That’s what the CFPB announced that it intends to use its “dormant authority” to oversee non-banks engaged in behavior that poses a risk to consumers. In connection with the announcement the CFPB issued a procedural rule on the confidentiality of proceedings in which the CFPB invokes this authority. These moves by the CFPB are noteworthy for two reasons. First, they are consistent with the agency’s stated intention to increase scrutiny of fintech companies, as this could allow the CFPB to conduct in-depth reviews of fintech companies over which it currently has no clear oversight authority. Second, they will allow the CFPB to publicize the director’s decision to extend its supervisory authority to a non-bank engaged in behavior that poses “risk” to consumers – thus sending signals to the industry about its view of certain practices.
The Consumer Financial Protection Act empowers the CFPB to supervise any non-bank person, regardless of size, who the CFPB has reasonable cause to determine “has engaged in or has engaged in conduct that creates risks to consumers in relation to the offering.” or constitutes the provision of financial products or services to consumers.” A risk-based determination is made by the CFPB placing an order after notifying the non-bank and giving it a reasonable opportunity to comment.
Although the CFPB adopted a final rule in July 2013 (12 CFR Part 1091) outlining its procedures for the supervision of non-banks engaged in conduct that poses a risk to consumers, it has not yet relied on those procedures. According to Director Chopra, the CFPB will now use these processes to address “the rapid growth of non-bank consumer offerings.” He said that “[t]His authority gives us the agility to move as fast as the market, enabling us to conduct audits of financial companies that pose risks to consumers and stop harm before it spreads.” The CFPB proposes, that recourse to its supervisory authority is preferable to recourse to its enforcement authority, as it may avoid the need for “opposing litigation”.
This risk-based regulator is in addition to the CFPB’s power under the CFPA to supervise a non-bank that is one of the following:
- Regardless of its size, a provider of home loans or certain related services, payday loans or personal education loans;
- A provider that is considered a “major participant in a market for other consumer financial products or services”; and
- Regardless of its size, a service provider for another company subject to the supervision of the CFPB.
To date, the CFPB has used its greater participant authority to issue rules for consumer reporting, consumer debt collection, student loan servicing, and international money transfers.
The CFPB’s rule of procedure for invoking its risk-based regulator requires that the CFPB send the non-bank target entity a “reasonable cause notice” outlining the basis for the CFPB’s assertion that it may have reasonable cause to determine that the non-bank is a data subject is engaged or has engaged in conduct that poses risks to consumers. The notice must contain “a summary of the documents, records or other elements relied on by the initiating officer to issue a notice”. A “reasonable cause notice” must be based on consumer complaints received by the CFPB through its complaints system or on “information from other sources”.
The procedures allow a non-bank to consent to CFPB supervision at any time. Unless the non-bank agrees to the oversight, the Deputy Director of the Department of Oversight, Enforcement and Fair Lending shall make a recommended determination upon the completion of the process as to whether there is good reason for the CFPB to determine that the non-bank is covered by the person who Engaged or has engaged in behavior that poses a risk to consumers. The Director then makes a decision as to whether the non-bank should be placed under the supervision of the CFPB.
As initially assumed, the Rule of Procedure made all aspects of a proceeding confidential, including all materials submitted by a non-bank, all documents prepared by or on behalf of or for the use of the CFPB, and all communications between the CFPB and a non-bank. The new rule of procedure amends the existing rule to add a new provision providing an exception to confidentiality for final decisions and orders of the director, such as B. A decision in which the director determines that a non-bank should be subject to the regulator of the CFPB. The non-bank has seven days from the date of service of the decision or order to make a submission, and the Director then decides whether to post all or part of the decision or order on the CFPB’s website.
The procedural rule appears to provide for a separate procedure for each company that the CFPB wishes to supervise. However, by publishing decisions and orders in such proceedings, the amendment will allow the CFPB to send a strong signal to all market participants about certain practices or products that it believes pose a risk to consumers and are subject to further regulatory or enforcement action could .
On May 11, 2022, Ballard Spahr will host a webinar entitled “CFPB Director Rohit Chopra: Do his words speak louder than his actions?”. The webinar will review the CFPB’s announcement regarding non-bank oversight and other actions led by Director Chopra. For more information and to register, Click here.
The CFPB’s plan to oversee more non-banks could also have implications for government oversight of non-banks. In recent years, we’ve seen a number of states enact mini-CFPBs to fill the “regulatory gap” many feared during the Trump administration, including California, New York, New Jersey, Maryland, Pennsylvania and Virginia . When these laws were enacted, these states expressed concern about the deregulation of consumer credit providers, including those involved as non-bank partners in banking partnerships and non-bank providers of alternative credit products. With the CFPB’s increased oversight of non-banks, one would at least expect increased scrutiny of non-banks by government mini-CFPBs. In addition to requests from regulators, such as Maine’s request earlier this year, sent to non-banks in banking partnerships, non-banks involved in these business activities could see increased attention from attorneys general, additional and more substantive state reviews, and new licenses and regulations for an earlier one “Non-Regulated” Business.