPB’s enforcement actions against credit card issuers involving the marketing of add-on products (e.g., debt cancellation coverage, identity theft) created tremendous uncertainty among issuers as to the CFPB’s expectations.  This uncertainty caused most card issuers to stop offering these products altogether, a result that is not beneficial to the many consumers who found these products to be very valuable.

In addition, the fact that Dodd-Frank gives gave the CFPB UDAAP rule-writing authority indicates that Congress did not believe drafting rules to address deception or fraud was a “hopeless endeavor.”  Unlike the Administrative Procedure Act (APA) rulemaking process, the use of consent orders to impose industry-wide standards does not allow industry or other stakeholders to provide input nor does it require the CFPB to consider the impact of such standards on an entire industry.

We find it interesting that in defending the CFPB’s use of consent orders to set industry-wide standards, Director Cordray only notes the difficulty in establishing rules “to root out fraud or untruth.”  The CFPB has also entered into consent orders in cases where a company’s practices were alleged to be “unfair” or “abusive.”  For most companies seeking to comply with the CFPB’s expectations, the greatest cause of uncertainty and concern is the absence of clear CFPB guidance for determining whether any of their practices could be deemed “unfair” or “abusive” by the CFPB.

A notable example of the CFPB’s “regulation by enforcement” approach is the series of consent orders it has entered into with auto finance companies to resolve charges that the companies engaged in unlawful discrimination in violation of the ECOA through their auto dealer compensation practices giving dealers discretion to “mark up” interest rates on consumers’ retail installment sale contracts purchased by the companies.  The CFPB’s legal conclusion that such companies violated the ECOA rests on its view that disparate impact claims are cognizable under the ECOA.  Even if a court were to agree with the CFPB’s view, the methodology used by the CFPB to establish disparate impact has been challenged as seriously flawed.  The CFPB’s consent orders in these cases have required the auto finance companies to change their dealer compensation policies so that they conform to the options specified in the consent orders.  The establishment of “rules” for how the entire auto finance industry companies must compensate dealers without using the APA rulemaking process is clearly inappropriate.