On April 25, the Consumer Financial Protection Bureau (CFPB or Bureau) announced that it would begin invoking a provision in Dodd-Frank, previously used only infrequently, to conduct supervisory examinations over a greater number of nonbank financial companies that may “pose risks to consumers.”
Under Dodd-Frank, the CFPB has authority to examine three categories of nonbank entities:
- Nonbank entities that offer or originate mortgages, private student loans, and payday loans, regardless of the nonbank entity’s size.
- Larger nonbank participants, designated under the CFPB’s various “larger participant” rules, in other markets for consumer financial products and services — e.g., consumer reporting, debt collection, student loan servicing, international remittances, and auto finance.
- Nonbanks engaging, or have engaged, in “conduct that poses risks to consumers.”
The CFPB is eyeing this third category — not specific to any consumer financial product or service — as an opportunity to widen its supervisory jurisdiction and potentially disclose the entities that it has determined pose risks to consumers. The Bureau adopted a rule in 2013 governing the procedure for determining whether a nonbank covered person falls under the third category. In the April 25 announcement, the CFPB also released an amendment to the 2013 procedural rule that will give the Bureau’s director the unilateral discretion to publish decisions about whether a company falls under the third category on the CFPB’s website. This is a radical departure from well-established rules and regulations protecting confidential supervisory information (CSI). The decision to publish the names of the companies subject to the CFPB’s supervision will be significant because doing so announces the CFPB’s conclusion that the company has engaged in conduct that “poses risks to consumers.”
Under Section 1091.103(a) of its procedural rule, the CFPB is required to issue a Notice of Reasonable Cause that specifically sets forth its bases for proceeding, summarizing the documents, records, or other items relied upon for the conclusion that a particular market participant poses risks to consumers. The Bureau states that it may base such reasonable cause determinations on complaints collected by the CFPB, information from other sources (such as judicial opinions and administrative decisions), whistleblower complaints, state partners, federal partners, or news reports. Noticeably absent in the list are consumer groups; however, it is likely that those groups will be influential in this process. Once an entity is designated for supervision under this provision, the designation stays in place until rescinded by the Bureau director, and the affected company can petition to be removed from supervision only after two years of supervision, and then only once per year thereafter.
As the Bureau’s press release notes, this authority to subject individual market participants to supervision is not specific to any particular part of the consumer finance industry, or any particular product. The Bureau said little in the press release about where it planned to use this authority, other than one reference to “fintechs,” and the statement that it planned to “supervise entities that may be fast-growing or are in markets outside the existing nonbank supervision program.” We will see where the Bureau invokes this procedure, but the director’s prior remarks about fintechs and the reference to fintechs in the April 25 press release are noteworthy to that industry.
The main takeaway, we believe, is that the CFPB is seeking to expand its sphere of supervisory jurisdiction by hand-picking individual companies not currently subject to its supervisory authority. Whether it limits itself to a handful of entities or designates a large number of companies that “pose risks to consumers” is also an open question. But we believe that any designation that a particular industry actor poses risks to consumers will likely mean the resulting examination will be a precursor to an enforcement investigation.