CFPB Investigation, Compliance & Audit Defense
The Consumer Financial Protection Bureau (CFPB) has broad oversight and enforcement authority over the consumer finance sector. Beyond retail mortgage lending, this extends to all types of financial transactions. The CFPB also vigorously enforces companies’ federal consumer data protection obligations.
Established in 2010 to oversee the consumer financial services industry, the Consumer Financial Protection Bureau’s (CFPB) scope of authority has expanded significantly over the past decade. While the CFPB’s original mandate was to enforce corporations’ responsibilities under the Dodd-Frank Act in the wake of the 2008 financial crisis, today, the CFPB enforces a host of federal laws and regulations governing virtually all aspects of consumer finance transactions.
This means that, in today’s world, many different types of companies fall within the CFPB’s enforcement jurisdiction. Increasingly, entities ranging from healthcare providers to product retailers are being targeted with civil investigative demands (CIDs) and facing the potential for substantial liability due to alleged Dodd-Frank Act, Truth in Lending Act, and other statutory violations. In order to avoid liability in the event of an investigation, all companies falling within the CFPB’s enforcement jurisdiction must devote adequate resources and attention to consumer finance compliance.
Industries and Transactions Subject to CFPB Compliance
Is your business or practice subject to CFPB compliance? Currently, the CFPB is focusing its supervision and examination efforts on the following industries, transactions, and consumer finance practices:
- Automobile Finance
- Consumer Reporting
- Credit Card Account Management
- Debt Collection
- Education Loans
- Mortgage Origination and Servicing
- Prepaid Accounts
- Remittance Transfers
- Short-Term, Small-Dollar Lending
When reviewing this list, it is important to keep in mind that the CFPB’s oversight is not limited to entities operating specifically within the consumer finance industry. For example, with regard to debt collection, prepaid accounts, and remittance transfers, virtually all types of service providers – from healthcare providers to real estate agencies – are potentially subject to supervision and examination by the CFPB.
Developing and Maintaining a Sound Compliance Management System (CMS)
If your business or practice is subject to CFPB compliance, then what does it take to be compliant? The CFPB refers to consumer finance compliance programs as compliance management systems (CMS). In its Examination Procedures for Compliance Management Reviews, the CFPB states:
“To maintain legal compliance, an institution must develop and maintain a sound compliance management system (CMS) that is integrated into the overall framework for product design, delivery, and administration across their entire product and service lifecycle. Ultimately, compliance should be part of the day-to-day responsibilities of management and the employees of a supervised entity; issues should be self-identified; and corrective action should be initiated by the entity.”
The CFPB’s procedures manual goes on to state that companies must “manage” relationships with third-party service providers to ensure their compliance with all applicable federal laws and regulations (in other words, delegating responsibility for certain matters, such as data security, does not insulate companies from liability). It then lists five specific aspects of compliance that will be examined during examinations of companies’ compliance management systems, and it states that an effective CMS should consist of “two interdependent control components.” The five core aspects of CFPB compliance are:
- Identifying the company’s compliance obligations;
- Effectively communicating the company’s compliance obligations to its employees;
- Enduring that responsibility for meeting the company’s compliance obligations and adhering to its policies and procedures is adequately “incorporated into business processes;”
- Reviewing operations to ensure compliance on a consistent and ongoing basis; and,
- Taking corrective action as necessary.
The two interdependent control components of an effective CMS are:
- Board and management oversight; and,
- A compliance program that consists of policies and procedures, employee training, monitoring and/or auditing, and consumer complaint response.
According to the CFPB, “[w]hen the two interdependent control components are strong and well-coordinated, an institution should be successful at managing its compliance responsibilities and risks.”
Federal Statutes Within the CFPB’s Enforcement Jurisdiction
In order to develop an effective compliance program and adopt an overall CMS that is capable of withstanding CFPB scrutiny, companies must have a comprehensive understanding of their statutory and regulatory obligations. As mentioned above, the CFPB’s enforcement jurisdiction now extends far beyond the consumer fraud and abuse provisions of the Dodd-Frank Act. When assessing their consumer finance compliance obligations, businesses and practices must also assess whether their financial transaction and electronic recordkeeping practices have compliance implications under statutes including:
- Consumer Leasing Act (CLA)
- Electronic Fund Transfer Act (EFTA)
- Equal Credit Opportunity Act (ECOA)
- Fair Credit Reporting Act (FCRA)
- Fair Debt Collection Practices Act (FDCPA)
- Home Mortgage Disclosure Act (HMDA)
- Homeowners Protection Act (HPA)
- Gramm-Leach-Bliley Act (GLBA)
- Real Estate Settlement Procedures Act (RESPA)
- Secure and Fair Enforcement for Mortgage Licensing (SAFE) Act
- Truth in Lending Act (TILA)
- Truth in Savings Act (TISA)
- Unfair, Deceptive or Abusive Acts or Practices (UDAAP) regulations
Utilizing CFPB Bring-to-Market Programs
In September 2019, the CFPB announced the adoption of three new policies designed to “promote innovation and facilitate compliance” with respect to bringing new consumer finance products and services to market. Importantly, each of these polices – the No-Action Letter (NAL) Policy, Trial Disclosure Program (TDP) Policy, and Compliance Assistance Sandbox (CAS) Policy – requires proactive efforts in order to secure protection from CFPB enforcement. When utilized appropriately, however, these policies can insulate entities from liability for statutory and regulatory violations if it turns out that a proposed product, service, or market strategy is not fully compliant. As explained by the CFPB:
- No-Action Letter (NAL) Policy – “NALs provide increased regulatory certainty through a statement that the Bureau will not bring a supervisory or enforcement action against a company for providing a product or service under certain facts and circumstances. The new NAL Policy improves on the Bureau’s 2016 NAL Policy by having, among other things, a more streamlined review process focusing on the consumer benefits and risks of the product or service in question.”
- Trial Disclosure Program (TDP) Policy – “Under the new TDP Policy, entities seeking to improve consumer disclosures may conduct in-market testing of alternative disclosures for a limited time upon permission by the [CFPB].”
- Compliance Assistance Sandbox (CAS) Policy – “The CAS Policy enables testing of a financial product or service where there is regulatory uncertainty. After the [CFPB] evaluates the product or service for compliance with relevant law, an approved applicant that complies in good faith with the terms of the approval will have a ‘safe harbor’ from liability for specified conduct during the testing period. Approvals under the CAS Policy will provide protection from liability under the Truth in Lending Act, the Electronic Fund Transfer Act, or the Equal Credit Opportunity Act.”
Comprehensive Legal Representation for All CFPB Investigations & Audits
At Oberheiden, P.C., our federal compliance attorneys represent corporations, professional practices, and other business entities with respect to all aspects of consumer finance compliance. From developing compliance programs and implementing effective compliance management systems to seeking protection for a specific initiative under the CFPB’s new NAL, TDP, or CAS policy, our attorneys can help you avoid unwanted scrutiny from the CFPB. With extensive experience in compliance and in CFPB CID response, we are able to offer strategic and proactive representation based on deep insights and an intimate understanding of federal law enforcement policies, procedures, and priorities.
As compliance counsel, we work closely with our clients’ executives, managers, in-house counsel, and other key stakeholders to identify their needs and develop comprehensive and custom-tailored compliance programs. We also work with the CFPB on behalf of our clients when necessary, and our attorneys have significant experience dealing with other federal authorities with regard compliance and enforcement as well. Regardless of the scope of your company’s needs, and regardless of the current status of your company’s consumer compliance efforts, we can ensure that your company is on track to avoid substantial penalties in the event of a whistleblower compliant or CFPB-initiated enforcement proceeding.
As consumer finance compliance counsel, the services we offer our clients also include:
- Identification of compliance obligations within the realms of consumer finance, data privacy, and general corporate compliance;
- Identification of other industry-specific compliance obligations;
- Development and implementation of comprehensive compliance policies and procedures, including compliance program dissemination and training;
- Internal compliance monitoring, auditing, and event response;
- Employee discipline and related matters related to compliance violations;
- Requests for NALs, safe-harbor protection, and other CFPB policy protections;
- Guidance regarding proposed products, services, and market initiatives with potential consumer finance compliance implications; and,
- Ongoing advice and representation regarding CFPB compliance, including advice regarding changes in CFPB policies and procedures, and federal consumer finance regulations.
If you have questions about your business’s or practice’s consumer finance compliance needs, we encourage you to get in touch. Contact us today to schedule a complimentary needs assessment with one of our highly-experienced federal compliance attorneys.
Speak with a CFPB Investigation Defense Lawyer at Oberheiden, P.C.
To schedule a complimentary needs assessment with a federal compliance attorney at Oberheiden, P.C., please call 888-680-1745 or contact us online. We are available 24/7, and we serve clients nationwide. Do not let compliance oversights put your business or practice at risk – let us use our experience to ensure that you are not at risk in the event of a CFPB investigation.