According to media reports, President Trump is expected to name Mick Mulvaney, the current Director of the Office of Management and Budget, to serve as CFPB Acting Director upon Director Cordray’s resignation.  The President’s announcement may come as soon as today.

Assuming the media reports are accurate, they indicate that the White House has decided that David Silberman, the current CFPB Acting Deputy Director, does not automatically become Acting Director upon Director Corday’s resignation pursuant to the Dodd-Frank Act provision that provides that the Deputy Director shall “serve as acting Director in the absence or unavailability of the Director.”  In our view, because that provision does not cover the present situation (i.e., a vacancy created by the existing Director’s resignation and permanent departure from the agency), the Federal Vacancies Reform Act of 1998 permits President Trump to appoint as Acting Director either a senior employee of the CFPB or an officer of an agency who has already been approved by the Senate such as Mr. Mulvaney.

The CFPB, Fed, and OCC have published notices in the Federal Register announcing that they are increasing three exemption thresholds that are subject to annual inflation adjustments.  Effective January 1, 2018 through December 31, 2018, these exemption thresholds are increased as follows:

The U.S. Office of Special Counsel (OSC) has issued a letter stating that it “found no evidence that [Director Cordray had] engaged in any of the preliminary activities directed toward candidacy that would violate the Hatch Act.”

According to the OSC letter, which was written by the Deputy Chief of the OSC’s Hatch Act Unit, the OSC conducted an investigation after receiving complaints alleging that Director Cordray had violated the Hatch Act by engaging in preliminary activities in connection with a candidacy for Ohio governor.  The letter indicates that the Hatch Act, which prohibits certain federal employees from running for the nomination or as a candidate for election to a partisan political office, has been interpreted to prohibit “preliminary activities regarding candidacy.”  Such activities would include “any action that can reasonably be construed as evidence that the individual is seeking support for or undertaking an initial ‘campaign’ to secure nomination or election to office.”

The letter gives examples of preliminary activities that would violate the Hatch Act, such as “taking the action necessary under the law of a state to qualify for nomination for election or soliciting or receiving contributions or making expenditures.”

However, according to the letter, “merely discussing with family or close friends the possibility of running; fact-finding to learn what would be required to run; or making inquiries to understand the current political landscape” would not violate the Hatch Act.


On Friday November 3, 2017 the Consumer Financial Protection Bureau (CFPB) announced the launch of the Internet-based platform that financial institutions will use to submit data under the Home Mortgage Disclosure Act (HMDA).

Each user will need to register online for login credentials and establish an account in order to access the platform. Financial institutions can use the beta period to test login credentials, upload sample HMDA files, perform validation on their HMDA data, receive edit reports, confirm their test data submission, and conclude the test HMDA filing process.  There is no limit on the extent to which a financial institution may use the platform for testing purposes during the beta period.

All test accounts that are created during the beta period, and test data that is uploaded during the period, will be removed from the platform when the filing period for 2017 HMDA data opens in January 2018.

The CFPB encourages institutions to provide feedback on their experiences using the platform by sending comments to

In May 2017, we blogged about press reports that the Government Accountability Office (GAO) had accepted a request from Senator Patrick Toomey for a determination concerning whether the CFPB Bulletin 2013-02, titled “Indirect Auto Finance and Compliance with the Equal Credit Opportunity Act,” is a “rule” within the scope of the Congressional Review Act (CRA).  Our blog post also noted reports that the GAO had accepted a similar request from Senator Toomey regarding the interagency leveraged lending guidance (Interagency Guidance) issued jointly by the OCC, the Fed, and the FDIC on March 22, 2013.  (While we did not have a copy of Senator Toomey’s request regarding the CFPB Bulletin when we blogged, we have since obtained a copy.  Both of Senator Toomey’s requests to the GAO were dated March 31, 2017.)

Last week, the GAO issued a response to Senator Toomey’s request regarding the Interagency Guidance.  The GAO concluded that the Interagency Guidance “is a general statement of policy and is a rule under the CLA.”  Under the CRA, an agency must submit a final rule to the GAO and Congress “before a rule can take effect.”  Once this notification requirement has been satisfied, there is a limited period of time during which a joint resolution of disapproval can be introduced and acted upon.  If a joint resolution of disapproval is passed by both houses of Congress, it is sent to the President for executive action.  Most significantly, the CRA establishes a fast-track process under which a joint resolution of disapproval cannot be filibustered in the Senate and can be passed by the Senate by a simple majority vote.

In analyzing the Interagency Guidance, the GAO applied the Administrative Procedure Act’s definition of “rule” which the CRA generally adopts.  The CRA provides that a rule is “the whole or a part of an agency statement of general or particular applicability and future effect designed to implement, interpret, or prescribe law or policy or describing the organization, procedure, or practice requirements of an agency.”  Three types of rules are excluded from the scope of the CRA: (1) rules of particular applicability; (2) rules relating to agency management or personnel; and (3) rules of agency organization, procedure or practice that do not substantially affect the rights or obligations of non-agency parties.

According to the GAO, the gist of the banking agencies’ argument was that their Interagency Guidance was merely a statement of policy rather than a rule subject to the CRA.  The GAO agreed with the agencies’ characterization of their guidance document as a statement of policy that:

[p]rovides information on the manner in which the Agencies will exercise their authority regarding leveraged lending activities, does not establish a ‘binding norm,’ and does not determine the outcome of any Agency examination of a financial institution.  Rather, the Guidance expresses the regulators’ expectations regarding the sound risk management of leveraged lending activities.

The GAO nevertheless framed the issue presented as “whether this general statement of policy is a rule under the CRA.”

In concluding that the Interagency Guidance is a rule subject to the CRA, the GAO relied on its prior decisions finding general statements of policy to be rules subject to congressional review.  In doing so, the GAO pointed to floor statements made by the principal sponsor during final congressional consideration of the bill that became the CRA as well as the analyses of legal commentators.  Among other things, the principal sponsor had stated that the types of documents covered by the CRA include “statements of general policy, interpretations of general applicability, and administrative staff manuals and instructions to staff that affect a member of the public.”  The GAO specifically rejected the argument that an agency action cannot be a rule under the CRA unless it establishes legally binding standards that are certain and final and it substantially affects the rights or obligations of third parties.

The CFPB Bulletin setting forth its indirect auto finance guidance was issued on March 21, 2013.  Its stated purpose was to “provide[ ] guidance about compliance with the fair lending requirements of the Equal Credit Opportunity Act (ECOA) and its implementing regulation, Regulation B, for indirect auto lenders that permit dealers to increase consumer interest rates and that compensate dealers with a share of the increased interest revenues.”  There are very compelling arguments that the CFPB guidance falls squarely within the CRA definition of a “rule” because it is an agency statement of future effect that is designed to implement, interpret or prescribe law or policy, and it is not one of the types of rules that is expressly excluded from the scope of the CRA.  Additionally, the GAO determination regarding the Interagency Guidance suggests that it would similarly reject any CFPB assertion that the indirect auto finance guidance is not a “rule” because it is a non-binding statement of policy that merely provides information on the manner in which the CFPB will exercise its enforcement and supervisory authority with respect to the subject addressed.

A GAO finding that the CFPB guidance is a “rule” under the CRA could have several potential consequences.  Because the CRA requires an agency to submit a final rule to the GAO and Congress “before [it] can take effect,” the guidance arguably would be ineffective because it presumably was not reported to the GAO and Congress in the manner required by the CRA.

Additionally, any member of Congress might respond to a GAO determination that the CFPB guidance is a “rule” by introducing a joint resolution of disapproval.  According to a Congressional Research Service report, in prior instances where the GAO determined that an agency action satisfied the CRA definition of a “rule” and joint resolutions of disapproval were subsequently introduced, “the Senate has considered the publication in the Congressional Record of the official GAO opinions . . . as the trigger date for the initiation period to submit a disapproval resolution and for the action period during which such a resolution qualifies for expedited consideration in the Senate.”

Finally, a GAO determination that the CFPB guidance is a “rule” could open the door to GAO determination requests and CRA challenges to other CFPB guidance documents that might likewise satisfy the CRA definition of a rule.  As our readers are well aware, CFPB compliance bulletins announcing regulatory expectations have been issued on a wide range of regulatory compliance topics including debt collection, credit reporting, and credit card add-on products.


The CFPB has released a set of “Consumer Protection Principles” for participants “in the developing market for services based on the consumer-authorized use of financial data.”  According to the CFPB, the principles “do not themselves establish binding requirements or obligations relevant to the Bureau’s exercise of its rulemaking, supervisory, or enforcement authority” and “are not intended as a statement of the Bureau’s future enforcement or supervisory priorities.”  Rather, the CFPB describes the principles as “express[ing] the Bureau’s vision for realizing a robust, safe, and workable data aggregation market that gives consumers protection, usefulness, and value” and are intended “to help safeguard consumer interests as the consumer-authorized aggregation services market develops.”

In November 2016, the CFPB issued a request for information about market practices related to consumer access to financial information.  The RFI contained a series of questions about current market practice related to “consumer-permissioned access,” a term used by the CFPB to refer to consumer access to consumer financial account and account-related information, whether directly or through a third-party acting with the consumer’s permission.  According to the CFPB, the principles were informed by the 72 comments it received in response to the RFI as well as other stakeholder feedback.  In addition to the principles, the CFPB also released a separate document containing a discussion of “insights gained from that feedback.”

The principles address the following nine topics:

  • Access. Consumers should be “able, upon request, to obtain information about their ownership or use of a financial product or service from their product or service provider” and to be “generally able to authorize trusted third parties to obtain such information from account providers to use on behalf of consumers, for consumer benefit, and in a safe manner.”
  • Data Scope and Usability. The financial data subject to consumer and consumer-authorized access should include “any transaction, series of transactions, or other aspect of consumer usage; the terms of any account, such as a fee schedule; realized consumer costs, such as fees or interest paid; and realized consumer benefits, such as interest earned or rewards.”
  • Control and Informed Consent. The authorized terms of access, storage, use, and disposal should be “fully and effectively disclosed to the consumer, understood by the consumer, not overly broad, and consistent with the consumer’s reasonable expectations in light of the product(s) or service(s) selected by the consumer” and for consumers to be able to “readily and simply revoke authorizations to access, use, or store data.”
  • Authorizing Payments. Providers that access information and initiate payments should be able to reasonably require consumers to provide separate and distinct authorizations for these activities.
  • Security. “All parties that access, store, transmit, or dispose of data use strong protections and effective processes to mitigate the risks of, detect, [should] promptly respond to, and resolve and remedy data breaches, transmission errors, unauthorized access, and fraud, and transmit data only to third parties that also have such protections and processes.”
  • Access Transparency. Consumers should be informed of or able to readily ascertain the “identity and security of each [third party the consumer has authorized to access or use the consumer’s account information], the data they access, their use of such data, and the frequency at which they access the data is reasonably ascertainable to the consumer throughout the period that the data are accessed, used, or stored.”
  • Accuracy. Consumers should have “reasonable means to dispute and resolve data inaccuracies, regardless of how or where inaccuracies arise.”
  • Ability to Dispute and Resolve Unauthorized Access. Consumers should have “reasonable and practical means to dispute and resolve instances of unauthorized access and data sharing, unauthorized payments conducted in connection with or as a result of either authorized or unauthorized data sharing access, and failures to comply with other obligations, including the terms of consumer authorizations.”  Consumers should not be “required to identify the party or parties who gained or enabled unauthorized access to receive appropriate remediation.”
  • Efficient and Effective Accountability Mechanisms. Commercial participants should be “accountable for the risks, harms, and costs they introduce to consumers” and “likewise incentivized and empowered effectively to prevent, detect, and resolve unauthorized access and data sharing, unauthorized payments conducted in connection with or as a result of either authorized or unauthorized data sharing access, data inaccuracies, insecurity of data, and failures to comply with other obligations, including the terms of consumer authorizations.”

The CFPB’s discussion of the RFI comments and other feedback it received includes a description of the varying views expressed by stakeholders regarding the CFPB’s role in the aggregation services market.  In the RFI, the CFPB cited to Section 1033 of the Dodd-Frank Act when describing the regulatory framework applicable to consumer-permissioned access to account information.  Section 1033 requires that “[s]ubject to rules prescribed by the Bureau, a covered person shall make available to a consumer, upon request, information in the control or possession of such person concerning the consumer financial product or service that the consumer obtained from such covered person, including information related to any transaction, or series of transactions, to the account including costs, charges, and usage data.”

The CFPB states that a number of stakeholders, primarily account data holders, questioned Section 1033’s applicability to consumer-authorized data access, as opposed to consumer’s direct access, and encouraged the CFPB not to engage in Section 1033 rulemaking.  The American Bankers Association, which submitted a comment letter in response to the RFI, was among the stakeholders expressing those views.  Rather than using Section 1033, the ABA suggested that the CFPB should use other existing regulatory authority to address any regulatory gaps, such as by clarifying that data aggregators providing electronic fund transfer services are “service providers” under the EFTA and are liable for unauthorized electronic fund transfers.  The CFPB noted that, because there was disagreement among stakeholders as to “how the relevant EFTA and Regulation E provisions apply to consumers when they are using aggregation services,” it had been urged to provide clarification.

The ABA had also commented that the CFPB should subject data aggregators to CFPB supervision by adopting a rule to define “larger participants in the market for consumer financial data.”  In its discussion, the CFPB states that, in addition to account data holders, consumer advocates urged the CFPB to take steps to expand its supervisory authority to include aggregators and account data users.

The CFPB expressed a desire to continue its engagement with stakeholders to help it determine the best approach for ensuring appropriate consumer protections for users of aggregation services.  Market participants and other stakeholders that want to engage with the CFPB on these issues may do so by sending an email to

The CFPB has published a notice in the Federal Register announcing that a meeting of its Consumer Advisory Board will be held in Tampa, Florida on November 2, 2017.

The notice states that the Board will discuss “Know Before You Owe: Reverse Mortgages, financial well-being, trends and themes, and payday, vehicle title, and certain high-cost installment loans.”  Presumably, the loan discussion will focus on the CFPB’s final payday loan rule.

We note that the announcement of the event posted on the CFPB’s website indicates that Director Cordray will participate in the meeting.

As we’ve mentioned, the finance industry recently filed suit to overturn the CFPB’s arbitration rule in the U.S. Federal District Court for the Northern District of Texas. Shortly after the case was filed, it was assigned to Judge Sidney A. Fitzwater.

Judge Fitzwater was appointed to the bench in 1986 by President Ronald Reagan. He had previously served as a state district judge, and was only 32 years old when he was appointed to the federal bench. According to the Almanac of the Federal Judiciary, before his appointment, he served on the Executive Committee for the Dallas County Republican Party, on the Executive Committee of the Texas Federation of Young Republicans, and as the Director of the Dallas County Republican Men’s Club.

By all accounts, Judge Fitzwater is a sharp, detail-oriented, and fair-minded judge. According to the Almanac, he’s referred to by attorneys who practice before him as “the smartest guy on the bench.” Practitioners quoted in the Almanac also say that he “listens to everything,” and that he is “perfectly prepared” for all of his hearings. They also say that “He follows the law. He will not substitute his own opinions. You are getting the law as he understands it. He is careful not to inject his personal view into the case.” He has received the Dallas Bar Association’s highest overall poll evaluation for federal judges on several occasions, including in 2017.

We have not been shy about criticizing the CFPB’s arbitration rule or the CFPB’s specious justification for it. If the reports on him are accurate, it appears that Judge Fitzwater will carefully analyze the issues and reach a thoughtful, independent decision.

On September 20, 2017, the Federal Reserve’s Office of Inspector General (“OIG”) issued a report on the CFPB’s process for issuing Civil Investigative Demands (“CID”). The OIG found that the CFPB “generally complied” with requirements for issuing CIDs, with two exceptions. First, the CFPB failed to use notifications of purpose that adequately informed recipients about the nature of the investigation. Second, the CFPB failed to keep complete organized records of challenges to CIDs.

First, the OIG found that the CFPB’s internal policy manual encouraged investigators to “describe the nature of the conduct and the potentially applicable law in very broad terms.” Investigators apparently told the OIG that the notifications of purpose must be “necessarily broad.” This, they said, is to allow the investigation to “develop over time.” The OIG found that such notifications of purpose might “increase the risk that the language in the CID’s [] notification of purpose does not comply with [] case law.” Such notifications “may [also] limit the recipient’s ability to understand the basis for requests and thereby heighten the risk that the CID may face a legal challenge. . . .” These findings are not new. As we mentioned earlier this year, the D.C. Circuit recently affirmed a lower court’s determination that a CID was invalid because the notification of purpose was impermissibly vague. The OIG noted that the CFPB took steps to correct this deficiency. It found that those steps effectively cured the problem.

Second, the OIG found that the CFPB could do a better job at records management. It found that the CFPB maintained only decentralized records of CID challenges and lacked a centralized record-keeping system. In reaching this conclusion, the OIG noted that “The lack of a centralized record of all petitions and supporting documents may have contributed to the Office of the Executive Secretariat’s delay in responding to our request for the number of petitions filed to date.” The decentralized record-keeping issue is relevant to the public and the industry because the CFPB posts CID challenges on its website. The OIG noted that the CFPB took steps to centralize its record-keeping. It indicated, however, that further follow-up was needed to verify that the new system addressed the issue.

With many observers expressing surprise that Director Cordray has not yet announced that he plans to run for Ohio Governor as the Democratic candidate, there has been curiosity as to Ohio’s filing deadline for candidates.

According to the 2018 Ohio Candidate Requirement Guide issued by the Ohio Secretary of State party candidates for Governor are subject to a filing deadline of 4 p.m. on February 7, 2018 (90 days before the primary election).

If Director Cordray does intend to run for Governor, it is highly unlikely that he would wait until the filing deadline to announce his candidacy.  The Hatch Act provides that a federal employee in the executive branch, other than the President and Vice President, may not “run for the nomination or as a candidate for election to a partisan political office.”  Once Director Cordray formally announces his candidacy (if not sooner), he would be a “candidate for election” and prohibited by the Hatch Act from continuing as Director.