Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On February 6, the CFPB released a Decision and Order denying a debt collection company’s (petitioner) request to set aside or modify a third-party Civil Investigative Demand (CID) issued by the Bureau, and directing the petitioner to provide all information required by the CID. The CID in dispute was issued to the petitioner by the CFPB in November and seeks documents and written responses pertaining to the petitioner’s business practices and its relationship with a New York-based debt collection law firm. The CID requests information regarding whether “debt collectors, furnishers, or associated persons” had, among other things, (i) violated the Consumer Financial Protection Act by ignoring warnings regarding debts resulting from identity theft “in a manner that was unfair, deceptive or abusive”; (ii) violated the FDCPA by disregarding cease-and-desist requests or by failing to provide required notices or making false or misleading statements; or (iii) violated the FCRA by “fail[ing] to correct and update furnished information, or fail[ing] to maintain reasonable policies and procedures.”
In its petition to set aside or modify the CID, the petitioner set out four primary arguments: (i) the structure of the CFPB is unconstitutional, and it therefore “lacks authority to proceed with enforcement activity”; (ii) the CID improperly seeks attorney-client privileged information; (iii) the CID is “overly broad,” does not apply to the petitioner, and does not sufficiently provide the “nature of the conduct under investigation and the applicable provisions of law”; and (iv) the CID improperly seeks information beyond the applicable statute of limitations.
The Bureau’s denial of the petitioner’s request addresses each of the petitioner’s arguments. Regarding the constitutionality of the CFPB’s structure, the order asserts that “the administrative process set out in the [B]ureau’s statute and regulations for petitioning to modify or set aside a CID is not the proper forum for raising and adjudicating challenges to the constitutionality of the [B]ureau’s statute.” In response to the petitioner’s attorney-client privilege argument, the order states that the petitioner “does not ask…to modify the CID to avoid seeking privileged information—it only asks that the CID be quashed in its entirety.” The Bureau states that because the petitioner makes a “blanket assertion” of attorney-client privilege rather than providing the required privilege log in order to properly claim privilege over materials requested in the CID before filing its petition, the petitioner’s argument is “procedurally improper” and does not show that the “CID should be set aside on these grounds.” To the petitioner’s lack of specificity argument, the order states that the CID “sets forth in detail both the conduct under investigation and applicable laws,” adding that there is no requirement that the Bureau disclose the targets of its “ongoing and confidential law-enforcement investigations.” The order also rejects the petitioner’s statute of limitations argument, explaining that the Bureau is not limited to the three years preceding the CID, but “instead what matters is whether the information is relevant to conduct for which liability can be lawfully imposed.”
On December 26, the CFPB denied a petition by a student loan relief company to modify or set aside a civil investigative demand (CID) issued by the Bureau last October. According to the company’s petition, the CID requested information as part of an investigation into the company’s promotion of student loan debt relief programs. As previously covered by InfoBytes, stipulated orders were entered against the company by the FTC and the Minnesota attorney general for violations of TILA and the assisting and facilitating provision of the Telemarketing Sales Rule, which resulted in the company being permanently banned from engaging in transactions involving debt relief products and services or making misrepresentations regarding financial products and services. In its petition, the company argued that the CFPB’s requests were duplicative of the FTC’s earlier investigation. The company also argued that the documents and materials sought in the CID were overly burdensome and the time frame to respond was too short. Furthermore, the company stated that until the U.S. Supreme Court issues a decision in Seila Law v. CFPB on whether the Bureau’s structure violates the Constitution’s separation of powers under Article II, the CID should either be withdrawn or stayed because of the uncertainty surrounding the Bureau’s ability to proceed with enforcement actions.
The Bureau denied the petition, arguing that “the administrative CID petition process is not the proper forum for raising and deciding constitutional challenges to provisions of the Bureau’s statute.” The Bureau also noted that the company failed to show that it engaged with Bureau staff on ways to alleviate undue burden, such as proposing modifications to the substance of the requests, and that even though the Bureau proposed an extension to the CID deadline, the company did not seek such an extension.
On November 22, in a speech at The Clearing House + Bank Policy Institute Annual Conference, CFPB Director Kathy Kraninger noted that the Bureau is considering changes to its consent order process to “ensur[e] consent orders remain in effect only as long as needed to achieve their desired effects.” Specifically, Kraninger discussed that while most consent orders are effective for five-year periods and companies can request early termination or termination of indefinite orders, the Bureau has only terminated “a few” consent orders in the past. Similar to the Bureau’s recent changes to its Civil Investigative Demand (CID) policy (covered by InfoBytes here), Kraninger stated that the Bureau intends to announce an updated consent order policy “soon,” in order to “provide clarity and consistency.”
On October 18, the U.S. District Court for the District of Columbia denied defendants’ request to enforce a modified Civil Investigative Demand (CID) and prevent the CFPB from obtaining personal information about the defendants’ clients via CIDs to third parties. In August 2017, the CFPB issued a CID to the defendants requesting various documents and information. The defendants challenged the scope of the original CID and, following mediation, the parties stipulated to a modified CID that no longer sought personal information of the defendants’ clients who obtained products or services related to immigration bonds. The CFPB subsequently issued third party CIDs and requested the personal information of the defendants’ clients from certain other parties. In March 2019, the defendants moved to enforce the modified CID, claiming that the CFPB “reneged on its stipulation and [acted] in bad faith” by seeking this personal information from third parties. The court, however, denied the defendants’ request to enforce the modified CID, ruling that “the modified CID makes no mention of CIDs issued to other parties,” and that the parties’ stipulation did not “preclude the CFPB from acquiring any type of information from third parties.” The court also explained that it was unclear whether the defendants had standing to contest the CFPB’s CID to a third party, noting that the defendants failed to state how they would suffer an injury if the pertinent information was disclosed by a third party.
In September, the CFPB published documents related to an investigation into whether a national bank opened credit card accounts without customer authorization in violation of various federal laws and regulations, including the Fair Credit Reporting Act and the Consumer Financial Protection Act’s ban on unfair or abusive practices. In March 2019, the Bureau issued a civil investigative demand (CID) to the bank seeking, among other things, “a tally of specific instances of potentially unauthorized credit card accounts,” as well as a manual assessment of card accounts that were never used by the customer. The bank argued in its petition to modify or set aside the CID that it had already provided information to regulators showing that it did not have a “systemic sales misconduct issue,” and cited to the OCC’s broad review into sales practice issues at mid-size and large national banks, which has not, according to the bank, identified systemic issues with bank employees opening unauthorized accounts without consumer consent. Among other things, the bank also contended that the CID was unduly burdensome—requiring manual account-level assessments—and said the CFPB should end its investigation because the facts “refute an investigation’s initial hypothesis.” The bank further argued that the inquiry into its sales practices should be conducted by CFPB supervisory staff instead of as an enforcement investigation, which would be “the proper mechanism for resolving any remaining issues when an investigation fails to uncover evidence warranting [e]nforcement action.”
Concerning the bank’s argument that the CID was unduly burdensome, the Bureau stated in its order denying the petition that the bank had failed to “meaningfully engage” with the Bureau during the course of the investigation in a way that merited modification to the terms of the CID. Moreover, with regard to whether the investigation should be conducted by supervisory staff, the Bureau countered that “[t]his is not a request properly made in a petition to modify or set aside a CID, for the same reasons that it is not proper to use a CID petition to ask that the Bureau close an investigation because (in the recipient’s view) it has already shown that it engaged in no wrongdoing.”
On September 17, the DOJ and the CFPB filed a brief with the U.S. Supreme Court arguing that the for-cause restriction on the president’s authority to remove the Bureau’s single Director violates the Constitution’s separation of powers. The brief was filed in response to a petition for a writ of certiorari by a law firm, contesting the May decision by the U.S. Court of Appeals for the Ninth Circuit, which held that (i) the Bureau’s single-director structure is constitutional, and that (ii) the district court did not err when it granted the Bureau’s petition to enforce a law firm’s compliance with a 2017 civil investigative demand (CID) (previously covered by InfoBytes here). The brief cites to a DOJ filing in opposition to a 2018 cert petition, which also concluded that the Bureau’s structure is unconstitutional by infringing on the president’s responsibility to ensure that federal laws are faithfully executed, but urged the Court to deny that writ as the case was a “poor vehicle” for the constitutionality consideration (previously covered by InfoBytes here).
In contrast to the December brief, the DOJ now asserts that the present case is a “suitable vehicle for resolving the important question,” noting that only the constitutional question was presented to the Court and the 9th Circuit has stayed its CID mandate until final disposition of the case with the Court. Moreover, the government argues that until the Court resolves the constitutionality question of the Bureau’s structure, “those subject to the agency’s regulation or enforcement can (and often will) raise the issue as a defense to the Bureau’s efforts to implement and enforce federal consumer financial law.” While the Bureau previously defended the single-director structure to the 9th Circuit, the brief notes that since the May decision was issued, “the Director has reconsidered that position and now agrees that the removal restriction is unconstitutional.”
On the same day, Director Kraninger sent letters (here and here) to House Speaker Nancy Pelosi (D-Calif.) and Senate Majority Leader Mitch McConnell (R-Ky.) supporting the argument that the for-cause restriction on the president’s authority to remove the Bureau’s single Director, violates the Constitution’s separation of powers. Kraninger notes that while she is urging the Court to grant the pending petition for certiorari to resolve the constitutionality question, her position on the matter “does not affect [her] commitment to fulfilling the Bureau’s statutory responsibilities” and that should the Court find the structure unconstitutional, “the [Consumer Financial Protection Act] should remain ‘fully operative,’ and the Bureau would ‘continue to function as before,’ just with a Director who “may be removed at will by the [President.]’”
On May 21, the CFPB issued two orders partially modifying civil investigative demands (CID) issued by the Bureau in 2017 and 2018. In 2017, a revised CID was issued to a provider of tax debt relief products and services concerning potential violations of UDAAP provisions under the Consumer Financial Protection Act (CFPA). Thereafter, the company petitioned the Bureau to set aside or modify the CID, arguing, among other things, that (i) the CFPA does not empower the CFPB to issue a CID to a tax preparation company given it does not provide a “‘consumer financial product or service’”; (ii) the investigation should be limited initially to information relevant to determining whether the Bureau has enforcement authority over the company; and (iii) the CID is overly broad because the notification of purpose does not comply with the CFPA’s requirements for authorizing Bureau CIDs. In the order, the Bureau rejected the company’s argument that it is not subject to the Bureau’s enforcement authority, stating that the agency is authorized to issue a CID to any person who may have information relevant to a violation, and moreover, the Bureau need not accept as true the company’s factual assertions that its business conduct does not include any activities covered by the CFPA. It also declined the company’s request that the CID be modified to focus solely on information relevant to determining whether the Bureau has enforcement authority over the company, stating that an agency may simultaneously investigate jurisdictional facts and possible violations. The Bureau further noted that the CFPA does not require a notification of purpose to identify particular persons who engaged in the conduct at issue or whether the company itself is under investigation. However, the CFPB modified the notification of purpose to include a statement reflecting that an additional purpose of the investigation is to determine whether false and misleading representation have been made to consumers regarding tax debt relief products and services.
In 2018 a second CID was issued to a financial services company to investigate whether it has engaged in any potential UDAAP violations concerning its marketing and servicing of deferred- interest financing. The company petitioned the Bureau to set aside the CID on the grounds that it (i) provides an inadequate notification of purpose; (ii) seeks information not relevant to any investigation; (iii) is unduly broad and burdensome; and (iv) “is fundamentally at odds” with the Bureau’s mission. Among other things, the Bureau’s order rejected the company’s argument that oral misrepresentations related to deferred-interest financing “are not relevant because no such representations were made to consumers (or, if they were, they were not so numerous as to merit the Bureau’s attention),” or they were not made by the company. According to the Bureau, these objections go to whether the company complied with the law, not whether the information the Bureau seeks is relevant. The Bureau also rejected the company’s arguments related to whether the agency could seek information related to transactions outside of the limitations period for potential violations of the CFPA, stating that the information may allow the Bureau to develop an understanding of the company’s practices and operations. However, while the Bureau emphasized that the company failed to demonstrate that complying with the CID would be overly burdensome, it did make some modifications to the notification of purpose on the recommendation of enforcement counsel, and extended the production timeline.
On May 6, the U.S. Court of Appeals for the 9th Circuit held that (i) the CFPB’s single-director structure is constitutional, and that (ii) the district court did not err when it granted the Bureau’s petition to enforce a law firm’s compliance with a 2017 civil investigative demand (CID). As previously covered by InfoBytes, the CFPB previously determined that none of the objections raised by the law firm warranted setting aside or modifying the CID, which sought information to determine whether the law firm violated the Telemarketing Sales Rule (TSR) when providing debt-relief services. The law firm contended that the CFPB’s single-director structure was unconstitutional and therefore the CID was unlawful. It argued further that the CFPB lacked statutory authority to issue the CID.
On review, the 9th Circuit held that the for-cause removal restriction of the CFPB’s single director is constitutionally permissible based on existing Supreme Court precedent. The panel agreed with the conclusion reached by the U.S. Court of Appeals for the D.C. Circuit majority in the 2018 en banc decision in PHH v. CFPB (covered by a Buckley Special Alert) stating, “if an agency’s leadership is protected by a for-cause removal restriction, the President can arguably exert more effective control over the agency if it is headed by a single individual rather an a multi-member body.” The 9th Circuit noted that the dissenting opinion of then Court of Appeals Judge Brett Kavanaugh found that the single-director structure was unconstitutional and noted that “[t]he Supreme Court is of course free to revisit those precedents, but we are not.”
The 9th Circuit next addressed the law firm’s argument that the CFPB lacked statutory authority when it issued the CID. The panel held that the TSR “does not exempt attorneys from its coverage even when they are engaged in providing legal services,” and therefore, the Bureau has investigative authority without regard to the Consumer Financial Protection Act’s (CFPA) practice-of-law exclusion. In addition, the panel rejected the law firm’s argument that the CID was vague or overly broad, and stated that the CID fully complied with the CFPA’s requirements and identified the allegedly illegal conduct and violations.
On April 23, the CFPB announced updates to its policy on Civil Investigative Demands (CIDs). According to the Bureau, the new policy is consistent with comments received in response to a 2018 Request for Information, which solicited public feedback on “how best to achieve meaningful burden reduction or other improvement to the CID processes while continuing to achieve the Bureau’s statutory and regulatory objectives” (previously covered by InfoBytes here). Going forward, CIDs will (i) provide additional information on potentially applicable provisions of law that may have been violated; (ii) specify business activities subject to Bureau authority; and (iii) “[i]n investigations where determining the extent of the Bureau’s authority over the relevant activity is one of the significant purposes of the investigation, staff may specifically include that issue in the CID in the interests of further transparency.”
On March 6, the FTC’s Office of Legal Counsel warned recipients that subpoenas and civil investigative demands (CID) issued by the agency are legally enforceable demands and should be taken seriously. The FTC stated it is willing “to work with parties and their counsel to determine the scope of the agency’s subpoena or CID and a timeframe for compliance” and issued a reminder that under the FTC’s Rules of Practice, parties are required to meet and confer to identify issues or concerns that may affect a party’s ability to comply. The FTC additionally discussed measures the Office of Legal Counsel may undertake in order to compel compliance, including the possibility of federal court action.
- Kathryn L. Ryan to discuss "Industry open forum session on NMLS usage" at the NMLS Annual Conference & Training
- Tim Lange to discuss "State legislative update - MSBs and consumer finance" at the NMLS Annual Conference & Training
- Kathryn L. Ryan to discuss "Regulating innovative consumer lending products" at the NMLS Annual Conference & Training
- Daniel P. Stipano to moderate "Washington update" at the Puerto Rican Symposium of Anti Money Laundering
- Melissa Klimkiewicz to discuss "Private flood insurance updates" at the Mortgage Bankers Association Servicing Solutions Conference & Expo
- Jonice Gray Tucker and H Joshua Kotin to discuss regulatory compliance issues in the fintech industry at Protiviti's Risk & Compliance Innovation Roundtable
- APPROVED Checkpoint Webcast: CFL overview
- Amanda R. Lawrence and Sherry-Maria Safchuk to discuss "California privacy rule" on an NAFCU webinar
- Sasha Leonhardt to discuss "MLA & SCRA" on a NAFCU webinar
- Daniel P. Stipano to discuss "Pathway of the SARs: Tracking trajectories of suspicious activity reports from alerts to prosecution" at the ACAMS International AML & Financial Crime Conference
- Daniel P. Stipano to discuss "Which bud’s for you? A deep-dive into evolving marijuana laws" at the ACAMS International AML & Financial Crime Conference
- John P. Kromer to discuss "Navigating the multi-state fintech regulatory regime" at the American Conference Institute Legal, Regulatory and Compliance Forum on Fintech & Emerging Payment Systems