The CFPB announced yesterday that it has transmitted a proposal to Congress that would give it clear authority to conduct supervisory examinations for compliance with the Military Lending Act (MLA).

Last summer, former CFPB Acting Director Mulvaney reportedly announced that he planned to end routine examinations for MLA compliance because the Dodd-Frank Act did not give the CFPB the authority to conduct such examinations.  For the reasons we detailed, we agreed with Acting Director Mulvaney’s reading of Dodd-Frank.  As we observed, while the MLA gives the CFPB authority to enforce the MLA, nothing in the plain language of the MLA or Dodd-Frank currently gives the CFPB authority to conduct MLA examinations.  As might be expected, Mr. Mulvaney’s plan met with strong criticism from Democratic lawmakers and state attorneys general, who asserted that the CFPB did possess the requisite examination authority.

The CFPB’s legislative proposal would amend Sections 1024 and 1025 of Dodd-Frank which establish the CFPB’s supervisory authority as to, respectively, non-banks and banks with more than $10 billion in total assets.  It would add a substantially similar provision to each section that would provide that the CFPB has “nonexclusive authority to require reports and conduct examinations on a periodic basis…for the purposes of—”

  • assessing compliance with the MLA
  • obtaining information about the non-bank or bank’s activities and compliance systems or procedures
  • detecting and assessing risks to consumers and to markets for consumer financial products and services.

The proposal would also add language to Section 1026 of Dodd-Frank which addresses the CFPB’s supervisory authority as to banks with $10 billion or less in total assets to provide that the CFPB (1) can include its examiners in examinations performed by a bank’s prudential regulator to assess not only the bank’s compliance with “Federal consumer financial law” but also MLA compliance, and (2) the requirement for the CFPB to notify a bank’s prudential regulator and recommend appropriate action when it has reason to believe the bank has engaged in potential violations includes not only material violations of a “Federal consumer financial law” but also material violations of the MLA.

Thirty state attorneys general, joined by the AGs of the District of Columbia, Puerto Rico, and the Virgin Islands, have sent a letter to CFPB Acting Director Mulvaney “to express our concern about recent reports that the [Bureau] will no longer ensure that lenders are complying with the Military Lending Act (MLA) as part of its regular, statutorily mandated supervisory examinations.” Such recent reports included one from the New York Times published in August 2018 indicating that Mr. Mulvaney was planning to eliminate routine supervisory examinations of creditors for MLA violations because the CFPB lacks statutory authority to conduct such examinations.

In addition to describing the benefits that the MLA provides to servicemembers, the AGs assert that the Bureau “would be failing to abide by its statutorily mandated duty to enforce the MLA by restrictively interpreting its examination authority to preclude lenders’ compliance with the MLA.” They cite to the MLA provision (10 U.S.C. Section 987(f)(6)) that states the MLA “shall be enforced by the agencies specified in section 108 of the Truth in Lending Act (15 U.S.C. 1607) in the manner set forth in that section or under any other applicable authorities available to such agencies by law.” Such agencies include the CFPB. The AGs argue that this language allows the CFPB to examine for MLA compliance because “Congress has explicitly provided [in the Consumer Financial Protection Act (CFPA)] that one ‘applicable authority’ available to the CFPB is examination of lenders in order to ‘detect[] and assess[] risks to consumers and to markets for consumer financial products and services.’”

The AGs appear to be arguing that the MLA allows the CFPB to use its supervisory authority to “enforce” the MLA. We believe this interpretation is incorrect for at least two reasons. First, TILA Section 108 specifies not only the agencies that can enforce TILA but also the laws they can use to exercise such enforcement authority. For the CFPB, Section 108 specifies that it can enforce TILA under subtitle E of the CFPA, the subtitle that sets forth the CFPB’s enforcement powers. Thus, it is apparent from a plain language reading that the phrase “any other applicable authorities” in the MLA refers to any laws that give the CFPB enforcement powers beyond those it can exercise under subtitle E. The CFPB’s supervisory authority (which is separately provided in subtitle B of the CFPA) is not a source of additional enforcement powers.

Second, the AGs’ argument ignores the CFPA provisions that set forth the scope of the Bureau’s supervisory authority. CFPA Sections 1024(b)(1)(A) and 1025(b)(1)(A) provide that the CFPB shall conduct examinations of covered persons to assess compliance with the requirements of “Federal consumer financial laws.” Section 1002(14) of the CFPA defines the term “Federal consumer financial law” to mean generally the provisions of the CFPA and the “enumerated consumer laws.” Section 1002(12) lists the “enumerated consumer laws.” There are 18 federal statutes listed in Section 1002(12). Noticeably absent is the MLA.

Another letter urging Mr. Mulvaney to reconsider his plans to eliminate MLA examinations was sent by all 49 Democratic Senators who also take the position that the CFPB has statutory authority to conduct such examinations. As discussed in our blog post, we think the Senators’ interpretation is based on a misreading of the Bureau’s supervisory authority under the CFPA.

The CFPB has issued a request for information that seeks comment on its supervision program.  Comments on the RFI must be received by May 21, 2018.  (Unlike the CFPB’s three prior RFIs described below which have 60-day comment periods, the new RFI has a 90-day comment period.)

The new RFI represents the fourth in a series of RFIs announced by Mick Mulvaney, President Trump’s designee as Acting Director.  In the new RFI, the CFPB seeks comment on all aspects of its supervision program but lists the following 12 topics that represent “a preliminary attempt by the Bureau to identify elements of the Bureau processes related to its Supervision Program that may be deserving of more immediate focus.”

These topics are:

  • Timing, frequency, and scope of supervisory process
  • Timing, method or process used by the CFPB to collect information and documents from a supervised entity before it begins an examination
  • Type and volume of information and documents requested in examination information requests
  • Effectiveness and accessibility of the CFPB Supervision and Examination Manual
  • Efficiency and effectiveness of onsite examination work
  • Effectiveness of Supervision’s communications when potential violations are identified, including the usefulness and content of a potential action and request for response (PARR) letter
  • Clarity, organization, and quality of communications that report the results of supervisory activities
  • Clarity of matters requiring attention (MRA) and the reasonableness of timing requirements to satisfy MRAs
  • Process for appealing supervisory findings
  • Use of third parties by supervised entities to conduct assessments specified in MRAs or assess the sufficiency of completion of an MRA
  • Usefulness of the CFPB’s Supervisory Highlights to share findings and promote transparency
  • Manner and extent to which the CFPB can and should coordinate its supervisory activity with federal and state supervisory agencies

The CFPB’s first RFI, which has a March 27, 2018 comment deadline, seeks comment on the CFPB’s processes surrounding civil investigative demands and investigational hearings.  The second RFI, which has a comment deadline of April 6, 2018, seeks comment on how the CFPB can improve its administrative adjudication processes.  The third RFI, which has a comment deadline of April 13, 2018, seeks comment on how the CFPB can improve its enforcement processes.

In its press release announcing the fourth RFI, the CFPB stated that the next RFI in the series will be issued next week and will address the CFPB’s external engagement processes.  The press release also stated that the CFPB anticipates issuing RFIs on the following topics in the coming weeks:

  • Complaint Reporting
  • Rulemaking Processes
  • Bureau Rules Not Under §1022(d) Assessment (§1022(d) requires the CFPB to conduct an assessment of  a significant rule no later than five years after the rule’s effective date.)
  • Inherited Rules (Rules for which Dodd-Frank transferred authority from another federal agency to the CFPB)
  • Guidance and Implementation Support
  • Consumer Education
  • Consumer Inquiries

In a letter to Leandra English and Mick Mulvaney, Senator Elizabeth Warren calls the freeze imposed by Mr. Mulvaney on the CFPB’s collection of personally identifiable information (PII) “unjustified.”  (Not surprisingly, Senator Warren’s letter is addressed to Ms. English as “Acting [CFPB] Director” and to Mr. Mulvaney as “Director” of OMB.)

We previously reported that, in connection with assisting clients to prepare for CFPB exams, we had learned that the freeze was impacting the flow of information to CFPB examiners.  In fact, Senator Warren cites to our blog post in her letter.  Despite her strong support for harsher action against industry for its alleged failure to adequately protect PII, Senator Warren attacks Mr. Mulvaney for his efforts to protect PII, claiming that they have “undermined the agency’s work in both the short and long term.”

Senator Warren also claims that her staff has been told that CFPB enforcement lawyers “have been banned from reviewing electronic evidence they obtain in discovery.”   According to Senator Warren, such evidence “is reportedly not being loaded onto CFPB systems, preventing the enforcement team from completing investigations and bringing cases.”

Referencing reports that the freeze was prompted by shortcomings in the CFPB’s data security systems discussed in reports of the Office of Inspector General, Senator Warren claims that Mr. Mulvaney has “inappropriately used the reports as a prextext to halt and weaken critical agency functions.”  In her view, the IG reports “demonstrate that the agency’s cybersecurity policies are robust and any problems with them are not nearly serious enough to support the action Director Mulvaney has taken.”

Senator Warren concludes her letter with a list of questions to which she asks for responses by January 18.  She also asks for her staff to be briefed about the freeze no later than January 12.

 

A former CFPB examiner has written U.S. Attorney General Jeff Sessions claiming that CFPB officials falsified examination reports in connection with a CFPB examination of ACE Cash Express that led to the CFPB extracting $10 million of restitution and penalties from ACE.  At the time the CFPB forced ACE to enter into this consent order, even in the absence of any allegations of fraud on the part of the CFPB, we sharply criticized the CFPB for its treatment of ACE.

The July 2014 order between the CFPB and ACE, one of the country’s largest payday lenders, was based on supposed ACE collection problems.  It required ACE to pay $5 million in restitution and another $5 million in civil monetary penalties.

We observed at the time that the CFPB had extracted this relief without providing any context to its actions or explaining how it determined the monetary sanctions.  We found it particularly troubling that, despite the infrequency of collection misconduct observed by ACE’s independent expert, best practices followed by ACE, and the limited criticism of ACE policies, procedures and practices within the four corners of the consent order, former CFPB Director Cordray added insult to injury by accusing ACE of engaging in “predatory” and “appalling” tactics, effectively ascribing occasional misconduct by some collectors to ACE corporate policy.

Now, former CFPB examiner Cassandra Jackson raises serious questions as to the integrity of the exam report giving rise to the consent order.  Ms. Jackson states that she participated in the CFPB examination and was instructed by her superiors “to change, remove, and otherwise falsify documents connected with the examination.”  According to Ms. Jackson, the requests to falsify documents were made by the Examiner in Charge (EIC) of the ACE exam and “others in Management positions.”

Ms. Jackson states that:

  • She was specifically told (1) to cite ACE for a violation despite her verification that ACE was in compliance with the law; (2) to state that ACE had failed to provide exonerating documents; and (3) to remove such documents from case file folders.
  • When she refused, the EIC changed information in her report and signed off on the final report, which was reviewed and accepted by a CFPB Field Manager.
  • The CFPB used the falsified report to garner the consent order with ACE.
  • Her refusal to falsify information resulted in her being told that she was not performing at an acceptable level and was subject to disciplinary action.

Ms. Jackson urges Attorney General Sessions to initiate an investigation of this matter.  Of course, we cannot assess the validity of Ms. Jackson’s claims.  However, we can say that an investigation is in order.

 

Since Mick Mulvaney’s appointment by President Trump as CFPB Acting Director, there have been widespread media reports about Mr. Mulvaney’s plans to impose a freeze on the CFPB’s collection of personally identifiable information (PII), such as individual loan level data, until the CFPB improves its data security systems.  Mr. Mulvaney’s concerns about the CFPB’s data security systems were reportedly prompted in part by reports issued by the Office of Inspector General for the CFPB that found deficiencies in the CFPB’s data security practices.

Since the CFPB has not yet issued any information regarding the freeze’s implementation, its full scope and impact remain unclear.  However, in connection with assisting clients to prepare for CFPB exams, we have learned that the freeze is having a significant impact on the flow of information to CFPB examiners.  Moreover, it appears that because CFPB examiners may not yet have clear direction regarding how they should implement the freeze, they are taking different approaches.

Prior to the freeze, companies had been submitting information requested by CFPB examiners by uploading documents to the CFPB’s Extranet.  We understand the CFPB has temporarily halted use of the Extranet, however, apparently in response to Mr. Mulvaney’s concerns, and it appears that CFPB Supervision management is grappling with how to sufficiently address Mr. Mulvaney’s concerns so that scheduled examinations can proceed.  For example, examination teams have preliminarily described different approaches for how to establish workarounds, including providing all responses printed onto paper, to be shredded at the conclusion of the exam, or providing company computers for examiners to view company responses which may include PII.  The freeze and such workarounds will likely increase the burden for companies undergoing examinations but may also reduce the scope of what examiners will be able to review.

It also remains unclear how the freeze will impact other supervisory submissions, such as supporting documents submitted in connection with responses to Potential Action and Request for Response (PARR) letters.  We are working closely with clients to assist them with issues raised by the new “freeze”-related procedures.

Past and present Democratic Representatives and Senators filed an amicus brief in support of the motion for a temporary restraining order filed by Leandra English to block Mick Mulvaney from exercising the authority of CFPB Acting Director.  The court granted the lawmakers’ motion for leave to file the brief before its denial of Ms. English’s TRO motion.

Republican Attorneys General from eight states filed a motion seeking leave to file an amicus brief in support of President Trump and Mick Mulvaney, the named defendants in Ms. English’s lawsuit.  The eight states are Texas, West Virginia, Alabama, Arkansas, Georgia, Louisiana, Oklahoma, and South Carolina.  The motion included a copy of their proposed amicus brief as an exhibit.  Following its denial of Ms. English’s TRO motion, the court entered an order denying the AGs’ motion as moot but “without prejudice to re-filing for leave to file a brief with respect to the merits or any additional motions for injunctive relief.”

In their amicus brief, the Democratic lawmakers argue that the CFPA provision that states the Deputy Director “shall serve as Acting Director in the absence or unavailability of the Director” supplants the Federal Vacancies Reform Act (FVRA) and provides the sole means for temporarily filling a vacancy in the position of CFPB Director until Senate confirmation of a new Director.  They assert that such a reading of the CFPA provision is consistent with the CFPA’s structure and legislative history.

The Republican AGs, in their proposed amicus brief, argue that the CFPA cannot override the President’s appointment authority under the FVRA without raising separation of powers concerns under Article II of the U.S. Constitution.  They assert that, to avoid such constitutional issue, the court should hold that the President has the authority under the FVRA to appoint the CFPB Acting Director.  (In his oral ruling denying Ms. English’s TRO motion, Judge Kelly suggested constitutional separation of powers concerns might arise if the President was prevented from exercising his FVRA authority.)

 

While an official announcement has not yet appeared on the CFPB’s website, it has been widely reported that Kristen Donoghue will be appointed the CFPB’s new Assistant Director of Enforcement, effective November 17, 2017.  She will replace Anthony Alexis.

Ms. Donoghue has served as a CFPB enforcement attorney since the CFPB’s establishment in 2011, and most recently served as the CFPB’s Principal Deputy Enforcement Director.  Her appointment is not expected to result in any significant changes to the CFPB’s enforcement approach since she is reported to have been a significant contributor to the CFPB’s current enforcement policies and priorities.

In addition, she will report to the Associate Director for Supervision, Enforcement & Lending, a position that is currently held by Christopher D’Angelo.  Mr. D’Angelo has also been at the CFPB since 2011 and served as Director Cordray’s Chief of Staff before becoming Associate Director.

Ms. Donoghue spoke last year in Chicago at the Practicing Law Institute (PLI) Annual Consumer Financial Services Institute (which I co-chaired).  She was a member of  “The CFPB Speaks” panel (which I moderated).  We expect her to speak on the same panel at the 2018 Annual Institute at one or more locations.

 

The Office of Inspector General (OIG) for the CFPB and Fed has issued a report that found the CFPB can improve its practices related to examination workpaper documentation.  This report follows another OIG report issued last month that found the CFPB could improve the effectiveness of its Examiner Commissioning and On-the-Job Training Programs.

The report provides the results of an evaluation conducted by the OIG to assess the CFPB’s guidance and practices, including training and quality reviews, to promote effective and consistent examination workpaper documentation.  The OIG reviewed documentation in each of the CFPB’s four regions for compliance with the CFPB’s Supervision and Examination Manual and other policies applicable to examinations.

The OIG’s findings included the following:

  • The CFPB’s approach was to grant examination employees in each region open access to examination workpaper documentation and supporting material.  That approach resulted in certain employees having access to materials with confidential supervisory information and personally identifiable information when they did not appear to have a business need to know such information, thereby creating an opportunity for insider abuse.
  • A lack of information disposal guidelines limited the CFPB’s ability to protect sensitive information and a lack of a consistent process for limiting access rights limited the effectiveness of self-reporting of potential information security incidents.
  • Documentation of supervisory review of workpapers by the Examiner in Charge and Field Manager did not fully comply with Examination Manual standards.  As a result, the CFPB could not be assured that all workpapers that support findings and conclusions had been reviewed and approved, which could affect the credibility of examination results.
  • The CFPB did not have formal training for examiners on workpaper practices.
  • The CFPB had not established an ongoing quality control review process for examination workpapers to evaluate whether workpapers met the requirements in the Examination Manual.

The report includes the OIG’s recommendations for addressing its findings and the CFPB’s responses to the recommendations.

 

The Office of Inspector General (OIG) for the CFPB and Fed has issued a report on the results of its evaluation of the effectiveness of the CFPB’s Examiner Commissioning Program (ECP) and On-the-Job Training (OJT) Program.  In conducting the evaluation, the OIG assessed the design, implementation, and execution of the two programs. The OIG found that the effectiveness of both programs could be improved.

The CFPB implemented the ECP in October 2014 and, according to the report, has described the ECP as “critical” for its supervision program and the professional development of its examiners.  Although the OIG found that the CFPB had taken some steps to enhance the ECP, it identified several shortcomings.  The OIG found the following:

  • Due to management’s workforce needs and advancement incentives, some examiners appeared to proceed through certain components of the ECP before being fully prepared. In addition, certain controls established by the CFPB to manage examiners’ progression through the ECP might be ineffective.
  • Some examiners did not appear to receive adequate training and developmental opportunities or exposure to certain CFPB internal processes before proceeding to certain components of the ECP.
  • The CFPB did not have a formal method to evaluate and update the ECP.
  • The CFPB did not consistently communicate ECP requirements to prospective employees, including the starting point for the 5-year requirement for completing the ECP.

The CFPB’s OJT program is intended to be a standardized program that ensures examiners are trained uniformly across all regions.  In the program, an OJT trainer is expected to work with an examiner on an examination, provide mentoring, discuss the  CFPB’s Supervision and Examination Manual, and oversee the examiner’s completion of assigned modules. The OIG found that CFPB regions had not consistently implemented the OJT program and examiners may not have understood the requirements, expectations, and purpose of the OJT.

The report makes a series of recommendations for addressing the OIG’s findings and enhancing the effectiveness of the ECP and OJT program.  In the CFPB’s response to the OIG’s draft report, which is included with the report, the CFPB states that it agrees with the OIG’s recommendations and outlines its plans for implementing the recommendations.