WSJ logo
Forbes logo
Fox News logo
CNN logo
Bloomberg logo
Los Angeles Times logo
Washington Post logo
The Epoch Times logo
Telemundo logo
New York Times
NY Post logo
NBC logo
Daily Beast logo
USA Today logo
Miami Herald logo
CNBC logo
Dallas News logo

CFPB Audit Defense

Experienced Federal Defense Counsel for Institutions Facing Consumer Financial Protection Bureau (CFPB) Audits

John W. Sellers
Attorney John W. Sellers
CFPB Audit Team Lead
Former DOJ Trial Attorney
envelope iconContact John

The U.S. Consumer Financial Protection Bureau (CFPB) audits banks, credit unions, and other lenders and businesses on a routine basis. These audits (or examinations) address numerous areas of compliance, and they can present substantial risks for entities that are not prepared.

At Oberheiden P.C., our defense attorneys and compliance consultants rely on their experience to guide our clients through the CFPB audit process. We provide comprehensive CFPB audit defense services, from conducting internal compliance assessments and audit preparations to interfacing with the CFPB on our client’s behalf.

Understanding the Risks of Ineffective CFPB Audit Defense

For banks and other entities targeted in CFPB audits, it is imperative to understand the risks involved. The CFPB is responsible for protecting consumers in the financial marketplace, and it does so “by enforcing federal consumer financial laws and holding financial service providers accountable for their actions.” As the CFPB bluntly states, “When a bank, company, individual, or other entity breaks the law, we may take enforcement action against them.”

CFPB enforcement actions can be either administrative or civil in nature. In administrative enforcement proceedings, the CFPB takes action directly—typically by imposing substantial fines. In civil enforcement proceedings, the CFPB can seek various remedies in the federal courts—including fines, restitution, injunctive relief, and bans from the marketplace.

5 Critical Areas of Compliance and CFPB Audit Defense

The CFPB groups banks’ and other entities’ compliance obligations into five key areas. A CFPB audit can focus on compliance in one or more of these areas, and targeted entities must be prepared to present a comprehensive and strategic defense. At Oberheiden P.C., our defense attorneys and compliance consultants provide representation and advice for CFPC audits targeting all five key areas:

1. Mortgages

Mortgage lending is among the largest and most heavily regulated areas of the consumer finance market. Mortgage lenders are subject to extensive statutory and regulatory requirements; and, during CFPB audits, they must be prepared to demonstrate effective efforts to establish and maintain compliance in all aspects of their lending operations. This includes (but is by no means limited to) establishing and maintaining compliance regarding:

  • Ability to repay and qualified mortgages (ATR/QM)
  • Consumer privacy and data security compliance
  • Credit reporting and disclosure compliance
  • Equal credit opportunity compliance
  • High-cost mortgages and escrow compliance
  • Home mortgage disclosure reporting
  • Loan origination practices
  • Mortgage appraisals and other written valuations
  • Mortgage licensing enforcement
  • Mortgage servicing compliance

2. Consumer Cards

Along with mortgage lending, consumer credit—and the issuance of consumer credit cards and prepaid cards in particular—is another top enforcement priority for the CFPB. When conducting audits (or examinations), the CFPB closely scrutinizes card issuers’ practices and procedures under a host of federal statutes and regulations. While credit reporting, equal credit opportunity, and privacy are fundamental to CFPB compliance for consumer card issuers, these just scratch the surface of the issues that can lead to enforcement activity following CFPB audits.

3. Consumer Lending

In the area of consumer lending, the CFPB audits banks, credit unions, and other financial institutions and businesses regarding their issuance of audit loans, student loans, and payday loans. Each of these types of consumer loans is subject to its own stringent set of rules and requirements, and lenders must be able to affirmatively demonstrate an adequate understanding of all pertinent sources of statutory and legal authority. The CFPB has adopted separate examination procedures for each type of consumer loan (auto, student, and payday), and having a thorough understanding of the relevant procedures is crucial for successful CFPB audit defense as well.

4. Deposit Accounts and Services

Banks and other financial institutions that provide consumer services must comply with laws and regulations that govern nearly all aspects of the customer relationship. This includes general compliance obligations such as those pertaining to disclosures and privacy, as well as industry-specific obligations regarding matters such as overdrafts, remittances, and electronic fund transfers. Here too, institutions that are facing CFPB audits must be prepared to affirmatively demonstrate not only how their compliance programs are supposed to work, but how their compliance programs are working to ensure that their customers’ interests are being adequately protected.

5. Other Applicable Requirements

Along with these four specific areas of consumer finance, the CFPB also audits institutions and businesses for compliance with a broad range of other applicable requirements. As identified by the CFPB, these include:

  • Privacy notices (GLBA)
  • Providing equal credit opportunities (ECOA)
  • Credit reporting requirements (FCRA)
  • Debt collection requirements (FDCPA)
  • LIBOR index transition compliance
  • Annual Percentage Rate Tables for Closed-End Transactions (Regulation Z)

When facing a CFPB audit, it is imperative to have a clear understanding of the audit’s focus and scope. As discussed in greater detail below, these audits can potentially implicate dozens of federal statutes and a laundry list of accompanying rules and regulations. To present a successful defense, an institution or business needs to know which specific issues are on the table. At Oberheiden P.C., our CFPB defense lawyers and compliance consultants have the insights our clients need, and we are able to communicate effectively with the CFPB on behalf of our clients to ensure that our clients know what they must do to resolve their audits favorably.

Put our highly experienced team on your side

Dr. Nick Oberheiden
Dr. Nick Oberheiden



Lynette S. Byrd
Lynette S. Byrd

Former DOJ Trial Attorney


Brian J. Kuester
Brian J. Kuester

Former U.S. Attorney

Amanda Marshall
Amanda Marshall

Former U.S. Attorney

Local Counsel

Joe Brown
Joe Brown

Former U.S. Attorney

Local Counsel

John W. Sellers
John W. Sellers

Former Senior DOJ Trial Attorney

Linda Julin McNamara
Linda Julin McNamara

Federal Appeals Attorney

Aaron L. Wiley
Aaron L. Wiley

Former DOJ attorney

Local Counsel

Roger Bach
Roger Bach

Former Special Agent (DOJ)

Chris Quick
Chris J. Quick

Former Special Agent (FBI & IRS-CI)

Michael S. Koslow
Michael S. Koslow

Former Supervisory Special Agent (DOD-OIG)

Ray Yuen
Ray Yuen

Former Supervisory Special Agent (FBI)

Federal Statutes and Regulations Implicated in CFPB Audits

The CFPB enforces financial institutions’ and businesses’ obligations to comply with an extraordinarily broad range of statutes, rules, and regulations. In the consumer finance sector, virtually all aspects of lenders’ and servicers’ operations are subject to CFPB oversight, and this means that virtually all aspects of their operations can come under scrutiny during CFPB audits.

For example, when facing CFPB audits, targeted entities must be prepared to affirmatively demonstrate compliance with the following statutes and their enabling regulations:

  • Consumer Leasing Act (CLA)
  • Electronic Funds Transfer Act (EFTA)
  • Equal Credit Opportunity Act (ECOA)
  • Fair Credit Reporting Act (CFRA)
  • Fair Debt Collection Practices Act (FDCPA)
  • Home Mortgage Disclosure Act (HMDA)
  • Homeowners Protection Act (HPA or PMI Cancellation Act)
  • Gramm-Leach-Bliley Act (GLBA)
  • Real Estate Settlement Procedures Act (RESPA)
  • Secure and Fair Enforcement for Mortgage Licensing (SAFE) Act
  • Truth in Lending Act (TILA)
  • Truth in Savings Act (TISA)
  • Unfair, Deceptive or Abusive Acts or Practices (UDAAPs)

This list is by no means exhaustive. Federal regulators across the board expect regulated entities to comprehensively identify, understand, and adhere to their statutory and regulatory obligations. This is perhaps nowhere more true than in the consumer finance sector. If a financial institution or business cannot show its good-faith efforts to meet a specific statutory or regulatory requirement during a CFPB audit, the CFPB will treat this as evidence of non-compliance, and it will create exposure to administrative or civil enforcement. While not all compliance failures lead to enforcement action following CFPB audits, it takes a strategic and effective defense to avoid unnecessary penalties.

FAQs: Successfully Defending Against a CFPB Audit (or Examination)

How Does the CFPB Select Financial Institutions and Businesses to Audit?


CFPB audits can have various triggers. In addition to initiating audits on its own accord, the CFPB also relies heavily on receiving information from whistleblowers and other federal regulatory authorities. As a result, when facing CFPB audits, targeted institutions and businesses will often be at risk for facing other forms of enforcement action and civil litigation as well.

Can Financial Institutions and Businesses Handle CFPB Audit Defense In-House?


Due to the breadth of potential issues and the potential ramifications of failing to assert a successful defense, financial institutions and businesses should not try to handle CFPB audit defense in-house. Instead, they should engage experienced outside counsel to guide them through the process and interface with the CFPB on their behalf.

Should I Conduct a Mock CFPB Audit?


Conducting a mock CFPB audit can be a highly effective way to prepare for the real thing. In addition to providing CFPB audit defense services, our lawyers and consultants also assist clients with conducting mock audits and internal reviews.

Can a CFPB Audit Lead to an Investigation or Enforcement Action?


If the CFPB’s auditors find evidence of statutory or regulatory violations, this could trigger a formal investigation. This investigation, in turn, could lead to administrative or civil enforcement proceedings. As a result, financial institutions and businesses cannot afford to take CFPB audits lightly.

How Can Financial Institutions and Businesses Defend Against CFPB Audits Successfully?


Successfully defending against a CFPB audit requires a comprehensive and forward-thinking approach. Audit targets must work closely with their outside counsel to formulate a strategic defense plan, and they must execute this plan while remaining prepared to adapt to any contingencies that may arise.

Speak with a Senior CFPB Audit Defense Lawyer or Consultant at Oberheiden P.C.

If your financial institution or business is in need of experienced defense counsel for a CFPB audit, we encourage you to contact us for more information. To speak with a senior CFPB audit defense lawyer or consultant at Oberheiden P.C. in confidence, please call 888-680-1745 or request a complimentary consultation online today.

WordPress Lightbox