Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On October 1, the CFPB announced a coordinated enforcement action taken by federal regulators against a major credit card company and several of its subsidiaries alleged to have violated multiple consumer financial protection laws. According to the CFPB, the investigations conducted by it and other federal regulators and a state regulator revealed that the companies (i) charged illegal late fees, (ii) discriminated on the basis of age in the offering of credit, (iii) engaged in deceptive marketing, and (iv) failed to properly report consumer credit disputes. To resolve the allegations, the companies agreed to enter into several different consent orders. Two orders obtained by the CFPB and a joint CFPB/FDIC order require three of the subsidiaries collectively to refund approximately $85 million to approximately 250,000 customers and pay a cumulative $18 million in civil money penalties. Likewise, the OCC issued a consent order that includes an additional $500,000 penalty, and provides for restitution that overlaps with the broader restitution ordered by the CFPB. Finally, an order obtained by the Federal Reserve Board, requires the company, and certain of its subsidiaries, to pay an additional $9 million penalty. Furthermore, pursuant to the various orders, the companies agreed to undergo an independent audit and implement enhanced compliance systems to address the alleged illegal practices. This is the third public CFPB-led enforcement action aimed at credit card companies, and the first to go beyond allegations regarding ancillary products and resolve alleged violations of the CARD Act, the Fair Credit Reporting Act, and the Equal Credit Opportunity Act.
On October 2, the Residential Mortgage-Backed Securities (RMBS) Working Group announced its first legal action. The civil complaint, filed against a major bank by New York Attorney General Eric Schneiderman on behalf of the people of that state, alleges that an underwriter acquired by the bank made fraudulent misrepresentations and omissions in the sale of RMBS to investors. The suit claims that losses resulting from the allegedly fraudulent sales total approximately $22.5 billion to date, but the complaint does not specify the damages sought. In announcing the suit, Attorney General Schneiderman, as well as Acting U.S. Associate Attorney General Tony West and other federal Working Group members, described the coordinated efforts that culminated in this filing. Specifically, Working Group members stressed the assistance provided by the SEC and the FHFA. Indeed, the allegations in the New York Attorney General’s complaint are similar to allegations previously made by the FHFA on behalf of Fannie Mae and Freddie Mac against numerous financial institutions. The allegations also parallel those made by private plaintiffs. On behalf of the RMBS Working Group, which was first announced by President Obama during his 2012 State of the Union address, Mr. Schneiderman has promised more civil, and potentially criminal, enforcement activity against other financial institutions.
Special Alert: CFPB Announces First Determination Of A Petition to Modify Or Set Aside A Civil Investigative Demand
On September 20, the Consumer Financial Protection Bureau issued its first Decision and Order on a petition to modify or set aside a civil investigative demand (CID). The petition challenged a CID issued to a non-bank mortgage servicer (the Company) seeking responses to 21 interrogatories and 33 document requests. CFPB Director Richard Cordray denied the petition in its entirety and ordered the Company to comply with the CID within 21 days. In addition to ruling on the substantive issues relevant to the petition, the Decision and Order demonstrates the importance of including detailed and specific objections in any petition to modify or set aside a CID and the crucial role of the meet-and-confer sessions.
The CID, served on May 22, was issued in connection with the Bureau’s investigation regarding whether ceding premiums from private mortgage insurance companies to captive reinsurance subsidiaries of certain mortgage lenders violates section 8 of the Real Estate Settlement Procedures Act (RESPA). In the petition filed on June 12, the Company argued among other things that the CID (i) did not state the nature of the conduct under the investigation; (ii) was overly broad, unduly burdensome, and irrelevant; and (iii) requested materials going back more than 11 years when RESPA’s statute of limitations was 3 years and the CFPB’s enforcement power cannot be predicated on acts prior to July 21, 2010.
In denying the petition, the Bureau began by explaining that CIDs play a “crucial role” in the Bureau’s ability to carry out its duty to enforce consumer financial laws. It stated that the purpose of CIDs are to “close the [information] gap” between the Bureau and the subject company and/or individual in order for the Bureau to determine whether the investigation is worth pursuing, and if so, to what extent.
The CFPB then set forth the standard it will use to consider and resolve petitions to modify or set aside CIDs, adopting the deferential standard of review relied upon by Circuit Courts of Appeals in proceedings to enforce administrative subpoenas. That standard provides that a CID will be enforced if it satisfies the following requirements: (i) the investigation is for a lawfully authorized purpose; (ii) the information requested is relevant to the investigation; and (iii) procedural requirements are followed. If the Bureau establishes these factors, the CID will be enforced unless the petitioner demonstrates the CID imposes an “undue burden” or constitutes an abuse of process.
With respect to the Company’s first issue, that the CID failed to state the nature of the conduct at issue, the Company argued that the CID’s description of the purpose of the investigation was so broad as to encompass every aspect of mortgage lending, and thus did not satisfy the notice requirement established by the Dodd-Frank Act. The Bureau rejected this contention and found that “notice was provided from the outset and repeatedly thereafter” beginning as early as January 3 and through to May 22 in the CID’s “Notification of Purpose.” In support of this finding, the CFPB cited cases standing for the proposition that the subject matter of investigations can be provided generally.
With respect to the Company’s assertion that the CID was an overly broad and unduly burdensome fishing expedition, the Bureau noted that the petition “offered little or no detail to make the kind of showing required to substantiate these claims.” It explained that in order to meet its legal burden, the petitioner needed to show the specific nature and the magnitude of the hardship and state specifically how compliance will harm its business. The Bureau further noted that it already had made substantial modifications to the CID through the meet-and-confer process, and the Bureau’s enforcement team had stated that it was willing to consider other potential limitations.
Finally, with respect to the Company’s objection that the CID sought documents, items, and information exceeding the applicable limitations period, the CFPB maintained that the relevant issue was not whether the information itself was actionable but rather whether that information was relevant to conduct that was actionable. It cited other authority which allowed discovery beyond the statute of limitations and noted the importance of collecting relevant information in order to accurately and completely investigate a matter.
Petitioning a newly-founded government agency in unchartered territories always is a difficult exercise. With the increasing number of CFPB investigations and enforcement actions, that exercise will become even more challenging. In light of the Bureau’s first determination of a petition to modify or set aside a CID, potential CID recipients will be left to wonder: how is the CFPB likely to respond to future petitions of this type? Given its precedential value for potential petitioners, it is important to determine what, if anything, can be gleaned from the CFPB’s determination.
First, the Bureau makes clear that it is incumbent on petitioners to be specific in their objections to a CID. Petitioners must specifically describe the burdens that supplying requested information imposes on the company and how the information sought is irrelevant to the investigation. In fact, the Bureau criticized the petition’s use of “general objections” and summarily dismissed the arguments associated with those objections.
Second, given the deferential standard of review which will be applied to such petitions, the meet-and-confer sessions take on increased importance. The meet-and-confer session is intended as an opportunity to narrow the scope of the requests and close the information gap between the CFPB and the subject of the investigation. As a prerequisite to filing a petition, CID recipients are obligated to confer with the Bureau in a good-faith effort to resolve issues and concerns. In fact, the CFPB’s Rules of Investigations provide that “[t]he Bureau will not consider petitions to set aside or modify civil investigative demands unless the recipient has meaningfully engaged in the meet and confer process described in this subsection and will consider only issues raised during the meet and confer process.” 12 C.F.R. part 1080.6(c)(3) (emphasis added). While the CFPB did not decide whether the Company met this obligation, the Bureau did express its concern to future parties about the importance of approaching this obligation affirmatively and engaging in “a productive discussion that can resolve issues or concerns more effectively.”
On September 24, the CFPB announced that it resolved an investigation initiated by the FDIC and subsequently joined by the CFPB into telephone sales of certain ancillary or “add on” products marketed and sold by a major credit card issuer. The products related to (i) payment protection, (ii) credit monitoring, (iii) identity theft protection, and (iv) protection in the event of wallet loss. Pursuant to the Joint Consent Order released by the CFPB, the bank will pay a $14 million penalty and provide approximately $200 million in restitution to eligible consumers who purchased one or more ancillary products over a period of approximately four years. The order also calls for certain changes to the bank’s marketing and sales practices in connection with the products. During a press call to announce the consent order, CFPB Director Richard Cordray explained that the CFPB “expect[s] that more such actions will follow.” The CFPB is publishing the orders from its various actions on its administrative adjudication docket. Mr. Cordray also stated that “[i]n the meantime, [the CFPB is] signaling as clearly as [it] can that other financial institutions should review their marketing practices to ensure that they are not deceiving or misleading consumers into purchasing financial products or services.” In July, the CFPB issued Bulletin 2012-06, which outlines the CFPB’s expectations for the institutions it supervises, and their vendors, with regard to offering ancillary products in compliance with federal consumer financial laws. BuckleySandler represented the bank in this joint CFPB-FDIC investigation and enforcement action.
On September 12, the SEC announced Andrew J. Bowden as the new Deputy Director of the Office of Compliance Inspections and Examinations (OCIE). Mr. Bowden has been with the SEC since November 2011 as the National Associate Director for OCIE's Investment Adviser/Investment Company Examination Program. Prior to joining the SEC, Mr. Bowden was a lawyer in private practice. He replaces Norm Champ who became the Director of the Division of Investment Management in July.
On September 5, the OCC announced the promotion of Ellen M. Warwick to Director for Enforcement and Compliance, responsible for conducting investigations, recommending administrative actions, and litigating enforcement actions. Ms. Warwick previously served as Assistant Director for Enforcement and Compliance and as Assistant Director for Litigation, among other positions with the OCC. She also has been a litigation attorney in private practice, a trial attorney with the DOJ, and a prosecutor in the Essex District Attorney’s Office of Massachusetts.
How to Handle a Government Investigation: 13 Things You Should You Do Immediately If the Government Comes Knocking
Actions you take, or don’t take, in the early hours of a government investigation can have costly and far-reaching consequences for a company. At the root of this is the importance of having a plan in place should your company come under investigation, as the last thing you want to be is caught flat-footed. Do your key employees and legal department staff know what to do immediately if the government initiates an investigation?
- Inform your in-house counsel. Establish a protocol to ensure that counsel is contacted immediately.
- Preserve documents. Inform all necessary employees of the need to retain documents, including electronic documents, with a document hold memo that replaces standard document retention policies for potentially responsive materials.
- Establish early dialogue with the investigating agency. Communication is critical to understanding the scope of the investigation and to establishing a working relationship with the government.
- Assume a parallel investigation will be initiated. Questions about self-reporting, production, and other strategic decisions should be made under the assumption that a parallel criminal or civil suit will follow.
- Alert the Board of Directors and/or Audit Committee. Schedule a meeting with key executives to carefully review the situation and discuss possible remedies and corrective actions. Be mindful that meeting minutes, notes, or emails may be discoverable.
- Consider implementing internal restrictions on the trading of company stock. Be sure all rules regarding insider trading are upheld.
- Evaluate disclosure issues and formulate a plan to address. With the commencement of a government investigation, a number of governance issues will arise. Carefully consider any and all disclosures that may be necessary and take appropriate action.
- Put your insurance carrier on notice. Put your insurer on notice early to increase your chances of having insurance pay for some or all of the investigation and/or litigation costs.
- Determine if actions are needed with respect to employees who are possible wrongdoers. This may involve implementing restrictions or additional oversight of their activities or even dismissal. All issues involving employees need to be carefully considered from a variety of angles, including employment laws, anti-retaliation provisions, and possible future civil litigation.
- Identify remedial measures if needed. It may be necessary to conduct a gap analysis of existing compliance programs and make changes to avoid a future recurrence.
- Prepare for any anticipated media coverage. Any and all public statements will be carefully scrutinized by the media, the public-at-large, and the investigating agency. Therefore, it is critical that sufficient care and attention is given to any public comments by the company or its spokespeople.
- Notify employees of possible contact by the investigating agency and advise them of their rights and obligations. It is important to remind employees of their responsibility to be truthful when speaking with agents of the government, but that they may choose to have an attorney present if they do decide to be interviewed. You should also reiterate your company’s policy on cooperating with investigations and request that employees inform the legal department of any discussions or contacts with the government.
- Commence an internal investigation if necessary. An internal investigation can help your company determine whether the allegations have merit or not, and if they do, the cause and extent and possible corrective actions.
You may also be interested in reading our related blog post on How to Respond to a Subpoena: 10 Things You Should Do Immediately.
On July 26, the OCC and the DOJ announced resolution of actions brought against a national bank for alleged violations of the Servicemembers Civil Relief Act (SCRA). The DOJ filed a complaint and consent order in the U.S. District Court for the Eastern District of Virginia, simultaneously bringing and resolving allegations that over a roughly five year period the bank failed to provide sufficient protections to servicemembers (i) denying valid requests for interest rate reductions because the servicemembers’ military orders did not include specific end dates for the period of military service, (ii) foreclosing without a court order, (iii) repossessing motor vehicles without a court order, and (iv) obtaining default judgments without first filing accurate affidavits. Under the DOJ settlement, the bank must pay $12 million in damages to servicemembers. Concurrently, the OCC released consent orders resolving similar allegations. Under both the DOJ and OCC orders, the bank must take specific actions to enhance compliance with SCRA, including with regard to vendor management, training, and internal reporting. The OCC also is requiring that the bank report periodically to the OCC, and conduct a look-back review of its servicemember accounts. The DOJ notes that the bank already has adopted enhanced SCRA policies on its own initiative, including extending a four percent interest rate to qualifying servicemembers and giving an additional one-year grace period before de-enrolling servicemembers from the reduced interest rate program.
On July 18, the CFPB announced its first public enforcement action - a Consent Order entered into by a major credit card issuer to resolve allegations that the issuer’s vendors deceptively marketed ancillary products such as payment protection and credit monitoring. The OCC made a corresponding enforcement announcement and released a Cease and Desist Order and Civil Money Penalty to resolve related charges. Under the CFPB order, the issuer will refund approximately $140 million to roughly two million customers, and will pay a $25 million penalty. The OCC order requires restitution of approximately $150 million (of which $140 million overlaps with the CFPB order) and an additional $35 million civil money penalty. Under both agencies’ actions, the issuer is prohibited from selling and marketing certain ancillary products until it obtains approval to do so from the regulators, and the issuer must take specific actions to enhance compliance with consumer financial laws.
Concurrently, the CFPB issued Bulletin 2012-06, which states that the CFPB expects supervised institutions and their vendors to offer ancillary products in compliance with federal consumer financial laws. The guidance cites “CFPB supervisory experience [that] indicates that some credit card issuers have employed deceptive promotional practices when marketing” such products, including (i) failing to adequately disclose terms and conditions, (ii) enrolling customers without their consent, and (iii) billing for services not performed. The Bulletin reviews applicable federal law and outlines the compliance program components that the CFPB expects supervised institutions to maintain.
Responding to a subpoena can be a daunting task and early missteps can have severe repercussions. Here is a short list of critical steps you can take in the early stages of the subpoena response to protect your company.
- Preserve. Preserve. Preserve. Immediately upon receipt of a subpoena, you should inform all necessary employees of the need to retain documents, including electronic documents, with a document hold memo that replaces standard document retention policies for potentially responsive materials. Destroying or removing documents in the context of a government investigationwhether done affirmatively or by failing to suspend automated document retention protocolsmay be viewed as obstruction of justice. At the very least, it will create the appearance of an unwillingness to cooperate with the investigation.
- Establish a dialogue with the appropriate enforcement authorities. Communication is critical to understanding the scope of the investigation and establishing a working relationship with the government. You should initiate contact quickly to discuss the scope of the subpoena and develop a feasible production schedule.
- Inform the companys key executives. Receiving a subpoena is no small matter and, depending on the nature of the subpoena and potential enforcement action, the key executives and even the board of directors need to be made aware immediately. This is especially important if your company is publicly traded as there may be disclosure obligations.
- Determine whether the subpoena was properly served. Not all subpoenas are properly served and improper service may provide valid grounds to get the subpoena quashed. You should quickly evaluate the basis upon which the subpoena was issued and served to determine whether to object or take other action.
- Advise employees of their rights and responsibilities, including access to counsel. Either at the time the subpoena is initially served or in follow up activities, agents may attempt to interview employees. It is important to remind employees immediately of their responsibility to be truthful when speaking with agents of the government, but that they may choose to have an attorney present if they do decide to be interviewed. You should also reiterate your companys policy on cooperating with investigations and request that employees inform the legal department of any discussions or contacts with the government.
- Evaluate your insurance policys notice requirements. Under many insurance policies, a subpoena is a triggering event. Putting your policy holder on notice early on increases your chances of having insurance pay for some or all of the investigation and/or litigation costs.
- Identify key company individuals. Identifying which individuals within the company are key to the subpoena response will help determine and potentially limit the overall scope of documents you are required to produce. Seeking to narrow or tailor the scope of a subpoena is an important early step in the response process.
- Narrow file search parameters. Once the key individuals are identified, you can then identify electronic and paper files that must be collected and searched. Fulfilling the governments request but not producing irrelevant or privileged documents requires a precisely-tailored search protocol.
- Protect and defend privileged materials. Protecting and defending privileged materials is a cornerstone responsibility of corporate counsel. Documents subject to privileges or protections should be isolated, logged, and preserved. While there are remedies available for inadvertently-produced privileged materials, no one wants to be in the position of having to seek return of a privileged document.
- Construct a formal, defensible review process. You should construct a formal review process that can be defended in court, with a focus on e-discovery issues. It is advisable to have your response protocol evaluated by outside legal counsel early in the process to ensure that all potential sources of electronic data have been identified and searched.
This post adapted from the article, 10 Steps Your Company Should Take When Responding to a Subpoena by Ben Klubes, James Parkinson, and John Kromer, originally published in Bloomberg Law Reports: Banking & Finance, Vol. 4, No. 8, August 1, 2011.