In the RFI, the CFPB requested feedback on various aspects of the CFPB’s processes and requirements for issuing CIDs, responding to CIDs, and conducting investigational hearing. The FTC’s comments primarily describe the FTC’s comparable processes and requirements and highlights changes made in 2017 to the CID process used by the FTC’s Bureau of Consumer Protection (BCP). Those changes included (1) adding more detail about the scope and purpose of investigations to give companies a better understanding of the information sought, (2) limiting the relevant time periods to minimize undue burden on companies and focus the FTC’s resources on investigating harms that have an immediate impact on consumers, (3) shortening and simplifying the instructions for providing electronically stored data, and (4) increasing response times for CIDs, where appropriate.
In addition to describing its own processes and requirements, the FTC makes several specific suggestions for the CFPB to consider including the following:
- The FTC suggests that the CFPB may wish to consider applying an approach to opening and closing investigations that is similar to the FTC’s approach while remaining consistent with the CFPB’s structure, management, workload, and other relevant considerations. At the FTC, the BCP Director is responsible for implementing the Commission’s enforcement agenda and meets regularly with the FTC Chairman and the other FTC Commissioners to obtain views about investigations and possible investigations to accomplish that agenda. On a day-to-day basis, the BCP Director is responsible for ensuring that other BCP managers make opening and closing decisions in conformity with the FTC’s enforcement priorities and objectives. The BCP Director has regular and frequent communications with other BCP managers, including regular discussions about specific divisional or regional office work, including matters currently under investigation and those as to which an investigation is contemplated. Other BCP managers check with the BCP Director before opening, continuing, or closing an investigation that might not be in line with FTC priorities and objectives or that might present other challenging or sensitive issues.
- The FTC observes that its procedures for CID issuance appear to be significantly different from those of the CFPB. When a BCP staff member believes issuance of a CID is appropriate, he or she drafts the CID along with a supporting recommendation and, once approved by the BCP Director, he or she submits the proposed CID and recommendation memo to the FTC. Since any Commissioner is permitted to issue a CID relating to any matter under investigation, a single Commissioner generally reviews the proposed CID and recommendation memo to determine whether to approve, modify, or reject a proposed CID. The FTC believes that because approval is sought for hundreds of proposed CIDs each year, it is more efficient and less burdensome to have a single Commissioner rather than the full FTC review each CID. Also, Commissioner-approval ensures that there will be an independent assessment of a CID’s costs and benefits by someone who is not conducting the investigation. In contrast, at the CFPB, not only the Director but also the Assistant Director and the Deputy Assistant Directors of the Office of Enforcement have authority to issue CIDs. In addition, it is generally a CFPB Deputy Assistant Director who authorizes the issuance of a CID and that individual may be involved in direct oversight of investigations in a way that an FTC Commissioner is not. The FTC suggests that because its approach has allowed the FTC to successfully balance the need to obtain information without imposing unnecessary or undue burdens, the CFPB may wish to consider the FTC’s experience, including revising its delegation of authority to one or more senior officials who are not directly involved in an investigation.
- The FTC suggests that the CFPB may want to consider adopting requirements for processing requests for extending the dates and manner of compliance with CIDs that are similar to the FTC’s requirements. To ensure that the meet-and-confer process is productive, the FTC requires CID recipients to make available persons who are familiar with the recipient’s information management system and the requested materials. BCP staff conducts the meet-and-confer sessions, which are usually held telephonically. After having the meet-and-confer, the appropriate BCP manager with the delegated authority can extend the compliance date if the CID recipient “has demonstrated satisfactory progress toward compliance,” and can also modify the terms of compliance with the CID. The FTC believes that this combination of the meet-and-confer requirement and the delegated authority to modify the time and manner upon a demonstration of satisfactory progress toward compliance allows the FTC to reduce unnecessary and undue burden while at the same time advancing the purposes of the investigation.
- The FTC observes that the BCP’s current guidelines for submission of electronically stored information (ESI) appear to be significantly shorter and less complex than the most recently available CFPB production requirements. As streamlined in 2017, the BCP’s production requirements for submission of ESI in response to a CID are less complex, require the processing and production of fewer fields, and no longer require that each field meet exacting requirements for specialized eDiscovery applications. By providing ESI in the new streamlined format, data can be used in any subsequent proceedings, obviating the need for the recipient to reproduce the data at a later time.